Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe is using too much memory/hiding malware


  • This topic is locked This topic is locked
6 replies to this topic

#1 dshrader

dshrader

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 14 July 2015 - 08:39 AM

I seem to have malware or a virus hiding in svchost.exe, but I haven't been able to find it.  svchost.exe is presently consuming more RAM than any other program, and frequently consumes nearly all available memory slowing the computer to a grinding halt.  Of the 85 processes presently running, 14 of them are svchost.exe.  I'm sure some are legit.  They all seem to be running from the appropriate System32 file folder, so none are obviously deviant.  However, the fact that this has become an issue in recent weeks, with the svchost.exe process suddenly becoming this super memory consuming process, and has not been an issue in the nearly 5 years of this computer's life, makes me think I've picked up some malware that is running behind the svchost.exe.  Here is what I've run so far this week trying to find it.  

 

rkill.exe

tdsskiller.exe

aswMBR.exe

Malwarebytes: AntiMalware

ESET Online Scanner

Fix It from MSFT

HitmanPro

RogueKiller

Emsisoft Emergency Kit

SuperAntiSpyware

 

Nothing turned up an obvious virus or known malware threat beyond some tracking cookies.  I have the logs from each of those if you want to see them.  What do I do next?

 

Thanks for your help.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Meredith (administrator) on GIZMO on 14-07-2015 09:02:06
Running from C:\Users\Meredith\Downloads
Loaded Profiles: Meredith (Available Profiles: Meredith)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IDS Links) C:\Program Files (x86)\IDS LLC\IDS\Client\UpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\n360.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\n360.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Dropbox, Inc.) C:\Users\Meredith\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-02-24] (Affinegy, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-745830097-592147626-168477122-1003\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-745830097-592147626-168477122-1003\...\Run: [Dropbox Update] => C:\Users\Meredith\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-745830097-592147626-168477122-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7800088 2015-07-06] (SUPERAntiSpyware)
Startup: C:\Users\Meredith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\Meredith\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Meredith\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Meredith\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Meredith\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Meredith\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Meredith\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Meredith\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Meredith\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Meredith\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-745830097-592147626-168477122-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
URLSearchHook: HKU\S-1-5-21-745830097-592147626-168477122-1003 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-745830097-592147626-168477122-1003 -> {2EE66E61-A63F-4AA0-BED4-C3D4062D5CFF} URL = 
SearchScopes: HKU\S-1-5-21-745830097-592147626-168477122-1003 -> {CA9F2CC4-8B1B-432C-B0EB-D1E5479629BE} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS380
SearchScopes: HKU\S-1-5-21-745830097-592147626-168477122-1003 -> {F7CC56E5-9E50-4750-9A29-10E6B15BCA0B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-08] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
DPF: HKLM-x32 {1241F20B-0688-45A5-ADB2-208AFE4A5DDC} 
DPF: HKLM-x32 {5EF06782-55B2-4DF3-A57A-3FE8F1D2A181} https://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/ppmdforms.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: HKLM-x32 {9602B3CE-BC91-417D-B4FD-F6538C2ABB3B} https://a-app1.advancedmd.com/practicemanager/ppmdcontrols/amdswscheck.cab
DPF: HKLM-x32 {B15C3921-CCFA-4403-9E6F-4470839E835E} https://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/leadtools.cab
DPF: HKLM-x32 {CC99A86F-EA5D-414A-8231-7C3F1B10A644} https://a-app1.advancedmd.com/practicemanager/ppmdcontrols/amdsaudio.cab
DPF: HKLM-x32 {EE8CEFA4-1F91-11D4-B31E-00C04F1D37E6} https://a-app1.advancedmd.com/practicemanager/ppmdcontrols/ppmdvbdownload.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{977FBC7D-F82C-4307-AE69-7A21AD59A25D}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{EC373CBB-2DAC-42B9-8EF3-3903E1C22240}: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Meredith\AppData\Roaming\Mozilla\Firefox\Profiles\b0ws5anv.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2010-05-20] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1211151.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2010-05-20] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-745830097-592147626-168477122-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Meredith\AppData\Roaming\CATALI~2\NPBCSK~1.DLL No File
FF Plugin HKU\S-1-5-21-745830097-592147626-168477122-1003: hopster.com/CouponPrinterPlugin -> C:\Users\Meredith\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
FF Plugin HKU\S-1-5-21-745830097-592147626-168477122-1003: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Meredith\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-11-06] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-02-26] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Meredith\AppData\Roaming\Mozilla\Firefox\Profiles\b0ws5anv.default\searchplugins\duckduckgo.xml [2014-10-06]
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Meredith\AppData\Roaming\Mozilla\Firefox\Profiles\b0ws5anv.default\Extensions\LogMeInClient@logmein.com [2014-11-05]
FF Extension: anonymoX - C:\Users\Meredith\AppData\Roaming\Mozilla\Firefox\Profiles\b0ws5anv.default\Extensions\client@anonymox.net.xpi [2012-09-18]
FF Extension: Adblock Plus - C:\Users\Meredith\AppData\Roaming\Mozilla\Firefox\Profiles\b0ws5anv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-22]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-07-13]
FF HKLM-x32\...\Firefox\Extensions: [support@acs-ids.com] - C:\Program Files (x86)\IDS LLC\IDS\Plugin\idsnsplugin_ff3.windows
FF Extension: IDS IDS Server - C:\Program Files (x86)\IDS LLC\IDS\Plugin\idsnsplugin_ff3.windows [2013-01-23]
 
