Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COM Surrogate


  • This topic is locked This topic is locked
12 replies to this topic

#1 adam67

adam67

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 07 July 2015 - 07:37 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Adam (administrator) on ADAM on 07-07-2015 17:33:42
Running from C:\Users\Adam\Desktop
Loaded Profiles: Adam (Available Profiles: Adam)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ScrewDrivers RDP Plugin] => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [138096 2013-09-13] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-21-2767625072-4195341659-106157420-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2767625072-4195341659-106157420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6E69EF07-2AF0-4F57-99F0-E2CC984B8C00}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\Arc\plugins\NPSWF32.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-19] (Microsoft Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-08-13] (Microsoft Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2014-07-16] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2014-07-16] (Intel Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-07-16] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [1015304 2015-06-10] (Marvell Semiconductors Inc.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-07-16] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-07-16] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49776 2014-12-09] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [76424 2015-03-31] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-07-16] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-07-16] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [420352 2015-06-10] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 17:33 - 2015-07-07 17:33 - 00008150 _____ C:\Users\Adam\Desktop\FRST.txt
2015-07-07 17:32 - 2015-07-07 17:33 - 00000000 ____D C:\FRST
2015-07-07 17:32 - 2015-07-07 17:32 - 02112512 _____ (Farbar) C:\Users\Adam\Desktop\FRST64.exe
2015-07-07 17:16 - 2015-07-07 17:16 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-07 17:15 - 2015-07-07 17:15 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-07 17:15 - 2015-07-07 17:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-07 17:15 - 2015-07-07 17:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-07 17:15 - 2015-04-14 09:47 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-07 17:15 - 2015-04-14 09:46 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-07 17:15 - 2015-04-14 09:46 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-07 17:13 - 2015-07-07 17:13 - 00001827 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-07-07 17:13 - 2015-07-07 17:13 - 00000000 ____D C:\Users\Adam\AppData\Roaming\SUPERAntiSpyware.com
2015-07-07 17:13 - 2015-07-07 17:13 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-07-07 17:13 - 2015-07-07 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-07 17:13 - 2015-07-07 17:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-07 17:09 - 2015-07-07 17:29 - 00004952 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ADAM-Adam Adam
2015-07-05 05:22 - 2015-07-05 05:22 - 00000000 ____D C:\windows\LastGood.Tmp
2015-06-10 18:32 - 2015-06-10 18:32 - 00420352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WiFiCLass.sys
2015-06-10 18:29 - 2015-06-10 18:29 - 01015304 _____ (Marvell Semiconductors Inc.) C:\windows\system32\Drivers\mrvlpcie8897.sys
2015-06-09 23:07 - 2015-04-08 15:07 - 00410336 _____ C:\windows\system32\ApnDatabase.xml
2015-06-09 23:07 - 2015-03-19 20:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-06-09 23:07 - 2015-03-19 20:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-06-09 23:07 - 2015-03-19 19:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-06-09 23:07 - 2015-03-19 19:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-06-09 23:06 - 2015-05-27 07:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-09 23:06 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-09 23:06 - 2015-05-25 06:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-09 23:06 - 2015-05-25 06:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-09 23:06 - 2015-05-22 11:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-09 23:06 - 2015-05-22 06:08 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-09 23:06 - 2015-05-21 09:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-09 23:06 - 2015-05-21 06:08 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-09 23:06 - 2015-05-21 06:08 - 01020928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-09 23:06 - 2015-05-21 06:08 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-09 23:06 - 2015-05-21 06:08 - 00422912 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-09 23:06 - 2015-05-21 06:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-09 23:06 - 2015-05-21 06:08 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-09 23:06 - 2015-04-24 19:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-09 23:06 - 2015-04-24 19:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-09 23:06 - 2015-04-16 15:07 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-09 23:06 - 2015-04-15 23:17 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-06-09 23:06 - 2015-04-13 15:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2015-06-09 23:06 - 2015-04-13 15:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2015-06-09 23:06 - 2015-04-09 17:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-06-09 23:06 - 2015-04-09 17:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-06-09 23:06 - 2015-04-08 15:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
