Rootkit.Fileless.MTGen removed, still having problems

[beccabrr]

I started experiencing problems with my PC, running Windows Vista, when I started using the Firefox browser because I got a warning from Google Chrome.  I still had problems when I returned to Chrome.  I ran MBAM, which identified Rootkit.Fileless.MTGen.  I removed it (eventually, oops) but the problems persist.  

 

I posted here and was advised to run the Farbar Recovery Scan Tool, which I just did.

 

It created this log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01

Ran by becca (administrator) on BECCA-PC (08-03-2016 09:04:33)

Running from C:\Users\becca\Desktop

Loaded Profiles: becca (Available Profiles: becca)

Platform: Windows Vista Home Premium Service Pack 2 (X64) Language: English (United States)

Internet Explorer Version 9 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

(ABBYY Production LLC) C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Andrea Electronics Corporation) C:\Windows\System32\AERTSr64.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Backblaze\bzserv.exe

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Realtek Semiconductor) C:\Windows\RAVCpl64.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

() C:\Program Files (x86)\Backblaze\bzbui.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Spotify Ltd) C:\Users\becca\AppData\Roaming\Spotify\SpotifyWebHelper.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

(Microsoft Corporation) C:\Windows\System32\RacAgent.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-06-27] (Realtek Semiconductor)

HKLM\...\Run: [skytel] => Skytel.exe

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169744 2015-09-12] (Apple Inc.)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2991280784-2447642418-4385585-1000\...\Run: [ABBYY Screenshot Reader Bonus] => [X]

HKU\S-1-5-21-2991280784-2447642418-4385585-1000\...\Run: [backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [490176 2015-05-18] ()

HKU\S-1-5-21-2991280784-2447642418-4385585-1000\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

HKU\S-1-5-21-2991280784-2447642418-4385585-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-2991280784-2447642418-4385585-1000\...\Run: [spotify Web Helper] => C:\Users\becca\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524848 2016-03-05] (Spotify Ltd)

HKU\S-1-5-21-2991280784-2447642418-4385585-1000\...\Run: [spotify] => C:\Users\becca\AppData\Roaming\Spotify\Spotify.exe [6754928 2016-03-05] (Spotify Ltd)

HKU\S-1-5-21-2991280784-2447642418-4385585-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

HKU\S-1-5-21-2991280784-2447642418-4385585-1000\...\Run: [**b555682a<*>] => C:\Users\becca\AppData\Local\ifex\TaNPyEub.aYS9g [ ] () <===== ATTENTION (Value Name with invalid characters)

HKU\S-1-5-21-2991280784-2447642418-4385585-1000\...\MountPoints2: {e1a44246-911d-11e3-a980-0024e80fdf08} - E:\MI.exe

HKU\S-1-5-18\...\Run: [backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [490176 2015-05-18] ()

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File

Startup: C:\Users\becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-01-03]

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

Tcpip\..\Interfaces\{114D99C6-8D4B-440C-B0B9-7B61DFB5FC16}: [DhcpNameServer] 10.0.0.1

 

Internet Explorer:

==================

SearchScopes: HKLM-x32 -> DefaultScope value is missing

SearchScopes: HKU\S-1-5-21-2991280784-2447642418-4385585-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

 

FireFox:

========

FF ProfilePath: C:\Users\becca\AppData\Roaming\Mozilla\Firefox\Profiles\dq9ivhhk.default-1453568512458

FF DefaultSearchEngine.US: Google

FF Homepage: hxxps://my.yahoo.com/?mkg=015

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()

FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-03] (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MI1933~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MI1933~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-13] [not signed]

 

Chrome: 

=======

CHR HomePage: Default -> hxxps://my.yahoo.com/?mkg=015

CHR StartupUrls: Default -> "hxxps://my.yahoo.com/?mkg=015","hxxp://www.key-find.com/?type=hp&ts=1396739704&from=amt&uid=ST3500418AS_Z2A3HZLJXXXXZ2A3HZLJ"

CHR Profile: C:\Users\becca\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\becca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (Chrome Web Store Payments) - C:\Users\becca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)

R2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [764216 2013-06-14] (ABBYY Production LLC)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 AERTFilters; C:\Windows\system32\AERTSr64.exe [86016 2008-02-15] (Andrea Electronics Corporation)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)

R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [235712 2015-05-18] ()

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)

R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)

R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-08 09:04 - 2016-03-08 09:09 - 00017307 _____ C:\Users\becca\Desktop\FRST.txt

2016-03-08 09:03 - 2016-03-08 09:04 - 00000000 ____D C:\FRST

2016-03-08 09:01 - 2016-03-08 09:00 - 02374144 _____ (Farbar) C:\Users\becca\Desktop\FRST64.exe

2016-03-08 08:40 - 2016-03-08 08:43 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat

2016-03-01 19:33 - 2016-03-01 19:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-03-01 19:31 - 2016-03-02 05:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-03-01 19:31 - 2016-03-01 19:31 - 00000900 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2016-03-01 19:31 - 2016-03-01 19:31 - 00000888 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2016-03-01 19:29 - 2016-03-01 19:30 - 45702448 _____ C:\Users\becca\Downloads\Firefox Setup 43.0.1.exe

2016-02-29 21:35 - 2016-02-29 21:42 - 00000000 ____D C:\ProgramData\SecTaskMan

2016-02-29 21:34 - 2016-02-29 21:34 - 02828328 _____ C:\Users\becca\Downloads\SecurityTaskManager_Setup.exe

2016-02-27 17:41 - 2016-02-27 17:41 - 00000000 ____D C:\Users\becca\AppData\Local\ifex

2016-02-15 13:23 - 2016-02-15 13:23 - 07155282 _____ C:\Users\becca\Downloads\20-faces.-Flat-gesign..zip

2016-02-15 13:22 - 2016-02-15 13:23 - 22572244 _____ C:\Users\becca\Downloads\Summer-trip.-Icons-banners-seamless.zip

2016-02-15 13:22 - 2016-02-15 13:23 - 18674363 _____ C:\Users\becca\Downloads\Music-flat-instruments-illustrations.zip

2016-02-15 13:22 - 2016-02-15 13:21 - 00085633 _____ C:\Users\becca\Downloads\SAYA-FY-Medium-Italic.zip

2016-02-10 08:17 - 2016-01-07 10:27 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2016-02-10 08:16 - 2016-01-09 12:06 - 00501760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2016-02-10 08:16 - 2016-01-09 11:42 - 00659968 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2016-02-10 08:15 - 2016-01-29 22:09 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll

2016-02-10 08:15 - 2016-01-29 21:44 - 01915392 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2016-02-10 08:10 - 2016-02-01 12:25 - 01589376 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2016-02-10 08:10 - 2016-02-01 12:25 - 01171696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2016-02-10 08:10 - 2016-01-29 22:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2016-02-10 08:10 - 2016-01-29 22:09 - 00679424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2016-02-10 08:10 - 2016-01-29 22:09 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll

2016-02-10 08:10 - 2016-01-29 22:09 - 00324608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdohlp.dll

2016-02-10 08:10 - 2016-01-29 22:09 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll

2016-02-10 08:10 - 2016-01-29 22:09 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll

2016-02-10 08:10 - 2016-01-29 22:09 - 00217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax

2016-02-10 08:10 - 2016-01-29 22:09 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbeio.dll

2016-02-10 08:10 - 2016-01-29 22:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2016-02-10 08:10 - 2016-01-29 22:09 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2016-02-10 08:10 - 2016-01-29 22:08 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll

2016-02-10 08:10 - 2016-01-29 22:08 - 00119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrecst.dll

2016-02-10 08:10 - 2016-01-29 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll

2016-02-10 08:10 - 2016-01-29 22:08 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSNP.ax

2016-02-10 08:10 - 2016-01-29 22:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax

2016-02-10 08:10 - 2016-01-29 22:08 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax

2016-02-10 08:10 - 2016-01-29 22:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasads.dll

2016-02-10 08:10 - 2016-01-29 22:08 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasdatastore.dll

2016-02-10 08:10 - 2016-01-29 22:07 - 00802304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2016-02-10 08:10 - 2016-01-29 21:48 - 04693952 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-02-10 08:10 - 2016-01-29 21:44 - 01304576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2016-02-10 08:10 - 2016-01-29 21:44 - 00560128 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll

2016-02-10 08:10 - 2016-01-29 21:44 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll

2016-02-10 08:10 - 2016-01-29 21:44 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll

2016-02-10 08:10 - 2016-01-29 21:44 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll

2016-02-10 08:10 - 2016-01-29 21:44 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2016-02-10 08:10 - 2016-01-29 21:44 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax

2016-02-10 08:10 - 2016-01-29 21:44 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2016-02-10 08:10 - 2016-01-29 21:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll

2016-02-10 08:10 - 2016-01-29 21:44 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll

2016-02-10 08:10 - 2016-01-29 21:44 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax

2016-02-10 08:10 - 2016-01-29 21:44 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax

2016-02-10 08:10 - 2016-01-29 21:44 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2016-02-10 08:10 - 2016-01-29 21:44 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2016-02-10 08:10 - 2016-01-29 21:43 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2016-02-10 08:10 - 2016-01-29 21:43 - 01067008 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2016-02-10 08:10 - 2016-01-29 21:43 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll

2016-02-10 08:10 - 2016-01-29 21:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax

2016-02-10 08:10 - 2016-01-29 21:43 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2016-02-10 08:10 - 2016-01-29 21:43 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll

2016-02-10 08:10 - 2016-01-29 21:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll

2016-02-10 08:10 - 2016-01-29 20:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe

2016-02-10 08:10 - 2016-01-29 20:33 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2016-02-10 08:10 - 2016-01-29 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iashost.exe

2016-02-10 08:10 - 2016-01-29 20:24 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2016-02-10 08:10 - 2016-01-29 20:24 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2016-02-10 08:10 - 2016-01-29 20:24 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2016-02-10 08:09 - 2016-01-07 10:32 - 02799104 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2016-02-10 07:38 - 2016-01-25 00:35 - 17894400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-02-10 07:38 - 2016-01-25 00:33 - 02351104 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-02-10 07:38 - 2016-01-25 00:28 - 10938880 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-02-10 07:38 - 2016-01-25 00:27 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-02-10 07:38 - 2016-01-25 00:27 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-02-10 07:38 - 2016-01-25 00:27 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2016-02-10 07:38 - 2016-01-25 00:26 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2016-02-10 07:38 - 2016-01-25 00:26 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-02-10 07:38 - 2016-01-25 00:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2016-02-10 07:38 - 2016-01-25 00:25 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2016-02-10 07:38 - 2016-01-25 00:25 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2016-02-10 07:38 - 2016-01-25 00:25 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-02-10 07:38 - 2016-01-25 00:25 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2016-02-10 07:38 - 2016-01-25 00:25 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2016-02-10 07:38 - 2016-01-25 00:25 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2016-02-10 07:38 - 2016-01-25 00:25 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2016-02-10 07:38 - 2016-01-25 00:25 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2016-02-10 07:38 - 2016-01-25 00:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2016-02-10 07:38 - 2016-01-25 00:25 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2016-02-10 07:38 - 2016-01-25 00:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2016-02-10 07:38 - 2016-01-25 00:25 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2016-02-10 07:38 - 2016-01-25 00:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2016-02-10 07:38 - 2016-01-24 23:59 - 01815552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2016-02-10 07:38 - 2016-01-24 23:57 - 12391424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2016-02-10 07:38 - 2016-01-24 23:55 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2016-02-10 07:38 - 2016-01-24 23:54 - 09753600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2016-02-10 07:38 - 2016-01-24 23:54 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2016-02-10 07:38 - 2016-01-24 23:53 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2016-02-10 07:38 - 2016-01-24 23:52 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2016-02-10 07:38 - 2016-01-24 23:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2016-02-10 07:38 - 2016-01-24 23:52 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2016-02-10 07:38 - 2016-01-24 23:52 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2016-02-10 07:38 - 2016-01-24 23:52 - 00424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2016-02-10 07:38 - 2016-01-24 23:52 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2016-02-10 07:38 - 2016-01-24 23:52 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2016-02-10 07:38 - 2016-01-24 23:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2016-02-10 07:38 - 2016-01-24 23:51 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2016-02-10 07:38 - 2016-01-24 23:51 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2016-02-10 07:38 - 2016-01-24 23:51 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2016-02-10 07:38 - 2016-01-24 23:51 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2016-02-10 07:38 - 2016-01-24 23:51 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2016-02-10 07:38 - 2016-01-24 23:51 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2016-02-10 07:38 - 2016-01-24 23:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2016-02-10 07:38 - 2016-01-24 23:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-08 09:01 - 2012-07-12 16:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-03-08 08:43 - 2015-05-16 11:47 - 00000000 ____D C:\Users\becca\AppData\Local\Spotify

2016-03-08 08:43 - 2015-05-16 11:46 - 00000000 ____D C:\Users\becca\AppData\Roaming\Spotify

2016-03-08 08:42 - 2012-08-03 14:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-03-08 08:39 - 2012-07-12 16:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-03-08 08:39 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2016-03-08 08:39 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2016-03-08 08:38 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-03-07 23:48 - 2006-11-02 10:42 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2016-03-07 23:23 - 2014-07-13 15:15 - 00000680 _____ C:\Users\becca\AppData\Local\d3d9caps.dat

2016-03-07 21:12 - 2014-07-15 01:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-03-07 17:13 - 2012-07-22 05:29 - 00000000 ____D C:\Users\becca\Documents\computer stuff

2016-03-03 15:50 - 2012-07-13 02:32 - 00000000 ____D C:\Users\becca\Documents\UU Stuff

2016-03-02 16:11 - 2014-04-05 21:10 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-03-02 16:11 - 2014-04-05 21:10 - 00002025 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-02-29 22:23 - 2012-07-13 00:09 - 00000000 ____D C:\Windows\PCHEALTH

2016-02-29 12:11 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf

2016-02-29 12:11 - 2006-11-02 07:46 - 00802432 _____ C:\Windows\system32\PerfStringBackup.INI

