dllhost.exe and svchost.exe (poweliks virus) #?

new

jobags
New Helpee

Posts: 18

dllhost.exe and svchost.exe (poweliks virus) #? Oct 27, 2014 2:06:50 GMT -8

Post by jobags on Oct 27, 2014 2:06:50 GMT -8

My computer is running very slow. Web pages take a long time to load, and often get a ooops, can't load this page error. CPU high risk window keeps popping up. Norton window keeps popping up saying it is blocking several malicious websites (Poweliks, AdClicker to name a few). Task manager has multiple dllhost.exe*32 and svchost.exe, com surrogate programs running with high usage.

I am running Norton security suite and malwarebytes anti malware. I have done numerous scans with both, and several Norton power eraser scans, even in safe mode with internet. Everything comes up "no threats detected", but the computer is still running slow.

If I do a file cleanup in through Norton, it deletes anywhere from 30,000 to over 200,000 temporary windows files, every time.

I even signed in to Norton and gave control over to their tech, who ran a Norton power eraser, said the computer was virus free and logged off, only to have the problem still happening.

I am running Windows 7 Home Premium, Service Pack 1, 64 Bit OS

Last Edit: Nov 1, 2014 12:47:53 GMT -8 by Quads

dbrisen
Malware Removalists

Posts: 3,688

dllhost.exe and svchost.exe (poweliks virus) #? Oct 27, 2014 6:18:38 GMT -8

Post by dbrisen on Oct 27, 2014 6:18:38 GMT -8

Do Not use advanced tools or any tools used on this board without supervision.

Malware removal can be difficult over a forum as it is, without a user doing their own actions, the tools used are more advanced and thus have added danger that comes with that. This board is protected so that only Malware removers, Admin and Mods can reply to a users thread but all members can create a thread asking for removal of Infection(s)

Make changes to your computer only when the Malware Expert specifically states it. The Malware Experts request specific steps to be followed, as some malware removal requires multiple steps and evaluations along the way. When you take other advice or make other changes, this often negates the work done by the expert, and can sometimes result in an inoperable system.

This also includes any tools or steps other than those the from the Malware Expert. We need to be certain about the state of your system to see what actually is going on, and what is required to fix the system while not harming the rest of the system. Most often, well-intentioned independent efforts can make things much worse. The malware remediation tools are more advanced than other tools, and can often create bigger problems when used without expert guidance.

Follow all the directions in order, and to the end. Please perform all steps in the order they are listed in each set of instructions. As you might imagine, some steps are a bit complicated. If things are not clear, be sure to stop and let the Malware Expert know the problem. We don't mind clarifying a situation, as others might have the same question. If a tool does not run as expected, don't force it. Stop the steps, and update the forum topic with the current situation. It is better stop and let us know, than to force a tool to run and cause bigger problems. Bottom line is, if you are not sure about something, STOP and ASK until you are sure.

Also, when your computer is clean and we are finished, the Expert will tell you we are finished. Malware removal is a process that requires verification, and we want to be sure your system is completely clean before we're done.

When describing your problem, provide as much information as possible, as soon as possible. Explain as best you can what happens with your computer, e.g. it beeps three times, black screen with cursor then goes no further, system gets stuck at the Windows startup logo, etc. This helps the expert to understand what is happening to the system and what may be wrong. If your computer cannot start up successfully please provide details about your installed Windows Operating System, including the Version, Edition and if it is a 32bit or a 64bit system. (e.g. Windows Vista Home Premium 32-bit)

When the user follow instructions and things still go a little haywire, and it does happen, it is up to us to sort the extra problem out.

Take longer to read if your language is not English, so that hopefully it is understood.

>>>>>> Reply stating you have read the post fully. <<<<<<<

Also, please tell us what your Operating system is (Win7 Ultimate, Vista Home Premium, Win XP Pro, etc.) and is it 32 bit or 64 bit. WE need this information to direct you to the proper tools to use.

I will not provide malware removal by PM; please post in your thread on the Malware Removal board.
My help is always free but if you would like to help encourage me or show your thanks -----> DONATE

jobags
New Helpee

Posts: 18

dllhost.exe and svchost.exe (poweliks virus) #? Oct 27, 2014 6:28:29 GMT -8

Post by jobags on Oct 27, 2014 6:28:29 GMT -8

I have read the post several times and so far, I understand.