2015-06-09 23:06 - 2015-04-01 15:42 - 03097600 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-06-09 23:06 - 2015-04-01 15:30 - 02483712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-06-09 23:06 - 2015-03-31 21:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-06-09 23:06 - 2015-03-31 21:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-06-09 23:06 - 2015-03-31 21:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-06-09 23:06 - 2015-03-31 21:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-06-09 23:06 - 2015-03-31 20:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-06-09 23:06 - 2015-03-31 20:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-06-09 23:06 - 2015-03-31 20:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-06-09 23:06 - 2015-03-31 19:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-06-09 23:06 - 2015-03-31 19:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 23:06 - 2015-03-31 19:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-06-09 23:06 - 2015-03-31 19:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-06-09 23:06 - 2015-03-31 19:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-06-09 23:06 - 2015-03-31 19:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-06-09 23:06 - 2015-03-01 18:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2015-06-09 23:06 - 2015-03-01 18:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2015-06-09 23:05 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-09 23:05 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-09 23:05 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-09 23:05 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-09 23:05 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-09 23:05 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-09 23:05 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-09 23:05 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-09 23:05 - 2015-05-22 19:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-06-09 23:05 - 2015-05-22 19:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-06-09 23:05 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-09 23:05 - 2015-05-22 19:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-09 23:05 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-09 23:05 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-09 23:05 - 2015-05-22 19:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-06-09 23:05 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-09 23:05 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-09 23:05 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-09 23:05 - 2015-05-22 12:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-09 23:05 - 2015-05-22 12:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-09 23:05 - 2015-05-22 12:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-09 23:05 - 2015-05-22 11:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-09 23:05 - 2015-05-22 11:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-09 23:05 - 2015-05-22 11:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-09 23:05 - 2015-05-22 11:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-09 23:05 - 2015-05-22 11:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-06-09 23:05 - 2015-05-22 11:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-09 23:05 - 2015-05-22 11:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-06-09 23:05 - 2015-05-22 11:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-06-09 23:05 - 2015-05-22 11:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-09 23:05 - 2015-05-22 11:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-09 23:05 - 2015-05-22 11:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-09 23:05 - 2015-05-22 10:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-09 23:05 - 2015-05-22 10:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-09 23:05 - 2015-05-22 10:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-06-09 23:05 - 2015-05-22 10:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-09 23:05 - 2015-05-22 10:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 17:27 - 2014-12-03 11:39 - 01421011 _____ C:\windows\WindowsUpdate.log
2015-07-07 17:09 - 2014-12-03 12:01 - 00000000 ____D C:\Users\Adam\OneDrive
2015-07-07 17:00 - 2013-08-22 08:36 - 00000000 ____D C:\windows\system32\sru
2015-07-05 05:34 - 2014-08-13 18:14 - 00863592 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-05 05:22 - 2014-08-13 18:05 - 00029366 _____ C:\windows\PFRO.log
2015-07-05 05:22 - 2013-08-22 07:46 - 00033356 _____ C:\windows\setupact.log
2015-07-05 05:22 - 2013-08-22 07:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-05 05:22 - 2013-08-22 06:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-07-05 03:08 - 2014-12-03 12:08 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-04 21:27 - 2013-08-22 08:36 - 00000000 ____D C:\windows\AppReadiness
2015-07-03 17:29 - 2014-12-03 12:04 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2767625072-4195341659-106157420-1001
2015-07-03 05:20 - 2014-08-13 17:21 - 00000000 ____D C:\windows\Firmware
2015-07-02 15:35 - 2013-08-22 08:20 - 00000000 ____D C:\windows\CbsTemp
2015-07-01 21:40 - 2015-01-19 09:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-20 15:23 - 2014-12-14 18:19 - 00000000 __SHD C:\Users\Adam\AppData\Local\EmieBrowserModeList
2015-06-20 15:23 - 2014-12-03 12:23 - 00000000 __SHD C:\Users\Adam\AppData\Local\EmieUserList
2015-06-20 15:23 - 2014-12-03 12:23 - 00000000 __SHD C:\Users\Adam\AppData\Local\EmieSiteList
2015-06-19 20:02 - 2013-08-22 08:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-19 20:02 - 2013-08-22 08:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-15 17:40 - 2014-12-03 11:59 - 00000000 ____D C:\Users\Adam\AppData\Local\Packages
2015-06-15 17:37 - 2015-04-16 20:25 - 00000000 ____D C:\Program Files (x86)\Mumble
2015-06-12 04:32 - 2013-08-22 08:36 - 00000000 ____D C:\windows\rescache
2015-06-12 04:10 - 2013-08-22 07:44 - 00371720 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-12 03:54 - 2015-04-17 16:39 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-12 03:54 - 2015-04-17 16:39 - 00000000 ____D C:\windows\system32\appraiser
2015-06-12 03:54 - 2013-08-22 08:36 - 00000000 ___RD C:\windows\ToastData
2015-06-12 03:53 - 2013-08-22 08:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-10 03:46 - 2014-12-12 22:34 - 00000000 ____D C:\windows\system32\MRT
2015-06-10 03:44 - 2014-12-12 22:34 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-08-13 18:06 - 2014-08-13 18:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Adam\AppData\Local\Temp\SetupHomeStudentRetail.x86.en-US_HomeStudentRetail_3WR3N-H963F-YPD77-DWRFW-78M3F_act_1_.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-02 05:03