2016-02-26 12:29 - 2012-08-03 19:43 - 00000000 ____D C:\Users\becca\Documents\My Kindle Content

2016-02-25 09:38 - 2012-07-12 16:09 - 00001945 _____ C:\Windows\epplauncher.mif

2016-02-25 09:38 - 2012-07-12 16:09 - 00001826 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2016-02-25 09:36 - 2012-07-12 16:08 - 00000000 ____D C:\Program Files\Microsoft Security Client

2016-02-25 09:36 - 2012-07-12 16:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2016-02-24 19:32 - 2013-09-21 12:13 - 00000000 ____D C:\Users\becca\Documents\receipts

2016-02-23 15:05 - 2012-07-22 05:29 - 00000000 ____D C:\Users\becca\Documents\Health Info

2016-02-15 16:10 - 2014-01-01 23:14 - 00000000 ____D C:\Users\becca\AppData\Roaming\vlc

2016-02-12 19:16 - 2012-08-03 19:43 - 00002018 _____ C:\Users\becca\Desktop\Kindle.lnk

2016-02-11 09:18 - 2016-01-11 20:33 - 00000000 ____D C:\Users\becca\Documents\Vegas Movie Studio HD Platinum 11.0 Projects

2016-02-10 21:08 - 2012-07-13 02:57 - 00218112 _____ C:\Users\becca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2016-02-10 09:40 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache

2016-02-10 09:20 - 2006-11-02 10:21 - 00453264 _____ C:\Windows\system32\FNTCACHE.DAT

2016-02-10 09:18 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Journal

2016-02-10 09:18 - 2006-11-02 10:07 - 00000000 ____D C:\Program Files\Windows Collaboration

2016-02-10 08:37 - 2013-08-15 02:38 - 00000000 ____D C:\Windows\system32\MRT

2016-02-10 08:23 - 2006-11-02 07:35 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2016-02-10 08:22 - 2006-11-02 07:34 - 00000240 _____ C:\Windows\win.ini

2016-02-09 20:42 - 2012-08-03 14:59 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-02-09 20:42 - 2012-07-12 16:35 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-02-09 20:42 - 2012-07-12 16:35 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

 

==================== Files in the root of some directories =======

 

2013-11-09 15:00 - 2013-11-09 15:00 - 0000604 ____H () C:\Program Files (x86)\_Z2

2013-11-09 13:49 - 2013-11-09 14:56 - 0175468 _____ () C:\Users\becca\AppData\Roaming\AvidLicenseControl_Install.log

2014-01-23 07:15 - 2014-01-23 07:16 - 0000159 _____ () C:\Users\becca\AppData\Roaming\settings.xml

2014-07-13 15:15 - 2016-03-07 23:23 - 0000680 _____ () C:\Users\becca\AppData\Local\d3d9caps.dat

2012-07-12 14:03 - 2012-07-12 14:03 - 0000732 _____ () C:\Users\becca\AppData\Local\d3d9caps64.dat

2012-07-13 02:57 - 2016-02-10 21:08 - 0218112 _____ () C:\Users\becca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-11-09 13:47 - 2013-11-09 13:48 - 0423848 _____ () C:\Users\becca\AppData\Local\dd_vcredistMSI2D89.txt

2013-11-09 13:48 - 2013-11-09 13:48 - 0437274 _____ () C:\Users\becca\AppData\Local\dd_vcredistMSI2DF5.txt

2013-11-09 13:48 - 2013-11-09 13:49 - 0438642 _____ () C:\Users\becca\AppData\Local\dd_vcredistMSI2E53.txt

2014-01-06 13:28 - 2014-01-06 13:28 - 0433118 _____ () C:\Users\becca\AppData\Local\dd_vcredistMSI522C.txt

2013-11-09 14:56 - 2013-11-09 14:56 - 0372538 _____ () C:\Users\becca\AppData\Local\dd_vcredistMSI61C5.txt

2013-11-09 14:56 - 2013-11-09 14:56 - 0355940 _____ () C:\Users\becca\AppData\Local\dd_vcredistMSI61E0.txt

2013-11-09 13:47 - 2013-11-09 13:48 - 0011646 _____ () C:\Users\becca\AppData\Local\dd_vcredistUI2D89.txt

2013-11-09 13:48 - 2013-11-09 13:48 - 0011598 _____ () C:\Users\becca\AppData\Local\dd_vcredistUI2DF5.txt

2013-11-09 13:48 - 2013-11-09 13:49 - 0011462 _____ () C:\Users\becca\AppData\Local\dd_vcredistUI2E53.txt

2014-01-06 13:28 - 2014-01-06 13:28 - 0017010 _____ () C:\Users\becca\AppData\Local\dd_vcredistUI522C.txt

2013-11-09 14:56 - 2013-11-09 14:56 - 0012238 _____ () C:\Users\becca\AppData\Local\dd_vcredistUI61C5.txt