One quick question, during this process, can I run a browser or e-mail ?

My system is Windows 7 Home Premium, Service Pack 1, and 64 bit operating system.

dbrisen
Malware Removalists

Posts: 3,688

dllhost.exe and svchost.exe (poweliks virus) #? Oct 27, 2014 6:48:11 GMT -8

Post by dbrisen on Oct 27, 2014 6:48:11 GMT -8

Limiting your time on the internet helps to keep the infections from downloading their "buddies" but yes you can do some surfing and email.

Read Slowly and all of it.

Please download www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ You need to download the 64 bit version.

Place FRST64.exe onto your desktop from where ever it downloaded to. IF IT IS NOT ON THE DESKTOP (YOU DID NOT DOWNLOAD DIRECTLY TO DESKTOP), THEN RIGHT CLICK ON THE DOWNLOADED FILE AND SELECT CUT. FIND A BLANK SPOT ON YOUR DESKTOP AND RIGHT CLICK ON IT, SELECT PASTE AND THE FILE WILL BE ON THE DESKTOP. Thank You (this is very important later on)!

Start FRST64 that is on your Desktop

The tool will start to run.
When the tool opens click Yes to disclaimer. (if it does)
Press Scan button.

It will make two logs (FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. (Ask if you don't know how to do either of these).

Notes:

If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file.

Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com or filedropper.com to upload the file and then post the download link here in your reply post.

jobags New Helpee Posts: 18	dllhost.exe and svchost.exe (poweliks virus) #? Oct 27, 2014 7:13:27 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by jobags on Oct 27, 2014 7:13:27 GMT -8 I would rather attach the logs here, how do I do that ?