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Adam at 2015-07-07 17:33:57
Running from C:\Users\Adam\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Adam (S-1-5-21-2767625072-4195341659-106157420-1001 - Administrator - Enabled) => C:\Users\Adam
Administrator (S-1-5-21-2767625072-4195341659-106157420-500 - Administrator - Disabled)
Guest (S-1-5-21-2767625072-4195341659-106157420-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AppliedOnline Install (HKLM-x32\...\AppliedOnline Install_is1) (Version:  - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 64 bit (HKLM\...\{9040C3D4-2ACC-42DC-8850-4654CF3D2EEB}) (Version: 1.0.4 - Applied Systems, Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2767625072-4195341659-106157420-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
ScrewDrivers Client v4 x64 (rdp only) (HKLM\...\{3430BD20-FA33-4721-8225-AC5099EE2B73}) (Version: 4.7.02 - triCerat, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2767625072-4195341659-106157420-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2767625072-4195341659-106157420-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

15-06-2015 17:37:42 Removed Mumble 1.2.8
02-07-2015 15:34:28 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05D7A55C-EA34-4D42-854C-DBD32029C4F1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ADAM-Adam Adam => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-28] (Microsoft Corporation)
Task: {14A12852-3436-4431-8B39-5B0E5895A9A1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {9FD28E39-1DE9-4C14-A33F-1AC820EBE7C6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {CE5D9429-D72A-46FF-9C1C-9E7695D61663} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {FFF137D1-2E31-4EFF-B889-C03C3DDDA4D2} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2767625072-4195341659-106157420-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-19 09:23 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-17 17:03 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-20 18:35 - 2015-01-20 18:35 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Adam\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2767625072-4195341659-106157420-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Surface\Surface.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{E7198340-0BF8-42E7-A225-9DCCC2E98737}] => (Allow) C:\Users\Adam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{F9D9611B-2CE3-4899-A4CA-A9EB810AA37A}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{90997255-BBED-4EDF-9668-E2CB549AD7A6}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2015 04:16:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/06/2015 05:44:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BackgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13a8

Start Time: 01d0b7e87fd37622

Termination Time: 4294967295

Application Path: C:\windows\System32\BackgroundTaskHost.exe

Report Id: ccc9f98f-23dc-11e5-827a-6002927c6dbd

Faulting package full name: Microsoft.BingSports_3.0.4.322_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexSports

Error: (07/02/2015 05:02:51 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/21/2015 04:18:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1084

Start Time: 01d0ac7882e8dded

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: cae8f8f6-186b-11e5-8278-6002927c6dbd

Faulting package full name:

Faulting package-relative application ID:

Error: (06/17/2015 03:04:10 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/16/2015 03:35:29 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/12/2015 04:12:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BackgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1138

Start Time: 01d0a5643ba65a2d

Termination Time: 4294967295

Application Path: C:\windows\System32\BackgroundTaskHost.exe

Report Id: 889e35ca-1158-11e5-8278-6002927c6dbd

Faulting package full name: Microsoft.BingSports_3.0.4.322_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexSports

Error: (06/10/2015 03:47:40 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/09/2015 05:13:12 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/03/2015 03:34:53 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

System errors:
=============
Error: (07/05/2015 05:22:41 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 12291) (User: NT AUTHORITY)
Description: SAM failed to start the TCP/IP or SPX/IPX listening thread