2013-11-09 14:56 - 2013-11-09 14:56 - 0012174 _____ () C:\Users\becca\AppData\Local\dd_vcredistUI61E0.txt

2015-01-18 17:25 - 2015-01-18 17:30 - 0000079 _____ () C:\Users\becca\AppData\Local\DVDPATH.TXT

 

Files to move or delete:

====================

C:\Users\becca\AppData\Local\ifex\TaNPyEub.aYS9g

 

 

Some files in TEMP:

====================

C:\Users\becca\AppData\Local\Temp\vlc-2.2.1-win32.exe

C:\Users\becca\AppData\Local\Temp\_is5E74.exe

C:\Users\becca\AppData\Local\Temp\_isACD2.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-03-08 08:45

 

==================== End of FRST.txt ============================

 

 

as well as this one:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by becca (2016-03-08 09:12:04)

Running from C:\Users\becca\Desktop

Windows Vista Home Premium Service Pack 2 (X64) (2012-07-13 00:55:00)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2991280784-2447642418-4385585-500 - Administrator - Disabled)

becca (S-1-5-21-2991280784-2447642418-4385585-1000 - Administrator - Enabled) => C:\Users\becca

Guest (S-1-5-21-2991280784-2447642418-4385585-501 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}

AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)

ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden

ABBYY PDF Transformer 3.0 (HKLM-x32\...\ABBYY PDF Transformer 3.0) (Version: 3.00.502.68015 - ABBYY)

ABBYY PDF Transformer 3.0 (Version: 3.00.502.68015 - ABBYY) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)

Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)

Amazon Kindle (HKU\S-1-5-21-2991280784-2447642418-4385585-1000\...\Amazon Kindle) (Version: 1.14.1.43029 - Amazon)

Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.238 - Amazon)

Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

ArcSoft MediaImpression for Kodak (HKLM-x32\...\{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}) (Version: 1.5.24.586 - ArcSoft)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

Backblaze (HKLM-x32\...\Backblaze) (Version:  - Backblaze, Inc)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

calibre (HKLM-x32\...\{5A119A69-9ACD-4287-97FB-1EC30DE71459}) (Version: 2.31.0 - Kovid Goyal)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)

DVD Architect Studio 5.0 (HKLM-x32\...\{0489621E-DE2A-11E0-93EA-F04DA23A5C58}) (Version: 5.0.156 - Sony)

Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version:  - )

Epson Easy Photo Print 2 (HKLM-x32\...\{C1A0A3F9-C302-4A18-A2E0-71C927D24652}) (Version: 2.2.3.1 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version:  - SEIKO EPSON Corporation)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden

Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)

Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)

Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version:  - SEIKO EPSON Corporation)

Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.75 - Google Inc.)

Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )

InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )

iTunes (HKLM\...\{CEC7613B-E286-4A31-BEE3-3F7798488D9F}) (Version: 12.1.3.6 - Apple Inc.)

iZotope Audio Enhancer (HKLM-x32\...\iZotope Audio Enhancer_is1) (Version: 1.00 - iZotope, Inc.)

Jacquie Lawson Alpine Advent Calendar (HKLM-x32\...\JLAdventCalendarAlpine2012) (Version: 1.0.2 - MicroCourt Limited)

Jacquie Lawson Alpine Advent Calendar (x32 Version: 1.0.2 - MicroCourt Limited) Hidden

Jacquie Lawson Christmas Market (HKLM-x32\...\com.jacquielawson.marketadventcalendar2014) (Version: 1.0.1 - MicroCourt Limited)

Jacquie Lawson Christmas Market (x32 Version: 1.0.1 - MicroCourt Limited) Hidden

Jacquie Lawson Edwardian Advent Calendar (HKLM-x32\...\JLAdventCalendarEdwardian2013) (Version: 1.0.1 - MicroCourt Limited)

Jacquie Lawson Edwardian Advent Calendar (x32 Version: 1.0.1 - MicroCourt Limited) Hidden

Jacquie Lawson Victorian Calendar (HKLM-x32\...\com.jacquielawson.victorianadventcalendar2015) (Version: 1.0.0 - Microcourt Limited)

Jacquie Lawson Victorian Calendar (x32 Version: 1.0.0 - Microcourt Limited) Hidden

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)

Mahjong Solitaire Epic (HKLM-x32\...\{3F8A4C45-4CAA-42BD-9D43-2B358E803640}_is1) (Version: 1.0 - Kristanix Games)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)

Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)

MuseScore 2 (HKLM-x32\...\{D0969A82-E79E-45D9-95D2-B2824880F780}) (Version: 2.0.2 - Werner Schweer and Others)

NewBlue VideoFX for Sony Vegas MSPPS (HKLM-x32\...\NewBlue VideoFX for Sony Vegas MSPPS) (Version: 2.0 - NewBlue)

OverDrive for Windows (HKLM-x32\...\{C96D82F1-6CB0-42C2-8ED3-C3DD739E0280}) (Version: 3.4.0 - OverDrive, Inc.)

QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5653 - Realtek Semiconductor Corp.)

Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)

Sibelius 7.1.3.77 (HKLM\...\Sibelius 7.0.0.23_is1) (Version: 7.1.3.77 - Avid)

Sony Vocal Eraser (HKLM-x32\...\Sony Vocal Eraser_is1) (Version: 1.00 - iZotope, Inc.)

Sound Forge Audio Studio 10.0 (HKLM-x32\...\{0A013EA1-A1D3-11E0-8DCF-005056C00008}) (Version: 10.0.176 - Sony)

Spotify (HKU\S-1-5-21-2991280784-2447642418-4385585-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)

TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

Vegas Movie Studio HD Platinum 11.0 (HKLM-x32\...\{CE3DE3AE-F384-11E0-B00E-F04DA23A5C58}) (Version: 11.0.256 - Sony)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)

WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)

WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)

Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)

Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {222A27F6-EC78-4F8C-ACA2-EBEE6D6C5AAC} - System32\Tasks\{C0D66F4A-11E6-462B-8145-71343D1CDD1F} => pcalua.exe -a "C:\Users\becca\Downloads\Movie Studio plus\sfas10_vocaleraser.exe" -d "C:\Users\becca\Downloads\Movie Studio plus"

Task: {302AA98E-CA96-4903-8772-5525021F8409} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {38793D75-78C6-453C-8C1A-843B32B30C94} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {75B38ADB-B07C-4209-8B28-511D184154E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)

Task: {A24222F9-2A98-4C48-8802-E7593E755A29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)

Task: {B728448B-1261-423B-B960-9FDF392B749E} - System32\Tasks\{480C1508-99E6-457E-9D36-EA5DCD36D3CE} => pcalua.exe -a C:\Users\becca\Downloads\gs856w32.exe -d C:\Users\becca\Downloads

Task: {D193B3D3-2525-48A7-B5AC-4ABCE7F46717} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {DF8E1C6C-5BED-48F0-A88E-F363C26C8E67} - System32\Tasks\Leader Technologies\LTCM Client\New Message Check - becca => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2011-04-07] (Leader Technologies Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-01-27 12:18 - 2015-05-18 16:10 - 00235712 _____ () C:\Program Files (x86)\Backblaze\bzserv.exe

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2015-05-18 16:10 - 2015-05-18 16:10 - 00490176 _____ () C:\Program Files (x86)\Backblaze\bzbui.exe

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

::1             localhost

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2991280784-2447642418-4385585-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img24.jpg

DNS Servers: 10.0.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe

FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe

FirewallRules: [{3D57665A-DDD1-455A-AD17-A5D146466D17}] => (Allow) LPort=80

FirewallRules: [{C72141CB-1E71-466E-8AE8-98B4EA89CF16}] => (Allow) LPort=80

FirewallRules: [{5F7C493D-7197-4A08-A443-8EF7E506507F}] => (Allow) LPort=80

FirewallRules: [TCP Query User{11E412D0-2F41-4240-8438-45A041BDE015}D:\common\driver update\edupdate.exe] => (Allow) D:\common\driver update\edupdate.exe

FirewallRules: [uDP Query User{052E4D3F-615C-4D64-B87A-040A07FB10B5}D:\common\driver update\edupdate.exe] => (Allow) D:\common\driver update\edupdate.exe

FirewallRules: [{E0A9ED5E-1D28-4419-8819-CF9F2EF33766}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [{C7D86E63-F6A6-479B-B1CA-74B83658FACF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{F4EE4ACB-B674-4585-8C21-56719D8AFBF1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{5E45896B-1BA6-4D63-BD1A-639B30D62A7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{8DDD95B0-86D5-4BD4-BBE1-3129EC48E4EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [TCP Query User{8ED1FDF8-C7A1-4C01-A4AB-CF05BE5CAE37}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [uDP Query User{C18B1374-1885-4DAA-AAE2-AF73FACF7AAC}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [{D6A2677D-CE16-4A10-A6CD-0568CDF7D9D3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

FirewallRules: [{5F4A6CA0-C34A-4E0B-B377-A8E52B6D412C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

FirewallRules: [{A730037C-B217-446C-9662-626357A1F65D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{E880F418-4E5A-4BDA-9BA5-61C4863D0B4C}] => (Allow) LPort=2869

FirewallRules: [{A8D38395-6517-447E-9A56-E7B12BEC4E15}] => (Allow) LPort=1900

FirewallRules: [TCP Query User{50C48A62-31F0-4B96-9709-7C019880E2D5}C:\program files (x86)\musicreaderpdf\musicreader.exe] => (Block) C:\program files (x86)\musicreaderpdf\musicreader.exe

