Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUM.Dns Virus - Need help Removing


  • This topic is locked This topic is locked
26 replies to this topic

#1 Grif1969

Grif1969

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 31 March 2015 - 11:41 AM

This Virus is proving difficult to remove.  If anyone can help it would be greatly appreciated.
 

Problem found by RougeKiller, see attached Scan Report.Attached File  RKreport_SCN_03312015_113401.log   4.25KB   8 downloads


Edited by hamluis, 31 March 2015 - 12:35 PM.
Moved from Win 8 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 31 March 2015 - 03:32 PM

Hi,

these PUM.DNS entries (PUM stands for potentially unwanted modification) just show the normal DNS servers from "Midcontinent Communications". If this is your internet provider then everything is perfectly fine and nothing needs to be done about it.

#3 Grif1969

Grif1969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 31 March 2015 - 03:45 PM

AHarono,  Thank you for your response.  Yes MidContinent is my service provider.  


Edited by Grif1969, 31 March 2015 - 03:47 PM.


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 31 March 2015 - 04:08 PM

Alright, so nothing to worry about here.
Are you experiencing any problems on your computer that led you to run RogueKiller in the first place? Or was this just a routine check and everything is running fine?

#5 Grif1969

Grif1969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 31 March 2015 - 04:10 PM

Yes, my computer has been running slowly in the last week or so.  I have been having problems with MS Office files hanging up and taking forever to save.  Also having similar problems with Adobe.



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 31 March 2015 - 04:13 PM

I can check your log files to see if malware is responsible for these symptoms.

If you wish so then:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#7 Grif1969

Grif1969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 31 March 2015 - 04:58 PM

Keeps timing out.  Says Saving Post and timing out.



#8 Grif1969

Grif1969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 31 March 2015 - 05:24 PM

Here are the first 2

Attached Files



#9 Grif1969

Grif1969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 31 March 2015 - 05:54 PM

==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-31 16:20 - 2014-05-05 22:52 - 00000000 ____D () C:\Users\Chuck\AppData\Local\Syncplicity
2015-03-31 16:10 - 2015-02-06 15:00 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-31 16:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-31 15:41 - 2014-05-21 13:20 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-31 14:39 - 2014-05-05 15:29 - 00000000 ____D () C:\Users\Chuck\AppData\Local\Packages
2015-03-31 14:37 - 2014-05-07 11:02 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7DBB475D-DDC6-4775-B060-9BC2C4D4E406}
2015-03-31 14:10 - 2015-02-06 15:00 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-31 13:46 - 2014-05-08 10:48 - 00000000 ____D () C:\Users\Chuck\AppData\Local\mozysync
2015-03-31 13:35 - 2014-05-06 13:02 - 00000000 ____D () C:\Users\Chuck\AppData\Local\CrashDumps
2015-03-31 11:44 - 2014-05-13 16:53 - 00004964 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for OFFICE-Chuck OFFICE
2015-03-31 11:41 - 2014-05-08 11:15 - 00781312 ___SH () C:\Users\Chuck\Desktop\Thumbs.db
2015-03-31 11:19 - 2014-05-08 11:19 - 00000000 ____D () C:\Users\Chuck\Documents\1 - ACCESS DUMP
2015-03-31 11:19 - 2014-04-19 03:07 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-03-31 11:04 - 2014-09-17 13:53 - 00003116 _____ () C:\WINDOWS\System32\Tasks\WinZip Malware Protector_startup
2015-03-31 11:03 - 2014-05-07 10:53 - 00000000 __RDO () C:\Users\Chuck\OneDrive
2015-03-31 11:02 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-31 09:33 - 2014-03-18 05:03 - 00885800 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-31 09:25 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-31 08:42 - 2014-05-08 12:24 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3248724089-86305047-1796937268-1006
2015-03-31 08:22 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-31 07:57 - 2014-09-30 10:07 - 00000000 ____D () C:\Users\Chuck\Documents\Bug Cleaner
2015-03-31 07:55 - 2015-02-18 08:54 - 00000526 _____ () C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSPrivacyProtector.job
2015-03-31 04:24 - 2014-05-12 16:32 - 00000000 ____D () C:\Program Files (x86)\WinZip System Utilities Suite
2015-03-30 16:47 - 2014-05-12 16:32 - 00000524 _____ () C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
2015-03-29 16:03 - 2014-05-08 11:18 - 00000000 ____D () C:\Users\Chuck\Documents\TurboTax
2015-03-29 14:06 - 2014-05-07 10:38 - 00000000 ____D () C:\Users\Chuck
2015-03-29 13:37 - 2015-02-18 08:56 - 00000514 _____ () C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSSystemCleaner.job
2015-03-27 20:28 - 2014-05-05 15:37 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3248724089-86305047-1796937268-1002
2015-03-27 15:04 - 2014-05-08 11:15 - 00002891 _____ () C:\Users\Chuck\Desktop\Frequently Used Notes.txt
2015-03-27 14:58 - 2014-05-05 17:05 - 00000000 ____D () C:\Users\Chuck\AppData\Local\Google
2015-03-27 13:42 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-27 13:14 - 2014-12-30 10:55 - 00000000 ____D () C:\Program Files (x86)\Quicken
2015-03-27 08:33 - 2014-11-21 11:53 - 00000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-03-27 08:30 - 2014-11-21 11:50 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-03-26 12:45 - 2014-05-08 12:37 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{327B52D8-A724-41BA-953F-01CAA971ECCA}
2015-03-26 12:36 - 2014-05-07 10:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-26 08:46 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-25 22:50 - 2014-05-05 22:22 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-03-25 22:50 - 2014-05-05 22:22 - 00002232 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-03-25 22:50 - 2014-05-05 22:22 - 00002071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-03-25 16:10 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-25 16:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\ImmersiveControlPanel
2015-03-25 15:54 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-03-25 15:54 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-03-25 15:41 - 2014-05-07 10:31 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-25 15:40 - 2014-04-19 03:07 - 00000000 ____D () C:\Temp
2015-03-25 15:29 - 2014-11-11 20:33 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-03-25 15:28 - 2014-11-11 20:33 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-03-25 14:58 - 2014-12-11 00:43 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-25 14:58 - 2014-07-09 09:38 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-25 08:07 - 2014-04-19 04:39 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak
2015-03-25 08:00 - 2015-02-18 08:47 - 00000508 _____ () C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSRegistryCleaner.job
2015-03-24 17:22 - 2014-10-16 11:14 - 00000000 ____D () C:\Users\Chuck\AppData\Local\join.me
2015-03-23 15:39 - 2014-05-08 12:18 - 00000000 ____D () C:\Users\Backup
2015-03-23 15:32 - 2014-05-12 19:19 - 00001880 _____ () C:\WINDOWS\system32\ASOROSet.bin
2015-03-23 15:32 - 2013-08-22 08:25 - 14942208 _____ () C:\WINDOWS\system32\config\SYSTEM.bak
2015-03-23 15:32 - 2013-08-22 08:25 - 103022592 _____ () C:\WINDOWS\system32\config\SOFTWARE.bak
2015-03-23 15:32 - 2013-08-22 08:25 - 00024576 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-03-23 15:31 - 2013-08-22 08:25 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-03-23 10:15 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-23 10:08 - 2014-11-11 20:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-03-23 10:08 - 2014-11-11 20:33 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-03-23 10:03 - 2014-05-05 23:01 - 00000000 ____D () C:\Users\Chuck\Desktop\Syncplicity
2015-03-23 09:42 - 2014-05-08 15:23 - 00000209 _____ () C:\WINDOWS\system32\AddPort.ini
2015-03-20 10:37 - 2014-10-22 09:55 - 00000000 ____D () C:\Users\Chuck\Documents\Outlook Files
2015-03-20 10:37 - 2014-04-19 03:14 - 00882158 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-03-16 09:21 - 2014-05-12 16:32 - 00000488 _____ () C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSOneClickCare.job
2015-03-16 08:52 - 2014-05-08 14:49 - 00000000 ____D () C:\ProgramData\Intuit
2015-03-13 15:40 - 2014-08-19 14:02 - 00175616 ___SH () C:\Users\Chuck\Documents\Thumbs.db
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-11 05:50 - 2014-05-05 23:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 05:47 - 2014-05-05 23:07 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-10 08:35 - 2014-05-12 10:19 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-03-05 16:22 - 2014-11-06 08:06 - 01429504 ___SH () C:\Users\Chuck\Downloads\Thumbs.db
2015-03-05 14:03 - 2015-01-16 14:20 - 00108032 ___SH () C:\Users\Backup\Downloads\Thumbs.db
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-05 09:37 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\IME
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-05 09:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-03-05 09:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-03-05 09:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-05 09:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-03-05 09:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-03-05 09:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-03-05 09:36 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-03-05 09:36 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-05 09:36 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-05 09:36 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-03-04 16:24 - 2013-08-22 10:38 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 16:24 - 2013-08-22 10:38 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-02 17:35 - 2013-08-22 10:36 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-03-02 17:35 - 2013-08-22 10:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2015-03-02 12:55 - 2014-05-28 00:13 - 00000000 ____D () C:\Users\Backup\AppData\Roaming\BulletScan
2015-03-02 08:55 - 2014-05-27 14:36 - 00000000 ____D () C:\Users\Chuck\AppData\Roaming\BulletScan
 