Error: (07/01/2015 09:29:12 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/23/2015 01:56:48 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (06/22/2015 10:11:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

Error: (06/21/2015 09:51:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (06/21/2015 09:51:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (06/21/2015 09:51:03 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (06/21/2015 09:51:03 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (06/21/2015 00:58:41 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (06/20/2015 06:18:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

Microsoft Office:
=========================
Error: (07/07/2015 04:16:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (07/06/2015 05:44:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BackgroundTaskHost.exe6.3.9600.1741513a801d0b7e87fd376224294967295C:\windows\System32\BackgroundTaskHost.execcc9f98f-23dc-11e5-827a-6002927c6dbdMicrosoft.BingSports_3.0.4.322_x64__8wekyb3d8bbweAppexSports

Error: (07/02/2015 05:02:51 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (06/21/2015 04:18:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17840108401d0ac7882e8dded15C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEcae8f8f6-186b-11e5-8278-6002927c6dbd

Error: (06/17/2015 03:04:10 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (06/16/2015 03:35:29 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (06/12/2015 04:12:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BackgroundTaskHost.exe6.3.9600.17415113801d0a5643ba65a2d4294967295C:\windows\System32\BackgroundTaskHost.exe889e35ca-1158-11e5-8278-6002927c6dbdMicrosoft.BingSports_3.0.4.322_x64__8wekyb3d8bbweAppexSports

Error: (06/10/2015 03:47:40 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (06/09/2015 05:13:12 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (06/03/2015 03:34:53 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

CodeIntegrity Errors:
===================================
  Date: 2015-03-15 22:59:14.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 22:59:14.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 22:58:27.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 22:58:27.099
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 13:35:20.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 13:35:20.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 13:34:20.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 13:34:19.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 12:54:39.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 12:54:38.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4650U CPU @ 1.70GHz
Percentage of memory in use: 26%
Total physical RAM: 8097.07 MB
Available physical RAM: 5939.41 MB
Total Virtual: 9377.07 MB
Available Virtual: 7022.36 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:232.64 GB) (Free:204.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: C4A16F17)

Partition: GPT Partition Type.

==================== End of log ============================



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:30 PM

Posted 12 July 2015 - 07:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/582156 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 13 July 2015 - 07:49 PM

1. Multiple COM surrogates popup in task manager. I'm told almost daily I need to restart to finish a windows update.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Adam at 2015-07-13 17:42:25
Running from C:\Users\Adam\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Adam (S-1-5-21-2767625072-4195341659-106157420-1001 - Administrator - Enabled) => C:\Users\Adam
Administrator (S-1-5-21-2767625072-4195341659-106157420-500 - Administrator - Disabled)
Guest (S-1-5-21-2767625072-4195341659-106157420-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AppliedOnline Install (HKLM-x32\...\AppliedOnline Install_is1) (Version:  - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 64 bit (HKLM\...\{9040C3D4-2ACC-42DC-8850-4654CF3D2EEB}) (Version: 1.0.4 - Applied Systems, Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2767625072-4195341659-106157420-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
ScrewDrivers Client v4 x64 (rdp only) (HKLM\...\{3430BD20-FA33-4721-8225-AC5099EE2B73}) (Version: 4.7.02 - triCerat, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2767625072-4195341659-106157420-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2767625072-4195341659-106157420-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

15-06-2015 17:37:42 Removed Mumble 1.2.8
02-07-2015 15:34:28 Windows Update
09-07-2015 17:17:40 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05D7A55C-EA34-4D42-854C-DBD32029C4F1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ADAM-Adam Adam => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-28] (Microsoft Corporation)
Task: {14A12852-3436-4431-8B39-5B0E5895A9A1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {CE5D9429-D72A-46FF-9C1C-9E7695D61663} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {D3F364FA-BC85-4742-B4DC-E7321BC436A5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {FFF137D1-2E31-4EFF-B889-C03C3DDDA4D2} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2767625072-4195341659-106157420-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (Whitelisted) ==============