FirewallRules: [uDP Query User{ED064E86-623F-46E4-82D3-932ABE9A9953}C:\program files (x86)\musicreaderpdf\musicreader.exe] => (Block) C:\program files (x86)\musicreaderpdf\musicreader.exe

FirewallRules: [{4338DCDF-9DAA-4C97-9961-F5F18D33420F}] => (Allow) C:\Users\becca\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{C58B5028-4DF5-46AF-B7B2-604B29C4469C}] => (Allow) C:\Users\becca\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [TCP Query User{70EE29E5-344F-4DAF-BF91-195301FD599F}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe

FirewallRules: [uDP Query User{FFE99044-12F1-479D-950C-8EE2128A159E}C:\program files (x86)\torntv.com\torntv downloader.exe] => (Block) C:\program files (x86)\torntv.com\torntv downloader.exe

FirewallRules: [{5704F349-D1BE-4C1B-89DF-F2EB54CF0ED9}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe

FirewallRules: [{4B38720D-380E-41D3-BBF0-DCB2748EF4BE}] => (Allow) C:\Program Files\HitmanPro\HitmanPro.exe

FirewallRules: [{D3E5BDE5-D390-4B3C-B3BF-7A57CCDF7070}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [TCP Query User{E08E3DC7-9FDB-4796-A211-E6F137B4D5D5}C:\users\becca\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\becca\appdata\roaming\spotify\spotify.exe

FirewallRules: [uDP Query User{FDBDF0F3-C98C-485E-9F79-7D0A9DC50872}C:\users\becca\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\becca\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{DC11B3BC-E4AB-41AD-81D1-381335F4D715}C:\users\becca\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\becca\appdata\roaming\spotify\spotify.exe

FirewallRules: [uDP Query User{A6BF0FBD-CBB5-4B84-A468-3B6831358906}C:\users\becca\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\becca\appdata\roaming\spotify\spotify.exe

FirewallRules: [{8AC8A440-1456-45A2-B46D-529495D0D9E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{5BAA776E-9909-4608-A8FE-D1D545504CA9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{73481D69-6BE1-4946-9A9A-92426B2A4B42}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

12-02-2016 17:52:00 Scheduled Checkpoint

13-02-2016 12:01:18 Windows Update

14-02-2016 03:14:41 Scheduled Checkpoint

14-02-2016 18:33:46 Scheduled Checkpoint

16-02-2016 13:41:17 Windows Update

17-02-2016 18:29:44 Scheduled Checkpoint

18-02-2016 07:32:24 Scheduled Checkpoint

19-02-2016 00:00:01 Scheduled Checkpoint

20-02-2016 00:35:04 Scheduled Checkpoint

20-02-2016 01:44:27 Windows Update

21-02-2016 07:46:02 Scheduled Checkpoint

22-02-2016 14:51:26 Scheduled Checkpoint

23-02-2016 09:27:53 Windows Update

24-02-2016 14:05:45 Scheduled Checkpoint

25-02-2016 09:30:41 Windows Update

26-02-2016 00:00:00 Scheduled Checkpoint

26-02-2016 13:50:46 Scheduled Checkpoint

29-02-2016 06:39:15 Windows Update

02-03-2016 12:22:00 Microsoft Antimalware Checkpoint

03-03-2016 09:29:46 Windows Update

04-03-2016 15:28:05 Microsoft Antimalware Checkpoint

06-03-2016 13:15:19 Windows Update

07-03-2016 20:48:35 Microsoft Antimalware Checkpoint

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/08/2016 08:56:18 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program firefox.exe version 44.0.2.5884 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.

Process ID: 17c4

Start Time: 01d179415b35536d

Termination Time: 8

 

Error: (03/08/2016 08:40:34 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/07/2016 11:33:33 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

 

Error: (03/07/2016 11:33:28 PM) (Source: Perflib) (EventID: 1023) (User: )

Description: EmdCache4

 

Error: (03/07/2016 11:29:59 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/07/2016 08:48:31 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.

This is often caused by incorrect security settings in either the writer or requestor process.

 

 

Operation:

   Gathering Writer Data

 

Context:

   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

   Writer Name: System Writer

   Writer Instance ID: {3d7d12ae-6b5e-40ff-b2e6-6efa7d5cae30}

 

Error: (03/07/2016 05:25:12 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/07/2016 02:29:05 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/07/2016 08:48:20 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/07/2016 08:47:08 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\system32\bitsperf.dll4

 

 

System errors:

=============

Error: (03/07/2016 11:34:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Windows Update

 

Error: (03/07/2016 11:28:24 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)

Description: The print spooler failed to share printer PDF-XChange 4.0 for ABBYY with shared resource name PDF-XChange 4.0 for ABBYY. Error 2114. The printer cannot be used by others on the network.

 

Error: (03/07/2016 11:28:24 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)

Description: The print spooler failed to share printer Send to Kindle with shared resource name Send to Kindle. Error 2114. The printer cannot be used by others on the network.

 

Error: (03/06/2016 05:27:11 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

 

Error: (03/05/2016 10:28:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: WD Backup%%1053

 

Error: (03/05/2016 10:28:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000WD Backup

 

Error: (03/04/2016 09:01:27 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )

Description: %Ransom:JS/Brolo.C60 has encountered a critical error when taking action on malware or other potentially unwanted software.

 

For more information please see the following:

%Ransom:JS/Brolo.C603

 

Name: Ransom:JS/Brolo.C

 

ID: 2147696958

 

Severity: %Ransom:JS/Brolo.C600

 

Category: %Ransom:JS/Brolo.C602

 

Path: 4.9.0218.02

 

Detection Origin: 4.9.0218.04

 

Detection Type: 4.9.0218.08

 

Detection Source: %Ransom:JS/Brolo.C608

 

User: {A9A0AE89-3580-4231-A04B-8EB0309F0885}9

 

Process Name: %Ransom:JS/Brolo.C609

 

Action: {A9A0AE89-3580-4231-A04B-8EB0309F0885}1

 

Action Status:  {A9A0AE89-3580-4231-A04B-8EB0309F0885}8

 

Error Code: {A9A0AE89-3580-4231-A04B-8EB0309F0885}3

 

Error description: {A9A0AE89-3580-4231-A04B-8EB0309F0885}4

 

Signature Version: 2016-03-05T01:58:37.211Z1

 

Engine Version: 2016-03-05T01:58:37.211Z2

 

Error: (03/04/2016 10:00:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: WD Backup%%1053

 

Error: (03/04/2016 10:00:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000WD Backup

 

Error: (03/04/2016 02:00:52 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.215.35.0

 

Update Source: %NT AUTHORITY59

 

Update Stage: 4.9.0218.00

 

Source Path: 4.9.0218.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

 

CodeIntegrity:

===================================

  Date: 2016-03-08 09:08:57.639

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-08 09:08:57.167

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-08 09:08:56.746

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-08 09:08:56.334

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 21:23:56.670

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 21:23:56.456

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 21:23:56.244

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 21:23:55.761

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 21:23:55.550

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2016-03-07 21:23:55.287

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHz

Percentage of memory in use: 77%

Total physical RAM: 4084.27 MB

Available physical RAM: 910 MB

Total Virtual: 8395.78 MB

Available Virtual: 4841.4 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:465.76 GB) (Free:189.02 GB) NTFS ==>[drive with boot components (obtained from BCD)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B30B286C)

Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

 

 

 

 

 

[TwinHeadedEagle]

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

• We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
• Note that we may live in totally different time zones, what may cause some delays between answers.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 

---

Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.
 

---

Please re-run Malwarebytes' Anti-Malware.

• Click the History tab.
• Click Application Logs and double-click the newest Scan Log.
• At the bottom click Export and choose Text file.
• Save the file to your desktop and include its content in your next reply.

[beccabrr]

Thank you for your help.  I have attached the files you requested.

FRST.txt

Addition.txt

MBAMscanlog.txt

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

[beccabrr]

Thanks again.  I followed your instructions, and I'm replying because it looks like you want me to, but I'm not sure I still have a problem.

Fixlog.txt

[TwinHeadedEagle]

Malware should be gone now. Let's check with MalwareBytes?
 
Scan with Malwarebytes' Anti-Malware
 
Please re-run Malwarebytes' Anti-Malware.

• First of all, select update.
• Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
• In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
• Click the Scan tab, choose Threat Scan is checked and click Start Scan.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the newest Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

[beccabrr]

Thank you again.  I ran Malwarebytes again, and it detected no threats. (Yay!)  I have attached the scanlog from that scan.

MBAMscanlog2.txt

[TwinHeadedEagle]

Since there are no more problems, we can declare this PC clean

Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.

Step 1. - Creation of system restore point and tools removal.

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.

Tool deletes old system restore points and creates a fresh system restore point after cleaning.

Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.

Security tips - highly recommended reading:

• Simple and easy ways to keep your computer safe and secure on the Internet

Maintenance tips:

• Optimize Windows for better performance

Additional software that I personally use and install on all my clients devices:

• Malwarebytes' Anti-Malware (paid version highly recommended) - to scan your system from time to time in search for malware.
• Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
• McShield - to prevent infections spread by removable media.
• Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
• CryptoPrevent - tool for protection against Cryptolocker and similar ransomware infections.
• Adblock - to surf the web without annoying ads!
• Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.

My help is free for everybody.

If you're happy with the help provided and/or wish to show your appreciaton, please consider a donation:

Thank you!

Stay safe,

TwinHeadedEagle

[AdvancedSetup]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!