Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W64.Viknok.B!inf detected in cryptbase.dll


  • Please log in to reply
13 replies to this topic

#1 Ed_Vector

Ed_Vector

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 23 April 2015 - 05:16 AM

Hi there.

 

So, running a scan in Norton 360 on windows 7 revealed W64.Viknok.B!inf as a high threat virus requiring 'manual removal,' located at C:\Windows\System32\sysprep\cryptbase.dll. Norton power erase, Malwarebytes anti-malware, Hitman pro, and emsisoft emergency kit all failed to detect it (all are up-to-date). So far I've seen no visible symptoms.

 

Here are the results of the FRST scan

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01
Ran by Owner (administrator) on OWNER-PC on 23-04-2015 02:04:27
Running from C:\Users\Owner\Desktop\adware
Loaded Profiles: Owner &  (Available profiles: Owner)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\n360.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\n360.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe




==================== Registry (Whitelisted) ==================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2596712 2009-10-01] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1547714061-4052474716-1447224631-1000\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-1547714061-4052474716-1447224631-1000\...\MountPoints2: {a53ff8e5-35fc-11e2-bcd7-806e6f6e6963} - H:\SETUP.EXE
HKU\S-1-5-21-1547714061-4052474716-1447224631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-1547714061-4052474716-1447224631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a53ff8e5-35fc-11e2-bcd7-806e6f6e6963} - H:\SETUP.EXE
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-09-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-21-1547714061-4052474716-1447224631-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-21-1547714061-4052474716-1447224631-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1547714061-4052474716-1447224631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=20.4.0.40
HKU\S-1-5-21-1547714061-4052474716-1447224631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-03] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-03] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-05-13] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254


FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2015-04-22]


Chrome: 
=======
CHR HomePage: Profile 1 -> 
CHR StartupUrls: Profile 1 -> ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-08]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-08]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-08]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-08]
CHR Extension: (Norton Identity Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-06-28]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-08]
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-02]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-02]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-02]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-02]
CHR Extension: (Bookmark Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Norton Security Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-08]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-02]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-17]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-17]


==================== Services (Whitelisted) =================


(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed]
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-10-19] ()
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\N360.exe [265000 2015-03-06] (Symantec Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4948992 2009-07-17] (Native Instruments GmbH) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2011-02-26] () [File not signed]
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel(R) Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{D0F60C44-5031-42CC-893B-B9001F978663}


==================== Drivers (Whitelisted) ====================


(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)


S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [73216 2009-06-10] (ASIX Electronics Corp.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\BASHDefs\20150418.001\BHDrvx64.sys [1639128 2015-04-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R3 cleanhlp; C:\EEK\RUN\cleanhlp64.sys [57024 2014-01-14] (Emsisoft GmbH)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\IPSDefs\20150422.001\IDSvia64.sys [671448 2015-03-26] (Symantec Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-04-23] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\VirusDefs\20150422.004\ENG64.SYS [129752 2015-04-06] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\VirusDefs\20150422.004\EX64.SYS [2137304 2015-04-06] (Symantec Corporation)
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2015-04-22] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 EraserUtilDrv11313; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [X]
U2 V2iMount; No ImagePath
U3 kwloapow; \??\C:\Users\Owner\AppData\Local\Temp\kwloapow.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)




==================== One Month Created Files and Folders ========


(If an entry is included in the fixlist, the file\folder will be moved.)