2015-01-19 09:23 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-17 17:03 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-20 18:35 - 2015-01-20 18:35 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-01-20 18:33 - 2015-01-20 18:33 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Adam\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2767625072-4195341659-106157420-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Surface\Surface.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{E7198340-0BF8-42E7-A225-9DCCC2E98737}] => (Allow) C:\Users\Adam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{F9D9611B-2CE3-4899-A4CA-A9EB810AA37A}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{90997255-BBED-4EDF-9668-E2CB549AD7A6}C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\neverwinter_en\neverwinter\live\gameclient.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2015 05:45:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BackgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4ac

Start Time: 01d0bd68b947b518

Termination Time: 4294967295

Application Path: C:\windows\System32\BackgroundTaskHost.exe

Report Id: 063e0c20-295d-11e5-827a-6002927c6dbd

Faulting package full name: Microsoft.BingSports_3.0.4.322_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexSports

Error: (07/12/2015 05:45:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BackgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ef8

Start Time: 01d0bc9f899a4f84

Termination Time: 4294967295

Application Path: C:\windows\System32\BackgroundTaskHost.exe

Report Id: d690c449-2893-11e5-827a-6002927c6dbd

Faulting package full name: Microsoft.BingSports_3.0.4.322_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexSports

Error: (07/09/2015 05:46:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BackgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1398

Start Time: 01d0ba441baabd46

Termination Time: 4294967295

Application Path: C:\windows\System32\BackgroundTaskHost.exe

Report Id: 68ad1610-2638-11e5-827a-6002927c6dbd

Faulting package full name: Microsoft.BingSports_3.0.4.322_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexSports

Error: (07/08/2015 05:55:35 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/07/2015 04:16:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/06/2015 05:44:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BackgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13a8

Start Time: 01d0b7e87fd37622

Termination Time: 4294967295

Application Path: C:\windows\System32\BackgroundTaskHost.exe

Report Id: ccc9f98f-23dc-11e5-827a-6002927c6dbd

Faulting package full name: Microsoft.BingSports_3.0.4.322_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexSports

Error: (07/02/2015 05:02:51 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/21/2015 04:18:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1084

Start Time: 01d0ac7882e8dded

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: cae8f8f6-186b-11e5-8278-6002927c6dbd

Faulting package full name:

Faulting package-relative application ID:

Error: (06/17/2015 03:04:10 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (06/16/2015 03:35:29 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

System errors:
=============
Error: (07/10/2015 11:41:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

Error: (07/10/2015 05:11:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

Error: (07/09/2015 08:00:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

Error: (07/09/2015 05:29:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/09/2015 05:28:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/05/2015 05:22:41 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 12291) (User: NT AUTHORITY)
Description: SAM failed to start the TCP/IP or SPX/IPX listening thread

Error: (07/01/2015 09:29:12 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (06/23/2015 01:56:48 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

Error: (06/22/2015 10:11:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

Error: (06/21/2015 09:51:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Microsoft Office:
=========================
Error: (07/13/2015 05:45:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BackgroundTaskHost.exe6.3.9600.174154ac01d0bd68b947b5184294967295C:\windows\System32\BackgroundTaskHost.exe063e0c20-295d-11e5-827a-6002927c6dbdMicrosoft.BingSports_3.0.4.322_x64__8wekyb3d8bbweAppexSports

Error: (07/12/2015 05:45:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BackgroundTaskHost.exe6.3.9600.17415ef801d0bc9f899a4f844294967295C:\windows\System32\BackgroundTaskHost.exed690c449-2893-11e5-827a-6002927c6dbdMicrosoft.BingSports_3.0.4.322_x64__8wekyb3d8bbweAppexSports

Error: (07/09/2015 05:46:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BackgroundTaskHost.exe6.3.9600.17415139801d0ba441baabd464294967295C:\windows\System32\BackgroundTaskHost.exe68ad1610-2638-11e5-827a-6002927c6dbdMicrosoft.BingSports_3.0.4.322_x64__8wekyb3d8bbweAppexSports

Error: (07/08/2015 05:55:35 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (07/07/2015 04:16:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (07/06/2015 05:44:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BackgroundTaskHost.exe6.3.9600.1741513a801d0b7e87fd376224294967295C:\windows\System32\BackgroundTaskHost.execcc9f98f-23dc-11e5-827a-6002927c6dbdMicrosoft.BingSports_3.0.4.322_x64__8wekyb3d8bbweAppexSports

