Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Google Chrome processes (browser.exe *32)


  • This topic is locked This topic is locked
7 replies to this topic

#1 landerhavenn

landerhavenn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 26 August 2014 - 03:41 PM

Hello,

 

I believe I am having a similar issue to this thread:

 

www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/

 

On my customer's computer, I keep getting processes showing up in task manager that are called browser.exe *32 (identified as Google Chrome) even though Chrome is not installed on the PC.  I traced the processes to the User/AppData/LocalLow/ and the folders they are coming from are called NarratorHagg and VolunteerJawa.  I have deleted them in safe mode but they keep regenerating.

 

I ran the FRST scan and I will post my scan log below.  Any help is appreciated!

 

---------------------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by fogal3 (administrator) on ORTHOWS3 on 26-08-2014 16:02:22
Running from C:\Users\fogal3\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\fogal3\AppData\LocalLow\NotifyKernel\NotifyGraphics\browser.exe
(Google Inc.) C:\Users\fogal3\AppData\LocalLow\NotifyKernel\NotifyGraphics\browser.exe
(Google Inc.) C:\Users\fogal3\AppData\LocalLow\NotifyKernel\NotifyGraphics\browser.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3510248749-3557231137-3804267004-1000\...\Run: [HelperKeyboard] => C:\Windows\system32\rundll32.exe "C:\Users\fogal3\AppData\Local\HelperKeyboard\HelperKeyboard.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-3510248749-3557231137-3804267004-1000\...\Run: [VinylInfinity] => C:\Windows\system32\rundll32.exe "C:\Users\fogal3\AppData\Local\VinylInfinity\VinylInfinity.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-3510248749-3557231137-3804267004-1000\...\Policies\Explorer: [Run] "C:\Users\fogal3\AppData\Roaming\Microsoft\Windows\IEUpdate\sbunattend.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell.com/support/index.aspx?c=us&l=en&s=gen
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YN^xdm003^YYA^us&si=CP3el-fb57wCFUdk7Aoda3cAKg&ptb=6A341A52-D465-4E7E-82DE-0E2C70BCC5F8&ind=2014022511&n=780b8b6f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YN^xdm003^YYA^us&si=CP3el-fb57wCFUdk7Aoda3cAKg&ptb=6A341A52-D465-4E7E-82DE-0E2C70BCC5F8&ind=2014022511&n=780b8b6f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm003^S04913^us&si=CN7otOPB1LYCFYJi7AodwFAATg&ptb=343B9BAB-6574-4EFD-A738-60E45204A393&psa=&ind=2013041811&st=sb&n=77fc9493&searchfor={searchTerms}
SearchScopes: HKCU - {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YN^xdm003^YYA^us&si=CP3el-fb57wCFUdk7Aoda3cAKg&ptb=6A341A52-D465-4E7E-82DE-0E2C70BCC5F8&ind=2014022511&n=780b8b6f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm003^S04913^us&si=CN7otOPB1LYCFYJi7AodwFAATg&ptb=343B9BAB-6574-4EFD-A738-60E45204A393&psa=&ind=2013041811&st=sb&n=77fc9493&searchfor={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{61DC979A-9ED0-4DD7-9D2D-E58EF6E12043}: [NameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\fogal3\AppData\Roaming\Mozilla\Firefox\Profiles\h2374ic1.default
FF DefaultSearchEngine: My Web Search
FF SelectedSearchEngine: My Web Search
FF Homepage: hxxp://home.mywebsearch.com/index.jhtml?ptb=6D779A32-0332-464F-849E-8CC5186A8B31&n=77fd08fd&p2=^UW^xdm002^YY^us&si=CNOjm4D_1LYCFdJ9OgodnmkAYA
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=6D779A32-0332-464F-849E-8CC5186A8B31&n=77fd08fd&ind=2013071613&p2=^UW^xdm002^YY^us&si=CNOjm4D_1LYCFdJ9OgodnmkAYA&searchfor=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\fogal3\AppData\Roaming\Mozilla\Firefox\Profiles\h2374ic1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-06-24]