2015-04-23 02:02 - 2015-04-23 02:02 - 00000000 _____ () C:\Users\Owner\Downloads\FRST64.exe
2015-04-23 00:01 - 2015-04-23 00:01 - 00001793 _____ () C:\Users\Owner\Desktop\RKreport[0]_D_04232015_000138.txt
2015-04-23 00:01 - 2015-04-23 00:01 - 00001740 _____ () C:\Users\Owner\Desktop\RKreport[0]_S_04232015_000101.txt
2015-04-22 23:58 - 2015-04-23 00:01 - 00000000 ____D () C:\Users\Owner\Desktop\RK_Quarantine
2015-04-22 21:39 - 2015-04-22 21:39 - 00000000 ____D () C:\Windows\SysWOW64\N360_BACKUP
2015-04-22 21:17 - 2015-04-22 21:17 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat
2015-04-22 21:07 - 2015-04-22 21:17 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS
2015-04-22 21:07 - 2015-04-22 21:07 - 03060320 ____N (Symantec Corporation) C:\Users\Owner\Downloads\NPE (1).exe
2015-04-22 21:00 - 2014-06-12 03:37 - 00000000 ____D () C:\Users\Owner\Downloads\StarCraft
2015-04-22 20:52 - 2015-04-22 20:59 - 147529724 _____ (Igor Pavlov) C:\Users\Owner\Downloads\StarCraft.exe
2015-04-22 20:52 - 2015-04-22 20:52 - 00000000 ____D () C:\Users\Owner\Desktop\Starcraft
2015-04-15 08:08 - 2015-03-22 18:51 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 08:08 - 2015-03-22 18:51 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 08:08 - 2015-03-22 18:51 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 08:08 - 2015-03-22 18:51 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 08:08 - 2015-03-22 18:51 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 08:08 - 2015-03-22 18:51 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 08:08 - 2015-03-22 18:47 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-07 00:47 - 2015-04-07 00:47 - 00094208 _____ (Blizzard Entertainment) C:\Windows\ScUnin.exe
2015-04-07 00:47 - 2015-04-07 00:47 - 00013902 _____ () C:\Windows\scunin.dat
2015-04-07 00:47 - 2015-04-07 00:47 - 00000967 _____ () C:\Windows\ScUnin.pif
2015-04-07 00:47 - 2015-04-07 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starcraft
2015-04-07 00:46 - 2015-04-16 13:50 - 00000000 ____D () C:\Program Files (x86)\Starcraft
2015-04-06 14:28 - 2015-04-06 14:29 - 03644128 _____ () C:\Users\Owner\Downloads\PulpyPuff.wav
2015-04-06 14:28 - 2015-04-06 14:28 - 04387980 _____ () C:\Users\Owner\Downloads\Paraffin.wav
2015-04-06 14:28 - 2015-04-06 14:28 - 03621200 _____ () C:\Users\Owner\Downloads\SurfPuff.wav
2015-04-06 14:27 - 2015-04-06 14:27 - 03537152 _____ () C:\Users\Owner\Downloads\Puffnstuff.wav
2015-03-29 17:11 - 2015-03-29 17:11 - 01743970 _____ () C:\Users\Owner\Desktop\powerpuff concept.aif
2015-03-29 15:38 - 2015-03-29 15:38 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360


==================== One Month Modified Files and Folders =======


(If an entry is included in the fixlist, the file\folder will be moved.)