Error: (07/02/2015 05:02:51 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (06/21/2015 04:18:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17840108401d0ac7882e8dded15C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEcae8f8f6-186b-11e5-8278-6002927c6dbd

Error: (06/17/2015 03:04:10 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

Error: (06/16/2015 03:35:29 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Windows RE toolsThe parameter is incorrect. (0x80070057)

CodeIntegrity Errors:
===================================
  Date: 2015-03-15 22:59:14.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 22:59:14.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 22:58:27.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 22:58:27.099
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 13:35:20.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 13:35:20.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 13:34:20.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 13:34:19.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 12:54:39.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 12:54:38.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\d3d10_1.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4650U CPU @ 1.70GHz
Percentage of memory in use: 16%
Total physical RAM: 8097.07 MB
Available physical RAM: 6750.68 MB
Total Virtual: 9377.07 MB
Available Virtual: 7997.56 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:232.64 GB) (Free:202.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: C4A16F17)

Partition: GPT Partition Type.

==================== End of log =========================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Adam (administrator) on ADAM on 13-07-2015 17:42:07
Running from C:\Users\Adam\Desktop
Loaded Profiles: Adam (Available Profiles: Adam)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ScrewDrivers RDP Plugin] => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [138096 2013-09-13] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-21-2767625072-4195341659-106157420-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7800088 2015-07-13] (SUPERAntiSpyware)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2767625072-4195341659-106157420-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6E69EF07-2AF0-4F57-99F0-E2CC984B8C00}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-20] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Program Files (x86)\Arc\plugins\NPSWF32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-19] (Microsoft Corporation)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-08-13] (Microsoft Corporation)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2014-07-16] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2014-07-16] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-07-16] (Intel Corporation)
R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [1015304 2015-06-10] (Marvell Semiconductors Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-07-16] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-11-27] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-07-16] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49776 2014-12-09] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [76424 2015-03-31] (Microsoft Corporation)
S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-07-16] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-07-16] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [420352 2015-06-10] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 17:42 - 2015-07-13 17:42 - 00008432 _____ C:\Users\Adam\Desktop\FRST.txt
2015-07-13 17:41 - 2015-07-13 17:41 - 00000000 ____D C:\Users\Adam\Desktop\FRST-OlderVersion
2015-07-10 23:07 - 2015-07-10 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-10 23:07 - 2015-07-10 23:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-10 23:07 - 2015-07-10 23:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-07 17:39 - 2015-07-07 17:39 - 02244096 _____ C:\Users\Adam\Desktop\AdwCleaner.exe
2015-07-07 17:39 - 2015-07-07 17:39 - 00000000 ____D C:\AdwCleaner
2015-07-07 17:32 - 2015-07-13 17:42 - 00000000 ____D C:\FRST
2015-07-07 17:32 - 2015-07-13 17:41 - 02133504 _____ (Farbar) C:\Users\Adam\Desktop\FRST64.exe
2015-07-07 17:16 - 2015-07-07 17:16 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-07 17:15 - 2015-07-07 17:15 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-07 17:15 - 2015-07-07 17:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-07 17:15 - 2015-07-07 17:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-07 17:15 - 2015-04-14 09:47 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-07 17:15 - 2015-04-14 09:46 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-07 17:15 - 2015-04-14 09:46 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-07 17:13 - 2015-07-13 17:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-07 17:13 - 2015-07-07 17:13 - 00001827 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-07-07 17:13 - 2015-07-07 17:13 - 00000000 ____D C:\Users\Adam\AppData\Roaming\SUPERAntiSpyware.com
2015-07-07 17:13 - 2015-07-07 17:13 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-07-07 17:13 - 2015-07-07 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-07 17:09 - 2015-07-13 17:36 - 00004954 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ADAM-Adam Adam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 17:40 - 2014-12-03 12:04 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2767625072-4195341659-106157420-1001
2015-07-13 17:39 - 2014-08-13 18:14 - 00863592 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-13 17:37 - 2014-12-03 11:39 - 01512436 _____ C:\windows\WindowsUpdate.log
2015-07-13 17:35 - 2014-12-03 12:01 - 00000000 ___RD C:\Users\Adam\OneDrive
2015-07-13 17:35 - 2014-08-13 18:05 - 00029742 _____ C:\windows\PFRO.log
2015-07-13 17:35 - 2013-08-22 07:46 - 00033472 _____ C:\windows\setupact.log
2015-07-13 17:35 - 2013-08-22 07:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-13 17:35 - 2013-08-22 06:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-07-13 17:05 - 2013-08-22 08:36 - 00000000 ____D C:\windows\system32\sru
2015-07-11 05:46 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-10 04:35 - 2013-08-22 08:36 - 00000000 ____D C:\windows\AppReadiness
2015-07-09 17:17 - 2013-08-22 08:20 - 00000000 ____D C:\windows\CbsTemp
2015-07-06 14:24 - 2013-08-22 08:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 14:24 - 2013-08-22 08:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-05 03:08 - 2014-12-03 12:08 - 00300704 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-07-03 05:20 - 2014-08-13 17:21 - 00000000 ____D C:\windows\Firmware
2015-07-01 21:40 - 2015-01-19 09:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-20 15:23 - 2014-12-14 18:19 - 00000000 __SHD C:\Users\Adam\AppData\Local\EmieBrowserModeList
2015-06-20 15:23 - 2014-12-03 12:23 - 00000000 __SHD C:\Users\Adam\AppData\Local\EmieUserList
2015-06-20 15:23 - 2014-12-03 12:23 - 00000000 __SHD C:\Users\Adam\AppData\Local\EmieSiteList
2015-06-15 17:40 - 2014-12-03 11:59 - 00000000 ____D C:\Users\Adam\AppData\Local\Packages
2015-06-15 17:37 - 2015-04-16 20:25 - 00000000 ____D C:\Program Files (x86)\Mumble

