Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome Malware - Browser.exe - Infected machine


  • This topic is locked This topic is locked
11 replies to this topic

#1 mgencarelli

mgencarelli

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 25 August 2014 - 08:31 AM

This is the same problem as the following thread:
 
http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/
 
Google Chrome is not even installed on the computer, but the (browser).exe process kept popping up...
I found that the process was being run from C:/Users/%USERNAME%/AppData/LocalLow/
Tried Malwarebytes, HitmanPro, ComboFix, ESET virus scan even System Restore etc etc etc but it will not be removed.
 
Any help is much appreciated?!


Edited by xXToffeeXx, 25 August 2014 - 08:58 AM.
Linked to wrong thread it seems


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:31 AM

Posted 25 August 2014 - 09:07 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi mgencarelli,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 mgencarelli

mgencarelli
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 25 August 2014 - 09:10 AM

Ok I will have access to the machine from 10:45am EST to 11:30am EST.

 

I will post the log right around 10:45am and I would appreciate a fast response if possible...



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:31 AM

Posted 25 August 2014 - 09:16 AM

Hi mgencarelli,

 

I'll try and reply as quick as possible, thank you for letting me know.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 mgencarelli

mgencarelli
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 25 August 2014 - 09:53 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by denise (administrator) on MAF-PC03 on 25-08-2014 10:50:41
Running from C:\Users\denise\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(LabTech Software) C:\Windows\LTSvc\LTSVC.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LabTech Software) C:\Windows\LTSvc\LTSvcMon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Spotify Ltd) C:\Users\denise\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Acroprint Time Recorder Co. (USA).) C:\Program Files (x86)\Acroprint\Attendance Rx\AttendanceRx.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(LabTech Software) C:\Windows\LTSvc\LTTray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SquareTwo Financial) C:\Program Files (x86)\SquareTwo Financial\Eagle_prod\eagle.exe
(Mozilla Corporation) C:\Program Files (x86)\SquareTwo Financial\Eagle_prod\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
(ADC Legal Systems, Inc.) C:\Program Files\Perfect Practice\Adcpp2\PerfPrac\Bin\PPIIPr.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe
(Google Inc.) C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe
(Google Inc.) C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe
(Google Inc.) C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe
(GlavSoft LLC.) C:\Windows\LTSvc\tvnserver.exe
(GlavSoft LLC.) C:\Windows\LTSvc\tvnserver.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2919168 2011-10-24] (ESET)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44280 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642816 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE [155592 2012-10-31] (Corel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [tvncontrol] => C:\Windows\LTsvc\tvnserver.exe [1690096 2014-04-11] (GlavSoft LLC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4185685914-448065600-3605170752-1137\...\Run: [Spotify Web Helper] => C:\Users\denise\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-23] (Spotify Ltd)
HKU\S-1-5-21-4185685914-448065600-3605170752-1137\...\Run: [ModulatorGravity] => C:\Windows\system32\rundll32.exe "C:\Users\denise\AppData\Local\ModulatorGravity\ModulatorGravity.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-4185685914-448065600-3605170752-1137\...\Policies\Explorer: [NoWindowsUpdate] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Attendance Rx.lnk
ShortcutTarget: Attendance Rx.lnk -> C:\Program Files (x86)\Acroprint\Attendance Rx\AttendanceRx.exe (Acroprint Time Recorder Co. (USA).)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Monitoring Tray.lnk
ShortcutTarget: Network Monitoring Tray.lnk -> C:\Windows\LTSvc\LTTray.exe (LabTech Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {D30885E1-0158-424A-A53A-66E36359D3AB} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {D30885E1-0158-424A-A53A-66E36359D3AB} URL = https://www.google.com/search?q={searchTerms}
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.114.30
 
