Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Possible Malware or Virus On PC - Posted at instruction

This is a discussion on Possible Malware or Virus On PC - Posted at instruction within the Resolved HJT Threads forums, part of the Tech Support Forum category. Posting the following info as instructed by member on another thread. - Passwords to financial sites have been changed. All


 
 
Thread Tools Search this Thread
Old 03-17-2016, 10:42 AM   #1
Registered Member
 
Join Date: Mar 2016
Posts: 19
OS: Windows 7



Posting the following info as instructed by member on another thread.

- Passwords to financial sites have been changed. All other passwords to non-financial sites such as twitter or deviantart, and the financial site paypal, are not yet changed as cannot get to them (my only other known safe computer is my ipad and our wireless is finicky.)
- Only one antivirus running on my computer. Bullguard Did not often give false positives until recently.
- I do not use or have installed any bittorrent sites that I am aware of.
- I do not believe there us any illegal software installed on my computer.



Here are the contents of the dds.txt files. Attach.txt is attached below.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18231 BrowserJavaVersion: 11.73.2
Run by SarahT at 17:29:15 on 2016-03-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8139.5088 [GMT 0:00]
.
AV: BullGuard Antivirus *Enabled/Updated* {EDBB5818-2352-E06B-028A-4E6873B92CC5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: BullGuard Antispyware *Enabled/Updated* {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall *Enabled* {D580D93D-693D-E133-29D5-E75D8D6A6BBE}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\SvcHost.exe -k BullGuard_Main
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\SvcHost.exe -k BullGuard_Backup
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
C:\Windows\System32\SvcHost.exe -k BullGuard_Cache
C:\Windows\System32\SvcHost.exe -k BullGuard
C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Windows\splwow64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\splwow64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [Google Update] "C:\Users\SarahT\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
TCP: NameServer = 217.12.218.114 8.8.8.8
TCP: Interfaces\{0A161E61-B8E3-424B-A405-C45E34ADB0A4} : DHCPNameServer = 217.12.218.114 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SarahT\AppData\Roaming\Mozilla\Firefox\Profiles\h5lx8ses.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Users\SarahT\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\SarahT\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\SarahT\AppData\Roaming\Mozilla\plugins\npo1d.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2014-1-15 632168]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2014-1-15 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-2-18 20464]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2014-5-10 52856]
R1 AFW;Agnitum Firewall Driver;C:\Windows\System32\drivers\afw.sys [2014-2-26 52912]
R1 BdAgent;BullGuard Security Agent;C:\Windows\System32\drivers\BdAgent.sys [2014-6-18 117184]
R1 BdSpy;BdSpy;C:\Windows\System32\drivers\BdSpy.sys [2014-2-26 76728]
R1 NovaShieldFilterDriver;NovaShieldFilterDriver;C:\Windows\System32\drivers\NSKernel.sys [2015-1-29 325488]
R1 NovaShieldTDIDriver;NovaShieldTDIDriver;C:\Windows\System32\drivers\NSNetmon.sys [2015-1-29 26776]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 BsBackup;BullGuard backup service;C:\Windows\System32\SvcHost.exe -k BullGuard_Backup [2009-7-13 27136]
R2 BsBhvScan;BullGuard Behavioural Detection;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2016-3-2 684560]
R2 BsCache;BullGuard CODS service;C:\Windows\System32\SvcHost.exe -k BullGuard_Cache [2009-7-13 27136]
R2 BsFileScan;BullGuard on-access service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 27136]
R2 BsFire;BullGuard firewall service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 27136]
R2 BsMailProxy;BullGuard e-mail monitoring service;C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy [2009-7-13 27136]
R2 BsMain;BullGuard main service;C:\Windows\System32\SvcHost.exe -k BullGuard_Main [2009-7-13 27136]
R2 BsScanner;BullGuard scanning service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2016-3-2 310288]
R2 BsUpdate;BullGuard update service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2016-3-2 398864]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-5-9 144560]
R2 MyEpson Portal Service;MyEpson Portal Service;C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe [2014-9-22 703984]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2014-7-15 730304]
R3 afwcore;afwcore;C:\Windows\System32\drivers\afwcore.sys [2014-2-26 465072]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 BdNet;BdNet;C:\Windows\System32\drivers\BdNet.sys [2014-3-19 33968]
R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2014-7-15 14016]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-2-18 358896]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-2-18 795632]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-12-27 888536]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2014-7-15 103616]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2014-7-15 15040]
R3 XSplit_Dummy;XSplit Stream Audio Renderer;C:\Windows\System32\drivers\xspltspk.sys [2014-7-2 26200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-6-25 327296]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-10-18 38424]
S3 dc21x4vm;dc21x4vm;C:\Windows\System32\drivers\dc21x4vm.sys [2009-6-10 57344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-3-9 114688]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2015-11-17 20232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-20 19456]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-1-20 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-18 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-3-18 29696]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-21 1255736]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
S4 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-5-8 169432]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-4-29 1738168]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-4-29 2088408]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-4-29 171928]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\Windows\System32\NOTEPAD.EXE" %1
.
=============== Created Last 30 ================
.
2016-03-17 14:55:17 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE73AE73-58EC-4B8B-A2E3-A3EB2ACE1EB7}\offreg.4488.dll
2016-03-15 15:52:26 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE73AE73-58EC-4B8B-A2E3-A3EB2ACE1EB7}\offreg.1744.dll
2016-03-15 13:33:19 11249080 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE73AE73-58EC-4B8B-A2E3-A3EB2ACE1EB7}\mpengine.dll
2016-03-13 22:21:42 -------- d-----w- C:\Users\SarahT\AppData\Roaming\StardewValley
2016-03-13 22:20:20 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2016-03-09 14:57:57 5572032 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-03-07 17:18:46 -------- d-----w- C:\Program Files (x86)\Minecraft
2016-03-02 11:40:27 169904 ----a-w- C:\Windows\System32\BgGamingMonitor.dll
2016-03-02 11:40:27 148256 ----a-w- C:\Windows\SysWow64\BgGamingMonitor.dll
2016-03-02 11:40:18 76816 ----a-w- C:\Windows\System32\BGLsp.dll
2016-03-02 11:40:18 61968 ----a-w- C:\Windows\SysWow64\BGLsp.dll
2016-02-27 00:07:23 970912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr120.dll
2016-02-27 00:07:23 924616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc55.dll
2016-02-27 00:07:23 887152 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2016-02-27 00:07:23 58824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\lgpllibs.dll
2016-02-27 00:07:23 55752 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2016-02-27 00:07:23 455328 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp120.dll
2016-02-27 00:07:23 3466856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_47.dll
2016-02-27 00:07:23 209352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