==================== Files in the root of some directories =======

2014-08-13 18:06 - 2014-08-13 18:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-10 03:05

==================== End of log ============================



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:30 PM

Posted 20 July 2015 - 10:17 AM

Hello, and welcome to the Malware Removal Logs area :)

My name is Alexstrasza and I will assist you with your problem. You can call me Alex :)

Please allow me some time to look over your logs and I will be back with instructions.

#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:30 PM

Posted 21 July 2015 - 03:07 PM

Hi there :)
 
Before we begin, there are a few things I want to make sure you know:
  • I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.
  • Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.
Shall we begin then?

===

Do the COM Surrogate processes come and go, or do they stay there?

You can run this tool and see if it finds anything.

ESET Poweliks Cleaner
logo.png
Please download ESET Poweliks Cleaner and save it to your Desktop.
  • Double-click ESETPoweliksCleaner.exe to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Regards,
Alex 

#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:30 PM

Posted 24 July 2015 - 02:32 PM

Hello,

It has been three days since my last post. Do you still need help?

Regards,
Alex

Edited by Alexstrasza, 24 July 2015 - 02:33 PM.


#7 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 24 July 2015 - 02:33 PM

Yes, Sorry I have been busy all week. I will follow your directions tonight and post the log.



#8 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 24 July 2015 - 08:00 PM

nothing found

[2015.07.24 17:51:53.443] - Begin
[2015.07.24 17:51:53.443] -
[2015.07.24 17:51:53.443] -     ....................................
[2015.07.24 17:51:53.443] -   ..::::::::::::::::::....................
[2015.07.24 17:51:53.443] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2015.07.24 17:51:53.443] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.5
[2015.07.24 17:51:53.443] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Jun 30 2015
[2015.07.24 17:51:53.458] -  .::EE:::::::::::::SS:.EE..........TT......
[2015.07.24 17:51:53.458] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2015.07.24 17:51:53.458] -   ..::::::::::::::::::....................    1992-2015. All rights reserved.
[2015.07.24 17:51:53.458] -     ....................................
[2015.07.24 17:51:53.458] -
[2015.07.24 17:51:53.458] - --------------------------------------------------------------------------------
[2015.07.24 17:51:53.458] -
[2015.07.24 17:51:53.458] - INFO: OS: 6.2.9200 SP0
[2015.07.24 17:51:53.458] - INFO: Product Type: Workstation
[2015.07.24 17:51:53.458] - INFO: WoW64: True
[2015.07.24 17:51:53.458] - INFO: Machine guid: 23F0C723-F6D0-4F30-81BE-335CBB1E1D90
[2015.07.24 17:51:53.458] -
[2015.07.24 17:51:54.931] - INFO: Scanning for system infection...
[2015.07.24 17:51:54.931] - --------------------------------------------------------------------------------
[2015.07.24 17:51:54.931] -
[2015.07.24 17:51:54.931] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2015.07.24 17:51:54.931] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2015.07.24 17:51:54.931] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2015.07.24 17:51:54.931] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2015.07.24 17:51:54.931] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]...
[2015.07.24 17:51:54.931] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]...
[2015.07.24 17:51:54.931] - INFO: Processing classes...
[2015.07.24 17:51:54.931] - INFO: Processing clsid [\Registry\User\S-1-5-21-2767625072-4195341659-106157420-1001\SOFTWARE\Classes\CLSID\{1FA8DFD2-E066-47D9-BC91-F77DE2B4CC20}]