Chrome:
=======
CHR Profile: C:\Users\fogal3\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\fogal3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-25]
CHR Extension: (Google Wallet) - C:\Users\fogal3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-21] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2192088 2013-08-23] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-08-21] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
S2 vnccom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 cpjykauj; \??\C:\Windows\system32\drivers\cpjykauj.sys [X]
S1 lrmwuoty; \??\C:\Windows\system32\drivers\lrmwuoty.sys [X]
S1 nalkjjwo; \??\C:\Windows\system32\drivers\nalkjjwo.sys [X]
S1 nrshoqlp; \??\C:\Windows\system32\drivers\nrshoqlp.sys [X]
S1 oktgpxav; \??\C:\Windows\system32\drivers\oktgpxav.sys [X]
S1 scfwqzlt; \??\C:\Windows\system32\drivers\scfwqzlt.sys [X]
S1 shtstxum; \??\C:\Windows\system32\drivers\shtstxum.sys [X]
S1 tipcizll; \??\C:\Windows\system32\drivers\tipcizll.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 16:02 - 2014-08-26 16:02 - 00012765 _____ () C:\Users\fogal3\Desktop\FRST.txt
2014-08-26 16:00 - 2014-08-26 16:01 - 02103296 _____ (Farbar) C:\Users\fogal3\Desktop\FRST64.exe
2014-08-26 15:16 - 2014-08-26 15:16 - 00027220 _____ () C:\Users\fogal3\Desktop\scan.txt
2014-08-26 15:16 - 2014-08-26 15:16 - 00027220 _____ () C:\ComboFix.txt
2014-08-26 15:03 - 2014-08-26 16:02 - 00000000 ____D () C:\FRST
2014-08-26 10:52 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-26 10:52 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-26 10:52 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-26 10:52 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-26 10:52 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-26 10:52 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-26 10:52 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-26 10:52 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-26 10:44 - 2014-08-26 15:16 - 00000000 ____D () C:\Qoobox
2014-08-26 10:44 - 2014-08-26 15:15 - 00000000 ____D () C:\Windows\erdnt
2014-08-26 10:34 - 2014-08-26 14:39 - 00000000 ____D () C:\Users\fogal3\AppData\Local\Deployment
2014-08-26 10:34 - 2014-08-26 10:34 - 00000000 ____D () C:\Users\fogal3\AppData\Local\Apps\2.0
2014-08-26 10:31 - 2014-08-26 10:31 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-26 10:13 - 2014-08-26 10:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-08-26 09:26 - 2014-08-26 10:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-25 09:17 - 2014-08-25 09:17 - 00000000 ____D () C:\Users\fogal3\AppData\Local\Google
2014-08-22 09:14 - 2014-08-26 14:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 09:13 - 2014-08-22 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 09:13 - 2014-08-22 09:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 09:13 - 2014-08-22 09:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 09:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-22 09:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-22 09:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-22 08:56 - 2014-08-22 08:56 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-22 08:55 - 2014-08-22 08:55 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-22 08:55 - 2014-08-22 08:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-22 08:55 - 2014-08-22 08:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-19 15:58 - 2014-08-19 15:58 - 00000000 ____D () C:\Users\fogal3\AppData\Local\VinylInfinity
2014-08-19 15:17 - 2014-08-26 15:54 - 00004978 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ORTHOWS3-fogal3 orthows3
2014-08-19 09:40 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 09:40 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 09:40 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 09:40 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 09:40 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 09:40 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 09:40 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 09:40 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 09:40 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 09:40 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 09:39 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 09:39 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 09:39 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 09:39 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-15 09:03 - 2014-08-15 09:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 09:03 - 2014-07-31 23:41 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 16:58 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 16:58 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 16:58 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 16:58 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 16:58 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 16:58 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 16:58 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 16:58 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 15:25 - 2014-08-14 15:25 - 00000000 ____D () C:\Users\fogal3\AppData\Local\HelperKeyboard
2014-08-14 09:05 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 09:05 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 09:05 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 09:05 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 09:05 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 09:05 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 09:05 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 09:05 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 09:05 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 09:05 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 09:05 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 09:05 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 09:05 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 09:05 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 09:05 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 09:05 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 09:05 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 09:05 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 09:05 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 09:05 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 09:05 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 09:05 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 09:05 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 09:05 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 09:05 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 09:05 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 09:05 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 09:05 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 09:05 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 09:05 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 09:05 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 09:05 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 09:05 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 09:05 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 09:05 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 09:05 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 09:05 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 09:05 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 09:05 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 09:05 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 09:05 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 09:05 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 09:05 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 09:05 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 09:05 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 09:05 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 09:05 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 09:05 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 09:05 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 09:05 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 09:05 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 09:05 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 09:05 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 09:05 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 09:05 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 09:05 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 08:28 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 08:28 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 08:28 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 08:28 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 08:28 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 08:28 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 08:28 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 08:28 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 08:28 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 08:28 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 08:28 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 08:28 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 08:18 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 08:18 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 08:17 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 08:17 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 08:17 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 08:17 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 08:17 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 08:17 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 08:17 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 08:17 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 08:16 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 08:16 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 08:16 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 08:16 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 08:16 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 08:11 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 08:11 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 08:04 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 08:04 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-08 15:04 - 2014-08-08 15:04 - 00000000 ____D () C:\Users\fogal3\AppData\Roaming\808c66
2014-08-08 15:03 - 2014-08-25 09:17 - 00000000 ____D () C:\Users\fogal3\AppData\Local\808c66
2014-08-08 15:03 - 2014-08-11 09:36 - 00000000 ____D () C:\Users\fogal3\AppData\Local\browser_dir

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 16:03 - 2014-08-26 16:02 - 00012765 _____ () C:\Users\fogal3\Desktop\FRST.txt
2014-08-26 16:02 - 2014-08-26 15:03 - 00000000 ____D () C:\FRST
2014-08-26 16:01 - 2014-08-26 16:00 - 02103296 _____ (Farbar) C:\Users\fogal3\Desktop\FRST64.exe
2014-08-26 16:01 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 16:01 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 16:00 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-26 15:58 - 2014-04-24 13:44 - 00000000 ____D () C:\Users\fogal3\AppData\Local\CrashDumps
2014-08-26 15:58 - 2014-02-21 16:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-26 15:57 - 2014-02-21 17:49 - 01394562 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 15:54 - 2014-08-19 15:17 - 00004978 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ORTHOWS3-fogal3 orthows3
2014-08-26 15:53 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-26 15:53 - 2009-07-14 00:51 - 00039516 _____ () C:\Windows\setupact.log
2014-08-26 15:53 - 2009-07-14 00:45 - 00331328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 15:16 - 2014-08-26 15:16 - 00027220 _____ () C:\Users\fogal3\Desktop\scan.txt
2014-08-26 15:16 - 2014-08-26 15:16 - 00027220 _____ () C:\ComboFix.txt
2014-08-26 15:16 - 2014-08-26 10:44 - 00000000 ____D () C:\Qoobox
2014-08-26 15:16 - 2012-10-16 08:58 - 00000000 ____D () C:\Users\Word8.0
2014-08-26 15:16 - 2012-10-16 08:58 - 00000000 ____D () C:\Users\VBE
2014-08-26 15:16 - 2010-11-20 23:47 - 00284246 _____ () C:\Windows\PFRO.log
2014-08-26 15:15 - 2014-08-26 10:44 - 00000000 ____D () C:\Windows\erdnt
2014-08-26 15:15 - 2014-03-17 11:24 - 00000000 ____D () C:\Users\fogal3
2014-08-26 15:15 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-26 14:46 - 2014-08-22 09:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 14:39 - 2014-08-26 10:34 - 00000000 ____D () C:\Users\fogal3\AppData\Local\Deployment
2014-08-26 14:12 - 2014-02-21 15:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 10:34 - 2014-08-26 10:34 - 00000000 ____D () C:\Users\fogal3\AppData\Local\Apps\2.0
2014-08-26 10:31 - 2014-08-26 10:31 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-26 10:31 - 2014-08-26 09:26 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-26 10:14 - 2014-03-21 10:30 - 00070872 _____ () C:\Users\fogal3\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-26 10:13 - 2014-08-26 10:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-08-26 10:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Speech
2014-08-26 09:16 - 2014-03-17 11:28 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-26 08:22 - 2009-07-14 01:08 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-25 09:17 - 2014-08-25 09:17 - 00000000 ____D () C:\Users\fogal3\AppData\Local\Google
2014-08-25 09:17 - 2014-08-08 15:03 - 00000000 ____D () C:\Users\fogal3\AppData\Local\808c66
2014-08-22 09:13 - 2014-08-22 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 09:13 - 2014-08-22 09:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 09:13 - 2014-08-22 09:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 08:56 - 2014-08-22 08:56 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-22 08:55 - 2014-08-22 08:55 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-22 08:55 - 2014-08-22 08:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-22 08:55 - 2014-08-22 08:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-22 08:25 - 2012-06-24 19:00 - 00002044 ____H () C:\Users\fogal3\Documents\Default.rdp
2014-08-19 15:58 - 2014-08-19 15:58 - 00000000 ____D () C:\Users\fogal3\AppData\Local\VinylInfinity
2014-08-15 09:06 - 2014-08-15 09:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 07:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 16:58 - 2014-05-06 16:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 15:25 - 2014-08-14 15:25 - 00000000 ____D () C:\Users\fogal3\AppData\Local\HelperKeyboard
2014-08-11 09:36 - 2014-08-08 15:03 - 00000000 ____D () C:\Users\fogal3\AppData\Local\browser_dir
2014-08-08 15:04 - 2014-08-08 15:04 - 00000000 ____D () C:\Users\fogal3\AppData\Roaming\808c66
2014-08-06 22:06 - 2014-08-14 08:04 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-14 08:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-31 23:41 - 2014-08-15 09:03 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-31 19:41 - 2014-08-14 09:05 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-14 09:05 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 12:59

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 27 August 2014 - 02:34 PM

Hello,

please do the following:


Step 1

Please download this attached Attached File  fixlist.txt   2.58KB   40 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#3 landerhavenn

landerhavenn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 28 August 2014 - 08:35 AM

Thanks for the response! :)

 

Here are my logs in this order:

Fixlog.txt

FRST.txt

Addition.txt

 

------------------------------------------------------------------------------------------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014
Ran by fogal3 at 2014-08-28 08:50:31 Run:1
Running from C:\Users\fogal3\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CMD: taskkill /f /t /im rundll32.exe
CMD: taskkill /f /t /im browser.exe
HKU\S-1-5-21-3510248749-3557231137-3804267004-1000\...\Run: [HelperKeyboard] => C:\Windows\system32\rundll32.exe "C:\Users\fogal3\AppData\Local\HelperKeyboard\HelperKeyboard.dll",DllRegisterServer <===== ATTENTION
C:\Users\fogal3\AppData\Local\HelperKeyboard
HKU\S-1-5-21-3510248749-3557231137-3804267004-1000\...\Run: [VinylInfinity] => C:\Windows\system32\rundll32.exe "C:\Users\fogal3\AppData\Local\VinylInfinity\VinylInfinity.dll",DllRegisterServer <===== ATTENTION
C:\Users\fogal3\AppData\Local\VinylInfinity
HKU\S-1-5-21-3510248749-3557231137-3804267004-1000\...\Policies\Explorer: [Run] "C:\Users\fogal3\AppData\Roaming\Microsoft\Windows\IEUpdate\sbunattend.exe"
C:\Users\fogal3\AppData\Roaming\Microsoft\Windows\IEUpdate\sbunattend.exe
SearchScopes: HKLM - DefaultScope {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YN^xdm003^YYA^us&si=CP3el-fb57wCFUdk7Aoda3cAKg&ptb=6A341A52-D465-4E7E-82DE-0E2C70BCC5F8&ind=2014022511&n=780b8b6f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YN^xdm003^YYA^us&si=CP3el-fb57wCFUdk7Aoda3cAKg&ptb=6A341A52-D465-4E7E-82DE-0E2C70BCC5F8&ind=2014022511&n=780b8b6f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm003^S04913^us&si=CN7otOPB1LYCFYJi7AodwFAATg&ptb=343B9BAB-6574-4EFD-A738-60E45204A393&psa=&ind=2013041811&st=sb&n=77fc9493&searchfor={searchTerms}
SearchScopes: HKCU - {087a7792-10bb-455d-bd55-427d589addf5} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YN^xdm003^YYA^us&si=CP3el-fb57wCFUdk7Aoda3cAKg&ptb=6A341A52-D465-4E7E-82DE-0E2C70BCC5F8&ind=2014022511&n=780b8b6f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm003^S04913^us&si=CN7otOPB1LYCFYJi7AodwFAATg&ptb=343B9BAB-6574-4EFD-A738-60E45204A393&psa=&ind=2013041811&st=sb&n=77fc9493&searchfor={searchTerms}
FF DefaultSearchEngine: My Web Search
FF SelectedSearchEngine: My Web Search
FF Homepage: hxxp://home.mywebsearch.com/index.jhtml?ptb=6D779A32-0332-464F-849E-8CC5186A8B31&n=77fd08fd&p2=^UW^xdm002^YY^us&si=CNOjm4D_1LYCFdJ9OgodnmkAYA
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=6D779A32-0332-464F-849E-8CC5186A8B31&n=77fd08fd&ind=2013071613&p2=^UW^xdm002^YY^us&si=CNOjm4D_1LYCFdJ9OgodnmkAYA&searchfor=
EmptyTemp:

*****************


=========  taskkill /f /t /im rundll32.exe =========

SUCCESS: The process with PID 932 (child process of PID 2820) has been terminated.
SUCCESS: The process with PID 928 (child process of PID 1632) has been terminated.
SUCCESS: The process with PID 2820 (child process of PID 2448) has been terminated.
SUCCESS: The process with PID 1632 (child process of PID 2464) has been terminated.
SUCCESS: The process with PID 2464 (child process of PID 2848) has been terminated.
SUCCESS: The process with PID 2448 (child process of PID 2848) has been terminated.

========= End of CMD: =========


=========  taskkill /f /t /im browser.exe =========

ERROR: The process "browser.exe" not found.

========= End of CMD: =========

HKU\S-1-5-21-3510248749-3557231137-3804267004-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HelperKeyboard => value deleted successfully.
C:\Users\fogal3\AppData\Local\HelperKeyboard => Moved successfully.
HKU\S-1-5-21-3510248749-3557231137-3804267004-1000\Software\Microsoft\Windows\CurrentVersion\Run\\VinylInfinity => value deleted successfully.
C:\Users\fogal3\AppData\Local\VinylInfinity => Moved successfully.
HKU\S-1-5-21-3510248749-3557231137-3804267004-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Run => value deleted successfully.
"C:\Users\fogal3\AppData\Roaming\Microsoft\Windows\IEUpdate\sbunattend.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{087a7792-10bb-455d-bd55-427d589addf5}" => Key deleted successfully.
"HKCR\CLSID\{087a7792-10bb-455d-bd55-427d589addf5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key deleted successfully.
"HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{087a7792-10bb-455d-bd55-427d589addf5}" => Key deleted successfully.
"HKCR\CLSID\{087a7792-10bb-455d-bd55-427d589addf5}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key deleted successfully.
"HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
EmptyTemp: => Removed 5.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

--------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by fogal3 (administrator) on ORTHOWS3 on 28-08-2014 09:00:38
Running from C:\Users\fogal3\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell.com/support/index.aspx?c=us&l=en&s=gen
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{61DC979A-9ED0-4DD7-9D2D-E58EF6E12043}: [NameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\fogal3\AppData\Roaming\Mozilla\Firefox\Profiles\h2374ic1.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\fogal3\AppData\Roaming\Mozilla\Firefox\Profiles\h2374ic1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-06-24]

Chrome:
=======
CHR Profile: C:\Users\fogal3\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\fogal3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-25]
CHR Extension: (Google Wallet) - C:\Users\fogal3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-21] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2192088 2013-08-23] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-08-21] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
S2 vnccom; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 cpjykauj; \??\C:\Windows\system32\drivers\cpjykauj.sys [X]
S1 lrmwuoty; \??\C:\Windows\system32\drivers\lrmwuoty.sys [X]
S1 nalkjjwo; \??\C:\Windows\system32\drivers\nalkjjwo.sys [X]
S1 nrshoqlp; \??\C:\Windows\system32\drivers\nrshoqlp.sys [X]
S1 oktgpxav; \??\C:\Windows\system32\drivers\oktgpxav.sys [X]
S1 scfwqzlt; \??\C:\Windows\system32\drivers\scfwqzlt.sys [X]
S1 shtstxum; \??\C:\Windows\system32\drivers\shtstxum.sys [X]
S1 tipcizll; \??\C:\Windows\system32\drivers\tipcizll.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 16:02 - 2014-08-28 09:01 - 00009635 _____ () C:\Users\fogal3\Desktop\FRST.txt
2014-08-26 16:00 - 2014-08-26 16:01 - 02103296 _____ (Farbar) C:\Users\fogal3\Desktop\FRST64.exe
2014-08-26 15:16 - 2014-08-26 15:16 - 00027220 _____ () C:\Users\fogal3\Desktop\scan.txt
2014-08-26 15:16 - 2014-08-26 15:16 - 00027220 _____ () C:\ComboFix.txt
2014-08-26 15:03 - 2014-08-28 09:00 - 00000000 ____D () C:\FRST
2014-08-26 10:52 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-26 10:52 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-26 10:52 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-26 10:52 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-26 10:52 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-26 10:52 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-26 10:52 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-26 10:52 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-26 10:44 - 2014-08-26 15:16 - 00000000 ____D () C:\Qoobox
2014-08-26 10:44 - 2014-08-26 15:15 - 00000000 ____D () C:\Windows\erdnt
2014-08-26 10:34 - 2014-08-26 14:39 - 00000000 ____D () C:\Users\fogal3\AppData\Local\Deployment
2014-08-26 10:34 - 2014-08-26 10:34 - 00000000 ____D () C:\Users\fogal3\AppData\Local\Apps\2.0
2014-08-26 10:31 - 2014-08-26 10:31 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-26 10:13 - 2014-08-26 10:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-08-26 09:26 - 2014-08-26 10:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-25 09:17 - 2014-08-25 09:17 - 00000000 ____D () C:\Users\fogal3\AppData\Local\Google
2014-08-22 09:14 - 2014-08-26 14:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 09:13 - 2014-08-22 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 09:13 - 2014-08-22 09:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 09:13 - 2014-08-22 09:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 09:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-22 09:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-22 09:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-22 08:56 - 2014-08-22 08:56 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-22 08:55 - 2014-08-22 08:55 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-22 08:55 - 2014-08-22 08:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-22 08:55 - 2014-08-22 08:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-19 15:17 - 2014-08-28 08:58 - 00004978 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ORTHOWS3-fogal3 orthows3
2014-08-19 09:40 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-19 09:40 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-19 09:40 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-19 09:40 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-19 09:40 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-19 09:40 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-19 09:40 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-19 09:40 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-19 09:40 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-19 09:40 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-19 09:39 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 09:39 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-19 09:39 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-19 09:39 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-15 09:03 - 2014-08-15 09:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 09:03 - 2014-07-31 23:41 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 16:58 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 16:58 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 16:58 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 16:58 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 16:58 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 16:58 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 16:58 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 16:58 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 09:05 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 09:05 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 09:05 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 09:05 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 09:05 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 09:05 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 09:05 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 09:05 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 09:05 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 09:05 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 09:05 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 09:05 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 09:05 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 09:05 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 09:05 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 09:05 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 09:05 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 09:05 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 09:05 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 09:05 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 09:05 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 09:05 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 09:05 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 09:05 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 09:05 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 09:05 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 09:05 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 09:05 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 09:05 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 09:05 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 09:05 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 09:05 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 09:05 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 09:05 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 09:05 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 09:05 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 09:05 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 09:05 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 09:05 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 09:05 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 09:05 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 09:05 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 09:05 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 09:05 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 09:05 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 09:05 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 09:05 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 09:05 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 09:05 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 09:05 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 09:05 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 09:05 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 09:05 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 09:05 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 09:05 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 09:05 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 08:28 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 08:28 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 08:28 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 08:28 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 08:28 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 08:28 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 08:28 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 08:28 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 08:28 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 08:28 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 08:28 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 08:28 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 08:18 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 08:18 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 08:17 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 08:17 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 08:17 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 08:17 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 08:17 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 08:17 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 08:17 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 08:17 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 08:16 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 08:16 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 08:16 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 08:16 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 08:16 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 08:11 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 08:11 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 08:04 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 08:04 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-08 15:04 - 2014-08-08 15:04 - 00000000 ____D () C:\Users\fogal3\AppData\Roaming\808c66
2014-08-08 15:03 - 2014-08-25 09:17 - 00000000 ____D () C:\Users\fogal3\AppData\Local\808c66
2014-08-08 15:03 - 2014-08-11 09:36 - 00000000 ____D () C:\Users\fogal3\AppData\Local\browser_dir

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 09:01 - 2014-08-26 16:02 - 00009635 _____ () C:\Users\fogal3\Desktop\FRST.txt
2014-08-28 09:01 - 2014-02-21 17:49 - 01445270 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 09:00 - 2014-08-26 15:03 - 00000000 ____D () C:\FRST
2014-08-28 08:58 - 2014-08-19 15:17 - 00004978 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ORTHOWS3-fogal3 orthows3
2014-08-28 08:57 - 2010-11-20 23:47 - 02150380 _____ () C:\Windows\PFRO.log
2014-08-28 08:57 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-28 08:57 - 2009-07-14 00:51 - 00039628 _____ () C:\Windows\setupact.log
2014-08-28 08:57 - 2009-07-14 00:45 - 00331328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 08:52 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-28 08:52 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-28 08:50 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-26 16:01 - 2014-08-26 16:00 - 02103296 _____ (Farbar) C:\Users\fogal3\Desktop\FRST64.exe
2014-08-26 15:58 - 2014-04-24 13:44 - 00000000 ____D () C:\Users\fogal3\AppData\Local\CrashDumps
2014-08-26 15:58 - 2014-02-21 16:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-26 15:16 - 2014-08-26 15:16 - 00027220 _____ () C:\Users\fogal3\Desktop\scan.txt
2014-08-26 15:16 - 2014-08-26 15:16 - 00027220 _____ () C:\ComboFix.txt
2014-08-26 15:16 - 2014-08-26 10:44 - 00000000 ____D () C:\Qoobox
2014-08-26 15:16 - 2012-10-16 08:58 - 00000000 ____D () C:\Users\Word8.0
2014-08-26 15:16 - 2012-10-16 08:58 - 00000000 ____D () C:\Users\VBE
2014-08-26 15:15 - 2014-08-26 10:44 - 00000000 ____D () C:\Windows\erdnt
2014-08-26 15:15 - 2014-03-17 11:24 - 00000000 ____D () C:\Users\fogal3
2014-08-26 15:15 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-26 14:46 - 2014-08-22 09:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 14:39 - 2014-08-26 10:34 - 00000000 ____D () C:\Users\fogal3\AppData\Local\Deployment
2014-08-26 14:12 - 2014-02-21 15:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 10:34 - 2014-08-26 10:34 - 00000000 ____D () C:\Users\fogal3\AppData\Local\Apps\2.0
2014-08-26 10:31 - 2014-08-26 10:31 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-26 10:31 - 2014-08-26 09:26 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-26 10:14 - 2014-03-21 10:30 - 00070872 _____ () C:\Users\fogal3\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-26 10:13 - 2014-08-26 10:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-08-26 10:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Speech
2014-08-26 09:16 - 2014-03-17 11:28 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-26 08:22 - 2009-07-14 01:08 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-25 09:17 - 2014-08-25 09:17 - 00000000 ____D () C:\Users\fogal3\AppData\Local\Google
2014-08-25 09:17 - 2014-08-08 15:03 - 00000000 ____D () C:\Users\fogal3\AppData\Local\808c66
2014-08-22 09:13 - 2014-08-22 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 09:13 - 2014-08-22 09:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 09:13 - 2014-08-22 09:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 08:56 - 2014-08-22 08:56 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-22 08:55 - 2014-08-22 08:55 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-22 08:55 - 2014-08-22 08:55 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-22 08:55 - 2014-08-22 08:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-22 08:25 - 2012-06-24 19:00 - 00002044 ____H () C:\Users\fogal3\Documents\Default.rdp
2014-08-15 09:06 - 2014-08-15 09:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 07:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 16:58 - 2014-05-06 16:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-11 09:36 - 2014-08-08 15:03 - 00000000 ____D () C:\Users\fogal3\AppData\Local\browser_dir
2014-08-08 15:04 - 2014-08-08 15:04 - 00000000 ____D () C:\Users\fogal3\AppData\Roaming\808c66
2014-08-06 22:06 - 2014-08-14 08:04 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-14 08:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-31 23:41 - 2014-08-15 09:03 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-31 19:41 - 2014-08-14 09:05 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-14 09:05 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 12:59