==================== Files in the root of some directories =======
 
2014-05-21 10:23 - 2014-05-21 10:23 - 14936064 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-05-08 09:47 - 2014-05-08 09:48 - 0000600 _____ () C:\Users\Chuck\AppData\Local\PUTTY.RND
2015-03-23 12:28 - 2015-03-23 12:28 - 0007610 _____ () C:\Users\Chuck\AppData\Local\Resmon.ResmonCfg
2014-05-08 13:59 - 2013-05-23 03:27 - 0001697 _____ () C:\ProgramData\CfGH0250.ini
2014-05-08 13:59 - 2013-05-23 03:27 - 0001696 _____ () C:\ProgramData\CfGH0280.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001026 _____ () C:\ProgramData\cfSB0270.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001026 _____ () C:\ProgramData\cfSB0271.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001302 _____ () C:\ProgramData\cfSB0300.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001282 _____ () C:\ProgramData\cfSB0471.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001208 _____ () C:\ProgramData\cfSB0490.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001027 _____ () C:\ProgramData\cfSB0560.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001352 _____ () C:\ProgramData\cfSB0910.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0000590 _____ () C:\ProgramData\cfSB0950.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001352 _____ () C:\ProgramData\cfSB1090.ini
2014-05-08 13:59 - 2010-06-29 02:04 - 0001772 _____ () C:\ProgramData\cfSB1095.ini
2014-05-08 13:59 - 2013-06-30 20:35 - 0001772 _____ () C:\ProgramData\cfSB1095A.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001346 _____ () C:\ProgramData\cfSB1100.ini
2014-05-08 13:59 - 2009-03-20 05:07 - 0000939 _____ () C:\ProgramData\CfSB1170.ini
2014-05-08 13:59 - 2009-11-17 02:54 - 0002844 _____ () C:\ProgramData\cfSB1240.ini
2014-05-08 13:59 - 2013-03-08 03:15 - 0002844 _____ () C:\ProgramData\cfSB1240A.ini
2014-05-08 13:59 - 2010-06-23 01:54 - 0003077 _____ () C:\ProgramData\cfSB1290.ini
2014-05-08 13:59 - 2013-03-08 03:15 - 0003077 _____ () C:\ProgramData\cfSB1290A.ini
2014-05-08 13:59 - 2010-11-25 22:07 - 0000806 _____ () C:\ProgramData\cfSB1300.ini
2014-05-08 13:59 - 2013-06-30 20:35 - 0000806 _____ () C:\ProgramData\cfSB1300A.ini
2014-05-08 13:59 - 2011-09-26 03:33 - 0000715 _____ () C:\ProgramData\CfSB1360.ini
2014-05-08 13:59 - 2012-02-09 02:11 - 0000715 _____ () C:\ProgramData\CfSB1380.ini
2014-05-08 13:59 - 2012-02-09 02:11 - 0000715 _____ () C:\ProgramData\CfSB1390.ini
2014-05-08 13:59 - 2012-12-07 05:01 - 0000715 _____ () C:\ProgramData\CfSB1530.ini
2014-05-08 13:59 - 2012-12-07 05:01 - 0000715 _____ () C:\ProgramData\CfSB1532.ini
2014-05-08 13:59 - 2013-10-14 13:40 - 0002109 _____ () C:\ProgramData\cfSB1560.ini
2014-11-21 11:53 - 2015-03-27 08:33 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-04-19 03:02 - 2014-04-19 03:03 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-04-19 02:59 - 2014-04-19 03:00 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-04-19 03:00 - 2014-04-19 03:01 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-04-19 02:59 - 2014-04-19 02:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-04-19 03:01 - 2014-04-19 03:02 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some content of TEMP:
====================
C:\Users\Chuck\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-23 11:26
 