jobags
New Helpee

Posts: 18

dllhost.exe and svchost.exe (poweliks virus) #? Oct 27, 2014 7:21:05 GMT -8

Post by jobags on Oct 27, 2014 7:21:05 GMT -8

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014
Ran by Joe (administrator) on JOE-PC on 27-10-2014 11:11:31
Running from C:\Users\Joe\Desktop
Loaded Profile: Joe (Available profiles: Joe)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
( ) C:\Windows\System32\lxducoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\dcmsvc\dcmsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
() C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe [131752 2010-02-04] (Lexmark International Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-09-15] (Intel Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2009-12-04] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-23] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-4233458567-514251200-2730280977-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-4233458567-514251200-2730280977-1000\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
HKU\S-1-5-21-4233458567-514251200-2730280977-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-4233458567-514251200-2730280977-1000\...\MountPoints2: {52184bb1-342e-11e2-80b5-00266c414442} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-4233458567-514251200-2730280977-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23\Remind.exe (Broderbund Properties LLC)
Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk
ShortcutTarget: Warner Bros.lnk -> C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe (No File)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM-x32 - DefaultScope {6E66B647-1285-4BE5-B8E6-BEA021BF61E9} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\0yy3pbig.default
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-yff22&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\0yy3pbig.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-20]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-26]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN30997964111632928&ctid=CT3298566&UM=2&UP=SPF27390C5-C68B-4FC5-A59C-73A52136BD88&SSPV=
CHR DefaultSuggestURL: Default -> suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-14]
CHR Extension: (Google Wallet) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKCU\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Joe\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-05-13]
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Joe\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-05-13]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [457200 2009-06-02] ()
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
S4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-17] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [126392 2011-11-07] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141016.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-19] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141024.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141026.020\ENG64.SYS [129752 2014-10-19] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141026.020\EX64.SYS [2137304 2014-10-19] (Symantec Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2014-10-26] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 11:11 - 2014-10-27 11:12 - 00022122 _____ () C:\Users\Joe\Desktop\FRST.txt
2014-10-27 11:11 - 2014-10-27 11:11 - 00000000 ____D () C:\FRST
2014-10-27 11:08 - 2014-10-27 11:08 - 02113024 _____ (Farbar) C:\Users\Joe\Desktop\frst64.exe
2014-10-26 20:31 - 2014-10-26 20:31 - 00003195 _____ () C:\Users\Joe\Desktop\Sophos Virus Removal Tool.lnk
2014-10-26 20:31 - 2014-10-26 20:31 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-10-26 20:31 - 2014-10-26 20:31 - 00000000 ____D () C:\ProgramData\Sophos
2014-10-26 20:31 - 2014-10-26 20:31 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-10-26 20:27 - 2014-10-26 20:28 - 102893912 _____ (Sophos Limited) C:\Users\Joe\Downloads\Sophos Virus Removal Tool.exe
2014-10-26 20:18 - 2014-10-26 20:19 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat
2014-10-26 20:09 - 2014-10-26 20:18 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS
2014-10-26 20:08 - 2014-10-26 20:08 - 03060320 ____N (Symantec Corporation) C:\Users\Joe\Downloads\NPE.exe
2014-10-26 15:24 - 2014-10-26 15:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 15:24 - 2014-10-26 15:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 15:24 - 2014-10-26 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 15:23 - 2014-10-26 15:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 15:23 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 15:23 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 15:23 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-26 15:22 - 2014-10-26 15:23 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Joe\Downloads\mbam-setup-2.0.3.1025 (2).exe
2014-10-26 15:20 - 2014-10-26 15:21 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Joe\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-10-25 17:25 - 2014-10-25 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-25 17:25 - 2014-10-25 17:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-25 05:08 - 2014-10-25 05:08 - 00000000 ____D () C:\Program Files (x86)\System Optimizer Pro
2014-10-25 00:21 - 2014-10-25 03:17 - 00000552 _____ () C:\Windows\SysWOW64\schtasks.bin
2014-10-25 00:06 - 2014-10-25 03:17 - 00003322 _____ () C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup
2014-10-24 12:35 - 2014-10-24 12:35 - 00000000 _____ () C:\autoexec.bat
2014-10-24 12:34 - 2014-10-24 12:34 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-24 12:32 - 2014-10-24 14:14 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-24 12:31 - 2014-10-24 12:31 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Joe\Downloads\SpyHunter-Installer.exe
2014-10-24 10:02 - 2014-10-24 10:03 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Joe\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-24 06:14 - 2014-10-26 20:14 - 00000000 ____D () C:\NPE
2014-10-24 06:11 - 2014-10-26 20:18 - 00000000 ____D () C:\Users\Joe\AppData\Local\NPE
2014-10-24 00:39 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-24 00:39 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-24 00:39 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-24 00:39 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-24 00:39 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-24 00:39 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-24 00:39 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-24 00:39 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-24 00:39 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-24 00:39 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-24 00:39 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-24 00:39 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-21 22:11 - 2014-10-22 17:34 - 00000000 ____D () C:\Cloud