==================== End Of Log ============================

 

-------------------------------------------------------------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by fogal3 at 2014-08-28 09:01:43
Running from C:\Users\fogal3\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3234 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Ortho2 ViewPoint (HKLM-x32\...\{212FA913-71C4-4E20-B6DA-57223EAEFA2C}) (Version: 13.2.7.5402 - Ortho Computer Systems, Inc.)
Ortho2 ViewPoint (x32 Version: 13.2.7.5402 - Ortho Computer Systems, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5987 - Realtek Semiconductor Corp.)
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.4.17 - ShopAtHome.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3510248749-3557231137-3804267004-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\fogal3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3510248749-3557231137-3804267004-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\fogal3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3510248749-3557231137-3804267004-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\fogal3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3510248749-3557231137-3804267004-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\fogal3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

10-07-2014 20:51:28 Windows Update
15-07-2014 12:14:50 Windows Update
22-07-2014 11:23:35 Windows Update
25-07-2014 11:25:02 Windows Update
29-07-2014 11:24:27 Windows Update
05-08-2014 11:29:44 Windows Update
26-08-2014 19:29:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-08-22 08:30 - 2014-08-26 15:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B7AB1CB-3CA7-4E1C-97CE-C45242698FF7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {1EF3DEA2-385F-47A2-B65C-DABB64DE073E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {2BB1CF69-63EF-4779-A54B-40EDF95412DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {73BC9776-00A1-4F09-9219-CEE8FDF65FF2} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ORTHOWS3-fogal3 orthows3 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-26] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-27 14:42 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-26 07:24 - 2014-08-26 07:24 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-06-17 07:30 - 2014-06-17 07:30 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-02-21 15:57 - 2013-08-21 19:33 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3247
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3348

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2014 08:58:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 08:47:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 03:58:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17239, time stamp: 0x53d22946
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00038e19
Faulting process id: 0x99c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (08/26/2014 03:55:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 03:18:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 03:09:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
   Instantiating VSS server

Error: (08/26/2014 03:09:54 PM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
   Instantiating VSS server

Error: (08/26/2014 02:52:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 02:39:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 02:34:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/28/2014 08:57:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vnccom service failed to start due to the following error:
%%2

Error: (08/28/2014 08:45:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vnccom service failed to start due to the following error:
%%2

Error: (08/26/2014 03:53:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vnccom service failed to start due to the following error:
%%2

Error: (08/26/2014 03:17:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vnccom service failed to start due to the following error:
%%2

Error: (08/26/2014 03:15:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2014 03:15:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2014 03:15:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2014 03:15:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2014 03:15:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2014 03:15:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/28/2014 08:58:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2014 08:47:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 03:58:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1723953d22946ntdll.dll6.1.7601.18247521ea8e7c000000500038e1999c01cfc167d9208edfC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll5da195e0-2d5b-11e4-8094-c81f6636caf4

Error: (08/26/2014 03:55:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 03:18:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 03:09:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (08/26/2014 03:09:54 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server

Error: (08/26/2014 02:52:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 02:39:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2014 02:34:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-08-26 15:15:02.318
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-26 15:15:02.287
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 41%
Total physical RAM: 4014.8 MB
Available physical RAM: 2331.52 MB
Total Pagefile: 8027.77 MB
Available Pagefile: 6366.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.52 GB) (Free:413.6 GB) NTFS
Drive e: (STORAGE) (Removable) (Total:14.91 GB) (Free:14.28 GB) NTFS
Drive z: (WIN7) (Network) (Total:917.23 GB) (Free:779.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: BFE84044)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: CAD4EBEA)
Partition 4: (Active) - (Size=14.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 28 August 2014 - 11:51 AM

This worked well!
How is the computer running now? What problems or symptoms are still present (if any)?
Let's do a final check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

Edited by aharonov, 28 August 2014 - 11:51 AM.


#5 landerhavenn

landerhavenn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 28 August 2014 - 03:49 PM

Thank you!  I will let you know by tomorrow



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 28 August 2014 - 03:51 PM

Ok. :)

#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 19 September 2014 - 02:36 PM

Do you still need help?

#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 AM

Posted 29 September 2014 - 09:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users