Chrome: 
=======
CHR Profile: C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-04]
CHR Extension: (Adblock Plus) - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-21]
CHR Extension: (AdBlock Plus for Chrome) - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcobmjifdimfbihnbnafhcpmifgmjlka [2014-12-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Norton Security Toolbar) - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-09]
CHR Extension: (Google Wallet) - C:\Users\Meredith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-07]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 GGUpdateClient; C:\Program Files (x86)\IDS LLC\IDS\Client\UpdateService.exe [108664 2012-09-21] (IDS Links)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe [265000 2015-03-26] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-16] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-07-13] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150712.001\IDSvia64.sys [692984 2015-06-20] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150713.033\ENG64.SYS [138488 2015-06-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150713.033\EX64.SYS [2146040 2015-06-23] (Symantec Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [222720 2009-09-01] (Realtek Semiconductor Corp.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-14 09:02 - 2015-07-14 09:02 - 00024860 _____ C:\Users\Meredith\Downloads\FRST.txt
2015-07-14 09:01 - 2015-07-14 09:02 - 00000000 ____D C:\FRST
2015-07-14 09:01 - 2015-07-14 09:01 - 02133504 _____ (Farbar) C:\Users\Meredith\Downloads\FRST64.exe
2015-07-13 16:17 - 2015-07-13 16:17 - 02001540 _____ C:\Users\Meredith\Downloads\pc-decrapifier-3.0.0.exe
2015-07-13 16:12 - 2015-07-13 16:12 - 22426456 _____ (SUPERAntiSpyware) C:\Users\Meredith\Downloads\SUPERAntiSpyware (2).exe
2015-07-13 15:42 - 2015-07-13 15:42 - 00001819 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-07-13 15:42 - 2015-07-13 15:42 - 00000000 ____D C:\Users\Meredith\AppData\Roaming\SUPERAntiSpyware.com
2015-07-13 15:42 - 2015-07-13 15:42 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-07-13 15:42 - 2015-07-13 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-13 15:42 - 2015-07-13 15:42 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-13 15:41 - 2015-07-13 15:41 - 22426456 _____ (SUPERAntiSpyware) C:\Users\Meredith\Downloads\SUPERAntiSpyware.exe
2015-07-13 15:41 - 2015-07-13 15:41 - 22426456 _____ (SUPERAntiSpyware) C:\Users\Meredith\Downloads\SUPERAntiSpyware (1).exe
2015-07-13 12:46 - 2015-07-13 12:51 - 00000000 ____D C:\AdwCleaner
2015-07-13 12:45 - 2015-07-13 12:45 - 02248704 _____ C:\Users\Meredith\Downloads\AdwCleaner.exe
2015-07-13 12:09 - 2015-07-13 12:09 - 00000754 _____ C:\Users\Meredith\Desktop\Start Emsisoft Emergency Kit.lnk
2015-07-13 12:08 - 2015-07-13 12:11 - 00000000 ____D C:\EEK
2015-07-13 11:42 - 2015-07-13 12:05 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-13 11:42 - 2015-07-13 11:42 - 00037624 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-07-13 11:26 - 2015-07-13 11:26 - 00043664 _____ C:\windows\system32\Drivers\hitmanpro37.sys
2015-07-13 11:25 - 2015-07-13 11:25 - 00013922 _____ C:\windows\system32\.crusader
2015-07-13 11:03 - 2015-07-13 11:25 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-13 11:01 - 2015-07-13 11:01 - 10113976 _____ (SurfRight B.V.) C:\Users\Meredith\Downloads\HitmanPro.exe
2015-07-13 10:45 - 2015-07-13 10:45 - 00991232 _____ C:\Users\Meredith\Downloads\MicrosoftFixit50267.msi
2015-07-13 08:19 - 2015-07-13 08:19 - 02870984 _____ (ESET) C:\Users\Meredith\Downloads\esetsmartinstaller_enu.exe
2015-07-12 23:05 - 2015-07-12 23:06 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 23:05 - 2015-07-12 23:05 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-12 23:05 - 2015-07-12 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-12 23:05 - 2015-07-12 23:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-12 23:05 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-12 23:05 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-12 23:02 - 2015-07-12 23:03 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Meredith\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-09 10:34 - 2015-07-09 10:34 - 18510000 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-09 10:12 - 2015-07-09 10:13 - 00000000 ____D C:\Users\Meredith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-08 10:24 - 2015-07-08 21:20 - 00000512 _____ C:\Users\Meredith\Desktop\MBR.dat