2016-02-27 00:07:23 189896 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2016-02-27 00:07:23 1287112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin55.dll
2016-02-27 00:07:23 107976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\wow_helper.exe
2016-02-27 00:07:23 10788808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt55.dll
.
==================== Find3M ====================
.
2016-03-10 22:20:47 797376 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-03-10 22:20:47 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-19 19:02:43 38336 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-02-19 18:54:11 1168896 ----a-w- C:\Windows\System32\aeinv.dll
2016-02-19 14:07:35 1373184 ----a-w- C:\Windows\System32\appraiser.dll
2016-02-12 18:52:23 98816 ----a-w- C:\Windows\System32\wudriver.dll
2016-02-12 18:52:23 3169792 ----a-w- C:\Windows\System32\wucltux.dll
2016-02-12 18:52:23 192512 ----a-w- C:\Windows\System32\wuwebv.dll
2016-02-12 18:44:43 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2016-02-12 18:39:55 174080 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2016-02-12 18:18:22 37888 ----a-w- C:\Windows\System32\wuapp.exe
2016-02-12 18:18:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2016-02-12 18:05:17 93696 ----a-w- C:\Windows\SysWow64\wudriver.dll
2016-02-12 18:05:13 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2016-02-11 18:56:26 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-02-11 18:56:26 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-02-11 18:52:52 1733592 ----a-w- C:\Windows\System32\ntdll.dll
2016-02-11 18:49:42 362496 ----a-w- C:\Windows\System32\wow64win.dll
2016-02-11 18:49:42 243712 ----a-w- C:\Windows\System32\wow64.dll
2016-02-11 18:49:42 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2016-02-11 18:49:24 215040 ----a-w- C:\Windows\System32\winsrv.dll
2016-02-11 18:49:19 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-02-11 18:49:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-02-11 18:49:00 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-02-11 18:49:00 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-02-11 18:48:58 503808 ----a-w- C:\Windows\System32\srcore.dll
2016-02-11 18:48:58 50176 ----a-w- C:\Windows\System32\srclient.dll
2016-02-11 18:48:16 28160 ----a-w- C:\Windows\System32\secur32.dll
2016-02-11 18:48:14 344064 ----a-w- C:\Windows\System32\schannel.dll
2016-02-11 18:48:12 1214464 ----a-w- C:\Windows\System32\rpcrt4.dll
2016-02-11 18:47:33 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2016-02-11 18:45:59 312320 ----a-w- C:\Windows\System32\ncrypt.dll
2016-02-11 18:45:56 315392 ----a-w- C:\Windows\System32\msv1_0.dll
2016-02-11 18:45:51 60416 ----a-w- C:\Windows\System32\msobjs.dll
2016-02-11 18:45:35 146432 ----a-w- C:\Windows\System32\msaudite.dll
2016-02-11 18:44:45 3994560 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2016-02-11 18:44:45 3938240 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2016-02-11 18:44:42 1461248 ----a-w- C:\Windows\System32\lsasrv.dll
2016-02-11 18:44:34 730112 ----a-w- C:\Windows\System32\kerberos.dll
2016-02-11 18:44:34 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2016-02-11 18:42:25 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2016-02-11 18:42:24 43520 ----a-w- C:\Windows\System32\cryptbase.dll
2016-02-11 18:42:24 22016 ----a-w- C:\Windows\System32\credssp.dll
2016-02-11 18:38:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-02-11 18:38:24 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2016-02-11 18:38:24 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2016-02-11 18:38:23 275456 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2016-02-11 18:38:07 171520 ----a-w- C:\Windows\SysWow64\wdigest.dll
2016-02-11 18:38:00 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2016-02-11 18:37:53 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2016-02-11 18:37:11 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2016-02-11 18:37:09 251392 ----a-w- C:\Windows\SysWow64\schannel.dll
2016-02-11 18:35:14 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2016-02-11 18:35:09 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2016-02-11 18:35:06 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2016-02-11 18:34:26 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2016-02-11 18:33:30 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll
2016-02-11 18:31:25 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2016-02-11 17:48:11 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-02-11 17:43:48 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-02-11 17:41:42 338432 ----a-w- C:\Windows\System32\conhost.exe
2016-02-11 17:40:09 296960 ----a-w- C:\Windows\System32\rstrui.exe
2016-02-11 17:34:45 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-02-11 17:34:01 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-02-11 17:33:54 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-02-11 17:32:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2016-02-11 17:32:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2016-02-11 17:32:45 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2016-02-11 17:32:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2016-02-11 17:32:25 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-02-11 17:32:18 112640 ----a-w- C:\Windows\System32\smss.exe
2016-02-11 17:31:01 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-02-11 17:30:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2016-02-11 17:30:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 17:30:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-11 17:30:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-02-11 14:07:46 689152 ----a-w- C:\Windows\System32\generaltel.dll
2016-02-09 09:57:08 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2016-02-09 09:56:09 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2016-02-09 09:56:09 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2016-02-09 09:55:34 30720 ----a-w- C:\Windows\System32\seclogon.dll
2016-02-09 09:54:38 9728 ----a-w- C:\Windows\System32\spwmp.dll
2016-02-09 09:51:32 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2016-02-09 09:13:14 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2016-02-09 09:13:14 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2016-02-09 09:13:10 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2016-02-08 20:51:13 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-02-08 20:39:06 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-02-08 20:39:06 496640 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-02-08 20:38:29 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-02-08 20:38:20 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-02-08 20:37:31 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-02-08 20:28:52 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-02-08 20:28:32 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-02-08 20:16:21 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-02-08 20:10:37 4611072 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-02-08 20:01:48 2050560 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-02-08 20:01:43 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-02-08 19:43:04 2121216 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-02-08 19:39:47 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 17:32:21.58 ===============
Attached Files
File Type: txt attach.txt (10.8 KB, 20 views)
GlyphSun is offline  
Sponsored Links
Advertisement
 
Old 03-20-2016, 11:35 AM   #2
Registered Member
 
Join Date: Mar 2016
Posts: 19
OS: Windows 7



Bump, please
GlyphSun is offline  
Old 03-22-2016, 12:38 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I'm not seeing any sign of malware in your logs. We'll do an online scan later to look for remnants.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 03-22-2016, 05:01 PM   #4
Registered Member
 
Join Date: Mar 2016
Posts: 19
OS: Windows 7



Hey there! So I followed the first step of downloading Adwcleaner.

Immediately things went wrong. I am not sure what happened or if this was predicted, but my internet apparently lost it's proxy connections and I could no longer access my home network or get online. I had to do a system restore to just prior to the download in order to get back online.