2014-10-21 10:06 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-21 10:06 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-21 09:52 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-21 09:52 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-10-21 09:52 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-21 09:52 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-21 09:52 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-21 09:52 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-21 09:52 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-10-21 09:52 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-10-21 09:48 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-21 09:48 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-21 09:48 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-21 09:48 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-21 09:48 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-21 09:48 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-21 09:48 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-21 09:48 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-21 09:48 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-21 09:48 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-21 09:48 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-21 09:48 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-21 09:48 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-21 09:48 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-21 09:48 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-21 09:48 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-21 09:48 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-21 09:48 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-21 09:48 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-21 09:48 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-21 09:48 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-21 09:48 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-21 09:48 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-21 09:48 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-21 09:48 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-21 09:48 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-21 09:48 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-21 09:48 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-21 09:48 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-21 09:48 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-21 09:48 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-21 09:48 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-21 09:48 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-21 09:48 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-21 09:48 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-21 09:48 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-21 09:48 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-21 09:48 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-21 09:48 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-21 09:48 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-21 09:48 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-21 09:48 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-21 09:48 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-21 09:48 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-21 09:48 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-21 09:48 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-21 09:48 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-21 09:48 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-21 09:48 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-21 09:48 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-21 09:48 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-21 09:48 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-21 09:48 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-21 09:48 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-21 09:48 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-21 09:48 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-21 09:48 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-21 09:48 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-21 09:48 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-21 09:48 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-21 09:48 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-10-21 09:47 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-21 09:47 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-21 09:47 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-21 09:47 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-21 09:47 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-21 09:47 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-21 09:47 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-21 09:47 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-21 09:47 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-21 09:47 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-21 09:47 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-21 09:47 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-21 09:47 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-21 09:47 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-21 09:47 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-21 09:47 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-21 09:47 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-21 09:47 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-21 09:47 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-21 09:47 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-21 09:47 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-21 09:47 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-10-21 09:47 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-21 09:47 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-21 09:47 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-21 09:47 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-21 09:47 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-21 09:47 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-21 09:47 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-21 09:47 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-21 09:47 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-21 09:47 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-21 09:47 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-21 09:47 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-21 09:47 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-21 09:47 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-21 09:47 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-10-21 09:46 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-21 09:46 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-21 09:46 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-21 09:46 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-21 09:46 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-21 09:46 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-21 09:46 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-21 09:46 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-21 09:46 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-21 09:46 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-21 09:46 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-21 09:46 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-21 09:46 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-21 09:39 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-21 09:39 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-20 20:22 - 2014-10-20 20:23 - 00000754 _____ () C:\Windows\KB893803v2.log
