Jump to content

Recommended Posts

I’m the local tech support guy for my friends and family, but need help when it comes to malware and viruses.

 

I’m helping my friend set up a new Dell Inspiron Small Desktop 3000 Series machine running Windows 8.1

(my first look at Windows 8).

 

Not sure if these issues came from the Dell install (I hope not!) or my friend’s files that I moved over (wish I had run a virus scan before I moved them). Didn’t do much on the Dell except moved over my friends “My Documents” folder. I did install a few programs… couple of printer drivers, TeamViewer, iTunes, Dashlane, Revo Uninstaller, Google Chrome…

 

I used Revo Uninstaller to uninstall the Dell McAfee anti-virus and I installed the free version of Avast.

 

The malware / virus messages I’m getting are: Continue VuuPC Installation, Windows Version Installer, and messages from Avast:

            C:\Users\Betty\AppData\Local\...\AnyProtect[1].exe 

            Threat: Win32:Dropper-gen [Drp]

 

            C:\$Recycle.Bin\...\AnyProtect.exe

            Threat: Win32:Dropper-gen [Drp]

 

And messages from Malwarebytes

PUP.Optional.InstallCore.A, C:\Users\Betty\AppData\Local\Temp\nsiF609.tmp, , [554d50daabd03bfbbe0027448e73c23e],

PUP.Optional.InstallCore.A, C:\Users\Betty\AppData\Local\Temp\nsq389F.tmp, , [0b971c0e7b0074c247775d0e847d4fb1],

PUP.Optional.InstallCore.A, C:\Users\Betty\AppData\Local\Temp\ICReinstall_nsiF609.tmp, , [c7db44e6f982a4927945096208f9e917],

PUP.Optional.InstallCore.A, C:\Users\Betty\AppData\Local\Temp\ICReinstall_nsq389F.tmp, , [742eb179502b9d99635bcba00100eb15],

 

Following the instructions here:

https://forums.malwarebytes.org/index.php?showtopic=9573

I ran the Farbar Recovery Scan Tool and as instructed I have cut/passed the results below.

(well I tried to and I got an error that my post was too long - I'll remove them and try to post them separately 

 

Thanks in advance for any help/advice you can provide…

 

\Dave

 

 

Link to post
Share on other sites

I tried to post just the FRST.txt from the Farbar Recovery Scan Tool - and I got post too long... (should I attach it someplace?)

I'll try the Additional.txt here

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by Betty at 2014-04-15 10:51:48
Running from C:\Users\Betty\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.6603 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.3214 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.3123 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.3126 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (x32 Version: 12.0.3205.55 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKCU\...\Dashlane) (Version: 2.4.0.60370 - Dashlane SAS)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Update (HKLM-x32\...\{1D817B4D-A183-48C0-8463-FCC39459367B}) (Version: 1.0.1014.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION) <==== ATTENTION
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
12-04-2014 16:31:37 Revo Uninstaller's restore point - McAfee LiveSafe – Internet Security
 
==================== Hosts content: ==========================
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1A607641-A786-4535-AD49-2A29A6EBB8A1} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21F73530-DAAB-4434-8386-AA68CEB4F83F} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {35A994B6-A336-49F5-A2ED-0B0F9FCF31F6} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3E9AF056-324C-44C2-8362-341271DFE885} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {40A6302E-F1B3-4A28-956D-DB6F7560A77D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {675F56FA-B967-46B1-B76A-3CF019472F6A} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6BA76143-5AE6-44A4-AE46-ED3E7C319135} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6F6D6FBD-9641-4E90-B2D7-C92BB4B5329E} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7F541077-0E01-47BA-B36A-BF5D3507D07C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {81CC918C-DA75-436D-8207-DF5124B3EC08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {89CFE7FF-50C2-4255-A1AD-DCBA18241BB0} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8F019529-CABC-415B-AB08-4590BFC91BAB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1797BD6-5004-474D-8711-B73EBC280A6B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-03-31] (Microsoft Corporation)
Task: {BA6899D4-BBF0-4DF4-8305-A128153F3733} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {C0EA8615-2F1A-484B-AD12-A3A882301A1E} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {C248F75F-487D-40C2-8649-446B20726F14} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-12] (AVAST Software)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D1D88098-65B4-4484-86A4-408AC28C5BD6} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB38F1F3-1CF9-457B-962D-FF94BD83459B} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {DCC94845-34B8-4EEE-BE72-8BBC475510FB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F1F9AE4C-575D-4B6C-9C30-8228626C3311} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {FDD47862-BE66-462C-B21D-A5F24B6CF624} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-12 12:53 - 2014-04-12 12:53 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-03 15:28 - 2013-08-19 12:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-04-03 15:28 - 2013-08-19 12:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-04-12 15:53 - 2013-04-15 11:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL
2014-04-12 15:55 - 2013-04-15 11:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2014-04-12 12:52 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-04-12 10:51 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-04-11 18:58 - 2014-04-11 18:58 - 00355328 _____ () C:\Users\Betty\AppData\Roaming\VOPackage\VOsrv.exe
2013-08-22 14:40 - 2013-08-22 14:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 14:40 - 2013-08-22 14:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 14:40 - 2013-08-22 14:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2013-09-05 02:20 - 2013-09-05 02:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-05 02:17 - 2013-09-05 02:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-05 02:24 - 2013-09-05 02:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2014-04-12 11:38 - 2014-04-08 12:17 - 00219832 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\Dashlane.exe
2014-04-15 09:29 - 2014-04-15 09:29 - 02212352 _____ () C:\Program Files\AVAST Software\Avast\defs\14041500\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-12 11:36 - 2014-04-08 12:15 - 00254648 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.4.0.60370.dll
2014-04-12 11:36 - 2014-04-08 12:15 - 00363704 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.4.0.60370.dll
2014-04-12 11:36 - 2014-04-08 12:15 - 00423608 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.4.0.60370.dll
2014-04-12 11:36 - 2014-04-08 12:15 - 28202680 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.4.0.60370.dll
2014-04-12 11:36 - 2014-04-08 12:15 - 00263352 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.4.0.60370.dll
2014-04-12 11:36 - 2014-04-08 12:15 - 04799160 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.4.0.60370.dll
2014-04-12 11:36 - 2014-04-08 12:15 - 04311736 _____ () C:\Users\Betty\AppData\Roaming\Dashlane\2.4.0.60370\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.4.0.60370.dll
2014-04-12 12:48 - 2014-04-12 12:48 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-03 15:21 - 2013-03-04 23:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 14:41 - 2013-03-05 14:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-04-03 15:14 - 2013-09-03 20:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Betty\Documents\Forwarded Msg.eml:OECustomProperty
AlternateDataStreams: C:\Users\Betty\Documents\Fwd_ Fw_ Irish Wish.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/13/2014 05:33:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3560906
 