2015-04-23 02:04 - 2014-04-19 01:51 - 00000000 ____D () C:\FRST
2015-04-23 02:04 - 2014-04-18 20:22 - 00000000 ____D () C:\Users\Owner\Desktop\adware
2015-04-23 01:58 - 2014-04-17 20:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 01:57 - 2014-04-17 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-23 01:57 - 2014-04-17 19:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-23 01:32 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Registration
2015-04-23 01:21 - 2013-02-08 17:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 01:06 - 2014-04-18 20:06 - 00000000 ____D () C:\EEK
2015-04-23 00:45 - 2011-02-26 08:24 - 01334453 _____ () C:\Windows\WindowsUpdate.log
2015-04-22 22:52 - 2009-07-13 21:45 - 00015760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-22 22:52 - 2009-07-13 21:45 - 00015760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-22 21:17 - 2014-08-04 12:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\NPE
2015-04-22 21:11 - 2013-09-12 16:42 - 00000000 ___RD () C:\Users\Owner\Dropbox
2015-04-22 21:11 - 2013-09-12 16:38 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2015-04-22 21:10 - 2014-08-04 12:44 - 00000000 ____D () C:\NPE
2015-04-22 21:10 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-22 21:09 - 2014-04-18 20:51 - 00004096 ___SH () C:\VSNAP.IDX
2015-04-22 21:09 - 2009-07-13 21:51 - 00121447 _____ () C:\Windows\setupact.log
2015-04-20 13:05 - 2013-09-12 16:42 - 00001025 _____ () C:\Users\Owner\Desktop\Dropbox.lnk
2015-04-20 13:05 - 2013-09-12 16:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-20 13:04 - 2009-07-13 22:13 - 00005152 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-20 12:59 - 2011-02-27 01:02 - 00835254 _____ () C:\Windows\PFRO.log
2015-04-17 21:35 - 2013-07-19 13:30 - 00000024 _____ () C:\Users\Owner\random.dat
2015-04-17 20:12 - 2013-07-19 13:30 - 00000044 _____ () C:\Users\Owner\jagex_cl_runescape_LIVE.dat
2015-04-17 07:49 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 03:01 - 2014-12-11 04:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-17 03:01 - 2014-07-10 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 07:56 - 2013-02-08 17:32 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-07 02:15 - 2013-05-18 10:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-06 20:09 - 2014-07-09 17:26 - 00000000 ____D () C:\Users\Owner\Documents\Youcam
2015-04-05 13:21 - 2013-02-08 17:58 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2015-04-04 23:47 - 2013-07-28 16:05 - 00000000 ____D () C:\Cakewalk Projects
2015-04-03 01:22 - 2014-06-08 13:20 - 00000000 ____D () C:\Users\Owner\AppData\Local\Battle.net
2015-04-02 23:44 - 2013-07-19 14:10 - 00000024 _____ () C:\Users\Owner\jagexappletviewer.preferences
2015-03-29 15:31 - 2014-06-07 16:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition
2015-03-29 15:31 - 2014-06-07 09:07 - 00002502 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2015-03-29 15:31 - 2014-01-08 18:35 - 00003238 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-03-29 15:31 - 2014-01-08 18:32 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64


==================== Files in the root of some directories =======


2013-08-03 16:04 - 2013-08-03 16:05 - 0295464 _____ () C:\Program Files (x86)\unins000.dat
2013-08-03 16:04 - 2013-08-03 16:04 - 0722680 _____ () C:\Program Files (x86)\unins000.exe
2013-07-31 18:55 - 2014-04-17 00:55 - 0000037 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2013-12-30 11:55 - 2014-01-03 01:55 - 0000005 _____ () C:\Users\Owner\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-07-31 18:55 - 2014-02-01 02:55 - 0000005 _____ () C:\Users\Owner\AppData\Roaming\WBPU-TTL.DAT
2013-08-13 01:30 - 2013-09-09 20:26 - 0004608 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-02-26 23:38 - 2011-02-26 23:38 - 0001495 _____ () C:\Users\Owner\AppData\Local\PDLSetup.20110226.223837.txt
2011-02-26 23:38 - 2011-02-26 23:38 - 0001263 _____ () C:\Users\Owner\AppData\Local\PDLSetup.20110226.223840.txt
2011-02-26 23:22 - 2011-02-26 23:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-02-26 23:17 - 2011-02-26 23:17 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-02-26 23:20 - 2011-02-26 23:21 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-02-26 23:17 - 2011-02-26 23:20 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-02-26 23:21 - 2011-02-26 23:22 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log


Files to move or delete:
====================
C:\Users\Owner\jagex_cl_oldschool_LIVE.dat
C:\Users\Owner\jagex_cl_runescape_LIVE.dat
C:\Users\Owner\jagex_cl_runescape_LIVE1.dat
C:\Users\Owner\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Owner\random.dat




Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9az1hj.dll




==================== Bamital & volsnap Check =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2015-04-14 00:31


==================== End Of Log ============================

And the 'addition' scan results

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015 01
Ran by Owner at 2015-04-23 02:05:34
Running from C:\Users\Owner\Desktop\adware
Boot Mode: Normal
==========================================================




==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Norton 360 Premier Edition (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier Edition (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier Edition (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}