After doing this, Bullguard (which I had allowed Adwcleaner through before) classed adwcleaner as a potentially dangerous file and quarantined it. I've left it there for now, just in case, sorry about that.

needless to say I reluctant to download these files again, based on what I just had happen.

Can you please advise me on what happened there, and if it is necessary to follow these steps, how do I prevent this from happening again?
GlyphSun is offline  
Old 03-22-2016, 06:46 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello GlyphSun. AdwCleaner is a harmless file that is detected as a false positive by some AVs.

You must have only set a proxy for Chrome.

For now, just run FRST64 per the previous instructions.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-23-2016, 07:06 AM   #6
Registered Member
 
Join Date: Mar 2016
Posts: 19
OS: Windows 7



Okay, thank you chemist; sorry for the trouble.

FRST64 Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by SarahT (administrator) on SARAHT-PC (23-03-2016 14:02:18)
Running from C:\Users\SarahT\Downloads
Loaded Profiles: SarahT (Available Profiles: SarahT)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1350160 2016-03-21] (BullGuard Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-160548165-633373374-2119887351-1001\...\Run: [Google Update] => C:\Users\SarahT\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-06] (Google Inc.)
HKU\S-1-5-21-160548165-633373374-2119887351-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-160548165-633373374-2119887351-1001\...\MountPoints2: {4b335a00-8489-11e4-90a8-d850e6e3c269} - E:\AutoRun.exe
AppInit_DLLs: c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll => c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll [116856 2016-02-26] (BullGuard Ltd.)
AppInit_DLLs-x32: c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll => c:\Program Files\BullGuard Ltd\BullGuard\Files32\BgAgent.dll [97768 2016-02-26] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-03-21] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-03-21] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-03-21] (BullGuard Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 217.12.218.114 8.8.8.8
Tcpip\..\Interfaces\{0A161E61-B8E3-424B-A405-C45E34ADB0A4}: [DhcpNameServer] 217.12.218.114 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-160548165-633373374-2119887351-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-160548165-633373374-2119887351-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\SarahT\AppData\Roaming\Mozilla\Firefox\Profiles\h5lx8ses.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-160548165-633373374-2119887351-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\SarahT\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-160548165-633373374-2119887351-1001: @talk.google.com/O1DPlugin -> C:\Users\SarahT\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-160548165-633373374-2119887351-1001: @tools.google.com/Google Update;version=3 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-160548165-633373374-2119887351-1001: @tools.google.com/Google Update;version=9 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-160548165-633373374-2119887351-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\SarahT\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\SarahT\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\[email protected]
FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\[email protected] [2014-08-08] [not signed]

