Solved Google Chrome virus removal - please help

L

lisacomputeruser

New Member
Thread author
Verified
Nov 5, 2014
37
Hi, hope you can help. Last two weeks, running slow, freezing. Task manager shows multiple google chrome processes running, don't have google chrome. Using up lots of memory and CPU. Tried to delete it, it keeps coming back. Oh, husband said not to get Windows updates. I see that you recommend getting regular updates. I will change that. Please help, thanks.
 
argus

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Helllo,

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
L

lisacomputeruser

New Member
Thread author
Verified
Nov 5, 2014
37
FRST
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Lisa (administrator) on LISA-PC on 31-12-2014 14:11:02
Running from C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50J3Y8XW
Loaded Profile: Lisa (Available profiles: Lisa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHVA.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHVA.EXE
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Dropbox, Inc.) C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Design Science, Inc.) C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_235_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4075608652-2820252211-3948146971-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE [241280 2013-06-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4075608652-2820252211-3948146971-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE [241280 2013-06-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4075608652-2820252211-3948146971-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE [241280 2013-06-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4075608652-2820252211-3948146971-1000\...\Run: [ckeyjrdaa] => regsvr32.exe /s "C:\Users\Lisa\AppData\Local\NPE\ckeyjrdaa.dll" <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4075608652-2820252211-3948146971-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKU\S-1-5-21-4075608652-2820252211-3948146971-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-4075608652-2820252211-3948146971-1000 -> DefaultScope {706FC229-6B51-4BA3-BC25-E8D509407836} URL = http://search.whiteskyservices.com/...search&v=1.14.1126.5&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-4075608652-2820252211-3948146971-1000 -> {706FC229-6B51-4BA3-BC25-E8D509407836} URL = http://search.whiteskyservices.com/...search&v=1.14.1126.5&searchparam={SearchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4075608652-2820252211-3948146971-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.20
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\Glance27\npglance.dll (Glance Networks, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-02-02]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-30]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-30]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-09-22] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141230.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141230.054\ENG64.SYS [129752 2014-12-04] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141230.054\EX64.SYS [2137304 2014-12-04] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-31 14:10 - 2014-12-31 14:11 - 00000000 ____D () C:\FRST
2014-12-26 09:24 - 2014-12-30 18:31 - 00000000 ___RD () C:\Users\Lisa\Dropbox
2014-12-26 09:24 - 2014-12-26 09:24 - 00001121 _____ () C:\Users\Lisa\Desktop\Dropbox.lnk
2014-12-26 09:22 - 2014-12-26 09:22 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-26 09:20 - 2014-12-30 18:31 - 00000000 ____D () C:\Users\Lisa\AppData\Roaming\Dropbox
2014-12-02 17:09 - 2014-12-02 17:09 - 00008649 _____ () C:\Users\Lisa\Downloads\unknown
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-31 13:43 - 2009-07-13 23:45 - 00021056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 13:43 - 2009-07-13 23:45 - 00021056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-30 21:31 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-30 18:33 - 2013-03-06 20:07 - 01078483 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 18:33 - 2009-07-14 00:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-30 18:27 - 2010-11-20 22:47 - 00240158 _____ () C:\Windows\PFRO.log
2014-12-30 18:27 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 18:27 - 2009-07-13 23:51 - 00038313 _____ () C:\Windows\setupact.log
2014-12-28 12:05 - 2014-02-02 16:30 - 00000000 ____D () C:\Users\Lisa\AppData\Local\NPE
2014-12-26 09:24 - 2013-03-06 21:11 - 00000000 ____D () C:\Users\Lisa
2014-12-22 14:06 - 2013-03-26 07:27 - 00000000 ____D () C:\Users\Lisa\AppData\Local\CrashDumps
2014-12-21 13:44 - 2014-07-12 12:33 - 00000000 ____D () C:\Users\Lisa\AppData\Local\Adobe
2014-12-21 13:43 - 2013-03-09 20:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-21 13:43 - 2013-03-09 20:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Lisa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprb0rmy.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-25 00:45
==================== End Of Log ============================

Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Lisa at 2014-12-31 14:12:07
Running from C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50J3Y8XW
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Dell Digital Delivery (HKLM-x32\...\{31045ECE-019D-4DDF-A5C8-5C51A3FE50EE}) (Version: 1.7.4501.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Dropbox (HKU\S-1-5-21-4075608652-2820252211-3948146971-1000\...\Dropbox) (Version: 3.0.4 - Dropbox, Inc.)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Glance 2.7 (HKLM-x32\...\Glance_is1) (Version: - Glance Networks, Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
TI USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{77FC17AA-AC17-44E6-B5E1-92E53A2A0B34}) (Version: 1.12.4.0 - Texas Instruments Inc.)
TI USB3 Host Driver (x32 Version: 1.12.4.0 - Texas Instruments Inc.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4075608652-2820252211-3948146971-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4075608652-2820252211-3948146971-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4075608652-2820252211-3948146971-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4075608652-2820252211-3948146971-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4075608652-2820252211-3948146971-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4075608652-2820252211-3948146971-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4075608652-2820252211-3948146971-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4075608652-2820252211-3948146971-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4075608652-2820252211-3948146971-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lisa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
05-11-2014 23:33:39 Scheduled Checkpoint
13-11-2014 01:17:03 Scheduled Checkpoint
21-11-2014 00:00:05 Scheduled Checkpoint
28-11-2014 00:13:57 Scheduled Checkpoint
05-12-2014 18:13:22 Scheduled Checkpoint
15-12-2014 22:39:59 Scheduled Checkpoint
23-12-2014 00:00:03 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0919D7DD-5F22-464C-8D81-4B75DFF6C949} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {4D8CC7DE-AFF7-461B-BD87-34284BDAD730} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {5C46E733-3674-4885-B5DC-F1DB5029D86D} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
==================== Loaded Modules (whitelisted) =============
2011-07-27 23:07 - 2011-07-27 23:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-03-06 21:34 - 2012-11-15 05:03 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 23:07 - 2011-07-27 23:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-12-28 12:05 - 2014-12-28 12:04 - 00251392 _____ () C:\Users\Lisa\AppData\Local\NPE\ckeyjrdaa.dll
2014-12-26 09:22 - 2014-12-16 17:22 - 00750080 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-30 18:30 - 2014-12-30 18:30 - 00043008 _____ () c:\users\lisa\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprb0rmy.dll
2014-12-26 09:22 - 2014-12-16 17:22 - 00047616 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-12-26 09:22 - 2014-12-16 17:22 - 00863744 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-12-26 09:22 - 2014-12-16 17:22 - 00200704 _____ () C:\Users\Lisa\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-29 19:25 - 2014-10-29 19:25 - 00718152 ____N () C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\36.0.1985.143\libglesv2.dll
2014-10-29 19:25 - 2014-10-29 19:25 - 00126280 ____N () C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\36.0.1985.143\libegl.dll
2014-10-29 19:25 - 2014-10-29 19:25 - 08537928 ____N () C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\36.0.1985.143\pdf.dll
2014-10-29 19:25 - 2014-10-29 19:25 - 00353096 ____N () C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-10-29 19:25 - 2014-10-29 19:25 - 01732936 ____N () C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\36.0.1985.143\ffmpegsumo.dll
2014-10-29 19:25 - 2014-10-29 19:25 - 14669128 ____N () C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\36.0.1985.143\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================
Administrator (S-1-5-21-4075608652-2820252211-3948146971-500 - Administrator - Disabled)
Guest (S-1-5-21-4075608652-2820252211-3948146971-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4075608652-2820252211-3948146971-1002 - Limited - Enabled)
Lisa (S-1-5-21-4075608652-2820252211-3948146971-1000 - Administrator - Enabled) => C:\Users\Lisa
==================== Faulty Device Manager Devices =============
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================
Application errors:
==================
Error: (12/31/2014 11:49:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16464 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 2aec
Start Time: 01d0248eecc5abd2
Termination Time: 12235
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Report Id:
Error: (12/30/2014 09:30:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16464, time stamp: 0x50ec971b
Faulting module name: d3d9.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7b3
Exception code: 0xc0000005
Fault offset: 0x00006b07
Faulting process id: 0xedf4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/30/2014 09:30:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16464, time stamp: 0x50ec971b
Faulting module name: d3d9.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7b3
Exception code: 0xc0000005
Fault offset: 0x00006b07
Faulting process id: 0xd564
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/30/2014 09:30:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16464, time stamp: 0x50ec971b
Faulting module name: d3d9.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7b3
Exception code: 0xc0000005
Fault offset: 0x00006b07
Faulting process id: 0xc858
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/30/2014 09:14:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16464, time stamp: 0x50ec971b
Faulting module name: d3d9.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7b3
Exception code: 0xc0000005
Fault offset: 0x00006b07
Faulting process id: 0xa35c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/30/2014 06:28:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/30/2014 06:10:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 12.0.4518.1014 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 34be8
Start Time: 01d0246a5b718295
Termination Time: 1217
Application Path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Report Id: d6d83130-9078-11e4-9dcf-4ceb421bcdbb
Error: (12/30/2014 06:08:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 12.0.4518.1014 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 108e8
Start Time: 01d0246a5b718295
Termination Time: 18528
Application Path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Report Id: 73e06c47-9078-11e4-9dcf-4ceb421bcdbb
Error: (12/30/2014 06:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16464, time stamp: 0x50ec971b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x24448b30
Faulting process id: 0x131dc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/30/2014 04:45:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16464, time stamp: 0x50ec971b
Faulting module name: d3d9.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7b3
Exception code: 0xc0000005
Fault offset: 0x00006b07
Faulting process id: 0x111d8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (12/30/2014 06:30:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error:
%%1053
Error: (12/30/2014 06:30:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.
Error: (12/25/2014 02:29:25 PM) (Source: DCOM) (EventID: 10016) (User: Lisa-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lisa-PCLisaS-1-5-21-4075608652-2820252211-3948146971-1000LocalHost (Using LRPC)
Error: (12/24/2014 11:40:21 PM) (Source: DCOM) (EventID: 10016) (User: Lisa-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Lisa-PCLisaS-1-5-21-4075608652-2820252211-3948146971-1000LocalHost (Using LRPC)
Error: (12/21/2014 01:55:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/19/2014 11:15:34 AM) (Source: DCOM) (EventID: 10016) (User: Lisa-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Lisa-PCLisaS-1-5-21-4075608652-2820252211-3948146971-1000LocalHost (Using LRPC)
Error: (12/19/2014 11:14:38 AM) (Source: DCOM) (EventID: 10016) (User: Lisa-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Lisa-PCLisaS-1-5-21-4075608652-2820252211-3948146971-1000LocalHost (Using LRPC)
Error: (12/19/2014 11:10:23 AM) (Source: DCOM) (EventID: 10016) (User: Lisa-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Lisa-PCLisaS-1-5-21-4075608652-2820252211-3948146971-1000LocalHost (Using LRPC)
Error: (12/19/2014 11:10:09 AM) (Source: DCOM) (EventID: 10016) (User: Lisa-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Lisa-PCLisaS-1-5-21-4075608652-2820252211-3948146971-1000LocalHost (Using LRPC)
Error: (12/19/2014 11:09:59 AM) (Source: DCOM) (EventID: 10016) (User: Lisa-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Lisa-PCLisaS-1-5-21-4075608652-2820252211-3948146971-1000LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (08/21/2014 09:32:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 917451 seconds with 3780 seconds of active time. This session ended with a crash.
Error: (04/01/2014 03:15:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4758 seconds with 240 seconds of active time. This session ended with a crash.
Error: (12/10/2013 10:50:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1776454 seconds with 26280 seconds of active time. This session ended with a crash.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 65%
Total physical RAM: 4002.05 MB
Available physical RAM: 1371.9 MB
Total Pagefile: 8002.3 MB
Available Pagefile: 4587.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:412.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5916B9CE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 
L