==================== Installed Programs ======================


(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
AX88772A (HKLM-x32\...\{CAAF899F-D15F-480F-AF10-22B1431A5E9F}) (Version: 1.00.0000 - )
BatteryLifeExtender (HKLM-x32\...\{EA257ECF-5F72-4461-B890-959394DCD087}) (Version: 1.0.10 - Samsung)
Beatscape 1.0.2 (HKLM-x32\...\Cakewalk Beatscape_is1) (Version: 1.0.2 - Cakewalk Music Software)
Black and White (HKLM-x32\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version:  - )
Cakewalk VST Adapter 4.4.4.0 (HKLM-x32\...\Cakewalk VST Adapter 4.4.4.0) (Version:  - )
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
Dimension Pro Free Expansion Packs 1-3 (HKLM-x32\...\Dimension Pro Free Expansion Packs 1-3_is1) (Version: 1.0 - Cakewalk)
DreamStation DXi2 (HKLM-x32\...\DreamStation DXi2) (Version:  - )
Dropbox (HKU\S-1-5-21-1547714061-4052474716-1447224631-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1547714061-4052474716-1447224631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0.0.5 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{FCF2085E-ABE5-4AA8-B07C-65BBD56DA243}) (Version: 4.4.6 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM-x32\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung)
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}) (Version: 13.04.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel(R) Wireless Display (HKLM-x32\...\{34F98478-05CB-4A3A-B6F4-DA529ED8FA57}) (Version: 1.3.9.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)
InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 4 (HKLM-x32\...\Native Instruments Guitar Rig 4) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.0.35659 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PreSonus Universal Control 1.7 (HKLM\...\PreSonus Universal Control_is1) (Version: 1.7.0 - PreSonus Audio Electronics)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.33.1125.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.8 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.21 - Samsung)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)
SONAR X1 Producer x64 (HKLM-x32\...\SONARX1Producer_x64_is1) (Version: 18.0 - Cakewalk Music Software)
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.10.1000 - SRS Labs, Inc.)
Starcraft (HKLM-x32\...\Starcraft) (Version:  - )
Superior Drummer 64-bit (HKLM\...\{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}) (Version: 2.3.2 - Toontrack)
SX1_Disc4 (HKLM-x32\...\SX1_Disc4_is1) (Version:  - )
Toontrack solo 64 bit (HKLM\...\{FA9D0D8C-FDD1-45C2-8291-079FBA72D2CB}) (Version: 1.3.2 - Toontrack)
Tropico (HKLM-x32\...\{818FB39B-1A57-4F1B-A54D-391C33D6C596}) (Version:  - )
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
WinFF 1.5.1 (Codename EMMA) (HKLM\...\WinFF_is1) (Version:  - WinFF.org)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)


==================== Custom CLSID (selected items): ==========================


(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


CustomCLSID: HKU\S-1-5-21-1547714061-4052474716-1447224631-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547714061-4052474716-1447224631-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547714061-4052474716-1447224631-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547714061-4052474716-1447224631-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547714061-4052474716-1447224631-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547714061-4052474716-1447224631-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547714061-4052474716-1447224631-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547714061-4052474716-1447224631-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547714061-4052474716-1447224631-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1547714061-4052474716-1447224631-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)


==================== Restore Points  =========================


12-04-2015 22:27:04 Scheduled Checkpoint
17-04-2015 03:00:11 Windows Update
22-04-2015 23:47:31 Checkpoint by HitmanPro


==================== Hosts content: ==========================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


Task: {2123EA4A-B557-4F45-8151-A8541CC67067} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {236A4A54-D886-44E0-AB0C-3A400F7B2567} - No Task path
Task: {2427AC04-2360-4B50-990E-74BAFE101333} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08] (Google Inc.)
Task: {265C907F-E662-46B2-9C63-7CD47EEB994A} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {2DCBCB27-63CD-4FAF-BCCD-EDD67EC4656B} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-08-19] (Samsung Electronics Co., Ltd.)
Task: {43C3DCDE-64BC-4C2B-8D12-36B98016F303} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe [2010-11-30] (SRS Labs, Inc.)
Task: {4A5D68F4-48DC-4F9E-AB0F-5177D8FAB964} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-11-28] (Samsung Electronics Co., Ltd.)
Task: {555F877D-0120-4FCD-B764-75D8D29B9CD0} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {58A1BB9A-EFF7-4AEC-8226-294BE4869147} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08] (Google Inc.)
Task: {70EC3584-DC01-457E-8D99-4EEDEA7D3174} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-01] (Samsung Electronics)
Task: {7D89EF3D-5465-474B-8253-5AB56EF8495A} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {8B26776F-1887-44E9-B353-3AE3CEBAB24A} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {915BF904-D4DC-4FB8-9EF2-17D7B868FECF} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-01] (Samsung Electronics. Co. Ltd.)
Task: {97D1A732-17AB-4E5E-B194-18F6771A49DC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\WSCStub.exe [2015-03-06] (Symantec Corporation)
Task: {A9862B97-98DA-4D03-93A2-F9232C7BAC86} - System32\Tasks\{ABB2ECEE-AAA4-4DFB-84B7-CD8115797FA4} => pcalua.exe -a H:\SETUP.EXE -d H:\
Task: {B100E201-0E58-4F4E-8F37-2F0BBFEA4C22} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-11-23] (SAMSUNG Electronics)
Task: {CD4B4E63-FF2C-45F7-BD59-C66253C44232} - System32\Tasks\{3B1E3AB4-074B-4470-BE15-A624D0809421} => pcalua.exe -a H:\autorun.exe -d H:\
Task: {E489B4F7-2D76-464B-AEB7-3E52C9064F5F} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EEACCB2F-7894-4BA9-B0C8-58F54688D2CF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {F6677AFB-4B00-474A-9660-9CE709A195E0} - System32\Tasks\GoogleUpdateTaskMachineCore1ce0ed12b1611c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-08] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce0ed12b1611c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


==================== Loaded Modules (whitelisted) ==============


2010-10-19 14:39 - 2010-10-19 14:39 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-02-26 23:20 - 2011-02-26 07:30 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-04-22 21:10 - 2015-04-22 21:10 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9az1hj.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00750080 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00047616 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00865280 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00200704 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-15 07:55 - 2015-04-13 14:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-15 07:55 - 2015-04-13 14:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-15 07:55 - 2015-04-13 14:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll


==================== Alternate Data Streams (whitelisted) =========


(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)




==================== Safe Mode (whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"


==================== EXE Association (whitelisted) ===============


(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, the associated entry will be removed from the registry.)




==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-1547714061-4052474716-1447224631-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1547714061-4052474716-1447224631-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)




==================== Accounts: =============================


Administrator (S-1-5-21-1547714061-4052474716-1447224631-500 - Administrator - Disabled)
Guest (S-1-5-21-1547714061-4052474716-1447224631-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1547714061-4052474716-1447224631-1004 - Limited - Enabled)
Owner (S-1-5-21-1547714061-4052474716-1447224631-1000 - Administrator - Enabled) => C:\Users\Owner


==================== Faulty Device Manager Devices =============


Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.




==================== Event log errors: =========================


Application errors:
==================
Error: (04/22/2015 11:47:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 42.0.2311.90, time stamp: 0x552c2225
Faulting module name: chrome.dll, version: 42.0.2311.90, time stamp: 0x552c1dea
Exception code: 0x80000003
Fault offset: 0x0051f9eb
Faulting process id: 0x1098
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3


Error: (04/22/2015 09:39:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.




Operation:
   Gathering Writer Data


Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bcd01ee5-4d2b-4a1e-81cc-76425987704e}


Error: (04/21/2015 08:28:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


Error: (04/20/2015 01:04:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


Error: (04/20/2015 01:04:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


Error: (04/06/2015 06:20:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


Error: (04/06/2015 00:09:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


Error: (04/05/2015 04:29:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


Error: (04/05/2015 04:29:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


Error: (04/05/2015 01:20:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SONARPDR.exe, version: 18.0.0.184, time stamp: 0x4cd9c26a
Faulting module name: SONARPDR.exe, version: 18.0.0.184, time stamp: 0x4cd9c26a
Exception code: 0xc0000005
Fault offset: 0x000000000086f59b
Faulting process id: 0xf8c
Faulting application start time: 0xSONARPDR.exe0
Faulting application path: SONARPDR.exe1
Faulting module path: SONARPDR.exe2
Report Id: SONARPDR.exe3




System errors:
=============
Error: (04/22/2015 09:12:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575}


Error: (04/22/2015 09:10:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error: 
%%2


Error: (04/22/2015 09:10:03 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.