2014-10-18 18:20 - 2014-10-18 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-18 18:19 - 2014-10-18 18:19 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-18 18:19 - 2014-10-18 18:19 - 00000000 ____D () C:\Program Files\iTunes
2014-10-18 18:19 - 2014-10-18 18:19 - 00000000 ____D () C:\Program Files\iPod
2014-10-18 18:19 - 2014-10-18 18:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-18 10:53 - 2014-10-18 10:53 - 00003262 _____ () C:\Windows\System32\Tasks\{110149C4-9830-4745-8532-E6A4144C4E16}
2014-10-18 10:34 - 2014-10-18 10:35 - 00000000 ____D () C:\YouTube
2014-10-17 17:34 - 2014-10-17 17:34 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-10-17 17:27 - 2014-10-26 20:11 - 00003782 _____ () C:\Windows\setupact.log
2014-10-17 17:27 - 2014-10-17 17:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-12 16:15 - 2014-10-15 21:18 - 00000000 ____D () C:\odie
2014-10-04 21:06 - 2014-10-04 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-04 09:03 - 2014-10-04 09:12 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Hoyle Blackjack
2014-10-02 14:23 - 2014-10-02 14:23 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2014-10-02 14:23 - 2014-10-02 14:23 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2014-09-30 07:05 - 2014-09-30 07:05 - 00000000 ____D () C:\Users\Joe\Downloads\BBQ2014
2014-09-29 08:18 - 2014-09-29 08:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 10:58 - 2012-05-09 17:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 10:09 - 2013-08-18 04:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-10-27 08:53 - 2009-07-14 01:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-27 08:35 - 2012-11-13 22:51 - 00000000 ____D () C:\Users\Joe\AppData\Local\CrashDumps
2014-10-27 08:06 - 2009-07-14 00:45 - 00029808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 08:06 - 2009-07-14 00:45 - 00029808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 07:21 - 2012-05-08 17:04 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0D6B547B-EB17-483B-983B-D190D283F69D}
2014-10-27 04:06 - 2012-05-08 13:36 - 01336062 _____ () C:\Windows\WindowsUpdate.log
2014-10-26 20:14 - 2012-05-09 17:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-26 20:11 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-26 15:46 - 2010-11-20 23:47 - 01167498 _____ () C:\Windows\PFRO.log
2014-10-26 12:10 - 2014-02-26 11:10 - 00000426 _____ () C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Joe).job
2014-10-25 07:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Speech
2014-10-25 03:15 - 2009-07-14 01:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-24 09:52 - 2014-01-08 20:44 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\BitTorrent
2014-10-24 06:14 - 2009-07-14 00:45 - 01292256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-24 06:11 - 2012-05-10 06:13 - 00000000 ____D () C:\ProgramData\Norton
2014-10-24 06:09 - 2012-11-15 17:45 - 00000000 ____D () C:\Users\Joe\AppData\Local\LogMeIn Rescue Applet
2014-10-24 06:08 - 2012-05-08 10:01 - 01525056 _____ (LogMeIn, Inc.) C:\Users\Joe\Downloads\Norton_Download_Manager.exe
2014-10-24 05:59 - 2012-05-08 10:03 - 00000000 ____D () C:\Electro-Canes
2014-10-24 02:49 - 2012-11-13 21:24 - 00000000 ____D () C:\Program Files (x86)\dcmsvc
2014-10-22 17:35 - 2012-05-08 13:36 - 00000000 ____D () C:\Users\Joe
2014-10-21 13:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-21 12:46 - 2014-05-11 07:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-21 12:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-21 10:47 - 2012-05-08 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-21 10:14 - 2012-05-10 09:37 - 00788472 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-21 10:04 - 2013-08-23 18:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-20 20:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-19 19:53 - 2012-05-09 17:09 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 19:53 - 2012-05-09 17:09 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 18:19 - 2013-01-12 18:14 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-18 18:18 - 2014-09-13 21:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-18 10:51 - 2014-01-08 20:45 - 00000000 ____D () C:\Users\Joe\Downloads\BitTorrent
2014-10-17 17:28 - 2013-11-27 12:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-10-17 17:28 - 2013-02-18 20:30 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-17 17:28 - 2012-05-10 06:15 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-10-13 22:46 - 2013-02-03 02:20 - 00000000 ____D () C:\Windows\Minidump
2014-10-12 18:37 - 2013-05-23 18:54 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Malwarebytes
2014-10-12 18:37 - 2013-05-23 18:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-12 18:37 - 2013-05-23 18:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-10 10:10 - 2012-05-10 08:47 - 00000000 ____D () C:\ProgramData\Sonic
2014-10-09 21:18 - 2014-02-13 10:31 - 00000000 ____D () C:\K&P
2014-10-07 15:07 - 2012-05-10 11:20 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-10-06 08:45 - 2012-05-08 10:01 - 00000000 ____D () C:\Users\Joe\Documents\SJ Munch & MITG & TOG
2014-10-04 09:12 - 2013-11-10 22:41 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Hoyle Card Games 2012
2014-10-03 18:39 - 2012-05-09 18:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-03 10:02 - 2012-05-15 16:44 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-30 07:40 - 2012-12-20 18:08 - 00000000 ____D () C:\Users\Ali
2014-09-30 05:03 - 2012-05-08 10:02 - 00000000 ____D () C:\Users\Joe\Documents\Birthdays
2014-09-27 17:23 - 2012-08-13 14:16 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\RealNetworks
2014-09-27 17:22 - 2012-05-10 06:39 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Real
2014-09-27 17:22 - 2012-05-10 06:39 - 00000000 ____D () C:\ProgramData\Real
2014-09-27 17:22 - 2012-05-10 06:39 - 00000000 ____D () C:\Program Files (x86)\Real
2014-09-27 17:18 - 2014-09-26 18:02 - 00003354 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4233458567-514251200-2730280977-1000
2014-09-27 17:18 - 2014-09-26 18:02 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4233458567-514251200-2730280977-1000

Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe

Some content of TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\ose00000.exe
C:\Users\Joe\AppData\Local\Temp\SymcPCCUInstaller.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 02:55

==================== End Of Log ============================

jobags New Helpee Posts: 18	dllhost.exe and svchost.exe (poweliks virus) #? Oct 27, 2014 7:24:18 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by jobags on Oct 27, 2014 7:24:18 GMT -8 I cant copy the Addition.txt, it says I am blocked from the forums

jobags
New Helpee

Posts: 18

dllhost.exe and svchost.exe (poweliks virus) #? Oct 27, 2014 9:02:03 GMT -8

Post by jobags on Oct 27, 2014 9:02:03 GMT -8

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014
Ran by Joe at 2014-10-27 11:13:08
Running from C:\Users\Joe\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be

uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems

Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems

Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Any Video Converter 5.6.2 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASPCA Reminder by We-Care.com v5.0.7.1 (HKLM-x32\...\{EE5AC0B6-A4CA-4829-8B1D-C1CBF1596B8D}) (Version: 5.0.7.1 - We-

Care.com)
BIAS SoundSoap SE 2.2 (HKLM-x32\...\{01287DE9-6EEB-488D-99C7-FE3C707A87AC}) (Version: 2.2 - BIAS Inc)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version:

12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dcmsvc 1.0 (HKLM-x32\...\dcmsvc_is1) (Version: - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Driver Detective (HKLM-x32\...\{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}) (Version: 7 - PC Drivers HeadQuarters)
EasyBurningSoftware (HKLM-x32\...\EasyBurningSoftware) (Version: - Download Manager Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 -

Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hoyle Card Games (HKLM-x32\...\{05F6571A-5205-4C81-8160-683BDCC3B272}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Casino Games (HKLM-x32\...\{0DB17436-91DB-4BE0-A9F2-6955BA9D6CE2}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Puzzle and Board Games (HKLM-x32\...\{2049C1B1-B5BF-4557-9AF9-2506D835F888}) (Version: 1.00.0000 - Encore Software,

Inc.)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32 (x32 Version: 5.2.0.2 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel

Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
LightZone 3.7 (HKLM-x32\...\LightZone 3.7) (Version: - Light Crafts, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 -

Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft

Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft

Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version:

12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 -

Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 -

Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 -

Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E})

(Version: 10.0.30319 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version: - )
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 17.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0 (x86 en-US)) (Version: 17.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft

Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft

Corporation)
Nero 9 Essentials (HKLM-x32\...\{00cccd29-c93d-4c92-8e1e-1f941c3f9272}) (Version: - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.122.0 - NortonLive Services)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.17.20 - Symantec Corporation)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.56.34 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 -

RICOH)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.1 - Roxio) Hidden
Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Burn Manager (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Burn Manager CDB (x32 Version: 1.0 - Roxio) Hidden
Roxio CinePlayer (x32 Version: 5.3 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator 2010 Pro (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio)
Roxio Creator 2010 Pro (x32 Version: 1.2.193 - Roxio) Hidden
Roxio Creator 2010 Pro (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Disaster Recovery (x32 Version: 1.3.0 - Roxio) Hidden
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Roxio)
Roxio Venue (x32 Version: 2.2.170 - Sonic Solutions) Hidden
Roxio Video Capture USB (x32 Version: 1.22.0000 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}

_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 -

SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SmartSound Sonicfire Pro 5 (HKLM-x32\...\{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.1.0 - SmartSound Software

Inc.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
The Print Shop 23 (HKLM-x32\...\{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}) (Version: 23.00 - Broderbund Software)
The Print Shop Business Card Creator (HKLM-x32\...\{BCCBE608-5C44-4507-AE11-55B36AE0E41B}) (Version: - Broderbund

Properties LLC)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.11-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.11 - TOSHIBA

Corporation)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

jobags New Helpee Posts: 18	dllhost.exe and svchost.exe (poweliks virus) #? Oct 27, 2014 9:04:27 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by jobags on Oct 27, 2014 9:04:27 GMT -8 I have to send the addition.txt in pieces it seems...That was part 1 above

Quads Malware Removalists In New Zealand Posts: 9,387	dllhost.exe and svchost.exe (poweliks virus) #? Oct 27, 2014 9:19:08 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by Quads on Oct 27, 2014 9:19:08 GMT -8 Try Wikisend or pastebin.com to place or upload addition.txt to and give us the link to get the file. Quads

dllhost.exe and svchost.exe (poweliks virus) #?

Post by jobags on Oct 27, 2014 2:06:50 GMT -8

Post by dbrisen on Oct 27, 2014 6:18:38 GMT -8

Post by jobags on Oct 27, 2014 6:28:29 GMT -8

Post by dbrisen on Oct 27, 2014 6:48:11 GMT -8

Post by jobags on Oct 27, 2014 7:13:27 GMT -8

Post by jobags on Oct 27, 2014 7:21:05 GMT -8

Post by jobags on Oct 27, 2014 7:24:18 GMT -8

Post by jobags on Oct 27, 2014 9:02:03 GMT -8

Post by jobags on Oct 27, 2014 9:04:27 GMT -8

Post by Quads on Oct 27, 2014 9:19:08 GMT -8