Chrome:
=======
CHR Profile: C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Docs Offline) - C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-18]
CHR Extension: (Journey (Diary, Journal)) - C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlncjaehedpdoinepaejmlpbmdkgmpog [2016-03-23]
CHR Extension: (Disable Extensions Temporarily) - C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcfdefmogcogicollfebhgjiiakbjdje [2016-03-17]
CHR Extension: (Google Wallet) - C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1359376 2016-03-21] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [684560 2016-03-21] (BullGuard Ltd.)
R2 BsCache; c:\program files\bullguard ltd\bullguard\BsCache.dll [177168 2016-03-21] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [476176 2016-03-21] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [813584 2016-03-21] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [883216 2016-03-21] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [606224 2016-03-21] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [310288 2016-03-21] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [398864 2016-03-21] (BullGuard Ltd.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-05-10] (Macrovision Europe Ltd.) [File not signed]
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2016-01-11] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [52912 2015-06-17] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [465072 2015-06-17] (Agnitum Ltd.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 2014-06-18] (BullGuard Ltd.)
R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [33968 2015-10-15] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [76728 2015-10-15] (BullGuard Ltd.)
S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [57344 2009-06-10] (Microsoft Corp.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [325488 2015-08-24] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [26776 2015-08-24] (BullGuard Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [477272 2015-10-15] (BitDefender S.R.L.)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz137; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-23 14:02 - 2016-03-23 14:03 - 00018487 _____ C:\Users\SarahT\Downloads\FRST.txt
2016-03-23 14:01 - 2016-03-23 14:02 - 00000000 ____D C:\FRST
2016-03-23 14:00 - 2016-03-23 14:01 - 02374144 _____ (Farbar) C:\Users\SarahT\Downloads\FRST64.exe
2016-03-23 00:05 - 2016-03-23 00:05 - 00000000 ____D C:\Users\SarahT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-03-22 23:27 - 2016-03-22 23:27 - 00106950 _____ C:\Users\SarahT\Downloads\CeMDDVuVAAIXVBo.jpg-large
2016-03-22 23:15 - 2016-03-22 23:15 - 00991251 _____ C:\Users\SarahT\Downloads\X21_-_X46_times_Publication.pdf
2016-03-21 18:48 - 2016-03-21 21:44 - 3004436220 _____ C:\Users\SarahT\Desktop\bandicam 2016-03-21 18-48-53-532.avi
2016-03-21 18:11 - 2016-03-21 18:11 - 00001136 _____ C:\Users\SarahT\Desktop\nativelog.txt
2016-03-21 11:46 - 2016-03-21 11:45 - 00169904 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2016-03-21 11:46 - 2016-03-21 11:45 - 00148256 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2016-03-21 11:46 - 2016-03-21 11:45 - 00076816 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2016-03-21 11:46 - 2016-03-21 11:45 - 00061968 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2016-03-20 18:37 - 2016-03-20 18:37 - 00079966 _____ C:\Windows\ntbtlog.txt
2016-03-19 14:17 - 2016-03-19 14:32 - 00000000 ____D C:\Users\SarahT\Desktop\more ipad art
2016-03-19 14:12 - 2009-06-10 21:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160319-141257.backup
2016-03-17 17:32 - 2016-03-17 17:32 - 00024454 _____ C:\Users\SarahT\Desktop\dds.txt
2016-03-17 17:32 - 2016-03-17 17:32 - 00011070 _____ C:\Users\SarahT\Desktop\attach.txt
2016-03-17 17:29 - 2016-03-17 17:29 - 00688992 _____ (Swearware) C:\Users\SarahT\Downloads\dds.scr
2016-03-14 02:59 - 2016-03-14 02:59 - 00001934 _____ C:\Users\SarahT\Desktop\screenshots - Shortcut.lnk
2016-03-13 22:21 - 2016-03-22 15:23 - 00000000 ____D C:\Users\SarahT\AppData\Roaming\StardewValley
2016-03-13 22:20 - 2016-03-13 22:20 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2016-03-13 21:50 - 2016-03-13 21:50 - 00046038 _____ C:\Users\SarahT\Downloads\339788.jpeg
2016-03-12 19:16 - 2016-03-12 19:18 - 55108858 _____ C:\Users\SarahT\Downloads\Asgore.wav
2016-03-09 15:00 - 2016-02-12 18:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 15:00 - 2016-02-12 18:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 15:00 - 2016-02-12 18:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 15:00 - 2016-02-12 18:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 15:00 - 2016-02-12 18:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 15:00 - 2016-02-12 18:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 15:00 - 2016-02-12 18:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 15:00 - 2016-02-12 18:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 15:00 - 2016-02-12 18:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 15:00 - 2016-02-12 18:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 15:00 - 2016-02-12 18:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 15:00 - 2016-02-12 18:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 15:00 - 2016-02-12 18:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 15:00 - 2016-02-12 18:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 15:00 - 2016-02-12 18:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 15:00 - 2016-02-12 18:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-09 15:00 - 2016-02-09 06:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 15:00 - 2016-02-09 06:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-09 15:00 - 2016-02-08 21:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 15:00 - 2016-02-08 20:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-09 15:00 - 2016-02-08 20:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 15:00 - 2016-02-08 20:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-09 15:00 - 2016-02-08 20:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-09 15:00 - 2016-02-08 20:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-09 15:00 - 2016-02-08 20:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-09 15:00 - 2016-02-08 20:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 15:00 - 2016-02-08 20:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-09 15:00 - 2016-02-08 20:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-09 15:00 - 2016-02-08 20:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-09 15:00 - 2016-02-08 20:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 15:00 - 2016-02-08 20:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-09 15:00 - 2016-02-08 20:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-09 15:00 - 2016-02-08 20:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-09 15:00 - 2016-02-08 20:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-09 15:00 - 2016-02-08 20:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-09 15:00 - 2016-02-08 20:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-09 15:00 - 2016-02-08 20:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-09 15:00 - 2016-02-08 20:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-09 15:00 - 2016-02-08 20:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 15:00 - 2016-02-08 20:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-09 15:00 - 2016-02-08 20:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 15:00 - 2016-02-08 20:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 15:00 - 2016-02-08 20:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 15:00 - 2016-02-08 20:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 15:00 - 2016-02-08 20:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-09 15:00 - 2016-02-08 19:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 15:00 - 2016-02-08 19:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 15:00 - 2016-02-08 19:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 15:00 - 2016-02-08 18:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 15:00 - 2016-02-08 18:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 15:00 - 2016-02-08 18:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 15:00 - 2016-02-08 18:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 15:00 - 2016-02-08 18:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 15:00 - 2016-02-08 18:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 15:00 - 2016-02-08 18:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 15:00 - 2016-02-08 18:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 15:00 - 2016-02-08 18:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 15:00 - 2016-02-08 18:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 15:00 - 2016-02-08 17:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 15:00 - 2016-02-08 17:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 15:00 - 2016-02-08 17:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 15:00 - 2016-02-08 17:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 15:00 - 2016-02-08 17:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 15:00 - 2016-02-08 17:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 15:00 - 2016-02-08 17:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 15:00 - 2016-02-08 17:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 15:00 - 2016-02-08 16:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 15:00 - 2016-02-04 17:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 15:00 - 2016-02-03 18:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 15:00 - 2016-02-03 18:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 15:00 - 2016-02-03 18:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-09 15:00 - 2016-02-03 18:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 15:00 - 2016-02-03 18:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 15:00 - 2016-01-11 19:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 15:00 - 2015-11-19 14:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-09 15:00 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-09 14:59 - 2016-02-08 20:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 14:59 - 2016-02-08 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 14:59 - 2016-02-08 18:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 14:59 - 2016-02-08 18:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 14:59 - 2016-02-08 18:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 14:59 - 2016-02-08 18:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 14:59 - 2016-02-08 18:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 14:59 - 2016-02-08 18:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 14:59 - 2016-02-08 18:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 14:59 - 2016-02-08 17:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 14:59 - 2016-02-08 17:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 14:59 - 2016-02-08 17:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 14:59 - 2016-02-08 17:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 14:59 - 2016-02-08 17:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 14:59 - 2016-02-08 17:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 14:57 - 2016-02-19 19:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 14:57 - 2016-02-19 18:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 14:57 - 2016-02-19 14:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 14:57 - 2016-02-11 18:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 14:57 - 2016-02-11 18:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 14:57 - 2016-02-11 18:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 14:57 - 2016-02-11 18:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 14:57 - 2016-02-11 18:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-09 14:57 - 2016-02-11 18:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-09 14:57 - 2016-02-11 18:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-09 14:57 - 2016-02-11 18:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 14:57 - 2016-02-11 18:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 14:57 - 2016-02-11 18:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 14:57 - 2016-02-11 18:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 14:57 - 2016-02-11 18:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-09 14:57 - 2016-02-11 18:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 14:57 - 2016-02-11 18:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 