Error: (04/22/2015 09:08:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


Error: (04/20/2015 01:00:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error: 
%%2


Error: (04/20/2015 01:00:06 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.


Error: (04/09/2015 07:02:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575}


Error: (04/04/2015 09:19:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575}


Error: (04/04/2015 09:17:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error: 
%%2


Error: (04/04/2015 09:17:06 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.




Microsoft Office Sessions:
=========================
Error: (04/22/2015 11:47:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.90552c2225chrome.dll42.0.2311.90552c1dea800000030051f9eb109801d07d7c9ad00cc2C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\chrome.dll9d1d5cac-e984-11e4-a2dd-e8113248f9ea


Error: (04/22/2015 09:39:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.




Operation:
   Gathering Writer Data


Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bcd01ee5-4d2b-4a1e-81cc-76425987704e}


Error: (04/21/2015 08:28:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


Error: (04/20/2015 01:04:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000


Error: (04/20/2015 01:04:01 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000


Error: (04/06/2015 06:20:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


Error: (04/06/2015 00:09:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


Error: (04/05/2015 04:29:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000


Error: (04/05/2015 04:29:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000


Error: (04/05/2015 01:20:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SONARPDR.exe18.0.0.1844cd9c26aSONARPDR.exe18.0.0.1844cd9c26ac0000005000000000086f59bf8c01d06fcff705933eC:\Program Files\Cakewalk\SONAR X1 Producer\SONARPDR.exeC:\Program Files\Cakewalk\SONAR X1 Producer\SONARPDR.exe41e24816-dbd1-11e4-90f6-e8113248f9ea




==================== Memory info =========================== 


Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 73%
Total physical RAM: 3892.54 MB
Available physical RAM: 1047.08 MB
Total Pagefile: 7783.22 MB
Available Pagefile: 4882.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB


==================== Drives ================================


Drive c: (Windows) (Fixed) (Total:150.01 GB) (Free:62.93 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:300.65 GB) (Free:41.41 GB) NTFS
Drive h: (STARCRAFT) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C1B06192)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=300.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=15 GB) - (Type=27)


==================== End Of Log ============================

Thank you so much in advance! Ya'll are saints.



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:14 PM

Posted 27 April 2015 - 06:03 PM

hi,

 

Most likely a false positive on Nortons part. You could upload the file in question to one of these sites to get it checked out:

 

http://virusscan.jotti.org/en

 

https://www.virustotal.com/


How Can I Reduce My Risk to Malware?


#3 Ed_Vector

Ed_Vector
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 27 April 2015 - 08:57 PM

Hey, thanks for the reply!

 

I tried to use the resources you suggested, but when I go to choose the file, C:\Windows\System32\sysprep shows up as an empty folder, different last modified date, different attributes. The contents aren't hidden. I tried entering the file location directly ("file not found"), and tried copying it via elevated command prompt ("Access is denied."). The file in question shows up when I navigate to it in the standard file explorer, just not in the 'open file' interface. Any suggestions on what I should do?



#4 shelf life

shelf life

  • Malware Response Team
  • 2,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:14 PM

Posted 28 April 2015 - 04:53 PM

If you can find it in explorer try making a copy of the file (cryptbase.dll) on your desktop then upload that copy to the two websites.


How Can I Reduce My Risk to Malware?


#5 Ed_Vector

Ed_Vector
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 28 April 2015 - 11:48 PM

Thanks for the quick reply!

 

I actually did try to make a copy on my desktop. When I tried to copy/paste it standard, I got the message "you'll need to provide administrator permission to copy this file," even though I'm using an administrator account. That's when I tried to copy it using the elevated command prompt, and received the aforementioned "Access is denied." message.



#6 shelf life

shelf life

  • Malware Response Team
  • 2,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:14 PM

Posted 29 April 2015 - 05:01 PM

Folder options are probably ok but you can check them:

 

http://pcsupport.about.com/od/windows7/ht/show-hidden-files-windows-7.htm

 

Or a premissions setting for that folder:

 

https://answers.microsoft.com/en-us/windows/forum/windows_vista-security/youll-need-to-provide-administrator-permission-to/42c45fd1-52b8-4ac3-970d-b916df170801

 

Or try a custom scan with Malwarebytes via its options  or a scan if it has a right click "scan with Malwarebytes" context menu. Not sure if thats part of the free version.

There are also online scans that may have custom options so you wouldnt be scanning your entire HD.

 


How Can I Reduce My Risk to Malware?


#7 Ed_Vector

Ed_Vector
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 01 May 2015 - 01:16 PM

The folder options are okay, permissions are okay, nothing still shows up on any scan except the Norton. That said, I've still noticed no symptoms from any sort of virus or malware.

 

At this point, the main thing that makes me think my system might be infected is the difficulty I've had in copying/scanning cryptbase.dll. But could that be normal? If so I think I'd willingly dismiss this as a false positive.

 

Thanks so much for your help!



#8 shelf life

shelf life

  • Malware Response Team
  • 2,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:14 PM

Posted 01 May 2015 - 05:26 PM

Usually theres more clues if something is caused by malware. Windows might protect some files by default but theres usually a way around it. Have you used explorer to search and see if you have another copy on the machine somewhere?  I have 3 in 3 different paths. All 36KB in size, maybe compare the size of the .dll's. Not sure why it cant be copied to your desktop. You can do a online scan as another check. ESET's is pretty fast depending on your machine. Best to use Internet Explorer for the scan. Firefox and Chrome require a extra download/install.

 

http://www.eset.com/us/online-scanner/


How Can I Reduce My Risk to Malware?


#9 Ed_Vector

Ed_Vector
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 04 May 2015 - 12:18 PM

Thank you, and apologies for my absence.

 

I have 5 files named 'cryptbase.dll' in different paths.

Two of them are 36KB, two are 43KB. All four of these have a date modified of 7/13/2009, and can be copy/pasted. However, the fifth one, located at C:\Windows\System32\sysprep\cryptbase.dll (the one that's supposed to be infected) is 331KB, and was modified 4/18/2014 (and I've had this computer since before that date).

 

Another thing I noticed is that, on the problematic file, all of the security permissions are inherited from the folder, and administrator supposedly has 'full control', while none of the permissions are inherited on the other cryptbase files, and only 'trusted installer' has 'full control.' Should I try manually changing the permissions to match the other files?



#10 shelf life

shelf life

  • Malware Response Team
  • 2,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:14 PM

Posted 04 May 2015 - 05:09 PM

I think you mentioned it but is that .dll the only file in the sysprep folder?  I guess you could try changing the premissions to match the other files. You could always change them back.


How Can I Reduce My Risk to Malware?


#11 Ed_Vector

Ed_Vector
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 05 May 2015 - 01:16 PM

No luck with changing the permissions, and eset didn't find anything.

 

The sysprep folder has two files and two folders. cryptbase.dll (331KB), sysprep.exe (126KB), the en-US folder (which contains a single .mui file, 7KB), and a folder named Panther (18KB).



#12 shelf life

shelf life

  • Malware Response Team
  • 2,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:14 PM

Posted 05 May 2015 - 05:22 PM

Thats what I have in my sysprep folder minus the .dll. I think we are on a wild goose chase. I woudnt worry about it. You have run several tools that all come up negative. Any malware on board would have produced other symptoms by now. As for not being able to do anything with it my only guess would be its a locked down OS file?


How Can I Reduce My Risk to Malware?


#13 Ed_Vector

Ed_Vector
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 06 May 2015 - 12:02 PM

I think you're right.

 

I'm really sorry for putting you out over a false positive, but I really appreciate all the help you've given me. You're a real mensch.

 

Welp, I guess that's problem resolved!



#14 shelf life

shelf life

  • Malware Response Team
  • 2,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:14 PM

Posted 06 May 2015 - 05:08 PM

Hey, no problem. Its good to get things checked out.  Happy Safe Surfing "out there".


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users