2015-07-08 10:06 - 2015-07-08 21:20 - 00008574 _____ C:\Users\Meredith\Desktop\aswMBR.txt
2015-07-08 09:46 - 2015-07-08 09:53 - 00002806 _____ C:\Users\Meredith\Desktop\Rkill.txt
2015-06-24 09:14 - 2015-06-24 09:14 - 00521760 _____ C:\windows\Minidump\062415-47705-01.dmp
2015-06-18 12:54 - 2015-07-14 09:00 - 00000930 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-745830097-592147626-168477122-1003UA.job
2015-06-18 12:54 - 2015-07-12 15:09 - 00000878 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-745830097-592147626-168477122-1003Core.job
2015-06-18 12:54 - 2015-06-18 12:54 - 00003906 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-745830097-592147626-168477122-1003UA
2015-06-18 12:54 - 2015-06-18 12:54 - 00003510 _____ C:\windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-745830097-592147626-168477122-1003Core
2015-06-18 12:54 - 2015-06-18 12:54 - 00000000 ____D C:\Users\Meredith\AppData\Local\Dropbox
2015-06-18 12:54 - 2015-06-18 12:54 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-15 20:30 - 2015-06-15 20:30 - 00611024 _____ C:\windows\Minidump\061515-50341-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-14 09:02 - 2009-07-14 01:13 - 00788704 _____ C:\windows\system32\PerfStringBackup.INI
2015-07-14 08:33 - 2012-04-08 17:21 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 08:20 - 2011-11-09 22:12 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-14 08:06 - 2012-05-12 22:51 - 01734308 _____ C:\windows\WindowsUpdate.log
2015-07-14 07:59 - 2009-07-14 00:45 - 00030352 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 07:59 - 2009-07-14 00:45 - 00030352 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 22:36 - 2015-05-06 13:28 - 00000000 ____D C:\Users\Meredith\Documents\Stock Market Information
2015-07-13 16:29 - 2009-11-16 22:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-13 16:27 - 2009-11-16 22:43 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2015-07-13 16:27 - 2009-11-16 22:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2015-07-13 16:27 - 2009-11-16 22:41 - 00000000 ____D C:\Program Files\TOSHIBA
2015-07-13 13:02 - 2014-11-10 17:04 - 00000000 ___RD C:\Users\Meredith\Dropbox
2015-07-13 13:02 - 2014-11-10 17:02 - 00000000 ____D C:\Users\Meredith\AppData\Roaming\Dropbox
2015-07-13 13:01 - 2011-11-09 22:12 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 12:59 - 2014-08-17 06:43 - 00017786 _____ C:\windows\setupact.log
2015-07-13 12:59 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-13 12:28 - 2014-08-17 06:42 - 00187726 _____ C:\windows\PFRO.log
2015-07-13 11:37 - 2011-01-14 11:04 - 00000000 ____D C:\Users\Meredith\AppData\Local\CrashDumps
2015-07-12 23:05 - 2011-12-27 17:48 - 00000000 ____D C:\Users\Meredith\AppData\Roaming\Malwarebytes
2015-07-12 23:05 - 2011-12-27 17:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-12 23:01 - 2009-07-14 01:08 - 00032596 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-07-09 10:39 - 2012-04-08 17:21 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-09 10:38 - 2012-04-08 17:21 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 10:38 - 2011-07-12 07:22 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-06 18:17 - 2013-11-09 13:27 - 00000000 ____D C:\Users\Meredith\Documents\Woman 2 Woman Mentoring Ministry
2015-07-06 09:47 - 2015-01-23 21:06 - 00000000 ____D C:\Program Files (x86)\YNAB 4
2015-07-03 10:22 - 2011-05-01 09:20 - 00000000 ____D C:\ProgramData\Skype
2015-07-03 09:50 - 2010-05-31 00:56 - 00000000 ____D C:\Users\Meredith\AppData\Local\Adobe
2015-06-30 21:43 - 2013-06-23 23:04 - 00000000 ____D C:\Users\Meredith\Desktop\Psychiatric Associates
2015-06-25 09:07 - 2015-05-06 13:44 - 00000000 ____D C:\Users\Meredith\Documents\Baby Info
2015-06-24 09:14 - 2014-09-08 16:04 - 498807784 _____ C:\windows\MEMORY.DMP
2015-06-24 09:14 - 2012-02-29 21:02 - 00000000 ____D C:\windows\Minidump
2015-06-23 12:01 - 2014-11-13 10:40 - 00000000 __SHD C:\Users\Meredith\AppData\Local\EmieBrowserModeList
2015-06-23 12:01 - 2014-04-30 20:19 - 00000000 __SHD C:\Users\Meredith\AppData\Local\EmieUserList
2015-06-23 12:01 - 2014-04-30 20:19 - 00000000 __SHD C:\Users\Meredith\AppData\Local\EmieSiteList
2015-06-18 14:43 - 2011-05-08 20:12 - 00000000 ____D C:\Users\Meredith\Documents\Favorite Cities
2015-06-18 08:41 - 2011-12-27 19:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-17 14:53 - 2015-06-04 12:41 - 00001569 _____ C:\Users\Meredith\Desktop\AlchemCharts.lnk
 
