Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome Malware - Browser.exe - Infected machine


  • This topic is locked This topic is locked
16 replies to this topic

#1 awhealth

awhealth

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 26 August 2014 - 01:36 PM

This is the same problem as the following thread:
 
http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/
 
Google Chrome is not even installed on the computer, but the (browser).exe process kept popping up...
I found that the process was being run from C:/Users/%USERNAME%/AppData/LocalLow/

 
Any help is much appreciated!!!

 

I red the previews topic and already used the FRST64.exe.

Please see attached the first.txt and Addition.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Admin (administrator) on AWILUSER-CONFPC on 26-08-2014 13:31:13
Running from C:\Temp
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Rescue Calling Card\CallingCard_srv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Rescue Calling Card\CallingCard_srv.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Rescue Calling Card\CallingCard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2013-01-19] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2013-01-19] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-818103698-2256316310-3864153919-1000\...\Run: [eFax 4.4] => C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)
HKU\S-1-5-21-818103698-2256316310-3864153919-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-818103698-2256316310-3864153919-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe [417992 2013-01-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-818103698-2256316310-3864153919-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-818103698-2256316310-3864153919-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2013-01-19] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-818103698-2256316310-3864153919-1001\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2013-01-19] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\AW IL User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
Startup: C:\Users\AW IL User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKLM - DefaultScope {2A3CA6DF-BB9D-4FFE-AEE2-7F2B91DE2EF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2A3CA6DF-BB9D-4FFE-AEE2-7F2B91DE2EF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {2A3CA6DF-BB9D-4FFE-AEE2-7F2B91DE2EF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2A3CA6DF-BB9D-4FFE-AEE2-7F2B91DE2EF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDCJS
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1082
Tcpip\Parameters: [DhcpNameServer] 192.168.101.1
Tcpip\..\Interfaces\{27E39471-1D30-4480-A0BA-FC9EAFBB8397}: [NameServer] 8.8.8.8
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF [2013-10-04]
 