14:57 - 2016-02-11 18:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 14:57 - 2016-02-11 18:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 14:57 - 2016-02-11 18:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 14:57 - 2016-02-11 18:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-09 14:57 - 2016-02-11 18:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 14:57 - 2016-02-11 18:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 14:57 - 2016-02-11 18:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 14:57 - 2016-02-11 18:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 14:57 - 2016-02-11 18:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-09 14:57 - 2016-02-11 18:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-09 14:57 - 2016-02-11 18:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 14:57 - 2016-02-11 18:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-09 14:57 - 2016-02-11 18:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 14:57 - 2016-02-11 18:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 14:57 - 2016-02-11 18:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 14:57 - 2016-02-11 18:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 14:57 - 2016-02-11 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-09 14:57 - 2016-02-11 18:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-09 14:57 - 2016-02-11 18:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 14:57 - 2016-02-11 18:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-09 14:57 - 2016-02-11 18:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-09 14:57 - 2016-02-11 18:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-09 14:57 - 2016-02-11 18:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-09 14:57 - 2016-02-11 18:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-09 14:57 - 2016-02-11 18:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-09 14:57 - 2016-02-11 18:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-09 14:57 - 2016-02-11 18:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 14:57 - 2016-02-11 18:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-09 14:57 - 2016-02-11 18:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-09 14:57 - 2016-02-11 18:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-09 14:57 - 2016-02-11 18:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 14:57 - 2016-02-11 18:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 17:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 14:57 - 2016-02-11 17:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-09 14:57 - 2016-02-11 17:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-09 14:57 - 2016-02-11 17:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 14:57 - 2016-02-11 17:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 14:57 - 2016-02-11 17:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 14:57 - 2016-02-11 17:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 14:57 - 2016-02-11 17:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 14:57 - 2016-02-11 17:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 14:57 - 2016-02-11 17:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-09 14:57 - 2016-02-11 17:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-09 14:57 - 2016-02-11 17:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-09 14:57 - 2016-02-11 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-09 14:57 - 2016-02-11 17:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-09 14:57 - 2016-02-11 17:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 17:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 14:57 - 2016-02-11 14:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 14:57 - 2016-02-09 09:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 14:57 - 2016-02-09 09:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 14:57 - 2016-02-09 09:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 14:57 - 2016-02-09 09:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 14:57 - 2016-02-09 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 14:57 - 2016-02-09 09:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 14:57 - 2016-02-09 09:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-09 14:57 - 2016-02-09 09:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 14:57 - 2016-02-09 09:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-09 14:57 - 2016-02-09 09:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-09 14:57 - 2016-02-09 09:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-09 14:57 - 2016-02-05 18:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 14:57 - 2016-02-05 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 14:57 - 2016-02-05 18:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 14:57 - 2016-02-05 18:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 14:57 - 2016-02-05 18:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-09 14:57 - 2016-02-05 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 14:57 - 2016-02-05 18:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-09 14:57 - 2016-02-05 17:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 14:57 - 2016-02-05 17:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 14:57 - 2016-02-05 17:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 14:57 - 2016-02-05 14:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 14:57 - 2016-02-05 14:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 14:57 - 2016-02-05 14:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 14:57 - 2016-02-05 01:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 14:57 - 2016-02-04 18:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-07 17:18 - 2016-03-07 17:29 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-03-07 17:18 - 2016-03-07 17:26 - 00000961 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-03-07 16:42 - 2016-03-21 18:25 - 00001136 _____ C:\Windows\SysWOW64\nativelog.txt
2016-03-04 19:31 - 2016-03-20 02:57 - 00000000 ____D C:\Users\SarahT\Desktop\Pathfinder - Humble
2016-03-02 20:32 - 2016-03-21 21:50 - 00000000 ____D C:\Users\SarahT\Desktop\DO THESE DAMN IT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-23 14:03 - 2014-06-09 20:03 - 00000911 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Update {9AF63546-0E82-47B9-8578-84A1B9009355}.job
2016-03-23 14:02 - 2014-05-08 10:43 - 00000000 ____D C:\ProgramData\BullGuard
2016-03-23 13:55 - 2009-07-14 04:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-23 13:55 - 2009-07-14 04:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-23 13:50 - 2015-03-19 23:01 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-160548165-633373374-2119887351-1001UA.job
2016-03-23 13:45 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-23 13:45 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-03-23 13:41 - 2014-05-10 08:58 - 00000156 _____ C:\Windows\Twunk001.MTX
2016-03-23 13:41 - 2014-05-10 08:58 - 00000005 _____ C:\Windows\Twain001.Mtx
2016-03-23 13:41 - 2014-05-09 19:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-23 13:40 - 2014-05-08 10:45 - 00000400 _____ C:\Windows\system32\config\afw_hm.conf
2016-03-23 13:40 - 2014-05-08 10:45 - 00000004 _____ C:\Windows\system32\config\afw_db.conf
2016-03-23 13:40 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-23 00:20 - 2015-04-30 12:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-23 00:13 - 2014-05-09 08:39 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-23 00:06 - 2014-05-09 19:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-23 00:04 - 2014-06-09 20:04 - 00000725 _____ C:\Windows\Tasks\EPSON XP-412 413 415 Series Invitation {9AF63546-0E82-47B9-8578-84A1B9009355}.job
2016-03-23 00:04 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-03-22 23:55 - 2014-05-09 07:22 - 00000000 ____D C:\Users\SarahT
2016-03-22 23:54 - 2015-04-29 19:47 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-22 23:54 - 2015-04-24 16:41 - 00000000 ____D C:\ProgramData\16740106336564517419
2016-03-22 23:54 - 2014-05-09 19:39 - 00000000 ____D C:\ProgramData\FLEXnet
2016-03-22 23:54 - 2014-05-09 07:23 - 00000000 ____D C:\Users\SarahT\AppData\Roaming\Adobe
2016-03-22 23:54 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-22 23:54 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2016-03-22 23:51 - 2014-06-29 10:54 - 50800640 ___SH C:\Users\SarahT\Desktop\Thumbs.db
2016-03-22 23:42 - 2015-04-29 13:54 - 00000000 ____D C:\AdwCleaner
2016-03-22 04:23 - 2015-08-23 19:59 - 00000000 ____D C:\Users\SarahT\Desktop\I THINK ITS OVER GUYS
2016-03-21 21:45 - 2014-05-11 16:24 - 00000000 ____D C:\Users\SarahT\Documents\Bandicam
2016-03-21 18:50 - 2015-03-19 23:01 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-160548165-633373374-2119887351-1001Core.job
2016-03-21 18:11 - 2014-06-10 19:45 - 00000000 ____D C:\Users\SarahT\AppData\Roaming\.minecraft
2016-03-21 03:57 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-21 03:18 - 2014-05-09 07:39 - 00000000 ____D C:\Users\SarahT\AppData\Local\ElevatedDiagnostics
2016-03-21 01:34 - 2014-05-09 20:25 - 00000000 ____D C:\Users\SarahT\AppData\Roaming\Audacity
2016-03-21 01:29 - 2015-03-10 13:23 - 00000000 ___RD C:\Users\SarahT\Desktop\Last sword adventure scenes
2016-03-20 02:57 - 2015-03-16 02:03 - 00000000 ___RD C:\Users\SarahT\Desktop\dress pretties
2016-03-19 13:41 - 2015-07-16 02:20 - 00000000 ____D C:\Users\SarahT\Desktop\Mincraftshots
2016-03-17 16:07 - 2014-05-09 19:51 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-17 16:07 - 2014-05-09 19:51 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-13 22:14 - 2014-05-09 08:36 - 00000000 ___RD C:\Users\SarahT\Desktop\Art Folder 2014
2016-03-13 22:13 - 2015-05-06 00:35 - 00000000 ___RD C:\Users\SarahT\Desktop\art videos in progress
2016-03-13 15:10 - 2016-02-12 00:51 - 00000000 ____D C:\Users\SarahT\Desktop\vid series in progress
2016-03-13 15:10 - 2014-05-10 12:56 - 00000000 ____D C:\Users\SarahT\AppData\Roaming\HandBrake
2016-03-12 18:13 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2016-03-12 11:50 - 2014-05-09 19:24 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-03-12 00:59 - 2014-05-09 16:46 - 00000000 ____D C:\Users\SarahT\Documents\Original Works 2012
2016-03-11 20:00 - 2014-07-28 17:22 - 00000000 ____D C:\Users\SarahT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-11 15:09 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-03-10 22:20 - 2015-04-30 12:32 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-10 22:20 - 2015-04-30 12:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-10 22:20 - 2015-04-30 12:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-10 16:26 - 2009-07-14 04:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-10 15:59 - 2015-04-30 12:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-10 15:24 - 2009-07-14 04:45 - 02328888 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-10 01:46 - 2014-01-20 17:42 - 00000000 ____D C:\Windows\system32\MRT
2016-03-10 01:42 - 2014-01-20 17:42 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-10 01:41 - 2014-12-11 13:36 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-08 23:46 - 2016-02-10 20:47 - 00000000 ____D C:\Users\SarahT\Desktop\underswordcovers
2016-03-08 22:20 - 2009-07-14 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-08 22:14 - 2015-02-14 21:02 - 00000000 ____D C:\Users\SarahT\AppData\Local\Dxtory Software
2016-03-08 22:11 - 2015-01-28 19:28 - 00000000 ____D C:\Program Files (x86)\Into the Haze
2016-03-08 21:20 - 2015-12-13 22:59 - 00000000 ___RD C:\Users\SarahT\Desktop\The Spud Wars
2016-03-08 02:50 - 2016-01-02 19:19 - 00000000 ____D C:\Users\SarahT\Desktop\ursahair
2016-03-07 17:26 - 2015-02-14 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-02-28 19:07 - 2014-05-09 07:23 - 00110904 _____ C:\Users\SarahT\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-27 18:56 - 2014-05-26 19:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-27 00:34 - 2015-04-05 00:46 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-27 00:34 - 2015-04-05 00:46 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-27 00:07 - 2014-09-21 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-27 00:07 - 2014-05-26 19:38 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-22 20:37 - 2014-05-09 08:31 - 00000000 ____D C:\Users\SarahT\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2015-05-16 18:36 - 2015-05-16 18:36 - 0004608 _____ () C:\Users\SarahT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-08 10:42 - 2014-05-08 10:42 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-19 15:37