==================== End Of Log ============================

==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-31 16:20 - 2014-05-05 22:52 - 00000000 ____D () C:\Users\Chuck\AppData\Local\Syncplicity
2015-03-31 16:10 - 2015-02-06 15:00 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-31 16:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-31 15:41 - 2014-05-21 13:20 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-31 14:39 - 2014-05-05 15:29 - 00000000 ____D () C:\Users\Chuck\AppData\Local\Packages
2015-03-31 14:37 - 2014-05-07 11:02 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7DBB475D-DDC6-4775-B060-9BC2C4D4E406}
2015-03-31 14:10 - 2015-02-06 15:00 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-31 13:46 - 2014-05-08 10:48 - 00000000 ____D () C:\Users\Chuck\AppData\Local\mozysync
2015-03-31 13:35 - 2014-05-06 13:02 - 00000000 ____D () C:\Users\Chuck\AppData\Local\CrashDumps
2015-03-31 11:44 - 2014-05-13 16:53 - 00004964 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for OFFICE-Chuck OFFICE
2015-03-31 11:41 - 2014-05-08 11:15 - 00781312 ___SH () C:\Users\Chuck\Desktop\Thumbs.db
2015-03-31 11:19 - 2014-05-08 11:19 - 00000000 ____D () C:\Users\Chuck\Documents\1 - ACCESS DUMP
2015-03-31 11:19 - 2014-04-19 03:07 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-03-31 11:04 - 2014-09-17 13:53 - 00003116 _____ () C:\WINDOWS\System32\Tasks\WinZip Malware Protector_startup
2015-03-31 11:03 - 2014-05-07 10:53 - 00000000 __RDO () C:\Users\Chuck\OneDrive
2015-03-31 11:02 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-31 09:33 - 2014-03-18 05:03 - 00885800 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-31 09:25 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-31 08:42 - 2014-05-08 12:24 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3248724089-86305047-1796937268-1006
2015-03-31 08:22 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-31 07:57 - 2014-09-30 10:07 - 00000000 ____D () C:\Users\Chuck\Documents\Bug Cleaner
2015-03-31 07:55 - 2015-02-18 08:54 - 00000526 _____ () C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSPrivacyProtector.job
2015-03-31 04:24 - 2014-05-12 16:32 - 00000000 ____D () C:\Program Files (x86)\WinZip System Utilities Suite
2015-03-30 16:47 - 2014-05-12 16:32 - 00000524 _____ () C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
2015-03-29 16:03 - 2014-05-08 11:18 - 00000000 ____D () C:\Users\Chuck\Documents\TurboTax
2015-03-29 14:06 - 2014-05-07 10:38 - 00000000 ____D () C:\Users\Chuck
2015-03-29 13:37 - 2015-02-18 08:56 - 00000514 _____ () C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSSystemCleaner.job
2015-03-27 20:28 - 2014-05-05 15:37 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3248724089-86305047-1796937268-1002
2015-03-27 15:04 - 2014-05-08 11:15 - 00002891 _____ () C:\Users\Chuck\Desktop\Frequently Used Notes.txt
2015-03-27 14:58 - 2014-05-05 17:05 - 00000000 ____D () C:\Users\Chuck\AppData\Local\Google
2015-03-27 13:42 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-27 13:14 - 2014-12-30 10:55 - 00000000 ____D () C:\Program Files (x86)\Quicken
2015-03-27 08:33 - 2014-11-21 11:53 - 00000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-03-27 08:30 - 2014-11-21 11:50 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-03-26 12:45 - 2014-05-08 12:37 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{327B52D8-A724-41BA-953F-01CAA971ECCA}
2015-03-26 12:36 - 2014-05-07 10:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-26 08:46 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-25 22:50 - 2014-05-05 22:22 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-03-25 22:50 - 2014-05-05 22:22 - 00002232 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-03-25 22:50 - 2014-05-05 22:22 - 00002071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-03-25 16:10 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-25 16:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\ImmersiveControlPanel
2015-03-25 15:54 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-03-25 15:54 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-03-25 15:41 - 2014-05-07 10:31 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-25 15:40 - 2014-04-19 03:07 - 00000000 ____D () C:\Temp
2015-03-25 15:29 - 2014-11-11 20:33 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-03-25 15:28 - 2014-11-11 20:33 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-03-25 14:58 - 2014-12-11 00:43 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-25 14:58 - 2014-07-09 09:38 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-25 08:07 - 2014-04-19 04:39 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak
2015-03-25 08:00 - 2015-02-18 08:47 - 00000508 _____ () C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSRegistryCleaner.job
2015-03-24 17:22 - 2014-10-16 11:14 - 00000000 ____D () C:\Users\Chuck\AppData\Local\join.me
2015-03-23 15:39 - 2014-05-08 12:18 - 00000000 ____D () C:\Users\Backup
2015-03-23 15:32 - 2014-05-12 19:19 - 00001880 _____ () C:\WINDOWS\system32\ASOROSet.bin
2015-03-23 15:32 - 2013-08-22 08:25 - 14942208 _____ () C:\WINDOWS\system32\config\SYSTEM.bak
2015-03-23 15:32 - 2013-08-22 08:25 - 103022592 _____ () C:\WINDOWS\system32\config\SOFTWARE.bak
2015-03-23 15:32 - 2013-08-22 08:25 - 00024576 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-03-23 15:31 - 2013-08-22 08:25 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-03-23 10:15 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-23 10:08 - 2014-11-11 20:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-03-23 10:08 - 2014-11-11 20:33 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-03-23 10:03 - 2014-05-05 23:01 - 00000000 ____D () C:\Users\Chuck\Desktop\Syncplicity
2015-03-23 09:42 - 2014-05-08 15:23 - 00000209 _____ () C:\WINDOWS\system32\AddPort.ini
2015-03-20 10:37 - 2014-10-22 09:55 - 00000000 ____D () C:\Users\Chuck\Documents\Outlook Files
2015-03-20 10:37 - 2014-04-19 03:14 - 00882158 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-03-16 09:21 - 2014-05-12 16:32 - 00000488 _____ () C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSOneClickCare.job
2015-03-16 08:52 - 2014-05-08 14:49 - 00000000 ____D () C:\ProgramData\Intuit
2015-03-13 15:40 - 2014-08-19 14:02 - 00175616 ___SH () C:\Users\Chuck\Documents\Thumbs.db
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-13 11:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-11 05:50 - 2014-05-05 23:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 05:47 - 2014-05-05 23:07 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-10 08:35 - 2014-05-12 10:19 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-03-05 16:22 - 2014-11-06 08:06 - 01429504 ___SH () C:\Users\Chuck\Downloads\Thumbs.db
2015-03-05 14:03 - 2015-01-16 14:20 - 00108032 ___SH () C:\Users\Backup\Downloads\Thumbs.db
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-05 09:38 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-05 09:37 - 2014-03-18 04:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\IME
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-03-05 09:37 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-05 09:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-03-05 09:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-03-05 09:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-05 09:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-03-05 09:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-03-05 09:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-03-05 09:36 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-03-05 09:36 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-05 09:36 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-05 09:36 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-03-04 16:24 - 2013-08-22 10:38 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 16:24 - 2013-08-22 10:38 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-02 17:35 - 2013-08-22 10:36 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-03-02 17:35 - 2013-08-22 10:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2015-03-02 12:55 - 2014-05-28 00:13 - 00000000 ____D () C:\Users\Backup\AppData\Roaming\BulletScan
2015-03-02 08:55 - 2014-05-27 14:36 - 00000000 ____D () C:\Users\Chuck\AppData\Roaming\BulletScan
 
==================== Files in the root of some directories =======
 
2014-05-21 10:23 - 2014-05-21 10:23 - 14936064 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-05-08 09:47 - 2014-05-08 09:48 - 0000600 _____ () C:\Users\Chuck\AppData\Local\PUTTY.RND
2015-03-23 12:28 - 2015-03-23 12:28 - 0007610 _____ () C:\Users\Chuck\AppData\Local\Resmon.ResmonCfg
2014-05-08 13:59 - 2013-05-23 03:27 - 0001697 _____ () C:\ProgramData\CfGH0250.ini
2014-05-08 13:59 - 2013-05-23 03:27 - 0001696 _____ () C:\ProgramData\CfGH0280.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001026 _____ () C:\ProgramData\cfSB0270.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001026 _____ () C:\ProgramData\cfSB0271.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001302 _____ () C:\ProgramData\cfSB0300.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001282 _____ () C:\ProgramData\cfSB0471.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001208 _____ () C:\ProgramData\cfSB0490.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001027 _____ () C:\ProgramData\cfSB0560.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001352 _____ () C:\ProgramData\cfSB0910.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0000590 _____ () C:\ProgramData\cfSB0950.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001352 _____ () C:\ProgramData\cfSB1090.ini
2014-05-08 13:59 - 2010-06-29 02:04 - 0001772 _____ () C:\ProgramData\cfSB1095.ini
2014-05-08 13:59 - 2013-06-30 20:35 - 0001772 _____ () C:\ProgramData\cfSB1095A.ini
2014-05-08 13:59 - 2009-02-24 01:27 - 0001346 _____ () C:\ProgramData\cfSB1100.ini
2014-05-08 13:59 - 2009-03-20 05:07 - 0000939 _____ () C:\ProgramData\CfSB1170.ini
2014-05-08 13:59 - 2009-11-17 02:54 - 0002844 _____ () C:\ProgramData\cfSB1240.ini
2014-05-08 13:59 - 2013-03-08 03:15 - 0002844 _____ () C:\ProgramData\cfSB1240A.ini
2014-05-08 13:59 - 2010-06-23 01:54 - 0003077 _____ () C:\ProgramData\cfSB1290.ini
2014-05-08 13:59 - 2013-03-08 03:15 - 0003077 _____ () C:\ProgramData\cfSB1290A.ini
2014-05-08 13:59 - 2010-11-25 22:07 - 0000806 _____ () C:\ProgramData\cfSB1300.ini
2014-05-08 13:59 - 2013-06-30 20:35 - 0000806 _____ () C:\ProgramData\cfSB1300A.ini
2014-05-08 13:59 - 2011-09-26 03:33 - 0000715 _____ () C:\ProgramData\CfSB1360.ini
2014-05-08 13:59 - 2012-02-09 02:11 - 0000715 _____ () C:\ProgramData\CfSB1380.ini
2014-05-08 13:59 - 2012-02-09 02:11 - 0000715 _____ () C:\ProgramData\CfSB1390.ini
2014-05-08 13:59 - 2012-12-07 05:01 - 0000715 _____ () C:\ProgramData\CfSB1530.ini
2014-05-08 13:59 - 2012-12-07 05:01 - 0000715 _____ () C:\ProgramData\CfSB1532.ini
2014-05-08 13:59 - 2013-10-14 13:40 - 0002109 _____ () C:\ProgramData\cfSB1560.ini
2014-11-21 11:53 - 2015-03-27 08:33 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-04-19 03:02 - 2014-04-19 03:03 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-04-19 02:59 - 2014-04-19 03:00 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-04-19 03:00 - 2014-04-19 03:01 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-04-19 02:59 - 2014-04-19 02:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2014-04-19 03:01 - 2014-04-19 03:02 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some content of TEMP:
====================
C:\Users\Chuck\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-23 11:26
 
==================== End Of Log ============================

Attached Files



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 31 March 2015 - 06:11 PM

Can you please also post the second log file (Addition.txt) that FRST has produced? (If you don't find it anymore re-run the FRST scan and check the option "Addition.txt" first.)

#11 Grif1969

Grif1969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 01 April 2015 - 08:10 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Chuck at 2015-03-31 16:21:07
Running from C:\Users\Chuck\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3248724089-86305047-1796937268-1002\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bulletscan Manager (HKLM-x32\...\{436CDC74-7771-45A0-81AE-40D991F61EC0}) (Version: 2.1.18 - BulletScan)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dot4 (HKLM\...\{3EEDA265-C6F3-4EC1-A317-1C9315DEDDDE}) (Version: 1.0.0.0 - HP)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
F200 (HKLM-x32\...\F200) (Version:  - )
F600 (HKLM-x32\...\F600) (Version:  - )
FileZilla Client 3.9.0.6 (HKU\S-1-5-21-3248724089-86305047-1796937268-1002\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hall (HKLM-x32\...\{D139DE9D-C327-45C0-BDE2-5EB4469B72E1}) (Version: 0.5.10 - Hall Inc.)
HP LaserJet Enterprise 500 color M551 (HKLM-x32\...\{6D6058C2-16C9-4763-B1B5-6F1C3491069B}) (Version: 8.0.13284.1350 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDXP (x32 Version: 3.0.26.9 - HP) Hidden
HPLaserJetEnterprise500colorM551_HelpLearnCenter (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
join.me (HKU\S-1-5-21-3248724089-86305047-1796937268-1002\...\JoinMe) (Version: 1.20.0.125 - LogMeIn, Inc.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LJDXPHelperUI (x32 Version: 060.048.005 - HP) Hidden
Microsoft LifeChat (HKLM\...\{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}) (Version: 1.40.224.0 - Microsoft)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3248724089-86305047-1796937268-1002\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozy Sync (HKLM\...\{95DB05B2-371B-3957-A65A-7CD9433701AD}) (Version: 1.3.1.4068 - Mozy, Inc.)
Norton Security (HKLM-x32\...\NS) (Version: 22.1.0.9 - Symantec Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)
Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden
PDF2XL (HKLM-x32\...\{1F040E0C-4585-41BE-899F-60B5DC1DB2EA}) (Version: 4.14.12.264 - Cogniview)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.5.11 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0033 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
S300 (HKLM-x32\...\S300) (Version:  - )
S400 (HKLM-x32\...\S400) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sound Blaster Omni Surround 5.1 (HKLM-x32\...\{951C371C-53D5-46B0-841F-A8726C30CE53}) (Version: 1.01.01 - Creative Technology Limited)
Sound Blaster Omni Surround 5.1 Extras (HKLM-x32\...\{C9120656-8F23-409A-8B4D-278FEAA33856}) (Version: 1.0 - Creative Technology Limited)
Syncplicity (HKLM\...\{69D16DAD-5ABD-4662-926E-D7F51906E156}) (Version: 3.4.20.19 - Syncplicity, Inc.)
Todoist (HKLM-x32\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.6.4.0 - Doist Ltd.)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E5}) (Version: 19.0.11293 - WinZip Computing, S.L. )
WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.10740 - WinZip International LLC)
WinZip System Utilities Suite (HKLM-x32\...\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1) (Version: 2.5.1000.15714 - WinZip Computing, S.L. (WinZip Computing))
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3248724089-86305047-1796937268-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Chuck\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3248724089-86305047-1796937268-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Chuck\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3248724089-86305047-1796937268-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Chuck\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3248724089-86305047-1796937268-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chuck\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
27-03-2015 08:31:07 Installed TurboTax 2014 wrapper
29-03-2015 13:35:45 System Cleaner - Restore Point Before Cleaning
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0025E2FB-BFD9-43E0-B900-E1D2585E20E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.)
Task: {0620DA58-87A3-4EC9-B31F-A857DF3520BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.)
Task: {065EAF25-F921-44D1-9947-270422AA1952} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2013-03-26] (Nico Mak Computing)
Task: {0D354A25-A3D3-451B-BE97-73656986276B} - System32\Tasks\WINZIPSS-WINZIPSSPrivacyProtector => C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSPrivacyProtector.exe [2014-06-05] (WinZip Computing, S.L. (WinZip Computing))
Task: {12FD7553-828E-4E4A-8A86-615CE7A57889} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {19AFA03A-C451-436F-8755-2843F6B27B4D} - System32\Tasks\LIFECHAT_MSN_MESSENGER_INSTALL_WEB_PAGE => Rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?linkId=57777&clcid=0x409
Task: {1C3D07B7-3AB3-4C28-AD29-98CA00A00A3D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {22353765-1A8B-46C6-91F0-D07F271FB1F4} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {2E555837-5D46-4480-9754-AE1063C0E43B} - System32\Tasks\WINZIPSS-WINZIPSSOneClickCare => C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSS.exe [2014-06-05] (WinZip Computing, S.L. (WinZip Computing))
Task: {3E59A410-3585-4C72-9A57-515FB6A1BD65} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\SymErr.exe [2014-12-03] (Symantec Corporation)
Task: {45F82DBE-5964-45B6-AFAB-EC7B6FAEEA80} - System32\Tasks\WINZIPSS-WINZIPSSSystemCleaner => C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSSystemCleaner.exe [2014-06-05] (WinZip Computing, S.L. (WinZip Computing))
Task: {4AFC97BB-9886-41DE-83EB-8B1858CF84DC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-03-25] (Microsoft Corporation)
Task: {59C90786-82E1-42C5-B70D-D3623AE1A0A8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {63532695-69F9-4181-AA05-B3D366FF67FC} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3248724089-86305047-1796937268-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {695F3188-2B77-4D8B-95A1-DA67A5C3350E} - System32\Tasks\WINZIPSS-WINZIPSSRegistryCleaner => C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSRegClean.exe [2014-06-05] (WinZip Computing, S.L. (WinZip Computing))
Task: {72932468-291C-4031-A686-3C75A6851CD3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for OFFICE-Chuck OFFICE => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-25] (Microsoft Corporation)
Task: {7831599B-C20C-436C-9EDE-B63D13970A46} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7B4D7ED8-D278-4FE2-A028-D158A7048A9E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {7F75FB27-373D-47EE-89AE-80138DC099CC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\WSCStub.exe [2014-12-10] (Symantec Corporation)
Task: {845BB1E1-E863-4FEF-BBB8-3D1AAFE8F882} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {9F0A5BF2-BBC5-4E84-AD79-5D2FF42A5836} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {A8364D59-3596-45E0-8E83-F3A966F7F9DB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A851322F-6A50-4EAB-BA85-2E6E50EB0C00} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {AB63E171-512B-45A8-BD1F-69766E55F9D1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {B5056C3E-DC70-4140-98D4-81D0F5A9382B} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.1.0.9\SymErr.exe [2014-12-03] (Symantec Corporation)
Task: {B866DFF6-1710-4F4E-9EB1-5BAD5DD90F85} - System32\Tasks\LifeChatTask => C:\Program Files\Microsoft LifeChat\LifeChat.exe [2009-09-24] (Microsoft Corporation)
Task: {B8A5DBAE-7B44-497F-B1FB-EDDEA65A6407} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C0252262-D486-4247-89BF-8FA2546A95E3} - System32\Tasks\WSUS-System Protector_startup => C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSSystemProtector.exe [2014-06-05] (Nico Mak Computing)
Task: {D8B780AF-7B76-4BF7-95CB-09BB077C9BB1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {DD42F0F1-A1C1-427F-A26D-BC968C2E1A60} - System32\Tasks\WinZip Malware Protector => C:\Program Files (x86)\WinZip Malware Protector\AppManager.exe [2013-03-26] (Nico Mak Computing)
Task: {DD74BB92-2E0C-4037-BA84-1AC3C23BC35A} - System32\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days => C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe [2014-06-05] (WinZip Computing, S.L. (WinZip Computing))
Task: {F0F8BCA4-E97B-4D3A-9E28-54CB735C1D11} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FA59B46E-92F9-40BD-A7A7-24C7DF51DACC} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job => C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe
Task: C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSOneClickCare.job => C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSS.exe
Task: C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSPrivacyProtector.job => C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSPrivacyProtector.exe
Task: C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSRegistryCleaner.job => C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSRegClean.exe
Task: C:\WINDOWS\Tasks\WINZIPSS-WINZIPSSSystemCleaner.job => C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSSystemCleaner.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-05-07 10:32 - 2015-02-05 14:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-25 22:35 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-04-19 03:01 - 2012-04-24 18:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-05-01 14:29 - 2014-05-01 14:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-03-25 22:38 - 2015-03-25 22:38 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-10-12 09:59 - 2014-10-12 09:59 - 00739328 _____ () C:\Program Files\Syncplicity\Syncplicity.Client.dll
2014-10-12 09:59 - 2014-10-12 09:59 - 00051712 _____ () C:\Program Files\Syncplicity\Syncplicity.Client.Service.dll
2014-10-12 09:59 - 2014-10-12 09:59 - 00032768 _____ () C:\Program Files\Syncplicity\Retlang_2008.dll
2014-05-08 13:59 - 2013-09-09 12:37 - 00089600 _____ () C:\WINDOWS\SYSTEM32\CmdRtr64.DLL
2014-05-08 13:59 - 2013-09-09 12:35 - 00352768 _____ () C:\WINDOWS\SYSTEM32\APOMgr64.DLL
2013-07-06 11:09 - 2014-04-30 10:35 - 00486880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2015-03-20 08:09 - 2015-03-20 08:09 - 00160768 _____ () C:\Program Files\WindowsApps\53354DuckheadSoftware.PhotoCompress_3.1.0.1_neutral__2gc4m0bggm024\Photo Compress.exe
2014-05-08 13:23 - 2014-05-08 13:23 - 00142336 _____ () C:\Program Files (x86)\Pandora\Pandora.exe
2014-10-16 04:15 - 2014-10-16 04:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 11:41 - 2014-05-24 11:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 11:41 - 2014-05-24 11:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-05-12 16:32 - 2014-04-29 14:31 - 00886272 _____ () C:\Program Files (x86)\WinZip System Utilities Suite\System.Data.SQLite.dll
2015-03-10 08:35 - 2013-02-28 16:53 - 00886272 _____ () C:\Program Files (x86)\WinZip Malware Protector\System.Data.SQLite.dll
2015-03-10 08:35 - 2013-03-26 12:16 - 01718648 _____ () C:\Program Files (x86)\WinZip Malware Protector\aspsys.dll
2014-04-19 02:59 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-03-21 08:11 - 2015-03-14 05:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 08:11 - 2015-03-14 05:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-21 08:11 - 2015-03-14 05:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2014-05-02 10:44 - 2013-12-17 17:47 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-07-06 11:09 - 2012-11-26 01:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-07-06 11:09 - 2012-11-26 01:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-03-26 16:56 - 2015-03-26 16:56 - 00731136 _____ () C:\Users\Chuck\AppData\Local\Packages\53354duckheadsoftware.photocompress_2gc4m0bggm024\AC\Microsoft\CLR_v4.0_32\NativeImages\Photo Compress\44f3c6cc5e2aa32f05d206dda0817fe2\Photo Compress.ni.exe
2015-03-26 16:55 - 2015-03-26 16:55 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\0b2afd93fc0545b7b94339e8a4a7af97\Windows.UI.Xaml.ni.dll
2015-03-26 16:55 - 2015-03-26 16:55 - 01131008 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\72dff8d45b73e9b02b3838d29765607a\Windows.ApplicationModel.ni.dll
2015-03-26 16:55 - 2015-03-26 16:55 - 00239616 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\94af4549db265c6f339c287c8675d234\Windows.Globalization.ni.dll
2015-03-26 16:55 - 2015-03-26 16:55 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\8ddd8ad15fe3fb05a871ef0115fb84e2\Windows.UI.ni.dll
2015-03-26 16:55 - 2015-03-26 16:55 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\7abff64c7c1ea1fae5bd170c8238b73e\Windows.Storage.ni.dll
2015-03-26 16:55 - 2015-03-26 16:55 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\16c3eb7650767d95d002c998d0c73eb5\Windows.Foundation.ni.dll
2015-03-26 16:55 - 2015-03-26 16:55 - 00304128 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\eff020aac8737300c74dee47a69c9bbf\Windows.Graphics.ni.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Chuck\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3248724089-86305047-1796937268-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Chuck\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 24.220.0.10 - 24.220.0.11
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3248724089-86305047-1796937268-500 - Administrator - Disabled)
Backup (S-1-5-21-3248724089-86305047-1796937268-1006 - Limited - Enabled) => C:\Users\Backup
Chuck (S-1-5-21-3248724089-86305047-1796937268-1002 - Administrator - Enabled) => C:\Users\Chuck
Guest (S-1-5-21-3248724089-86305047-1796937268-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3248724089-86305047-1796937268-1005 - Limited - Enabled)
UpdatusUser (S-1-5-21-3248724089-86305047-1796937268-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/31/2015 01:35:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x1e80
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5
 
Error: (03/31/2015 10:54:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: MFMediaEngine.dll, version: 6.3.9600.17489, time stamp: 0x54658d1b
Exception code: 0xc0000005
Fault offset: 0x00085de9
Faulting process id: 0x6ac
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (03/31/2015 09:41:35 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (03/31/2015 09:33:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 106c
 
Start Time: 01d06bbeebb6728a
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: df822bd4-d7b2-11e4-bf2c-c4d98721dbe3
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (03/31/2015 11:12:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error: 
%%1053
 
Error: (03/31/2015 11:12:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MSK80Service service.
 
Error: (03/31/2015 11:11:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
%%1053
 
Error: (03/31/2015 11:11:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcpltsvc service.
 
Error: (03/31/2015 11:11:14 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.
 
Error: (03/31/2015 11:09:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The File History Service service hung on starting.
 
Error: (03/31/2015 11:01:10 AM) (Source: DCOM) (EventID: 10005) (User: OFFICE)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (03/31/2015 11:01:10 AM) (Source: DCOM) (EventID: 10005) (User: OFFICE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/31/2015 11:01:10 AM) (Source: DCOM) (EventID: 10010) (User: OFFICE)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (03/31/2015 11:00:29 AM) (Source: DCOM) (EventID: 10005) (User: OFFICE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Microsoft Office Sessions:
=========================
Error: (03/31/2015 01:35:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f1e8001d06be1670c376cC:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dllaa3f006c-d7d4-11e4-bf32-c4d98721dbe3
 
Error: (03/31/2015 10:54:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9MFMediaEngine.dll6.3.9600.1748954658d1bc000000500085de96ac01d06bca5afe6465C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\MFMediaEngine.dll2cabf78d-d7be-11e4-bf2f-c4d98721dbdf
 
Error: (03/31/2015 09:41:35 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files (x86)\HP\Common\LJDXPHelper\LJDxpHelperUI.exeC:\Program Files (x86)\HP\Common\LJDXPHelper\LJDxpHelperUI.exe.Config0
 
Error: (03/31/2015 09:33:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689106c01d06bbeebb6728a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exedf822bd4-d7b2-11e4-bf2c-c4d98721dbe3microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 24511.79 MB
Available physical RAM: 18908 MB
Total Pagefile: 49087.79 MB
Available Pagefile: 43611.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1851.79 GB) (Free:1491.92 GB) NTFS
Drive d: (WINRETOOLS) (Fixed) (Total:2 GB) (Free:1.33 GB) NTFS
Drive e: (TurboTax 2014) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS
Drive g: (DATAPART1) (Fixed) (Total:238.47 GB) (Free:81.38 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:8.17 GB) (Free:0.78 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: CE5104D6)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: 14F7A8CF)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 21073373)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 01 April 2015 - 10:38 AM

I don't see evidence for malware so far.
But three different security products are running (Norton, McAfee, Winzip Malware Protector). I'd recommend to only use one of them and uninstall the rest.

#13 Grif1969

Grif1969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 01 April 2015 - 11:10 AM

Interesting.  McAfee was no where to be found.  I downloaded a removal tool from McAfee and removed it.

Just received the following Trojan.Gen.2 Notice from Norton:

 

Filename: shell_executor.exe_635633978219723484
Threat name: Trojan.Gen.2Full Path: c:\users\chuck\appdata\local\temp\wstemp\shell_executor.exe_635633978219723484
 
____________________________
 
____________________________
 
 
 
____________________________
 
 
shell_executor.exe_635633978219723484 Threat name: Trojan.Gen.2
Locate
 
 
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
 
Mature
This file was released 5 months ago.
 
High
This file risk is high.
 
 
____________________________
 
 
Source: External Media
 
Source File:
shell_executor.exe_635633978219723484
 
____________________________
 
File Actions
 
File: c:\users\chuck\appdata\local\temp\wstemp\ shell_executor.exe_635633978219723484 Removed
____________________________
 
 
File Thumbprint - SHA:
bd0999107f9679c86a0faab8f4106703748d6f810bf3cf918fc766f63761f0f4
File Thumbprint - MD5:
Not available


#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:13 AM

Posted 01 April 2015 - 12:16 PM

Just received the following Trojan.Gen.2 Notice from Norton:

This is just something that is related to the Winzip quarantine in some way. It's not active malware.

Let's do a check up:


Step 1

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#15 Grif1969

Grif1969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 01 April 2015 - 03:09 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e1ac9cf814a78a47a1269c9fc3a23975
# engine=23190
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-01 07:49:23
# local_time=2015-04-01 02:49:23 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 733436 51877456 0 0
# scanned=501591
# found=58
# cleaned=0
# scan_time=8119
sh=845E956B5B54FA86B4238C5E6FDFC1F9219A93A1 ft=1 fh=9695329f4f1fd453 vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\AppManager.exe.vir"
sh=3A589401847E6311F3B0700644F0A80F045EB5B6 ft=1 fh=3a69881e9ed49c1f vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\filetypehelper.exe.vir"
sh=839315E9052FBEC199B41B6B51010D8BA8080FE2 ft=1 fh=5bf6e8642ab61854 vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\scandll.dll.vir"
sh=2885AA8366E6D69928B129AF799E2C45C227F60B ft=1 fh=018a44c6cf6e2c79 vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe.vir"
sh=F9BAD74FE973B7472802109710F23627E62092E3 ft=1 fh=651dec4933a7a207 vn="a variant of Win32/Systweak.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\WMPUninstall.exe.vir"
sh=94327CA3E1D4BA3B6F1B6204937B9026EA6961F7 ft=1 fh=688c0f4f0fc54653 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=25B9F4013FB34153FFA27E460D4B8594C79FE337 ft=1 fh=15384691e6094ee0 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe"
sh=845E956B5B54FA86B4238C5E6FDFC1F9219A93A1 ft=1 fh=9695329f4f1fd453 vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip Malware Protector\AppManager.exe"
sh=3A589401847E6311F3B0700644F0A80F045EB5B6 ft=1 fh=3a69881e9ed49c1f vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip Malware Protector\filetypehelper.exe"
sh=839315E9052FBEC199B41B6B51010D8BA8080FE2 ft=1 fh=5bf6e8642ab61854 vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip Malware Protector\scandll.dll"
sh=2885AA8366E6D69928B129AF799E2C45C227F60B ft=1 fh=018a44c6cf6e2c79 vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe"
sh=F9BAD74FE973B7472802109710F23627E62092E3 ft=1 fh=651dec4933a7a207 vn="a variant of Win32/Systweak.Q potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip Malware Protector\WMPUninstall.exe"
sh=B3B39FEAC5E226BD2BEE49C91D10F9ED4DE6F309 ft=1 fh=fc544b57a47beb76 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\GOHelper.exe"
sh=2E4D0DC598C249FF2EADCC95A16CA2BA91A01501 ft=1 fh=4fcd670a9576400e vn="a variant of Win32/Systweak.M potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\Network.dll"
sh=75E63B0E6192C3C607A24C4DE5837DA238AC5D06 ft=1 fh=3628d6f4f3fbe59e vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\ScanDll.dll"
sh=62C093F1A088281B43D4D593D6026AD7990F7F08 ft=1 fh=618fc49924c0b295 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSS.exe"
sh=D231A7DEB1A7517C693E59217BBA93C2EAF43506 ft=1 fh=201bf487a0ba9a08 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSBeforeUninstall.exe"
sh=31A28F5868B8D8DC4DAF677C040D2A5616D75197 ft=1 fh=d5d980433b446cfe vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSCheckUpdate.exe"
sh=28A4CF68001421A632DE6BC55101849AA503DD6C ft=1 fh=13a1d87d3ff867cd vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDiskDoctor.exe"
sh=68604981B42D40D5246AE6DF5D96BA3F3E850706 ft=1 fh=f7b53110cf92bbc6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDiskExplorer.exe"
sh=E632AE315AB122231E9169F18C7DE6498DBC8057 ft=1 fh=8f87ce268a8c975a vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDiskOptimizer.exe"
sh=AB424CFE1404D44E4FA2213F3772DD8C3BAF0172 ft=1 fh=b0c28cdb10b74269 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDriverUpdater.exe"
sh=C9A995E03489BF0F2C13A96FF52663F3241B634C ft=1 fh=f02c1ac521520449 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDuplicateFilesRemover.exe"
sh=C665876ECC6510842E4C3BB49320115D7DB4622C ft=1 fh=e40da62ceea20055 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSGameOptimizer.exe"
sh=F8C4B7A895B77894B8F42CDE74C1DA264743F9FD ft=1 fh=8af8ba0c1f878b3c vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSHelper.dll"
sh=E5605E8008E7E35E62F6B9CCE0DEF767570A1A14 ft=1 fh=308c136ad9b260d1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSMemoryOptimizer.exe"
sh=21E54E4A5D7A9426E4A4281E77C4EEC4297F3E63 ft=1 fh=3d74672a090609ba vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSNewScheduler.exe"
sh=358E6277384351CE099819B79546636CE33C2238 ft=1 fh=c4a93cf3467e002f vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSPCFixer.exe"
sh=E5BEE6F091213239AC6EC782786D40B845865654 ft=1 fh=e1536639ab1d9c4c vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSPrivacyProtector.exe"
sh=B46AB7C0F214C38C40799B7C9D826573CDB90398 ft=1 fh=03f212ee83042d37 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSRegClean.exe"
sh=676E5840B8515AEFD1EA58607B4CAA9367A43B79 ft=1 fh=329e77119a4dc846 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSRegistryOptimizer.exe"
sh=D19983B0B0A22E1D43F0BEF719CC0BEEAB80B4C8 ft=1 fh=a70e81a795fdaef0 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSSecureDelete.exe"
sh=D08BA43C60A7E6EA9E7C500588C8AF1AF3ADA548 ft=1 fh=ac587f9b6325e094 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSSecureEncryptor.exe"
sh=01C9187DBE38E475B019D52889B3DC1A981DE543 ft=1 fh=08b64d3d6cb27f92 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSStartupManager.exe"
sh=7214D278B4C6B3EE146BCD477E51C66D9C94EB29 ft=1 fh=76d8edd14f5e460e vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSSysFileBakRes.exe"
sh=048A609E1002487500BBF23119907E1E3BF3CB88 ft=1 fh=36c49aee9decdf2d vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSSystemAnalyzerAndAdvisor.exe"
sh=A78CE45A9D1741B4D8BFE126DB92E92E3AC65A13 ft=1 fh=88cbfd6b2bfa710a vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSSystemCleaner.exe"
sh=278F7E3A15CBC7FCE82D7D143C86BB0EAB98DDFA ft=1 fh=b9f3d993d6e55e0d vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSSystemProtector.exe"
sh=C5CA6F924386676A14808356F9DD39916AB1CB11 ft=1 fh=d4bd879c1290297b vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSUndelete.exe"
sh=A0AAED8E58D14E15194171529C5DF9957D8B1C3A ft=1 fh=5c2c59a05a8a600a vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSUninstallManager.exe"
sh=E5815111DFFF408861B8212D3E8300A835A35C38 ft=1 fh=6cf4c557ff0876e1 vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Users\Chuck\AppData\Roaming\WinZip\WINZIPSS\Checking for Updates\AppUpdates\winzipsystemutilitiessuite_update.exe"
sh=76C17560EE46CF544B61FC9FC994239D98C5C3EC ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB trojan" ac=I fn="C:\Users\Chuck\Desktop\Syncplicity\1 - Administration\7 - Web Site-App\1 - Archive\Joomla\BACKUP\JoomlaBackup6.18.2012.tar"
sh=5EA1C12FE02434E1E44EA8BB0EA2F0E1D15923FB ft=1 fh=345da0ffe49e4e5c vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\Users\Chuck\Downloads\wzmalwareprotector_1.exe"
sh=B6C45530FB13D657CC052C4C6F27C12E9FBBC46B ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\18f4cde7.msi"
sh=7DEB37AA107A8E604761776C52D540D8592064FA ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB trojan" ac=I fn="G:\FileHistory\Chuck\OFFICE\Data\$OF\64782\672 (2014_10_02 13_27_45 UTC).php"
sh=3A9B7E93EB46618D2A4ECBA941188CEECDB81E72 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB trojan" ac=I fn="G:\FileHistory\Chuck\OFFICE\Data\$OF\774\672 (2014_10_02 13_27_45 UTC).php"
sh=01152E99D82F186C89B60459ED33A36C8E9E29CD ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB trojan" ac=I fn="G:\FileHistory\Chuck\OFFICE\Data\$OF\792\672 (2014_10_02 13_27_45 UTC).php"
sh=76C17560EE46CF544B61FC9FC994239D98C5C3EC ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB trojan" ac=I fn="G:\FileHistory\Chuck\OFFICE\Data\C\Users\Chuck\Desktop\Syncplicity\1 - Administration\7 - Web Site-App\1 - Archive\Joomla\BACKUP\JoomlaBackup6.18.2012 (2014_10_02 13_27_45 UTC).tar"
sh=01152E99D82F186C89B60459ED33A36C8E9E29CD ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB trojan" ac=I fn="G:\FileHistory\Chuck\OFFICE\Data\C\Users\Chuck\Desktop\Syncplicity\1 - Administration\7 - Web Site-App\1 - Archive\WEB SITE 2.1.10\blog\wp-content\themes\corpblue\footer (2014_10_02 13_27_45 UTC).php"
sh=3A9B7E93EB46618D2A4ECBA941188CEECDB81E72 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB trojan" ac=I fn="G:\FileHistory\Chuck\OFFICE\Data\C\Users\Chuck\Desktop\Syncplicity\1 - Administration\7 - Web Site-App\1 - Archive\WEB SITE 2.1.10\blog\wp-content\themes\fluid-blue\footer (2014_10_02 13_27_45 UTC).php"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="G:\FileHistory\Chuck\OFFICE\Data\C\Users\Chuck\Desktop\Syncplicity\2 - Accounting\General Ledger\2014\Vendor Invoices\Executive Suites MN (Janal Business Ctr)\ccsetup417 (2014_10_02 13_27_45 UTC).exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="${Memory}"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users