FireFox:
========
FF ProfilePath: C:\Users\denise\AppData\Roaming\Mozilla\Firefox\Profiles\spwsmrfz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-08-22]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll No File
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\SquareTwo Financial\Eagle_prod\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-26]
CHR Extension: (Google Drive) - C:\Users\denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-22]
CHR Extension: (YouTube) - C:\Users\denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-26]
CHR Extension: (Google Search) - C:\Users\denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-26]
CHR Extension: (Google Wallet) - C:\Users\denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 CAD; C:\Windows\Ltsvc\cad.exe [112192 2014-01-02] ()
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-10-24] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [814264 2011-10-24] (ESET)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-12-05] (Macrovision Europe Ltd.) [File not signed]
R2 LTService; C:\Windows\LTSvc\LTSVC.exe [1390880 2014-02-28] (LabTech Software)
R2 LTSvcMon; C:\Windows\LTsvc\LTSvcMon.exe [100352 2014-06-17] (LabTech Software) [File not signed]
R2 tvnserver; C:\Windows\LTsvc\tvnserver.exe [1690096 2014-04-11] (GlavSoft LLC.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171152 2011-10-24] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2011-10-24] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [125296 2011-10-24] (ESET)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
R0 vdorctrl; winipbin\vdorctrl.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-25 10:50 - 2014-08-25 10:51 - 00016405 _____ () C:\Users\denise\Downloads\FRST.txt
2014-08-25 10:50 - 2014-08-25 10:50 - 00000355 _____ () C:\Users\denise\Computer - Shortcut.lnk
2014-08-25 10:49 - 2014-08-25 10:50 - 00000000 ____D () C:\FRST
2014-08-25 10:49 - 2014-08-25 10:49 - 02103296 _____ (Farbar) C:\Users\denise\Downloads\FRST64.exe
2014-08-25 09:01 - 2014-08-25 09:01 - 00001104 _____ () C:\Users\Public\Desktop\Eagle.lnk
2014-08-25 08:59 - 2014-08-25 09:01 - 16599878 _____ (SquareTwo Financial) C:\Users\joe\Downloads\eagle_setup_6.3(1).exe
2014-08-25 08:58 - 2014-08-25 08:58 - 00000000 ____D () C:\Users\joe\AppData\Local\Adobe
2014-08-25 08:46 - 2014-08-25 08:46 - 00001104 _____ () C:\Users\denise\Desktop\Eagle.lnk
2014-08-25 08:22 - 2014-08-25 08:30 - 00000000 ____D () C:\AdwCleaner
2014-08-25 08:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-25 08:21 - 2014-08-25 08:21 - 01364531 _____ () C:\Users\denise\Downloads\AdwCleaner.exe
2014-08-25 08:16 - 2014-08-25 08:16 - 00000000 ____D () C:\Users\denise\Desktop\TRON
2014-08-25 08:15 - 2014-08-25 08:27 - 00000000 ____D () C:\Users\denise\AppData\Local\Adobe
2014-08-25 08:14 - 2014-08-25 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-25 08:14 - 2014-08-25 08:14 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-08-25 08:10 - 2014-08-25 08:10 - 01110476 _____ () C:\Users\denise\Downloads\7z920(1).exe
2014-08-25 08:09 - 2014-08-25 08:09 - 01110476 _____ () C:\Users\denise\Downloads\7z920.exe
2014-08-25 08:04 - 2014-08-25 08:05 - 00050688 _____ (Atribune.org) C:\Users\denise\Downloads\ATF-Cleaner.exe
2014-08-25 07:50 - 2014-08-25 07:50 - 00015653 _____ () C:\ComboFix.txt
2014-08-25 07:32 - 2014-08-25 07:32 - 05572212 ____R (Swearware) C:\Users\denise\Downloads\ComboFix.exe
2014-08-25 07:31 - 2014-08-25 07:36 - 445380316 _____ () C:\Users\denise\Downloads\Tron v3.0.1 (2014-08-23).7z
2014-08-22 23:04 - 2014-08-22 23:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
2014-08-22 23:03 - 2014-08-22 23:03 - 00539448 _____ (Sourcefire, Inc.) C:\Users\uit-dp1\Downloads\ImmunetSetup.exe
2014-08-22 22:56 - 2014-08-22 22:56 - 00000000 ____D () C:\Users\uit-dp1\AppData\Roaming\Mozilla
2014-08-22 22:56 - 2014-08-22 22:56 - 00000000 ____D () C:\Users\uit-dp1\AppData\Local\Mozilla
2014-08-22 22:46 - 2014-08-22 22:46 - 00000000 ____D () C:\Users\uit-dp1\AppData\Local\MFAData
2014-08-22 22:46 - 2014-08-22 22:46 - 00000000 ____D () C:\Users\uit-dp1\AppData\Local\Avg2014
2014-08-22 22:45 - 2014-08-22 22:45 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-08-22 22:45 - 2014-08-22 22:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-22 22:44 - 2014-08-22 22:51 - 00000000 ____D () C:\Users\uit-dp1\AppData\Local\Google
2014-08-22 22:44 - 2014-08-22 22:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-22 22:44 - 2014-08-22 22:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-22 22:44 - 2014-08-22 22:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-22 22:44 - 2014-08-22 22:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-08-22 22:44 - 2014-08-22 22:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-08-22 22:44 - 2014-08-22 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-22 22:44 - 2014-08-22 22:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-22 22:43 - 2014-08-22 22:43 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-22 22:43 - 2014-08-22 22:43 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-22 22:43 - 2014-08-22 22:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-22 22:26 - 2014-08-25 09:02 - 00000556 _____ () C:\Windows\setupact.log
2014-08-22 22:26 - 2014-08-25 08:30 - 00003612 _____ () C:\Windows\PFRO.log
2014-08-22 22:26 - 2014-08-22 22:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-22 21:43 - 2014-08-22 21:43 - 00000000 ____D () C:\Users\uit-dp1\AppData\Roaming\Macromedia
2014-08-22 21:31 - 2014-08-22 22:44 - 00000000 ____D () C:\Users\uit-dp1\AppData\Roaming\Adobe
2014-08-22 21:31 - 2014-08-22 21:31 - 00120264 _____ () C:\Users\uit-dp1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-22 20:01 - 2014-08-22 20:01 - 00001262 _____ () C:\Users\uit-dp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-22 20:01 - 2014-08-22 20:01 - 00000020 ___SH () C:\Users\uit-dp1\ntuser.ini
2014-08-22 20:01 - 2014-08-22 20:01 - 00000000 ___RD () C:\Users\uit-dp1\Virtual Machines
2014-08-22 20:01 - 2014-08-22 20:01 - 00000000 ____D () C:\Users\uit-dp1\AppData\Roaming\Windows Small Business Server
2014-08-22 20:01 - 2014-08-22 20:01 - 00000000 ____D () C:\Users\uit-dp1\AppData\Local\SoftThinks
2014-08-22 20:01 - 2014-08-22 20:01 - 00000000 ____D () C:\Users\uit-dp1
2014-08-22 20:01 - 2012-12-06 15:57 - 00000000 ____D () C:\Users\uit-dp1\AppData\Local\Microsoft Help
2014-08-22 20:01 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\uit-dp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-22 20:01 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\uit-dp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-22 10:11 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-22 10:11 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-22 10:11 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-22 10:11 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-22 10:11 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-22 10:11 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-22 10:11 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-22 10:11 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-22 10:02 - 2014-08-25 07:50 - 00000000 ____D () C:\Qoobox
2014-08-22 10:01 - 2014-08-22 11:09 - 00000000 ____D () C:\Windows\erdnt
2014-08-22 10:00 - 2014-08-22 10:00 - 05572006 ____R (Swearware) C:\Users\uit-mg1\Downloads\ComboFix.exe
2014-08-22 09:58 - 2014-08-22 09:59 - 00000000 ____D () C:\Users\uit-mg1\AppData\Roaming\Mozilla
2014-08-22 09:58 - 2014-08-22 09:58 - 00000000 ____D () C:\Users\uit-mg1\AppData\Local\Mozilla
2014-08-21 14:25 - 2014-08-21 14:25 - 00002210 _____ () C:\Windows\system32\.crusader
2014-08-21 14:17 - 2014-08-21 14:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 14:12 - 2014-08-21 14:12 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-21 14:12 - 2014-08-21 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-21 14:12 - 2014-08-21 14:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-21 14:11 - 2014-08-21 14:26 - 00000000 ____D () C:\Users\uit-mg1\AppData\Roaming\Adobe
2014-08-21 14:11 - 2014-08-21 14:11 - 00120264 _____ () C:\Users\uit-mg1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-21 14:11 - 2014-08-21 14:11 - 00001411 _____ () C:\Users\uit-mg1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-08-21 14:10 - 2014-08-21 14:11 - 00001445 _____ () C:\Users\uit-mg1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-21 14:10 - 2014-08-21 14:11 - 00000000 ___RD () C:\Users\uit-mg1\Virtual Machines
2014-08-21 14:10 - 2014-08-21 14:10 - 00000000 ____D () C:\Users\uit-mg1\AppData\Roaming\Windows Small Business Server
2014-08-21 14:09 - 2014-08-21 14:10 - 00000000 ____D () C:\Users\uit-mg1\AppData\Local\SoftThinks
2014-08-21 14:09 - 2014-08-21 14:10 - 00000000 ____D () C:\Users\uit-mg1
2014-08-21 14:09 - 2014-08-21 14:09 - 00000020 ___SH () C:\Users\uit-mg1\ntuser.ini
2014-08-21 14:09 - 2012-12-06 15:57 - 00000000 ____D () C:\Users\uit-mg1\AppData\Local\Microsoft Help
2014-08-21 14:09 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\uit-mg1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-21 14:09 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\uit-mg1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-21 12:37 - 2014-08-21 12:37 - 00000000 ____D () C:\Users\joe\AppData\Roaming\Roxio Log Files
2014-08-21 12:35 - 2014-08-21 12:35 - 00000862 __RSH () C:\Users\joe\ntuser.pol
2014-08-21 12:35 - 2014-08-21 12:35 - 00000000 ____D () C:\Users\joe\AppData\Roaming\Windows Small Business Server
2014-08-21 12:35 - 2014-08-21 12:35 - 00000000 ____D () C:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows SBS
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\Users\denise\AppData\Local\ModulatorGravity
2014-08-13 12:10 - 2014-08-25 08:02 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2B40732A-AAE3-42E9-A04F-CF6AFD687F72}
2014-07-29 11:32 - 2014-08-21 15:00 - 00000000 ____D () C:\Users\denise\AppData\Roaming\ShopAtHome
2014-07-29 11:32 - 2014-07-29 11:32 - 00000095 _____ () C:\Users\Public\Documents\SAH_Install.ini
2014-07-29 11:32 - 2014-07-29 11:32 - 00000095 _____ () C:\ProgramData\SAH_Install.ini
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-25 10:51 - 2014-08-25 10:50 - 00016405 _____ () C:\Users\denise\Downloads\FRST.txt
2014-08-25 10:50 - 2014-08-25 10:50 - 00000355 _____ () C:\Users\denise\Computer - Shortcut.lnk
2014-08-25 10:50 - 2014-08-25 10:49 - 00000000 ____D () C:\FRST
2014-08-25 10:50 - 2013-08-22 17:08 - 00000000 ____D () C:\Users\denise
2014-08-25 10:49 - 2014-08-25 10:49 - 02103296 _____ (Farbar) C:\Users\denise\Downloads\FRST64.exe
2014-08-25 10:47 - 2012-09-06 22:45 - 01631571 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 10:41 - 2012-12-05 13:40 - 00000176 _____ () C:\Windows\system32\config\netlogon.ftl
2014-08-25 09:20 - 2012-12-05 14:30 - 00000066 _____ () C:\Windows\iltwain.ini
2014-08-25 09:09 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 09:09 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 09:03 - 2012-09-06 20:06 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-08-25 09:02 - 2014-08-22 22:26 - 00000556 _____ () C:\Windows\setupact.log
2014-08-25 09:02 - 2013-08-22 17:08 - 00000862 __RSH () C:\Users\denise\ntuser.pol
2014-08-25 09:02 - 2013-03-07 08:20 - 00000000 ____D () C:\Windows\LTSvc
2014-08-25 09:02 - 2012-09-06 20:33 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-08-25 09:02 - 2012-09-06 20:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-08-25 09:02 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-25 09:01 - 2014-08-25 09:01 - 00001104 _____ () C:\Users\Public\Desktop\Eagle.lnk
2014-08-25 09:01 - 2014-08-25 08:59 - 16599878 _____ (SquareTwo Financial) C:\Users\joe\Downloads\eagle_setup_6.3(1).exe
2014-08-25 09:01 - 2012-12-05 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SquareTwo Financial
2014-08-25 08:59 - 2013-03-08 12:16 - 00000000 ____D () C:\Users\joe\AppData\Local\Mozilla
2014-08-25 08:58 - 2014-08-25 08:58 - 00000000 ____D () C:\Users\joe\AppData\Local\Adobe
2014-08-25 08:58 - 2013-03-08 12:16 - 00120264 _____ () C:\Users\joe\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-25 08:46 - 2014-08-25 08:46 - 00001104 _____ () C:\Users\denise\Desktop\Eagle.lnk
2014-08-25 08:30 - 2014-08-25 08:22 - 00000000 ____D () C:\AdwCleaner
2014-08-25 08:30 - 2014-08-22 22:26 - 00003612 _____ () C:\Windows\PFRO.log
2014-08-25 08:27 - 2014-08-25 08:15 - 00000000 ____D () C:\Users\denise\AppData\Local\Adobe
2014-08-25 08:21 - 2014-08-25 08:21 - 01364531 _____ () C:\Users\denise\Downloads\AdwCleaner.exe
2014-08-25 08:16 - 2014-08-25 08:16 - 00000000 ____D () C:\Users\denise\Desktop\TRON
2014-08-25 08:14 - 2014-08-25 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-25 08:14 - 2014-08-25 08:14 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-08-25 08:10 - 2014-08-25 08:10 - 01110476 _____ () C:\Users\denise\Downloads\7z920(1).exe
2014-08-25 08:09 - 2014-08-25 08:09 - 01110476 _____ () C:\Users\denise\Downloads\7z920.exe
2014-08-25 08:05 - 2014-08-25 08:04 - 00050688 _____ (Atribune.org) C:\Users\denise\Downloads\ATF-Cleaner.exe
2014-08-25 08:04 - 2013-08-27 13:33 - 00000000 ____D () C:\Users\denise\AppData\Local\Mozilla
2014-08-25 08:03 - 2012-12-17 11:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-25 08:02 - 2014-08-13 12:10 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2B40732A-AAE3-42E9-A04F-CF6AFD687F72}
2014-08-25 08:00 - 2013-08-22 17:08 - 00000000 ____D () C:\Users\denise\AppData\Local\SoftThinks
2014-08-25 07:50 - 2014-08-25 07:50 - 00015653 _____ () C:\ComboFix.txt
2014-08-25 07:50 - 2014-08-22 10:02 - 00000000 ____D () C:\Qoobox
2014-08-25 07:49 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-25 07:36 - 2014-08-25 07:31 - 445380316 _____ () C:\Users\denise\Downloads\Tron v3.0.1 (2014-08-23).7z
2014-08-25 07:32 - 2014-08-25 07:32 - 05572212 ____R (Swearware) C:\Users\denise\Downloads\ComboFix.exe
2014-08-22 23:04 - 2014-08-22 23:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
2014-08-22 23:03 - 2014-08-22 23:03 - 00539448 _____ (Sourcefire, Inc.) C:\Users\uit-dp1\Downloads\ImmunetSetup.exe
2014-08-22 22:56 - 2014-08-22 22:56 - 00000000 ____D () C:\Users\uit-dp1\AppData\Roaming\Mozilla
2014-08-22 22:56 - 2014-08-22 22:56 - 00000000 ____D () C:\Users\uit-dp1\AppData\Local\Mozilla
2014-08-22 22:51 - 2014-08-22 22:44 - 00000000 ____D () C:\Users\uit-dp1\AppData\Local\Google
2014-08-22 22:46 - 2014-08-22 22:46 - 00000000 ____D () C:\Users\uit-dp1\AppData\Local\MFAData
2014-08-22 22:46 - 2014-08-22 22:46 - 00000000 ____D () C:\Users\uit-dp1\AppData\Local\Avg2014
2014-08-22 22:46 - 2013-03-15 16:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-22 22:45 - 2014-08-22 22:45 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-08-22 22:44 - 2014-08-22 22:45 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-22 22:44 - 2014-08-22 22:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-22 22:44 - 2014-08-22 22:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-22 22:44 - 2014-08-22 22:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-22 22:44 - 2014-08-22 22:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-08-22 22:44 - 2014-08-22 22:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-08-22 22:44 - 2014-08-22 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-22 22:44 - 2014-08-22 22:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-22 22:44 - 2014-08-22 21:31 - 00000000 ____D () C:\Users\uit-dp1\AppData\Roaming\Adobe
2014-08-22 22:44 - 2012-12-05 13:37 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-22 22:44 - 2012-12-05 13:37 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-22 22:43 - 2014-08-22 22:43 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-22 22:43 - 2014-08-22 22:43 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-22 22:43 - 2014-08-22 22:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-22 22:43 - 2013-06-06 17:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-22 22:26 - 2014-08-22 22:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-22 21:43 - 2014-08-22 21:43 - 00000000 ____D () C:\Users\uit-dp1\AppData\Roaming\Macromedia
2014-08-22 21:31 - 2014-08-22 21:31 - 00120264 _____ () C:\Users\uit-dp1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-22 20:01 - 2014-08-22 20:01 - 00001262 _____ () C:\Users\uit-dp1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-22 20:01 - 2014-08-22 20:01 - 00000020 ___SH () C:\Users\uit-dp1\ntuser.ini
2014-08-22 20:01 - 2014-08-22 20:01 - 00000000 ___RD () C:\Users\uit-dp1\Virtual Machines
2014-08-22 20:01 - 2014-08-22 20:01 - 00000000 ____D () C:\Users\uit-dp1\AppData\Roaming\Windows Small Business Server
2014-08-22 20:01 - 2014-08-22 20:01 - 00000000 ____D () C:\Users\uit-dp1\AppData\Local\SoftThinks
2014-08-22 20:01 - 2014-08-22 20:01 - 00000000 ____D () C:\Users\uit-dp1
2014-08-22 20:01 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-22 11:09 - 2014-08-22 10:01 - 00000000 ____D () C:\Windows\erdnt
2014-08-22 10:20 - 2009-07-13 22:34 - 82837504 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-22 10:20 - 2009-07-13 22:34 - 13631488 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-22 10:20 - 2009-07-13 22:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-22 10:20 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-22 10:00 - 2014-08-22 10:00 - 05572006 ____R (Swearware) C:\Users\uit-mg1\Downloads\ComboFix.exe
2014-08-22 09:59 - 2014-08-22 09:58 - 00000000 ____D () C:\Users\uit-mg1\AppData\Roaming\Mozilla
2014-08-22 09:58 - 2014-08-22 09:58 - 00000000 ____D () C:\Users\uit-mg1\AppData\Local\Mozilla
2014-08-22 09:58 - 2012-12-05 14:28 - 00139543 _____ () C:\PrintDriveraXsInfoDebug.txt
2014-08-21 15:00 - 2014-07-29 11:32 - 00000000 ____D () C:\Users\denise\AppData\Roaming\ShopAtHome
2014-08-21 15:00 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-08-21 14:27 - 2013-07-10 02:16 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-21 14:26 - 2014-08-21 14:11 - 00000000 ____D () C:\Users\uit-mg1\AppData\Roaming\Adobe
2014-08-21 14:25 - 2014-08-21 14:25 - 00002210 _____ () C:\Windows\system32\.crusader
2014-08-21 14:17 - 2014-08-21 14:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-21 14:13 - 2011-02-10 10:25 - 00000000 ____D () C:\Windows\panther
2014-08-21 14:12 - 2014-08-21 14:12 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-21 14:12 - 2014-08-21 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-21 14:12 - 2014-08-21 14:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-21 14:11 - 2014-08-21 14:11 - 00120264 _____ () C:\Users\uit-mg1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-21 14:11 - 2014-08-21 14:11 - 00001411 _____ () C:\Users\uit-mg1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-08-21 14:11 - 2014-08-21 14:10 - 00001445 _____ () C:\Users\uit-mg1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-21 14:11 - 2014-08-21 14:10 - 00000000 ___RD () C:\Users\uit-mg1\Virtual Machines
2014-08-21 14:10 - 2014-08-21 14:10 - 00000000 ____D () C:\Users\uit-mg1\AppData\Roaming\Windows Small Business Server
2014-08-21 14:10 - 2014-08-21 14:09 - 00000000 ____D () C:\Users\uit-mg1\AppData\Local\SoftThinks
2014-08-21 14:10 - 2014-08-21 14:09 - 00000000 ____D () C:\Users\uit-mg1
2014-08-21 14:09 - 2014-08-21 14:09 - 00000020 ___SH () C:\Users\uit-mg1\ntuser.ini
2014-08-21 12:52 - 2013-08-22 17:08 - 00120264 _____ () C:\Users\denise\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-21 12:46 - 2009-07-14 00:45 - 00440368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-21 12:40 - 2012-09-06 20:23 - 00000000 ____D () C:\ProgramData\Sonic
2014-08-21 12:40 - 2012-09-06 20:22 - 00000000 ____D () C:\ProgramData\Roxio
2014-08-21 12:38 - 2013-03-08 12:16 - 00000000 ____D () C:\Users\joe\AppData\Roaming\Roxio
2014-08-21 12:38 - 2012-09-06 20:21 - 00000000 ____D () C:\Program Files (x86)\Roxio
2014-08-21 12:37 - 2014-08-21 12:37 - 00000000 ____D () C:\Users\joe\AppData\Roaming\Roxio Log Files
2014-08-21 12:35 - 2014-08-21 12:35 - 00000862 __RSH () C:\Users\joe\ntuser.pol
2014-08-21 12:35 - 2014-08-21 12:35 - 00000000 ____D () C:\Users\joe\AppData\Roaming\Windows Small Business Server
2014-08-21 12:35 - 2014-08-21 12:35 - 00000000 ____D () C:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows SBS
2014-08-21 12:35 - 2013-03-08 12:13 - 00000000 ____D () C:\Users\joe
2014-08-21 11:38 - 2013-08-26 13:24 - 00000000 ____D () C:\Users\denise\AppData\Roaming\Spotify
2014-08-21 11:37 - 2013-08-22 16:41 - 00000000 ____D () C:\Users\denise\Documents\notices
2014-08-21 10:23 - 2014-08-21 10:23 - 00000000 ____D () C:\Users\denise\AppData\Local\ModulatorGravity
2014-08-20 23:30 - 2013-08-26 13:24 - 00000000 ____D () C:\Users\denise\AppData\Local\Spotify
2014-08-20 17:19 - 2013-08-22 16:42 - 00000000 ____D () C:\Users\denise\Documents\PERSONAL
2014-08-20 14:05 - 2013-08-22 16:42 - 00000000 ____D () C:\Users\denise\Documents\sif ltrs
2014-08-19 15:07 - 2013-08-22 16:42 - 00000000 ____D () C:\Users\denise\Documents\stipulations
2014-08-19 14:36 - 2014-05-14 10:09 - 00000000 ____D () C:\Users\denise\Desktop\AAA. doc's to file elec
2014-08-19 10:25 - 2013-08-22 16:41 - 00000000 ____D () C:\Users\denise\Documents\garnishment doc's
2014-08-15 08:43 - 2014-05-14 10:07 - 00000000 ____D () C:\Users\denise\Documents\County courts info
2014-08-13 17:22 - 2013-08-22 16:42 - 00000000 ____D () C:\Users\denise\Documents\summary final judgments
2014-08-13 12:47 - 2013-08-22 16:41 - 00000000 ____D () C:\Users\denise\Documents\MOTIONS
2014-08-12 13:15 - 2013-08-22 16:41 - 00000000 ____D () C:\Users\denise\Documents\ORDERS
2014-08-06 12:52 - 2013-08-22 16:41 - 00000000 ____D () C:\Users\denise\Documents\Letterhead (inc contempt ltr to crt)
2014-08-05 16:59 - 2014-06-26 09:53 - 00000000 ____D () C:\Users\denise\Documents\COMPELS
2014-07-31 16:27 - 2013-08-22 16:41 - 00000000 ____D () C:\Users\denise\Documents\final judgments
2014-07-29 11:32 - 2014-07-29 11:32 - 00000095 _____ () C:\Users\Public\Documents\SAH_Install.ini
2014-07-29 11:32 - 2014-07-29 11:32 - 00000095 _____ () C:\ProgramData\SAH_Install.ini
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-21 15:41
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by denise at 2014-08-25 10:51:23
Running from C:\Users\denise\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.4 - Adobe Systems)
Adobe Acrobat 9 Pro (x32 Version: 9.5.4 - Adobe Systems) Hidden
Adobe Acrobat 9.5.4 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}_954) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Attendance Rx (HKLM-x32\...\{D6D36B81-6FA8-4E09-9112-15EF4EE8094D}) (Version: 2.3 - Acroprint)
Attendance Rx (x32 Version: 2.3 - Acroprint) Hidden
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CrystalReportsRuntime (HKLM-x32\...\{D5F8A271-006A-4FF4-A366-12471CFD16F1}) (Version: 1.00.0000 - Your Company Name)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Eagle (prod) (HKLM-x32\...\SquareTwo Financial Eagle (prod)) (Version: n/a - SquareTwo Financial)
ESET NOD32 Antivirus (HKLM\...\{9CEC1801-DB68-48CE-B74F-5733BBD3F729}) (Version: 4.2.76.0 - ESET, spol. s r.o.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabTech Agent Service (x32 Version: 5.1.55 - LabTech Software) Hidden
LabTechAD (HKLM-x32\...\{3F460D4C-D217-46B4-80B6-B5ED50BD7CF5}) (Version: 1.0.0 - LabTech Software)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 10.0.11 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 10.0.11 (x86 en-US)) (Version: 10.0.11 - Mozilla)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
QBFC2 (HKLM-x32\...\{795F2EA4-9798-4BA5-B31A-C8F41A124FC8}) (Version:  - )
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Rocket File  (HKLM-x32\...\{80A07CBA-7C5E-41BF-A035-120ECA74DA1B}) (Version: 6.00.0000 - Rocket File)
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{319951E8-E272-4F02-A752-DD6FCD7D4519}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{9680B76D-042F-4FF2-BD87-6E859531452D}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)
WordPerfect Office IFilter 32-bit (HKLM-x32\...\{1DF03ECE-6AF4-414E-B118-C316F151A9A2}) (Version: 1.3 - Corel Corporation)
WordPerfect Office IFilter 64-bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.3 - Corel Corporation)
WordPerfect Office X6 - Common Files (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Common Files English (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - IPM (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Lightning Files English (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Oxford (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Presentations Files English (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Quattro Pro Files English (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - Setup Files (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - System Files (x32 Version: 16.1 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - WordPerfect Files English (x32 Version: 16.2 - Corel Corporation) Hidden
WordPerfect Office X6 - WT (x32 Version: 16.1 -  Corel Corporation) Hidden
WordPerfect Office X6 (HKLM-x32\...\_{26D6D2A4-F08A-4212-86E7-7F1F75033610}) (Version: 16.0.0.427 - Corel Corporation)
WordPerfect Office X6 (x32 Version: 16.2 - Corel Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
05-07-2014 21:38:02 Scheduled Checkpoint
15-07-2014 13:55:29 Scheduled Checkpoint
30-07-2014 17:54:21 Scheduled Checkpoint
21-08-2014 18:23:17 Checkpoint by HitmanPro
21-08-2014 18:25:34 Checkpoint by HitmanPro
25-08-2014 12:02:00 Removed Google Chrome
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-08-22 10:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {186B5999-AA9A-486D-ABA3-73C94F268317} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-13 20:10 - 2009-07-13 21:41 - 01758624 _____ () C:\Windows\winipbin\svrltmgr.dll
2009-07-13 20:10 - 2009-07-13 21:41 - 01793440 _____ () C:\Windows\winipbin\vdorctrl.dll
2012-09-06 21:22 - 2011-01-27 11:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-06 20:07 - 2012-01-26 22:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2009-07-13 20:10 - 2009-07-13 21:41 - 00554912 _____ () C:\Windows\winipbin\svrltwp.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-08-25 09:01 - 2012-11-15 17:39 - 01911776 _____ () C:\Program Files (x86)\SquareTwo Financial\Eagle_prod\mozjs.dll
2013-03-13 09:30 - 2013-03-13 09:30 - 14717144 ____N () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
2012-08-06 10:10 - 2012-08-06 10:10 - 01253376 _____ () C:\Program Files (x86)\Common Files\Business Objects\3.0\bin\prompt.dll
2012-08-06 10:10 - 2012-08-06 10:10 - 00176128 _____ () C:\Program Files (x86)\Common Files\Business Objects\3.0\bin\prompt_res_en.dll
2011-10-05 04:52 - 2011-10-05 04:52 - 00756048 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-08-22 12:03 - 2014-08-22 12:03 - 00718152 _____ () C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\36.0.1985.143\libglesv2.dll
2014-08-22 12:03 - 2014-08-22 12:03 - 00126280 _____ () C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\36.0.1985.143\libegl.dll
2014-08-22 12:03 - 2014-08-22 12:03 - 08537928 _____ () C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\36.0.1985.143\pdf.dll
2014-08-22 12:03 - 2014-08-22 12:03 - 00353096 _____ () C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-22 12:03 - 2014-08-22 12:03 - 01732936 _____ () C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\36.0.1985.143\ffmpegsumo.dll
2014-08-22 12:03 - 2014-08-22 12:03 - 14669128 _____ () C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\36.0.1985.143\PepperFlash\pepflashplayer.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2013-04-01 11:11 - 2012-12-18 12:58 - 02666496 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/25/2014 09:03:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 08:32:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 08:26:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 08:21:36 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (08/25/2014 08:21:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 08:00:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 07:38:12 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
Error: (08/25/2014 07:38:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (08/25/2014 07:38:12 AM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (08/25/2014 07:28:54 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
 
System errors:
=============
Error: (08/25/2014 09:04:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/25/2014 08:33:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/25/2014 08:27:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/25/2014 08:21:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/25/2014 08:21:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/25/2014 08:21:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/25/2014 08:21:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/25/2014 08:21:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/25/2014 08:21:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/25/2014 08:21:25 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
 
Microsoft Office Sessions:
=========================
Error: (04/03/2014 01:17:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 13999 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/20/2014 09:43:02 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/07/2014 06:13:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28390 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error: (05/14/2013 05:06:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16073 seconds with 1500 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-22 10:18:41.931
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-22 10:18:41.884
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-07 07:17:37.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 73%
Total physical RAM: 4008.63 MB
Available physical RAM: 1079.25 MB
Total Pagefile: 8015.44 MB
Available Pagefile: 4969.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:216.69 GB) (Free:142.81 GB) NTFS
Drive l: (Data) (Network) (Total:200 GB) (Free:166.66 GB) NTFS
Drive m: () (Network) (Total:500 GB) (Free:439.11 GB) 
Drive n: (Data) (Network) (Total:200 GB) (Free:166.66 GB) NTFS
Drive s: (Data) (Network) (Total:200 GB) (Free:166.66 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: F575B72C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=216.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 mgencarelli

mgencarelli
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 25 August 2014 - 09:57 AM

I have tracked the Browser.exe coming from C:\Users\denise\AppData\LocalLow\VinylMedium



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:31 AM

Posted 25 August 2014 - 10:21 AM

Hi mgencarelli,
 
C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe
C:\Users\denise\AppData\Local\ModulatorGravity\ModulatorGravity.dll
 
Please upload these files above to my channel:
http://www.bleepingcomputer.com/submit-malware.php?channel=170&lm=1
(You can copy & paste the file-path into the "searchfield")
 
--------------
 
After you have uploaded those files:
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
(Google Inc.) C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe
(Google Inc.) C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe
(Google Inc.) C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe
(Google Inc.) C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe
C:\Users\denise\AppData\LocalLow\VinylMedium\
HKU\S-1-5-21-4185685914-448065600-3605170752-1137\...\Run: [ModulatorGravity] => C:\Windows\system32\rundll32.exe "C:\Users\denise\AppData\Local\ModulatorGravity\ModulatorGravity.dll",DllRegisterServer <===== ATTENTION
C:\Users\denise\AppData\Local\ModulatorGravity
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Is the fake browser.exe process gone?
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Is browser.exe gone?

xXToffeeXx~


Edited by xXToffeeXx, 25 August 2014 - 10:23 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 mgencarelli

mgencarelli
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 25 August 2014 - 10:35 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 03
Ran by denise at 2014-08-25 11:34:17 Run:1
Running from C:\Users\denise\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
(Google Inc.) C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe
(Google Inc.) C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe
(Google Inc.) C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe
(Google Inc.) C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe
C:\Users\denise\AppData\LocalLow\VinylMedium\
HKU\S-1-5-21-4185685914-448065600-3605170752-1137\...\Run: [ModulatorGravity] => C:\Windows\system32\rundll32.exe "C:\Users\denise\AppData\Local\ModulatorGravity\ModulatorGravity.dll",DllRegisterServer <===== ATTENTION
C:\Users\denise\AppData\Local\ModulatorGravity
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
*****************
 
[6772] C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe => Process closed successfully.
C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe => No running process found
C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe => No running process found
C:\Users\denise\AppData\LocalLow\VinylMedium\UtilityVoice\browser.exe => No running process found
C:\Users\denise\AppData\LocalLow\VinylMedium => Moved successfully.
HKU\S-1-5-21-4185685914-448065600-3605170752-1137\Software\Microsoft\Windows\CurrentVersion\Run\\ModulatorGravity => value deleted successfully.
C:\Users\denise\AppData\Local\ModulatorGravity => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key deleted successfully.
"HKCR\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
 
==== End of Fixlog ====

Browser closed right after I hit FIX and did not re-open...rebooting machine right now to make sure...



#9 mgencarelli

mgencarelli
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 25 August 2014 - 10:49 AM

Looks like that did the trick!! Thanks very much Toffee!! Even got it done within my crazy short time frame, which I greatly appreciate.


Edited by mgencarelli, 25 August 2014 - 10:51 AM.


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:31 AM

Posted 25 August 2014 - 10:53 AM

Hi mgencarelli,
 
You're welcome. Just keep an eye on it for a while, if you have some time then I suggest updating these programs:
 
Your version of Java is out of date. Older versions of programs have vulnerabilities that malicious sites can use to exploit and infect your system.

You may want to read these before you update, as most users do not use Java and have no need for it to be on their computer:
You don't need Java
W3Techs usage statistics and market share data of Java on the web
 
If you want to use Java, then please follow these steps to remove older version Java components and update:

  • Download the latest version of Java and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Java in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the Java installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run as Administrator.
  • When the Java Setup - Welcome window opens, click the Install button.
  • If offered any unwanted software or toolbars during installation (such as the Ask Toolbar); just uncheck the box before continuing unless you want it.
  • Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature, and you will not have to remember to update when Java releases a new version.

--------------

Your version of Adobe Flash is out of date.

Please follow these steps to remove older version Adobe Flash components and update:

  • Download the latest version of Adobe Flash and save it to your desktop.
  • Note: If you use Google Chrome or Firefox then there is no need to download Adobe Flash, if you also use Internet Explorer then use that browser to download Flash.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Adobe Flash in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Adobe Flash uninstaller.
  • Reboot your computer once Adobe Flash is removed.
  • Then from your desktop double-click on the Adobe Flash installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then run as Administrator.
  • If offered any unwanted software or toolbars during installation (such as Google Chrome and Google Toolbar); just uncheck the box before continuing unless you want these programs.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:31 AM

Posted 30 August 2014 - 03:21 PM

Hi mgencarelli,
 
This is a 3 day bump:
 
It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:31 AM

Posted 02 September 2014 - 10:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users