lisacomputeruser

New Member
Thread author
Verified
Nov 5, 2014
37
These are the problem files I think:
Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
(Google Inc.) C:\Users\Lisa\AppData\LocalLow\ID Vault\vuhdtawh\myblkmusy\Gwxyxwei.exe
 
argus

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Happy New Year!!!



FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    523 bytes · Views: 70
L

lisacomputeruser

New Member
Thread author
Verified
Nov 5, 2014
37
I copied fixlist.txt to desktop where copy of FRST is saved. Cannot figure out what you mean by download fixlist.txt. It just says open or saved, and I saved to desktop. Also, cannot right click on icon - does not offer run as administrator as option. What am I doing wrong? I am very tech challenged!
 
argus

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
 
argus

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Running from C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50J3Y8XW
Click to expand...

FRST Tools to deskop
Fixlist to desktpp
 
L

lisacomputeruser

New Member
Thread author
Verified
Nov 5, 2014
37
i saved fixlist.txt to desktop (no further specific location than "desktop" but when I run as administrator, it says there is no fixlist there. What do I do?
 
argus

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 
L

lisacomputeruser

New Member
Thread author
Verified
Nov 5, 2014
37
Just got a notice from Norton that it blocked an attack by exploit toolkit or something. Is this part of my virus or new virus?
 

Similar threads

C
    • Like
  • Locked
Help - Google Chrome Extension Virus reinstalls itself every hour
Replies
3
Views
839
Windows Malware Removal Help & Support
nasdaq
nasdaq
Gandalf_The_Grey
    • Like
New Update Chrome is getting a new look on the desktop soon as part of its 15th anniversary
Replies
7
Views
711
Chrome & Chromium
Sandbox Breaker
Sandbox Breaker
S
  • Locked
COM Surrogate eats 20% of CPU. And I don't know if its that a virus or not. Could anyone help me?
Replies
1
Views
896
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top