Error: (04/13/2014 05:33:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3560906
 
Error: (04/13/2014 05:33:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/13/2014 02:40:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6455844
 
Error: (04/13/2014 02:40:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6455844
 
Error: (04/13/2014 02:40:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/12/2014 10:18:42 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004E028
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c7c00280-b24d-4e82-89ca-4f1288eb1d9e;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (04/12/2014 09:08:57 AM) (Source: Windows Search Service Profile Notification) (User: )
Description: Unable to remove Windows Search Service indexed data for user '<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2014-04-12T13:08:57.000000000Z'/><EventRecordID>535</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Bettys-PC</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4200650074007400790073002D00500043005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>' in response to user profile deletion.  Error code %2.
 
%3.
 
Error: (04/12/2014 09:08:56 AM) (Source: AVLogEvent) (User: NT AUTHORITY)
Description: a7f42014
 
 
System errors:
=============
Error: (04/15/2014 08:16:05 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (04/14/2014 08:44:09 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (04/14/2014 06:25:02 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (04/14/2014 05:01:29 AM) (Source: DCOM) (User: Bettys-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (04/14/2014 05:00:59 AM) (Source: DCOM) (User: Bettys-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (04/13/2014 11:20:11 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (04/13/2014 10:03:49 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (04/13/2014 06:28:40 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (04/13/2014 05:33:51 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (04/13/2014 02:53:01 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
 
Microsoft Office Sessions:
=========================
Error: (04/13/2014 05:33:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3560906
 
Error: (04/13/2014 05:33:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3560906
 
Error: (04/13/2014 05:33:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/13/2014 02:40:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6455844
 
Error: (04/13/2014 02:40:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6455844
 
Error: (04/13/2014 02:40:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/12/2014 10:18:42 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004E028RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c7c00280-b24d-4e82-89ca-4f1288eb1d9e;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (04/12/2014 09:08:57 AM) (Source: Windows Search Service Profile Notification)(User: )
Description: <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2014-04-12T13:08:57.000000000Z'/><EventRecordID>535</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Bettys-PC</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4200650074007400790073002D00500043005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>
 
Error: (04/12/2014 09:08:56 AM) (Source: AVLogEvent)(User: NT AUTHORITY)
Description: a7f42014
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 4012.94 MB
Available physical RAM: 2719.31 MB
Total Pagefile: 5420.94 MB
Available Pagefile: 3968.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:922.08 GB) (Free:886.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 5A21E20E)
 
Partition: GPT Partition Type.
 

 

==================== End Of Log ============================
 

 

Link to post
Share on other sites

  • 2 weeks later...

Hello Dave and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Do you still need help?
Link to post
Share on other sites

Hi Borislav,

 

Thanks for your offer of help... But when I didn't get a reply for a while I forgot I had posted this so I didn't close it out. I ended up reloading the new Dell from the Dell 'restore partition' (since it was new and I had not done that much customization on it yet). And before I loaded the users data, I scanned and eliminated the virus and malware on the users backup disk - then loaded it onto the new system -- all scans are fine now and the system is running great.

 

If I can figure out how to do it, I'll close this post.

 

Thanks again.

\Dave

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.