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (48.3 KB, 17 views)
GlyphSun is offline  
Old 03-25-2016, 12:41 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello GlyphSun.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up your files - Windows Help

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    CustomCLSID: HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    AlternateDataStreams: C:\ProgramData\TEMP:0696EC8E [464]
    AlternateDataStreams: C:\ProgramData\TEMP:11C7FAE3 [496]
    AlternateDataStreams: C:\ProgramData\TEMP:18A25CF1 [424]
    AlternateDataStreams: C:\ProgramData\TEMP:1A14B3AF [464]
    AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC [502]
    AlternateDataStreams: C:\ProgramData\TEMP:220E9B9E [456]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:3969ACF7 [464]
    AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08 [478]
    AlternateDataStreams: C:\ProgramData\TEMP:426DA7EE [482]
    AlternateDataStreams: C:\ProgramData\TEMP:43D2A298 [446]
    AlternateDataStreams: C:\ProgramData\TEMP:454191C8 [444]
    AlternateDataStreams: C:\ProgramData\TEMP:46EF121E [454]
    AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B [114]
    AlternateDataStreams: C:\ProgramData\TEMP:566B9179 [502]
    AlternateDataStreams: C:\ProgramData\TEMP:574F975B [442]
    AlternateDataStreams: C:\ProgramData\TEMP:5A9F1AE5 [448]
    AlternateDataStreams: C:\ProgramData\TEMP:6F39FFF1 [148]
    AlternateDataStreams: C:\ProgramData\TEMP:6F604181 [450]
    AlternateDataStreams: C:\ProgramData\TEMP:7E1E8D30 [504]
    AlternateDataStreams: C:\ProgramData\TEMP:86B7FDDB [412]
    AlternateDataStreams: C:\ProgramData\TEMP:88AFFAC5 [496]
    AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7 [462]
    AlternateDataStreams: C:\ProgramData\TEMP:9A2BCF11 [173]
    AlternateDataStreams: C:\ProgramData\TEMP:A52D07E2 [492]
    AlternateDataStreams: C:\ProgramData\TEMP:AA632E81 [464]
    AlternateDataStreams: C:\ProgramData\TEMP:AE34D87E [472]
    AlternateDataStreams: C:\ProgramData\TEMP:AF465248 [480]
    AlternateDataStreams: C:\ProgramData\TEMP:B9C6EB6C [330]
    AlternateDataStreams: C:\ProgramData\TEMP:D7F8D8A2 [478]
    AlternateDataStreams: C:\ProgramData\TEMP:D7FCDDBE [416]
    AlternateDataStreams: C:\ProgramData\TEMP:DBB979D4 [143]
    AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF [480]
    AlternateDataStreams: C:\ProgramData\TEMP:F817E159 [488]
    AlternateDataStreams: C:\ProgramData\TEMP:FD7DCDA6 [452]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-160548165-633373374-2119887351-1001\...\MountPoints2: {4b335a00-8489-11e4-90a8-d850e6e3c269} - E:\AutoRun.exe
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    CHR Extension: (Google Drive) - C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
    S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 cpuz137; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-25-2016, 01:12 PM   #8
Registered Member
 
Join Date: Mar 2016
Posts: 19
OS: Windows 7



Thank you for all your help, I really appreciate it.

I am unable to create a system repair disc today as I have no discs, I am also due at an online meeting with a group tonight and need my internet connection, flawed or no, so I'd like to not risk this until everyone knows what's going on.

Would it be all-right if I got back to this tomorrow after I have finished work and gotten the appropriate equipment? Sorry for the delay.
GlyphSun is offline  
Old 03-26-2016, 08:06 AM   #9
Registered Member
 
Join Date: Mar 2016
Posts: 19
OS: Windows 7



Here is the fix log you asked me to post after I ran the scan. (One of the problems appears to be fixed, but I will wait on your instructions here).