==================== Files in the root of some directories =======
 
2013-04-15 09:57 - 2013-08-23 10:53 - 0893239 _____ () C:\Users\Meredith\AppData\Local\a.zip
2013-04-15 09:57 - 2013-08-23 10:53 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Meredith\AppData\Local\BcsKtYcHW.dll
2011-06-01 16:38 - 2012-04-10 17:05 - 0004608 _____ () C:\Users\Meredith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-27 16:55 - 2011-12-27 17:50 - 0010396 ___SH () C:\Users\Meredith\AppData\Local\ltmt3evhk5v8t638eh5p
2013-11-13 14:42 - 2013-11-13 14:42 - 0000218 _____ () C:\Users\Meredith\AppData\Local\recently-used.xbel
2011-01-13 12:21 - 2011-01-21 09:58 - 0001940 _____ () C:\Users\Meredith\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2011-05-01 09:23 - 2011-05-01 09:23 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-11-02 11:34 - 2011-11-02 11:35 - 0000317 _____ () C:\ProgramData\hpzinstall.log
2011-12-27 16:55 - 2011-12-27 17:50 - 0010396 ___SH () C:\ProgramData\ltmt3evhk5v8t638eh5p
 
Some files in TEMP:
====================
C:\Users\Meredith\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvloqn7.dll
C:\Users\Meredith\AppData\Local\Temp\msvcp120.dll
C:\Users\Meredith\AppData\Local\Temp\msvcr120.dll
C:\Users\Meredith\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Meredith\AppData\Local\Temp\PicasaCD.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-13 00:19
 
==================== End of log ============================

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:33 PM

Posted 14 July 2015 - 11:26 AM

Hello dshrader,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:33 PM

Posted 15 July 2015 - 07:02 AM

Hello dshrader,

 

Given all the tools you have run and the lack of malware shown in your FRST log, I do not believe this issue is being caused by malware. I would like to pursue other avenues.

 

Your logs show that you have both SUPERAntiSpyware and Norton Security Suite installed. Having both of these installed and running can use a large amount of your system's resources and may be related to your issue.

 

Please uninstall SUPERAntiSpyware, restart your computer, and let me know if we have made any progress.   :thumbup2:


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#4 dshrader

dshrader
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 16 July 2015 - 08:58 PM

I'm uninstalling superantispyware and a few other things that are not necessary anymore.  I'll run the computer some tomorrow afternoon and let you know what it's doing.  Thanks for your help.



#5 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:33 PM

Posted 17 July 2015 - 06:54 AM

Sounds good, please try to report back within 72 hours. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:03:33 PM

Posted 19 July 2015 - 10:33 AM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,620 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:33 PM

Posted 21 July 2015 - 08:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users