[2015.07.24 17:51:54.931] - INFO: Processing clsid [\Registry\User\S-1-5-21-2767625072-4195341659-106157420-1001\SOFTWARE\Classes\CLSID\{3063357E-821C-4A7D-B49A-F61EA772BF9B}]
[2015.07.24 17:51:54.931] - INFO: Processing clsid [\Registry\User\S-1-5-21-2767625072-4195341659-106157420-1001\SOFTWARE\Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}]
[2015.07.24 17:51:54.931] - INFO: Processing clsid [\Registry\User\S-1-5-21-2767625072-4195341659-106157420-1001\SOFTWARE\Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}]
[2015.07.24 17:51:54.931] - INFO: Processing clsid [\Registry\User\S-1-5-21-2767625072-4195341659-106157420-1001\SOFTWARE\Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}]
[2015.07.24 17:51:54.931] - INFO: Processing clsid [\Registry\User\S-1-5-21-2767625072-4195341659-106157420-1001\SOFTWARE\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}]
[2015.07.24 17:51:54.931] - INFO: Processing clsid [\Registry\User\S-1-5-21-2767625072-4195341659-106157420-1001\SOFTWARE\Classes\CLSID\{1FA8DFD2-E066-47D9-BC91-F77DE2B4CC20}]
[2015.07.24 17:51:54.931] - INFO: Processing clsid [\Registry\User\S-1-5-21-2767625072-4195341659-106157420-1001\SOFTWARE\Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}]
[2015.07.24 17:51:54.931] - INFO: Processing clsid [\Registry\User\S-1-5-21-2767625072-4195341659-106157420-1001\SOFTWARE\Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}]
[2015.07.24 17:51:54.931] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2015.07.24 17:51:54.931] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2015.07.24 17:51:54.931] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.07.24 17:51:54.931] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2015.07.24 17:51:54.931] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2015.07.24 17:51:54.931] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2015.07.24 17:51:54.931] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.07.24 17:51:54.931] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.07.24 17:51:54.931] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2015.07.24 17:51:54.931] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2015.07.24 17:51:54.931] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2015.07.24 17:51:54.931] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2015.07.24 17:51:54.931] - INFO: (XSW) Scanning for XSW variant...
[2015.07.24 17:51:54.931] - INFO: (XSW) Processing users subkeys...
[2015.07.24 17:51:54.931] - INFO: Win32/Poweliks not found
[2015.07.24 17:54:25.049] - End
 



#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:30 PM

Posted 25 July 2015 - 08:05 AM

Hi adam67,

Do you have any problems? COM Surrogate is a normal Windows process, and if it comes and goes in your Task Manager then that is completely normal.

ESET Poweliks Cleaner checked for a malware that commonly abuses this process. Since it did not find anything, it is safe to say that you are not infected.

Regards,
Alex 

#10 adam67

adam67
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 27 July 2015 - 02:44 PM

no, guess its all good then. Thank you for your help checking.



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:30 PM

Posted 28 July 2015 - 04:15 AM

Hi adam67,

We will do one last scan to make sure that there is nothing lurking in your machine.

Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objectsNote, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

===

Can you check for Windows Updates manually using these instructions, and let it install all the ones marked Important?

Regards,
Alex 



#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:30 PM

Posted 31 July 2015 - 04:31 AM

Hi adam67,

Are you still there with me? It's been three days since my last post.

Regards,
Alex

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:30 AM

Posted 03 August 2015 - 02:57 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users