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by SarahT (2016-03-26 15:01:16) Run:1
Running from C:\Users\SarahT\Desktop
Loaded Profiles: SarahT (Available Profiles: SarahT)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
CustomCLSID: HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\SarahT\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData\TEMP:0696EC8E [464]
AlternateDataStreams: C:\ProgramData\TEMP:11C7FAE3 [496]
AlternateDataStreams: C:\ProgramData\TEMP:18A25CF1 [424]
AlternateDataStreams: C:\ProgramData\TEMP:1A14B3AF [464]
AlternateDataStreams: C:\ProgramData\TEMP:1A8854EC [502]
AlternateDataStreams: C:\ProgramData\TEMP:220E9B9E [456]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:3969ACF7 [464]
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08 [478]
AlternateDataStreams: C:\ProgramData\TEMP:426DA7EE [482]
AlternateDataStreams: C:\ProgramData\TEMP:43D2A298 [446]
AlternateDataStreams: C:\ProgramData\TEMP:454191C8 [444]
AlternateDataStreams: C:\ProgramData\TEMP:46EF121E [454]
AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B [114]
AlternateDataStreams: C:\ProgramData\TEMP:566B9179 [502]
AlternateDataStreams: C:\ProgramData\TEMP:574F975B [442]
AlternateDataStreams: C:\ProgramData\TEMP:5A9F1AE5 [448]
AlternateDataStreams: C:\ProgramData\TEMP:6F39FFF1 [148]
AlternateDataStreams: C:\ProgramData\TEMP:6F604181 [450]
AlternateDataStreams: C:\ProgramData\TEMP:7E1E8D30 [504]
AlternateDataStreams: C:\ProgramData\TEMP:86B7FDDB [412]
AlternateDataStreams: C:\ProgramData\TEMP:88AFFAC5 [496]
AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7 [462]
AlternateDataStreams: C:\ProgramData\TEMP:9A2BCF11 [173]
AlternateDataStreams: C:\ProgramData\TEMP:A52D07E2 [492]
AlternateDataStreams: C:\ProgramData\TEMP:AA632E81 [464]
AlternateDataStreams: C:\ProgramData\TEMP:AE34D87E [472]
AlternateDataStreams: C:\ProgramData\TEMP:AF465248 [480]
AlternateDataStreams: C:\ProgramData\TEMP:B9C6EB6C [330]
AlternateDataStreams: C:\ProgramData\TEMP:D7F8D8A2 [478]
AlternateDataStreams: C:\ProgramData\TEMP:D7FCDDBE [416]
AlternateDataStreams: C:\ProgramData\TEMP:DBB979D4 [143]
AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF [480]
AlternateDataStreams: C:\ProgramData\TEMP:F817E159 [488]
AlternateDataStreams: C:\ProgramData\TEMP:FD7DCDA6 [452]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-160548165-633373374-2119887351-1001\...\MountPoints2: {4b335a00-8489-11e4-90a8-d850e6e3c269} - E:\AutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Google Drive) - C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-11] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz137; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-160548165-633373374-2119887351-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
C:\ProgramData\TEMP => ":0696EC8E" ADS removed successfully.
C:\ProgramData\TEMP => ":11C7FAE3" ADS removed successfully.
C:\ProgramData\TEMP => ":18A25CF1" ADS removed successfully.
C:\ProgramData\TEMP => ":1A14B3AF" ADS removed successfully.
C:\ProgramData\TEMP => ":1A8854EC" ADS removed successfully.
C:\ProgramData\TEMP => ":220E9B9E" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":3969ACF7" ADS removed successfully.
C:\ProgramData\TEMP => ":3EC5BC08" ADS removed successfully.
C:\ProgramData\TEMP => ":426DA7EE" ADS removed successfully.
C:\ProgramData\TEMP => ":43D2A298" ADS removed successfully.
C:\ProgramData\TEMP => ":454191C8" ADS removed successfully.
C:\ProgramData\TEMP => ":46EF121E" ADS removed successfully.
C:\ProgramData\TEMP => ":4DDE401B" ADS removed successfully.
C:\ProgramData\TEMP => ":566B9179" ADS removed successfully.
C:\ProgramData\TEMP => ":574F975B" ADS removed successfully.
C:\ProgramData\TEMP => ":5A9F1AE5" ADS removed successfully.
C:\ProgramData\TEMP => ":6F39FFF1" ADS removed successfully.
C:\ProgramData\TEMP => ":6F604181" ADS removed successfully.
C:\ProgramData\TEMP => ":7E1E8D30" ADS removed successfully.
C:\ProgramData\TEMP => ":86B7FDDB" ADS removed successfully.
C:\ProgramData\TEMP => ":88AFFAC5" ADS removed successfully.
C:\ProgramData\TEMP => ":997DA6D7" ADS removed successfully.
C:\ProgramData\TEMP => ":9A2BCF11" ADS removed successfully.
C:\ProgramData\TEMP => ":A52D07E2" ADS removed successfully.
C:\ProgramData\TEMP => ":AA632E81" ADS removed successfully.
C:\ProgramData\TEMP => ":AE34D87E" ADS removed successfully.
C:\ProgramData\TEMP => ":AF465248" ADS removed successfully.
C:\ProgramData\TEMP => ":B9C6EB6C" ADS removed successfully.
C:\ProgramData\TEMP => ":D7F8D8A2" ADS removed successfully.
C:\ProgramData\TEMP => ":D7FCDDBE" ADS removed successfully.
C:\ProgramData\TEMP => ":DBB979D4" ADS removed successfully.
C:\ProgramData\TEMP => ":E8AEB2BF" ADS removed successfully.
C:\ProgramData\TEMP => ":F817E159" ADS removed successfully.
C:\ProgramData\TEMP => ":FD7DCDA6" ADS removed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKU\S-1-5-21-160548165-633373374-2119887351-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b335a00-8489-11e4-90a8-d850e6e3c269}" => key removed successfully
HKCR\CLSID\{4b335a00-8489-11e4-90a8-d850e6e3c269} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf <==== ATTENTION => not found
ALSysIO => service removed successfully
cpuz137 => service removed successfully
EmptyTemp: => 887.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:03:11 ====
GlyphSun is offline  
Old 03-26-2016, 01:02 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, GlyphSun. What problem was fixed, what other(s) remain?

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-26-2016, 03:23 PM   #11
Registered Member
 
Join Date: Mar 2016
Posts: 19
OS: Windows 7



Hey Chemist. The main problems I observed - trouble with display on certain websites and the submit page on deviantart - appear to be working normally again. Everything else that occurred was random in the first place, so it's difficult for me to identify if they have been fixed, but the obvious things that caught my attention in the first place certainly seem to be behaving as they should, now.