Chrome: 
=======
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [166912 2012-04-10] (Dell Products, LP.) [File not signed]
R2 LMIRescue_47a491e2-eb81-454b-8e15-44973b64bbe5; C:\Program Files (x86)\LogMeIn Rescue Calling Card\CallingCard_srv.exe [1246608 2011-10-21] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368 2013-05-25] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe [2316184 2013-05-25] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe [334736 2013-05-25] (Symantec Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2012-02-08] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140801.011\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC}; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [169048 2013-05-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20140825.011\IDSvia64.sys [525016 2014-05-12] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20140826.001\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20140826.001\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSP64.SYS [796760 2013-05-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSPX64.SYS [36952 2013-05-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMDS64.SYS [493656 2013-05-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMEFA64.SYS [1139800 2013-05-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-09-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.SYS [224416 2013-05-25] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMNETS.SYS [433752 2013-05-25] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [91944 2013-05-25] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-26 13:30 - 2014-08-26 13:31 - 00000000 ____D () C:\FRST
2014-08-23 17:51 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 17:51 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 17:51 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-23 17:51 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 17:51 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 17:51 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 17:51 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-23 17:51 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 17:51 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 17:51 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-23 17:51 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 17:51 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-23 17:51 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-23 17:51 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-15 03:00 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:00 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:00 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:00 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:00 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:00 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:00 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:00 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 02:28 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 02:28 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 02:28 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 02:28 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 02:28 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 02:28 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 02:28 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 02:28 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 02:28 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 02:28 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 02:28 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 02:28 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 02:28 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 02:28 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 02:28 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 02:28 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 02:28 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 02:28 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 02:28 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 02:28 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 02:28 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 02:28 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 02:28 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 02:28 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 02:28 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 02:28 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 02:28 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 02:28 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 02:28 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 02:28 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 02:28 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 02:28 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 02:28 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 02:28 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 02:28 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 02:28 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 02:28 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 02:28 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 02:28 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 02:28 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 02:28 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 02:28 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 02:28 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 02:28 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 02:28 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 02:28 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 02:28 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 02:28 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 02:28 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 02:28 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 02:28 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 02:28 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 02:28 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 02:28 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 02:28 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 02:28 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 02:28 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 02:28 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 02:28 - 2014-07-15 22:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 02:28 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 02:28 - 2014-07-15 21:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 02:28 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 02:28 - 2014-07-15 21:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 02:28 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 02:28 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 02:28 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 02:28 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 02:28 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 02:28 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 02:28 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 02:28 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 02:28 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 02:28 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 02:28 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 02:28 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 02:28 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 02:28 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 02:28 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 02:28 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 02:28 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 02:28 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 02:28 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 02:28 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 02:28 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 02:28 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 02:28 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 02:28 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-06 10:51 - 2014-08-06 10:51 - 771755064 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:51 - 2014-08-06 10:51 - 00279416 _____ () C:\Windows\Minidump\080614-16567-01.dmp
2014-08-06 10:51 - 2014-08-06 10:51 - 00000000 ____D () C:\Windows\Minidump
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-26 13:31 - 2014-08-26 13:30 - 00000000 ____D () C:\FRST
2014-08-26 13:31 - 2013-01-19 02:27 - 00000000 ____D () C:\Temp
2014-08-26 13:30 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 13:30 - 2009-07-13 23:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 13:15 - 2013-01-19 02:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 12:54 - 2013-09-11 11:52 - 00000000 ____D () C:\ProgramData\Symantec
2014-08-26 12:50 - 2013-09-11 11:51 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Rescue Calling Card
2014-08-26 12:49 - 2013-09-17 15:10 - 00000000 ____D () C:\Users\AW IL User\AppData\Local\LogMeIn Rescue Calling Card
2014-08-26 12:06 - 2013-01-19 02:09 - 01659884 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 07:54 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-26 07:49 - 2013-01-19 02:27 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-08-26 07:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-26 07:49 - 2009-07-13 23:51 - 00039637 _____ () C:\Windows\setupact.log
2014-08-26 07:49 - 2009-07-13 23:45 - 00435712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 07:46 - 2013-02-06 13:12 - 00000509 _____ () C:\Users\AW IL User\Desktop\Active.website
2014-08-18 07:08 - 2013-02-06 12:51 - 00000000 ___RD () C:\Users\AW IL User\Virtual Machines
2014-08-15 04:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-15 03:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 03:03 - 2013-08-01 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:03 - 2013-03-18 10:03 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-06 21:06 - 2014-08-15 02:28 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-15 02:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 10:51 - 2014-08-06 10:51 - 771755064 _____ () C:\Windows\MEMORY.DMP
2014-08-06 10:51 - 2014-08-06 10:51 - 00279416 _____ () C:\Windows\Minidump\080614-16567-01.dmp
2014-08-06 10:51 - 2014-08-06 10:51 - 00000000 ____D () C:\Windows\Minidump
2014-07-31 18:41 - 2014-08-15 02:28 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 18:16 - 2014-08-15 02:28 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
 
Some content of TEMP:
====================
C:\Users\AW IL User\AppData\Local\Temp\air32E7.exe
C:\Users\AW IL User\AppData\Local\Temp\airB1B5.exe
C:\Users\AW IL User\AppData\Local\Temp\airF960.exe
C:\Users\AW IL User\AppData\Local\Temp\D9FC_FPPSetup.exe
C:\Users\AW IL User\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
C:\Users\AW IL User\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih_1.exe
C:\Users\AW IL User\AppData\Local\Temp\install_flashplayer12x32ax_gtba_chra_dy_aaa_aih.exe
C:\Users\AW IL User\AppData\Local\Temp\ose00000.exe
C:\Users\AW IL User\AppData\Local\Temp\tbInte.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 00:40
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by Admin at 2014-08-26 13:31:33
Running from C:\Temp
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.265 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D0AC5F9F-1043-4569-ACE3-67EE990EB0E6}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D0AC5F9F-1043-4569-ACE3-67EE990EB0E6}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{9DDFE322-6BA0-4F90-8689-D98382492371}) (Version: 2.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2598 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LogMeIn Rescue Calling Card (HKLM-x32\...\{C2835850-FCEB-4A1A-A213-57E7A9A8EC62}) (Version: 7.0.454 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 en-US)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Symantec Endpoint Protection (HKLM\...\{C02FF081-3B1D-47BA-AA68-37D0EA4B75C5}) (Version: 12.1.3001.165 - Symantec Corporation)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{15058154-469F-4794-ACD5-94F8420F9B80}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{995A7832-B512-46D5-87C9-2D71FB541435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{147E3669-1EA6-454C-B53E-A2BE51D8E520}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{147E3669-1EA6-454C-B53E-A2BE51D8E520}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{147E3669-1EA6-454C-B53E-A2BE51D8E520}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{147E3669-1EA6-454C-B53E-A2BE51D8E520}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3613AECC-1454-4DDD-AC36-C42DC16D6DEE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{29E94638-D92F-4C40-BDA1-FEDCC92F478D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{29E94638-D92F-4C40-BDA1-FEDCC92F478D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector (KB2583935) (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{64FDCC43-8AD0-46F0-BF53-0CC27D816202}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector (KB2583935) (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{64FDCC43-8AD0-46F0-BF53-0CC27D816202}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector (KB2583935) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EDF9874C-9E37-4110-9FC3-094247E114DF}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector (KB2583935) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EDF9874C-9E37-4110-9FC3-094247E114DF}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
09-07-2014 08:00:20 Windows Update
17-07-2014 05:00:03 Scheduled Checkpoint
25-07-2014 05:00:03 Scheduled Checkpoint
02-08-2014 05:00:03 Scheduled Checkpoint
10-08-2014 05:00:33 Scheduled Checkpoint
15-08-2014 08:00:16 Windows Update
23-08-2014 05:00:03 Scheduled Checkpoint
23-08-2014 22:50:53 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {377999BA-EA1B-4C8C-8E41-FF2EE6147CE5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-19] (Adobe Systems Incorporated)
Task: {8BB51512-636B-433F-9546-84522CB3840D} - System32\Tasks\4825 => Wscript.exe C:\Users\AWILUS~1\AppData\Local\Temp\launchie.vbs //B
Task: {E3720D51-FADD-4099-A92E-EF56D8415EC1} - System32\Tasks\0 => Iexplore.exe 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-01-19 03:48 - 2011-12-15 17:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-08-15 03:34 - 2014-08-15 03:34 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5744dbc804f3ddc8c5416a9de9e8c26d\IsdiInterop.ni.dll
2013-01-19 02:24 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-01-19 02:22 - 2011-12-16 13:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/26/2014 01:03:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: browser.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: rejdjgm.dll, version: 7.0.4.258, time stamp: 0x53fb8dc5
Exception code: 0xc0000094
Fault offset: 0x000071a1
Faulting process id: 0x188c
Faulting application start time: 0xbrowser.exe0
Faulting application path: browser.exe1
Faulting module path: browser.exe2
Report Id: browser.exe3
 
Error: (08/26/2014 00:54:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: browser.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: rejdjgm.dll, version: 7.0.4.258, time stamp: 0x53fb8dc5
Exception code: 0xc0000094
Fault offset: 0x000071a1
Faulting process id: 0x1e3c
Faulting application start time: 0xbrowser.exe0
Faulting application path: browser.exe1
Faulting module path: browser.exe2
Report Id: browser.exe3
 
Error: (08/26/2014 00:50:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: browser.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: rejdjgm.dll, version: 7.0.4.258, time stamp: 0x53fb8dc5
Exception code: 0xc0000094
Fault offset: 0x000071a1
Faulting process id: 0x4e0
Faulting application start time: 0xbrowser.exe0
Faulting application path: browser.exe1
Faulting module path: browser.exe2
Report Id: browser.exe3
 
Error: (08/26/2014 00:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: browser.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: rejdjgm.dll, version: 7.0.4.258, time stamp: 0x53fb8dc5
Exception code: 0xc0000094
Fault offset: 0x000071a1
Faulting process id: 0x180c
Faulting application start time: 0xbrowser.exe0
Faulting application path: browser.exe1
Faulting module path: browser.exe2
Report Id: browser.exe3
 
Error: (08/26/2014 00:30:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: browser.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: rejdjgm.dll, version: 7.0.4.258, time stamp: 0x53fb8dc5
Exception code: 0xc0000094
Fault offset: 0x000071a1
Faulting process id: 0x1530
Faulting application start time: 0xbrowser.exe0
Faulting application path: browser.exe1
Faulting module path: browser.exe2
Report Id: browser.exe3
 
Error: (08/26/2014 00:27:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: browser.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: rejdjgm.dll, version: 7.0.4.258, time stamp: 0x53fb8dc5
Exception code: 0xc0000094
Fault offset: 0x000071a1
Faulting process id: 0x88c
Faulting application start time: 0xbrowser.exe0
Faulting application path: browser.exe1
Faulting module path: browser.exe2
Report Id: browser.exe3
 
Error: (08/26/2014 00:19:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: browser.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: rejdjgm.dll, version: 7.0.4.258, time stamp: 0x53fb8dc5
Exception code: 0xc0000094
Fault offset: 0x000071a1
Faulting process id: 0x1bb4
Faulting application start time: 0xbrowser.exe0
Faulting application path: browser.exe1
Faulting module path: browser.exe2
Report Id: browser.exe3
 
Error: (08/26/2014 00:16:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: browser.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: rejdjgm.dll, version: 7.0.4.258, time stamp: 0x53fb8dc5
Exception code: 0xc0000094
Fault offset: 0x000071a1
Faulting process id: 0x1b58
Faulting application start time: 0xbrowser.exe0
Faulting application path: browser.exe1
Faulting module path: browser.exe2
Report Id: browser.exe3
 
Error: (08/26/2014 00:09:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: browser.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: rejdjgm.dll, version: 7.0.4.258, time stamp: 0x53fb8dc5
Exception code: 0xc0000094
Fault offset: 0x000071a1
Faulting process id: 0x1ac8
Faulting application start time: 0xbrowser.exe0
Faulting application path: browser.exe1
Faulting module path: browser.exe2
Report Id: browser.exe3
 
Error: (08/26/2014 00:05:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: browser.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: rejdjgm.dll, version: 7.0.4.258, time stamp: 0x53fb8dc5
Exception code: 0xc0000094
Fault offset: 0x000071a1
Faulting process id: 0x174c
Faulting application start time: 0xbrowser.exe0
Faulting application path: browser.exe1
Faulting module path: browser.exe2
Report Id: browser.exe3
 
 
System errors:
=============
Error: (08/26/2014 07:52:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/21/2014 01:34:50 PM) (Source: DCOM) (EventID: 10016) (User: AWILUser-ConfPC)
Description: application-specificLocalActivation{69B37063-2BB6-43B5-A109-60E69A77840F}{CD11FAB6-1C0E-45E1-BA31-5C6008EF2607}AWILUser-ConfPCAW IL UserS-1-5-21-818103698-2256316310-3864153919-1000LocalHost (Using LRPC)
 
Error: (08/21/2014 01:34:50 PM) (Source: DCOM) (EventID: 10016) (User: AWILUser-ConfPC)
Description: application-specificLocalActivation{69B37063-2BB6-43B5-A109-60E69A77840F}{CD11FAB6-1C0E-45E1-BA31-5C6008EF2607}AWILUser-ConfPCAW IL UserS-1-5-21-818103698-2256316310-3864153919-1000LocalHost (Using LRPC)
 
Error: (08/21/2014 01:34:35 PM) (Source: DCOM) (EventID: 10016) (User: AWILUser-ConfPC)
Description: application-specificLocalActivation{69B37063-2BB6-43B5-A109-60E69A77840F}{CD11FAB6-1C0E-45E1-BA31-5C6008EF2607}AWILUser-ConfPCAW IL UserS-1-5-21-818103698-2256316310-3864153919-1000LocalHost (Using LRPC)
 
Error: (08/21/2014 01:34:34 PM) (Source: DCOM) (EventID: 10016) (User: AWILUser-ConfPC)
Description: application-specificLocalActivation{69B37063-2BB6-43B5-A109-60E69A77840F}{CD11FAB6-1C0E-45E1-BA31-5C6008EF2607}AWILUser-ConfPCAW IL UserS-1-5-21-818103698-2256316310-3864153919-1000LocalHost (Using LRPC)
 
Error: (08/21/2014 01:34:22 PM) (Source: DCOM) (EventID: 10016) (User: AWILUser-ConfPC)
Description: application-specificLocalActivation{69B37063-2BB6-43B5-A109-60E69A77840F}{CD11FAB6-1C0E-45E1-BA31-5C6008EF2607}AWILUser-ConfPCAW IL UserS-1-5-21-818103698-2256316310-3864153919-1000LocalHost (Using LRPC)
 
Error: (08/21/2014 01:34:22 PM) (Source: DCOM) (EventID: 10016) (User: AWILUser-ConfPC)
Description: application-specificLocalActivation{69B37063-2BB6-43B5-A109-60E69A77840F}{CD11FAB6-1C0E-45E1-BA31-5C6008EF2607}AWILUser-ConfPCAW IL UserS-1-5-21-818103698-2256316310-3864153919-1000LocalHost (Using LRPC)
 
Error: (08/21/2014 11:59:35 AM) (Source: DCOM) (EventID: 10016) (User: AWILUser-ConfPC)
Description: application-specificLocalActivation{69B37063-2BB6-43B5-A109-60E69A77840F}{CD11FAB6-1C0E-45E1-BA31-5C6008EF2607}AWILUser-ConfPCAW IL UserS-1-5-21-818103698-2256316310-3864153919-1000LocalHost (Using LRPC)
 
Error: (08/21/2014 11:59:35 AM) (Source: DCOM) (EventID: 10016) (User: AWILUser-ConfPC)
Description: application-specificLocalActivation{69B37063-2BB6-43B5-A109-60E69A77840F}{CD11FAB6-1C0E-45E1-BA31-5C6008EF2607}AWILUser-ConfPCAW IL UserS-1-5-21-818103698-2256316310-3864153919-1000LocalHost (Using LRPC)
 
Error: (08/21/2014 10:57:43 AM) (Source: DCOM) (EventID: 10016) (User: AWILUser-ConfPC)
Description: application-specificLocalActivation{69B37063-2BB6-43B5-A109-60E69A77840F}{CD11FAB6-1C0E-45E1-BA31-5C6008EF2607}AWILUser-ConfPCAW IL UserS-1-5-21-818103698-2256316310-3864153919-1000LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (08/26/2014 01:03:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: browser.exe36.0.1985.14353e2e515rejdjgm.dll7.0.4.25853fb8dc5c0000094000071a1188c01cfc157a14fbc4cC:\Users\AW IL User\AppData\LocalLow\VinylMedium\NarratorSync\browser.exeC:\Users\AW IL User\AppData\LocalLow\rejdjgm.dll3fa82753-2d4b-11e4-88f2-7845c443f70e
 
Error: (08/26/2014 00:54:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: browser.exe36.0.1985.14353e2e515rejdjgm.dll7.0.4.25853fb8dc5c0000094000071a11e3c01cfc1567d6cd56dC:\Users\AW IL User\AppData\LocalLow\VinylMedium\NarratorSync\browser.exeC:\Users\AW IL User\AppData\LocalLow\rejdjgm.dll0ff2f4a4-2d4a-11e4-88f2-7845c443f70e
 
Error: (08/26/2014 00:50:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: browser.exe36.0.1985.14353e2e515rejdjgm.dll7.0.4.25853fb8dc5c0000094000071a14e001cfc155de84b626C:\Users\AW IL User\AppData\LocalLow\VinylMedium\NarratorSync\browser.exeC:\Users\AW IL User\AppData\LocalLow\rejdjgm.dll721ff2ec-2d49-11e4-88f2-7845c443f70e
 
Error: (08/26/2014 00:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: browser.exe36.0.1985.14353e2e515rejdjgm.dll7.0.4.25853fb8dc5c0000094000071a1180c01cfc15595ce5d97C:\Users\AW IL User\AppData\LocalLow\VinylMedium\NarratorSync\browser.exeC:\Users\AW IL User\AppData\LocalLow\rejdjgm.dll2e3f506d-2d49-11e4-88f2-7845c443f70e
 
Error: (08/26/2014 00:30:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: browser.exe36.0.1985.14353e2e515rejdjgm.dll7.0.4.25853fb8dc5c0000094000071a1153001cfc152d4a4fe43C:\Users\AW IL User\AppData\LocalLow\VinylMedium\NarratorSync\browser.exeC:\Users\AW IL User\AppData\LocalLow\rejdjgm.dlla5b98517-2d46-11e4-88f2-7845c443f70e
 
Error: (08/26/2014 00:27:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: browser.exe36.0.1985.14353e2e515rejdjgm.dll7.0.4.25853fb8dc5c0000094000071a188c01cfc152ad9fbde2C:\Users\AW IL User\AppData\LocalLow\VinylMedium\NarratorSync\browser.exeC:\Users\AW IL User\AppData\LocalLow\rejdjgm.dll4fe485bb-2d46-11e4-88f2-7845c443f70e
 
Error: (08/26/2014 00:19:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: browser.exe36.0.1985.14353e2e515rejdjgm.dll7.0.4.25853fb8dc5c0000094000071a11bb401cfc1518d827155C:\Users\AW IL User\AppData\LocalLow\VinylMedium\NarratorSync\browser.exeC:\Users\AW IL User\AppData\LocalLow\rejdjgm.dll29740c8c-2d45-11e4-88f2-7845c443f70e
 
Error: (08/26/2014 00:16:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: browser.exe36.0.1985.14353e2e515rejdjgm.dll7.0.4.25853fb8dc5c0000094000071a11b5801cfc15119d3b634C:\Users\AW IL User\AppData\LocalLow\VinylMedium\NarratorSync\browser.exeC:\Users\AW IL User\AppData\LocalLow\rejdjgm.dllc08c43d0-2d44-11e4-88f2-7845c443f70e
 
Error: (08/26/2014 00:09:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: browser.exe36.0.1985.14353e2e515rejdjgm.dll7.0.4.25853fb8dc5c0000094000071a11ac801cfc1503e341915C:\Users\AW IL User\AppData\LocalLow\VinylMedium\NarratorSync\browser.exeC:\Users\AW IL User\AppData\LocalLow\rejdjgm.dllc8a29177-2d43-11e4-88f2-7845c443f70e
 
Error: (08/26/2014 00:05:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: browser.exe36.0.1985.14353e2e515rejdjgm.dll7.0.4.25853fb8dc5c0000094000071a1174c01cfc14fafcc059dC:\Users\AW IL User\AppData\LocalLow\VinylMedium\NarratorSync\browser.exeC:\Users\AW IL User\AppData\LocalLow\rejdjgm.dll3e551eb1-2d43-11e4-88f2-7845c443f70e
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 44%
Total physical RAM: 6015.55 MB
Available physical RAM: 3364.35 MB
Total Pagefile: 12029.27 MB
Available Pagefile: 9304.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:913.29 GB) (Free:860.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 0DC5BF89)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=18.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=913.3 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Attached Files


Edited by xXToffeeXx, 26 August 2014 - 01:50 PM.
Posted logs for ease


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:10 AM

Posted 26 August 2014 - 02:18 PM

Hi awhealth,
 
We need to search for a few things with SystemLook:

  • Please download SystemLook (64-bit) by jpshortstuff and save it to your desktop
  • Double-click the program to run it, paste the entire text into the main text box:
:dir
​C:\Users\AW IL User\AppData\LocalLow
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 awhealth

awhealth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 26 August 2014 - 02:21 PM

Here is the lo:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 14:20 on 26/08/2014 by Admin
Administrator - Elevation successful

========== dir ==========

​C:\Users\AW IL User\AppData\LocalLow - Unable to find folder.

-= EOF =-



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:10 AM

Posted 26 August 2014 - 02:25 PM

Hi awhealth,

 

Looks like I made a mistake with the script, please re-run it with the new script:
 
We need to search for a few things with SystemLook:

  • Please download SystemLook (64-bit) by jpshortstuff and save it to your desktop
  • Double-click the program to run it, paste the entire text into the main text box:

:dir
​"C:\Users\AW IL User\AppData\LocalLow"
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

xXToffeeXx~


Edited by xXToffeeXx, 26 August 2014 - 02:25 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 awhealth

awhealth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 26 August 2014 - 02:32 PM

Same result:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 14:32 on 26/08/2014 by Admin
Administrator - Elevation successful

========== dir ==========

​"C:\Users\AW IL User\AppData\LocalLow" - Unable to find folder.

-= EOF =-



#6 awhealth

awhealth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 26 August 2014 - 02:36 PM

Which folder are you looking for?

Here is the folders under LocalLow:

Adobe

Conduit

Microsoft

ModulatorOptional

Temp

VinylMedium

VinylMobile

 

Attached Files



#7 awhealth

awhealth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 26 August 2014 - 02:40 PM

I think I need to add something. The dll file that came with VinylMedium could not register it self, be cause the user does not have administrator rights, and rejdjgm.dll was deleted.

Hope it will help.



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:10 AM

Posted 26 August 2014 - 03:05 PM

Hi awhealth,
 
The list of folders was helpful, thank you.
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
Folder: C:\Users\AW IL User\AppData\LocalLow\VinylMedium
Folder: C:\Users\AW IL User\AppData\LocalLow\ModulatorOptional
Folder: C:\Users\AW IL User\AppData\LocalLow\VinylMobile
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 awhealth

awhealth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 26 August 2014 - 03:09 PM

Thanx.

Here is the fixlog.txt

 

 

 

 

Attached Files



#10 awhealth

awhealth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 26 August 2014 - 03:17 PM

Should I restart the computer to check if I'm virus free?

There is no processes in TaskManager.



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:10 AM

Posted 26 August 2014 - 03:20 PM

Hi awhealth,
 
No, please run this first, the first fix was to check the content of those folders. After this fix you can reboot and check if everything is gone.

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
C:\Users\AW IL User\AppData\LocalLow\VinylMedium
C:\Users\AW IL User\AppData\LocalLow\ModulatorOptional
C:\Users\AW IL User\AppData\LocalLow\VinylMobile
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 awhealth

awhealth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 26 August 2014 - 03:23 PM

fixlog.txt

 

*************************

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014
Ran by AW IL User at 2014-08-26 15:23:07 Run:2
Running from C:\Temp
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\AW IL User\AppData\LocalLow\VinylMedium
C:\Users\AW IL User\AppData\LocalLow\ModulatorOptional
C:\Users\AW IL User\AppData\LocalLow\VinylMobile
*****************

C:\Users\AW IL User\AppData\LocalLow\VinylMedium => Moved successfully.
C:\Users\AW IL User\AppData\LocalLow\ModulatorOptional => Moved successfully.
C:\Users\AW IL User\AppData\LocalLow\VinylMobile => Moved successfully.

==== End of Fixlog ====



#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:10 AM

Posted 27 August 2014 - 07:22 AM

Hi awhealth,

 

Has the browser.exe gone now?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 awhealth

awhealth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 27 August 2014 - 07:41 AM

Just checked.

Yes, it is gone.

 

Thank you very much!



#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:10 AM

Posted 27 August 2014 - 07:44 AM

Hi awhealth,
 
You are welcome, a few more scans to clean some things up:
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner log
  • Malwarebytes log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users