The computer did not ask me for a restart after the initial scan, using Malwarebytes but to be on the safe side, I restarted manually.
Here are the files you asked for.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 26/03/2016
Scan Time: 21:35
Logfile: malwarebytesscan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.26.06
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: SarahT

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 392459
Time Elapsed: 21 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR, Quarantined, [69f57f0d27728fa7effca894659f23dd],

Registry Values: 5
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130516233834866661, Quarantined, [b5a9cac2b5e4bd7920cab983ed17ae52]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130516233834866661, Quarantined, [3a247616653459dd8b5f1c204aba2ad6]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130516233834866661, Quarantined, [e678b5d7aaef37ffd3174deff1139c64]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130516233834866661, Quarantined, [c29c7e0e5d3c78be5c8e6ad2a26240c0]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130516233834866661, Quarantined, [69f57f0d27728fa7effca894659f23dd]

Registry Data: 0
(No malicious items detected)

Folders: 49
PUP.Optional.MultiPlug.Gen, C:\ProgramData\16740106336564517419, Quarantined, [c797622a4356e452fff4ab523ec5fd03],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ar, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\bg, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ca, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\cs, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\da, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\de, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\el, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_GB, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_US, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es_419, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\et, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\eu, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fi, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fil, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fr, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\he, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hi, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hr, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hu, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\id, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\it, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ja, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ko, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lt, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lv, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ms, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\nl, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\no, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pl, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_BR, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_PT, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ro, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ru, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sk, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sl, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sr, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sv, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\th, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\tr, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\uk, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\vi, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_CN, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_TW, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_metadata, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf, Quarantined, [69f5b0dc79207abca0f396be0df8a858],

Files: 48
PUP.Optional.MultiPlug.Gen, C:\ProgramData\16740106336564517419\9cd147823b2713ebfc2711cd4287cb63.ini, Quarantined, [c797622a4356e452fff4ab523ec5fd03],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\manifest.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\128.png, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ar\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\bg\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ca\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\cs\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\da\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\de\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\el\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_GB\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_US\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es_419\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\et\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\eu\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fi\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fil\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fr\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\he\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hi\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hr\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hu\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\id\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\it\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ja\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ko\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lt\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lv\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ms\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\nl\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\no\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pl\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_BR\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_PT\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ro\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ru\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sk\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sl\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sr\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sv\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\th\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\tr\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\uk\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\vi\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_CN\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_TW\messages.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],
PUP.Optional.HijackModifiedExtension, C:\Users\SarahT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_metadata\verified_contents.json, Quarantined, [69f5b0dc79207abca0f396be0df8a858],

Physical Sectors: 0
(No malicious items detected)


(end)

I am now running the ESET ONLINE SCANNER, which appears to take much longer and is not yet complete. May I get back to you later with that?
GlyphSun is offline  
Old 03-27-2016, 05:57 AM   #12
Registered Member
 
Join Date: Mar 2016
Posts: 19
OS: Windows 7



The ESET scan is complete, here are the list of threats. (I saw the word Trojan a couple of times).

C:\AdwCleaner\Quarantine\C\Program Files (x86)\sweetpacks bundle uninstaller\uninstaller.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a9e09d1-40169da6 multiple threats
C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\36f74752-6670686e multiple threats
C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6c2d0616-2b0fd9aa multiple threats
C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\19cfbc03-63925fea multiple threats
C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\2505fee4-24ac0067 Java/Exploit.Agent.RUB trojan
C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\38ed8ca9-5c12414f multiple threats
C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\63184baf-4442be40 multiple threats
C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\1f8bad3d-4860d8ed Java/Exploit.Agent.RUC trojan
C:\Users\SarahT\AppData\LocalLow\Sun\Java\jre1.7.0_55\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
GlyphSun is offline  
Old 03-27-2016, 01:12 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, GlyphSun. No worries. We are going to take care of those shortly.

Glad the machine is behaving normally again.

------------------------------------------------------

Your Windows 7 User Account Control UAC has been disabled. Sometimes, malware disables it, sometimes the end user does.

Please read this

Before you go any further, protect this system and re-enable that feature. Click Start > Control Panel > User Accounts > Change User Account Control settings and set it back to Always Notify.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a9e09d1-40169da6"
"C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\36f74752-6670686e"
"C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6c2d0616-2b0fd9aa"
"C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\19cfbc03-63925fea"
"C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\2505fee4-24ac0067"
"C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\38ed8ca9-5c12414f"
"C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\63184baf-4442be40"
"C:\Users\SarahT\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\1f8bad3d-4860d8ed"
"C:\Users\SarahT\AppData\LocalLow\Sun\Java\jre1.7.0_55\java_sp.dll"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

"C:\Program Files (x86)\sweetpacks bundle uninstaller"

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-27-2016, 03:30 PM   #14
Registered Member
 
Join Date: Mar 2016
Posts: 19
OS: Windows 7



It's a relief to see it behaving more like it used to, thanks to you guys.
Have done what you said.

It says:
Deleted successfully!!
Press any key to continue...

When I did so, the box vanished.
GlyphSun is offline  
Old 03-27-2016, 07:34 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

Help BleepingComputer Defend Freedom of Speech

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Support - Windows Help

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 03-28-2016, 08:39 AM   #16
Registered Member
 
Join Date: Mar 2016
Posts: 19
OS: Windows 7



Thank you MASSIVELY for all your help, I really appreciate it, and will most definitely contribute to the bleeping computer cause as soon as I can.

It surprises me just how little I actually understood about how these threats affect computers, so I have a lot of readng to do. Have kept the programs you said to and am currently working on un-installing the others (AdwareCleaner keeps popping up in my quarantine for some reason, but I'm sure I can get rid of it next time I open my computer.)

Thank you again, hopefully I will try and avoid these problems in future.
GlyphSun is offline  
Old 03-28-2016, 10:53 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, GlyphSun! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Used RealPlayer Download, various threats
Since using RealPlayer to download video from a web page, I noticed the C/Documents and settings/network service, folder has been working over time. Its cookies folder is constantly filling up with "@system.blah blah blah" and is accompanied by several serious threats: jpeg attached.. This is...
musodude Resolved HJT Threads 13 04-07-2012 06:49 PM
[SOLVED] WinXP SP3; IPC error, Shutdown Issues and Taskbar Color issues
Reposting from this link as advised: https://www.techsupportforum.com/forums/f10/external-drive-cam-detection-task-bar-going-grey-627991.html Hi Experts, I wanted to be update to get best performance and removed some services from running along with changes to MSconfig and ended up in...
protocoder Resolved HJT Threads 22 02-18-2012 04:04 AM
BSOD on win7
Hi I have been suffering from this problem for 3 months and I hope to find a solution here. OS: win 7 x64 bit age of system (hardware): 3 years CPU: intel core 2 due 3gz/6 mb cash VGA: ATI 5750 gigabyte Motherboard: gigabyte p45 DDR3 Power Supply: FSP saga +450 wtt I've attached the...
D I M M U 666 BSOD, App Crashes And Hangs 2 01-19-2012 05:12 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:35 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts