Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups and links are redirected - bdt.femurssculler.com Malware


  • This topic is locked This topic is locked
41 replies to this topic

#1 Iorek13

Iorek13

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 May 2016 - 02:36 PM

Hello,

 

I have been instructed to create another topic on this issue.  The original topic can be seen found here:  http://www.bleepingcomputer.com/forums/t/612984/advertisebdtfemursscullercom-malware/#entry3993526

 

 

I have some sort of malware that I just cannot get rid of. It only seems to be affecting Chrome as best I can tell. I am running Windows 7.

 

I am getting ad links on random phrases, ad pop ups, and ads opening in new tabs.

 

Malwarebytes continues to block links from bdt.femurssculler.com

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016 01
Ran by Zac4 (administrator) on ZAC-PC (05-05-2016 14:20:45)
Running from C:\Users\Zac4\Downloads
Loaded Profiles: Zac4 (Available Profiles: Zac2 & Admin & Zac4)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Cisco Consumer Products LLC) C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Spotify Ltd) C:\Users\Zac4\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Flux Software LLC) C:\Users\Zac4\AppData\Local\FluxSoftware\Flux\flux.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINME.EXE
(Dropbox, Inc.) C:\Users\Zac4\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
() C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razertra.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
(Razer Inc.) C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerofa.exe
() C:\Program Files (x86)\Razer\DeathAdderBlackEdition\vdDaemon.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Zac4\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4931\Agent.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2008-08-11] (LogMeIn, Inc.)
HKLM\...\Run: [Launch LgDevAgt] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [397320 2008-11-05] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2049544 2008-11-05] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [3837960 2008-11-05] (Logitech Inc.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8084000 2009-08-25] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248320 2011-03-21] ()
HKLM-x32\...\Run: [DeathAdderBlackEdition] => C:\Program Files (x86)\Razer\DeathAdderBlackEdition\razerhid.exe [246272 2011-03-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-04-27] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7391632 2016-05-04] (AVAST Software)
HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\...\Run: [Spotify Web Helper] => C:\Users\Zac4\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-02] (Spotify Ltd)
HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\...\Run: [F.lux] => C:\Users\Zac4\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\...\Run: [Google Update] => C:\Users\Zac4\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\...\Run: [Dropbox Update] => C:\Users\Zac4\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-26] (Dropbox, Inc.)
HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINME.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\...\MountPoints2: {775f6ec6-c11a-11e0-8c1c-00241dd92349} - E:\TL-Bootstrap.exe
HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\...\MountPoints2: {a598a9ff-8478-11e1-9f1d-00241dd92349} - E:\TL-Bootstrap.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-04] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zac4\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zac4\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zac4\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zac4\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zac4\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zac4\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Zac4\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\Users\Zac4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Zac4\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9E66DB99-0311-4296-A727-18489BAF8A29}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9F5E7FD3-2B81-4053-83CC-2BB38CB3BD98}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C3C9CFDD-8152-40CA-A725-18FE6BBE6448}: [DhcpNameServer] 208.59.247.45 208.59.247.46
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
URLSearchHook: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007 -> {1AD1B6CE-EEFD-4e31-B7CB-60DDD4013F00} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007 -> {D569381D-29F7-4252-9B04-ACB0AA33F4DC} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-05-04] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-29] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-04] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-29] (Oracle Corporation)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Zac4\AppData\Roaming\Mozilla\Firefox\Profiles\zyhtaiem.default
FF DefaultSearchEngine: Bing
FF DefaultSearchUrl: 
FF SelectedSearchEngine: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-11-23] (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Zac4\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)
FF Plugin-x32: @raidcall.kr/RCplugin -> C:\Users\Zac4\AppData\Roaming\RCKR\plugins\nprcplugin.dll [2012-08-09] (Raidcall)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\Zac4\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-05-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-05-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3931545373-1394790331-2704496205-1007: @talk.google.com/GoogleTalkPlugin -> C:\Users\Zac4\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3931545373-1394790331-2704496205-1007: @talk.google.com/O1DPlugin -> C:\Users\Zac4\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3931545373-1394790331-2704496205-1007: @tools.google.com/Google Update;version=3 -> C:\Users\Zac4\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3931545373-1394790331-2704496205-1007: @tools.google.com/Google Update;version=9 -> C:\Users\Zac4\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3931545373-1394790331-2704496205-1007: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-11-23] (Pando Networks)
FF Plugin HKU\S-1-5-21-3931545373-1394790331-2704496205-1007: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkTDA\npthinkorswim.dll [2014-09-04] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-3931545373-1394790331-2704496205-1007: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\nptossc.dll [2014-09-04] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2015-01-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2015-01-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Zac4\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-12-13] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Zac4\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Zac4\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-04] <==== ATTENTION
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={6E270652-CD78-11E2-9AF3-00241DD92349}
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Cast) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-25]
CHR Extension: (Google Search) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Netflix Rate) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecaaapiecdienibfgolcopgnicppkmhn [2014-07-28]
CHR Extension: (Google Sheets) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Google Docs Offline) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-19]
CHR Extension: (SlingPlayer Web Plug-in) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac [2015-03-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [370656 2016-05-04] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [375208 2012-07-12] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147368 2012-07-12] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-12-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-27] (Plays.tv, LLC)
R2 RaAutoInstSrv_AM10; C:\Program Files (x86)\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [528512 2010-02-19] (Cisco Consumer Products LLC)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [58368 2016-02-03] (Razer Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-05-05] (Enigma Software Group USA, LLC.)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2010-04-30] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AM10; C:\Windows\System32\DRIVERS\am10w7.sys [1101600 2010-02-13] (Ralink Technology Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-04] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-05-04] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [536312 2016-05-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-04] (AVAST Software)
S3 DABlackFltr; C:\Windows\System32\drivers\DABlack.sys [23040 2010-11-29] (Razer (Asia-Pacific) Pte Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-05] ()
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2008-10-15] (Logitech Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2008-08-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-05] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed]
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\eng64.sys [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\ex64.sys [2137304 2014-08-11] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 rt61x64; C:\Windows\System32\DRIVERS\WMP54Gv41x64.sys [362496 2007-06-26] (Ralink Technology Inc.)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2010-01-30] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2009-05-27] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-11-14] (Symantec Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-05 14:20 - 2016-05-05 14:22 - 00034186 _____ C:\Users\Zac4\Downloads\FRST.txt
2016-05-05 14:17 - 2016-05-05 14:20 - 00000000 ____D C:\FRST
2016-05-05 14:16 - 2016-05-05 14:16 - 02379776 _____ (Farbar) C:\Users\Zac4\Downloads\FRST64.exe
2016-05-05 08:52 - 2016-05-05 08:52 - 00003318 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-05-05 08:52 - 2016-05-05 08:52 - 00001087 _____ C:\Users\Zac4\Desktop\SpyHunter.lnk
2016-05-05 08:52 - 2016-05-05 08:52 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-05-05 08:52 - 2016-05-05 08:52 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\Enigma Software Group
2016-05-05 08:52 - 2016-05-05 08:52 - 00000000 ____D C:\sh4ldr
2016-05-05 08:51 - 2016-05-05 08:51 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-05-05 08:51 - 2016-05-05 08:51 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-05-05 08:38 - 2016-05-05 08:38 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Zac4\Downloads\SpyHunter-Installer (1).exe
2016-05-04 13:55 - 2016-05-04 13:55 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-04 13:55 - 2016-05-04 13:55 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-04 13:54 - 2016-05-05 14:15 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-04 13:54 - 2016-05-05 14:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-04 13:54 - 2016-05-04 13:54 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-04 13:54 - 2016-05-04 13:54 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-04 13:36 - 2016-05-04 13:36 - 00987728 _____ (Google Inc.) C:\Users\Zac4\Downloads\ChromeSetup.exe
2016-05-04 09:33 - 2016-05-04 09:33 - 03615296 _____ C:\Users\Zac4\Downloads\AdwCleaner.exe
2016-05-04 09:28 - 2016-05-04 09:28 - 01610816 _____ (Malwarebytes) C:\Users\Zac4\Downloads\JRT (1).exe
2016-05-04 09:10 - 2016-05-04 09:10 - 00003886 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1462371007
2016-05-04 09:10 - 2016-05-04 09:10 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-05-04 09:10 - 2016-05-04 09:10 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-05-04 09:09 - 2016-05-04 09:09 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-05-04 09:07 - 2016-05-04 09:07 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\AVAST Software
2016-05-04 09:05 - 2016-05-04 09:05 - 00001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-05-04 09:05 - 2016-05-04 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-05-04 09:04 - 2016-05-05 08:44 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-04 09:04 - 2016-05-04 09:04 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-05-04 09:04 - 2016-05-04 09:04 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-04 09:04 - 2016-05-04 09:03 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-05-04 09:04 - 2016-05-04 09:03 - 00536312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2016-05-04 09:04 - 2016-05-04 09:03 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-05-04 09:04 - 2016-05-04 09:03 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-05-04 09:04 - 2016-05-04 09:03 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-05-04 09:04 - 2016-05-04 09:03 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-05-04 09:04 - 2016-05-04 09:03 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-05-04 09:04 - 2016-05-04 09:03 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-05-04 09:04 - 2016-05-04 09:03 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-05-04 09:03 - 2016-05-04 09:03 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-05-04 09:03 - 2016-05-04 09:03 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-05-04 09:03 - 2016-05-04 09:03 - 00028312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2016-05-04 09:02 - 2016-05-04 09:09 - 00000000 ____D C:\Program Files\AVAST Software
2016-05-04 09:01 - 2016-05-04 09:09 - 00000000 ____D C:\ProgramData\AVAST Software
2016-05-04 09:01 - 2016-05-04 09:01 - 05139680 _____ (AVAST Software) C:\Users\Zac4\Downloads\avast_internet_security_setup_online.exe
2016-05-04 08:51 - 2016-05-04 08:51 - 00037349 _____ C:\Users\Zac4\Downloads\MTB.txt
2016-05-04 08:50 - 2016-05-04 08:50 - 00891392 _____ (Farbar) C:\Users\Zac4\Downloads\MiniToolBox.exe
2016-05-04 08:36 - 2016-05-04 08:36 - 11441168 _____ (SurfRight B.V.) C:\Users\Zac4\Downloads\hitmanpro_x64 (1).exe
2016-05-03 19:06 - 2016-05-03 19:06 - 00000000 _____ C:\autoexec.bat
2016-05-03 19:04 - 2016-05-03 19:04 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Zac4\Downloads\SpyHunter-Installer.exe
2016-05-03 18:16 - 2016-05-03 18:16 - 22851472 _____ (Malwarebytes ) C:\Users\Zac4\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-05-03 18:12 - 2016-05-03 18:13 - 22851472 _____ (Malwarebytes ) C:\Users\Zac4\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-03 18:11 - 2016-05-04 09:32 - 00001869 _____ C:\Users\Zac4\Desktop\JRT.txt
2016-05-03 18:07 - 2016-05-03 18:07 - 01610816 _____ (Malwarebytes) C:\Users\Zac4\Downloads\JRT.exe
2016-05-03 17:59 - 2016-05-03 17:59 - 03615296 _____ C:\Users\Zac4\Downloads\adwcleaner_5.115.exe
2016-05-02 21:17 - 2016-05-02 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
2016-05-02 21:17 - 2016-05-02 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2016-05-02 21:17 - 2016-05-02 21:17 - 00000000 ____D C:\ProgramData\ATI
2016-05-02 21:16 - 2016-05-05 08:45 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\PlaysTV
2016-05-02 21:14 - 2016-05-02 21:15 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-05-02 21:14 - 2016-05-02 21:14 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\library_dir
2016-05-02 21:13 - 2016-05-05 08:45 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\Raptr
2016-05-02 21:13 - 2016-05-02 21:15 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-05-02 21:13 - 2016-05-02 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-05-02 21:12 - 2016-05-02 21:12 - 00000000 ____D C:\Program Files (x86)\AMD
2016-05-02 21:03 - 2016-05-02 21:08 - 00000000 ____D C:\Program Files\AMD
2016-05-02 20:58 - 2016-05-02 20:58 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Zac4\Downloads\autodetectutility.exe
2016-05-02 20:57 - 2016-05-02 21:18 - 00000000 ____D C:\Users\Zac4\Documents\Overwatch
2016-05-02 20:38 - 2016-05-02 20:38 - 00001098 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-05-02 20:38 - 2016-05-02 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-05-02 19:38 - 2016-05-04 23:41 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-04-28 18:45 - 2016-04-28 18:45 - 00404940 _____ C:\Users\Zac4\Downloads\Aljex_fllw_invoice_private_59175_p1.pdf
2016-04-28 18:45 - 2016-04-28 18:45 - 00028160 _____ C:\Users\Zac4\Downloads\Aljex_fllw_invoice_private_59175_p3.msg
2016-04-28 17:15 - 2016-04-28 17:15 - 00204771 _____ C:\Users\Zac4\Downloads\2016 Sales Incentive (4).pptx
2016-04-26 15:25 - 2016-04-26 15:25 - 00028731 _____ C:\Users\Zac4\Downloads\Stereo HRS CDS (1).pdf
2016-04-26 15:16 - 2016-04-26 15:16 - 00002197 _____ C:\Users\Zac4\Downloads\4262016-15-16-29-ConnectExport.csv
2016-04-26 14:59 - 2016-04-26 14:59 - 00009010 _____ C:\Users\Zac4\Downloads\Q&A.xlsx
2016-04-26 14:56 - 2016-04-26 14:56 - 00045293 _____ C:\Users\Zac4\Downloads\RFI Package.xlsx
2016-04-26 14:37 - 2016-04-26 14:37 - 00028731 _____ C:\Users\Zac4\Downloads\Stereo HRS CDS.pdf
2016-04-26 14:20 - 2016-04-26 14:20 - 00000905 _____ C:\Users\Zac4\Downloads\4262016-14-19-59-ConnectExport.csv
2016-04-26 09:36 - 2016-04-26 09:36 - 00000234 _____ C:\Users\Zac4\Downloads\BulkUploadCsvTemplate.csv
2016-04-25 08:28 - 2016-04-25 08:28 - 00037120 _____ C:\Users\Zac4\Downloads\FOPRT01 042516 082540.PDF
2016-04-25 08:28 - 2016-04-25 08:28 - 00037120 _____ C:\Users\Zac4\Downloads\FOPRT01 042516 082540 (1).PDF
2016-04-24 17:11 - 2016-04-24 17:11 - 11799230 _____ C:\Users\Zac4\Downloads\Master List (1).xlsx
2016-04-18 22:21 - 2016-04-18 22:21 - 00102338 _____ C:\Users\Zac4\Downloads\Fastmore EXP Data (5).xlsx
2016-04-18 21:03 - 2016-04-18 22:21 - 00102338 _____ C:\Users\Zac4\Desktop\Fastmore EXP Data.xlsx
2016-04-18 18:28 - 2016-04-18 18:28 - 00089065 _____ C:\Users\Zac4\Downloads\Fastmore EXP Data (4).xlsx
2016-04-18 18:26 - 2016-04-18 18:26 - 00089065 _____ C:\Users\Zac4\Downloads\Fastmore EXP Data (3).xlsx
2016-04-18 18:19 - 2016-04-18 18:19 - 00089065 _____ C:\Users\Zac4\Downloads\Fastmore EXP Data (2).xlsx
2016-04-18 18:19 - 2016-04-18 18:19 - 00089065 _____ C:\Users\Zac4\Downloads\Fastmore EXP Data (1).xlsx
2016-04-18 18:14 - 2016-04-18 18:14 - 00399426 _____ C:\Users\Zac4\Downloads\eml (1)
2016-04-18 17:05 - 2016-04-18 17:05 - 02109895 _____ C:\Users\Zac4\Downloads\Fastmore EXP Data.xlsx
2016-04-15 15:32 - 2016-04-15 15:32 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-14 16:05 - 2016-04-14 16:05 - 00079602 _____ C:\Users\Zac4\Downloads\PO_4084431_from_EDCO_Food_Products_Inc_2824.pdf
2016-04-14 15:01 - 2016-04-14 15:01 - 00010762 _____ C:\Users\Zac4\Downloads\US Tax Return - Form 8879-PE.pdf
2016-04-13 20:41 - 2016-04-13 20:41 - 40258296 _____ (Sling Media) C:\Users\Zac4\Downloads\SlingplayerDesktop-5.0.0.83 (1).exe
2016-04-13 20:33 - 2016-04-13 20:33 - 00002571 _____ C:\Users\Public\Desktop\Slingplayer Desktop.lnk
2016-04-13 20:33 - 2016-04-13 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slingplayer Desktop
2016-04-13 20:33 - 2016-04-13 20:33 - 00000000 ____D C:\Program Files (x86)\Slingplayer Desktop
2016-04-13 20:32 - 2016-04-13 20:32 - 40258296 _____ (Sling Media) C:\Users\Zac4\Downloads\SlingplayerDesktop-5.0.0.83.exe
2016-04-13 17:22 - 2016-04-13 17:22 - 00325534 _____ C:\Users\Zac4\Downloads\Aljex_fllw_invoice_private_58401_p1.pdf
2016-04-12 13:22 - 2016-03-16 13:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-12 13:21 - 2016-03-29 12:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-12 13:21 - 2016-03-17 18:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-12 13:21 - 2016-03-17 18:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-12 13:21 - 2016-03-17 18:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-12 13:21 - 2016-03-17 18:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-12 13:21 - 2016-03-17 18:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-12 13:21 - 2016-03-17 18:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-12 13:21 - 2016-03-17 17:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-12 13:21 - 2016-03-17 17:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-12 13:21 - 2016-03-17 17:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-12 13:21 - 2016-03-17 17:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-12 13:21 - 2016-03-17 17:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-12 13:21 - 2016-03-17 17:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-12 13:21 - 2016-03-17 17:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-12 13:21 - 2016-03-17 17:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-12 13:21 - 2016-03-17 17:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-12 13:21 - 2016-03-17 17:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-12 13:21 - 2016-03-17 17:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-12 13:21 - 2016-03-17 17:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-12 13:21 - 2016-03-17 17:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-12 13:21 - 2016-03-17 17:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-12 13:21 - 2016-03-17 17:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-12 13:21 - 2016-03-17 17:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-12 13:21 - 2016-03-17 17:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-12 13:21 - 2016-03-17 17:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-12 13:21 - 2016-03-17 17:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-12 13:21 - 2016-03-17 17:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-12 13:21 - 2016-03-17 17:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-12 13:21 - 2016-03-17 17:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-12 13:21 - 2016-03-17 17:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-12 13:21 - 2016-03-17 17:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-12 13:21 - 2016-03-17 17:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-12 13:21 - 2016-03-17 17:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-12 13:21 - 2016-03-17 17:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-12 13:21 - 2016-03-17 17:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-12 13:21 - 2016-03-17 17:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-12 13:21 - 2016-03-17 17:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-12 13:21 - 2016-03-17 17:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-12 13:21 - 2016-03-17 17:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-12 13:21 - 2016-03-17 17:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-12 13:21 - 2016-03-17 17:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-12 13:21 - 2016-03-17 17:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-12 13:21 - 2016-03-17 17:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-12 13:21 - 2016-03-17 17:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-12 13:21 - 2016-03-17 17:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-12 13:21 - 2016-03-17 17:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-12 13:21 - 2016-03-17 17:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-12 13:21 - 2016-03-17 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-12 13:21 - 2016-03-17 17:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-12 13:21 - 2016-03-17 17:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-12 13:21 - 2016-03-17 17:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-12 13:21 - 2016-03-17 17:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 16:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-12 13:21 - 2016-03-17 16:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-12 13:21 - 2016-03-17 16:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-12 13:21 - 2016-03-17 16:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-12 13:21 - 2016-03-17 16:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-12 13:21 - 2016-03-17 16:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-12 13:21 - 2016-03-17 16:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-12 13:21 - 2016-03-17 16:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-12 13:21 - 2016-03-17 16:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-12 13:21 - 2016-03-17 16:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-12 13:21 - 2016-03-17 16:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-12 13:21 - 2016-03-17 16:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-12 13:21 - 2016-03-17 16:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-12 13:21 - 2016-03-17 16:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-12 13:21 - 2016-03-17 16:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-12 13:21 - 2016-03-17 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-12 13:21 - 2016-03-17 16:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-12 13:21 - 2016-03-17 16:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 16:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 16:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 13:21 - 2016-03-17 16:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-12 13:21 - 2016-03-16 13:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-12 13:21 - 2016-03-16 13:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-12 13:21 - 2016-03-15 19:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-12 13:21 - 2016-03-15 19:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-12 13:21 - 2016-03-15 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-12 13:21 - 2016-03-06 13:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-12 13:21 - 2016-03-06 13:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-12 13:21 - 2016-03-06 13:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-12 13:21 - 2016-03-06 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-12 13:21 - 2016-02-02 13:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-12 13:21 - 2016-01-20 19:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-12 13:20 - 2016-04-04 13:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-12 13:20 - 2016-04-04 13:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-12 13:20 - 2016-04-02 08:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-12 13:20 - 2016-03-31 14:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-12 13:20 - 2016-03-31 13:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-12 13:20 - 2016-03-30 19:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-12 13:20 - 2016-03-30 19:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-12 13:20 - 2016-03-30 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-12 13:20 - 2016-03-30 19:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-12 13:20 - 2016-03-30 19:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-12 13:20 - 2016-03-30 19:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-12 13:20 - 2016-03-30 19:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-12 13:20 - 2016-03-30 19:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-12 13:20 - 2016-03-30 19:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-12 13:20 - 2016-03-30 19:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-12 13:20 - 2016-03-30 19:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-12 13:20 - 2016-03-30 19:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-12 13:20 - 2016-03-30 19:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-12 13:20 - 2016-03-30 19:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-12 13:20 - 2016-03-30 19:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-12 13:20 - 2016-03-30 19:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-12 13:20 - 2016-03-30 19:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-12 13:20 - 2016-03-30 19:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-12 13:20 - 2016-03-30 19:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-12 13:20 - 2016-03-30 19:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-12 13:20 - 2016-03-30 19:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-12 13:20 - 2016-03-30 19:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-12 13:20 - 2016-03-30 18:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-12 13:20 - 2016-03-30 18:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-12 13:20 - 2016-03-30 18:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-12 13:20 - 2016-03-30 18:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-12 13:20 - 2016-03-30 18:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-12 13:20 - 2016-03-30 18:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-12 13:20 - 2016-03-30 18:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-12 13:20 - 2016-03-30 18:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-12 13:20 - 2016-03-30 18:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-12 13:20 - 2016-03-30 18:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-12 13:20 - 2016-03-30 18:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-12 13:20 - 2016-03-30 18:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-12 13:20 - 2016-03-30 18:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-12 13:20 - 2016-03-30 18:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-12 13:20 - 2016-03-30 18:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-12 13:20 - 2016-03-30 18:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-12 13:20 - 2016-03-30 18:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-12 13:20 - 2016-03-30 18:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-12 13:20 - 2016-03-30 18:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-12 13:20 - 2016-03-30 18:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-12 13:20 - 2016-03-30 18:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-12 13:20 - 2016-03-30 18:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-12 13:20 - 2016-03-30 18:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-12 13:20 - 2016-03-30 18:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-12 13:20 - 2016-03-30 18:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-12 13:20 - 2016-03-30 18:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-12 13:20 - 2016-03-30 18:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-12 13:20 - 2016-03-30 18:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-12 13:20 - 2016-03-30 18:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-12 13:20 - 2016-03-30 18:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-12 13:20 - 2016-03-30 18:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-12 13:20 - 2016-03-30 18:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-12 13:20 - 2016-03-30 18:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-12 13:20 - 2016-03-30 18:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-12 13:20 - 2016-03-30 18:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-12 13:20 - 2016-03-30 18:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-12 13:20 - 2016-03-30 18:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-12 13:20 - 2016-03-30 18:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-12 13:20 - 2016-03-30 18:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-12 13:20 - 2016-03-30 18:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-12 13:20 - 2016-03-30 18:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-12 13:20 - 2016-03-30 18:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-12 13:20 - 2016-03-23 09:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-12 13:20 - 2016-03-17 13:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-12 13:20 - 2016-03-17 13:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-12 13:20 - 2016-03-17 13:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-12 13:20 - 2016-03-17 13:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-12 13:20 - 2016-03-11 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-12 13:20 - 2016-03-11 13:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-12 13:20 - 2016-02-05 13:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-12 13:20 - 2016-02-05 13:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-12 13:20 - 2016-02-05 12:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-12 13:20 - 2015-06-03 15:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-12 11:46 - 2016-04-12 11:46 - 00237325 _____ C:\Users\Zac4\Downloads\Aljex_fllw_invoice_private_58291_p1.pdf
2016-04-12 09:30 - 2016-04-12 09:30 - 00911814 _____ C:\Users\Zac4\Downloads\GKN Truck Load Lanes (1).xlsx
2016-04-12 09:26 - 2016-04-12 09:27 - 00911814 _____ C:\Users\Zac4\Downloads\GKN Truck Load Lanes.xlsx
2016-04-08 07:11 - 2016-04-08 07:11 - 00012106 _____ C:\Users\Zac4\Downloads\LOAD_SE2841_040816075952.PDF
2016-04-07 17:19 - 2016-04-07 17:19 - 00054272 _____ C:\Users\Zac4\Downloads\Aljex_fllw_invoice_private_58155_p3.msg
2016-04-07 17:11 - 2016-04-07 17:11 - 00082432 _____ C:\Users\Zac4\Downloads\Aljex_fllw_invoice_private_58153_p3.msg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-05 14:21 - 2015-06-26 23:10 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3931545373-1394790331-2704496205-1007UA.job
2016-05-05 14:14 - 2014-05-27 18:36 - 00000000 ____D C:\Users\Zac4\AppData\Local\Battle.net
2016-05-05 14:14 - 2014-05-27 18:36 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-05-05 14:08 - 2012-07-12 18:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-05 14:07 - 2015-12-20 11:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-05 14:04 - 2015-10-22 07:51 - 00000911 _____ C:\Windows\Tasks\EPSON XP-820 Series Update {105AFECA-A228-40E5-B548-9213CD5B89E5}.job
2016-05-05 14:04 - 2013-04-03 16:35 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931545373-1394790331-2704496205-1007UA.job
2016-05-05 08:53 - 2009-07-13 23:45 - 00028496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-05 08:53 - 2009-07-13 23:45 - 00028496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-05 08:46 - 2013-12-18 16:24 - 00000000 ___RD C:\Users\Zac4\Dropbox
2016-05-05 08:42 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-05 08:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-04 21:21 - 2015-06-26 23:10 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3931545373-1394790331-2704496205-1007Core.job
2016-05-04 18:20 - 2012-07-28 18:31 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\Spotify
2016-05-04 18:20 - 2012-07-28 18:31 - 00000000 ____D C:\Users\Zac4\AppData\Local\Spotify
2016-05-04 15:59 - 2013-04-03 16:35 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931545373-1394790331-2704496205-1007Core.job
2016-05-04 13:55 - 2011-08-06 22:48 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-04 11:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PLA
2016-05-04 09:48 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-04 09:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-05-04 09:46 - 2011-08-16 18:53 - 00000000 ____D C:\Users\Admin
2016-05-04 09:46 - 2011-08-16 18:49 - 00000000 ____D C:\Users\TEMP.Zac-PC
2016-05-03 18:13 - 2015-12-20 11:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-03 18:02 - 2015-07-14 07:36 - 00000000 ____D C:\AdwCleaner
2016-05-03 07:06 - 2010-07-10 13:20 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-02 21:12 - 2010-01-30 05:02 - 00000000 ____D C:\Program Files\ATI Technologies
2016-05-02 21:12 - 2010-01-30 05:02 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-05-02 21:05 - 2015-04-17 20:46 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-02 21:02 - 2010-01-30 05:01 - 00000000 ____D C:\AMD
2016-05-02 20:56 - 2010-07-27 17:36 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-04-21 15:05 - 2010-01-30 17:38 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-15 15:32 - 2013-12-18 16:23 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\Dropbox
2016-04-13 20:46 - 2014-06-04 13:33 - 00000000 __SHD C:\Users\Zac4\AppData\Local\EmieUserList
2016-04-13 20:46 - 2014-06-04 13:33 - 00000000 __SHD C:\Users\Zac4\AppData\Local\EmieSiteList
2016-04-13 20:33 - 2013-01-22 19:06 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\Sling Media
2016-04-13 04:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-04-13 04:21 - 2009-07-13 23:45 - 00409576 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 04:18 - 2014-12-11 04:32 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 03:30 - 2013-08-15 03:05 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 03:22 - 2010-02-02 18:18 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-10 10:08 - 2012-07-12 18:25 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-10 10:08 - 2012-07-12 18:25 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-10 10:08 - 2011-06-24 11:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-07-21 21:55 - 2015-07-21 21:55 - 0004001 _____ () C:\Users\Zac4\AppData\Local\recently-used.xbel
2013-02-21 23:27 - 2016-03-29 10:14 - 0007597 _____ () C:\Users\Zac4\AppData\Local\Resmon.ResmonCfg
2010-02-13 17:00 - 2010-02-13 17:00 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
Some files in TEMP:
====================
C:\Users\Zac\AppData\Local\Temp\adobe_installer.exe
C:\Users\Zac\AppData\Local\Temp\asktoolbar.exe
C:\Users\Zac\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Zac\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Users\Zac\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Zac\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Zac\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Zac\AppData\Local\Temp\setup.exe
C:\Users\Zac\AppData\Local\Temp\SIntf16.dll
C:\Users\Zac\AppData\Local\Temp\SIntf32.dll
C:\Users\Zac\AppData\Local\Temp\SIntfNT.dll
C:\Users\Zac\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Zac\AppData\Local\Temp\toolbar.exe
C:\Users\Zac\AppData\Local\Temp\war3_Install.exe
C:\Users\Zac\AppData\Local\Temp\ytb.exe
C:\Users\Zac\AppData\Local\Temp\_is7B27.exe
C:\Users\Zac2\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Zac2\AppData\Local\Temp\ITPx64_1033.exe
C:\Users\Zac2\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Zac2\AppData\Local\Temp\SIntf16.dll
C:\Users\Zac2\AppData\Local\Temp\SIntf32.dll
C:\Users\Zac2\AppData\Local\Temp\SIntfNT.dll
C:\Users\Zac2\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Zac2\AppData\Local\Temp\war3_Install.exe
C:\Users\Zac4\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe
C:\Users\Zac4\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyh4p4n.dll
C:\Users\Zac4\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Zac4\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Zac4\AppData\Local\Temp\libeay32.dll
C:\Users\Zac4\AppData\Local\Temp\msvcr120.dll
C:\Users\Zac4\AppData\Local\Temp\playstv_patch.exe
C:\Users\Zac4\AppData\Local\Temp\raptrpatch.exe
C:\Users\Zac4\AppData\Local\Temp\raptr_stub.exe
C:\Users\Zac4\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Zac4\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-18 07:47
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 05 May 2016 - 03:53 PM

Hello Iorek13 and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
Please do the following.

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

=============================================================================================

And >>
 
Please post me MalwareBytes protection log.
https://support.malwarebytes.org/customer/portal/articles/1835323-how-do-i-access-and-save-logs-from-malwarebytes-anti-malware-?b_id=6438


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 May 2016 - 04:42 PM

Hello Yilmaz,

 

Thank you for your quick reply.

 

Zemana AntiMalware 2.20.179.613 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/5/5
Operating System       : Windows 7 64-bit
Processor              : 8X Intel® Core™ i7 CPU  860 @ 2.80GHz
BIOS Mode              : Legacy
CUID                   : 00F543F43FD4DD4EEEEE2E
Scan Type              : Smart Scan
Duration               : 2m 56s
Scanned Objects        : 14480
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Default CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\98EAF64D2A7A15ED483B8781838E962FD80A1EBF\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\98EAF64D2A7A15ED483B8781838E962FD80A1EBF\Blob = 190000000100000010000000488BEE3AFE521D0904DAEE5B08659BB90F0000000100000014000000AF83EF92A2C867AB8EF60DCDFBE7F71560B19AD30200000001000000BC0000001C0000006C0000000100000020000000000000000000000001000000300033003400340036003100300061002D0039003100320030002D0034006500350061002D0061003300620062002D0062006500360066006400320064003300310064003800340000000000000000004D006900630072006F0073006F006600740020005300740072006F006E0067002000430072007900700074006F0067007200610070006800690063002000500072006F0076006900640065007200000003000000010000001400000098EAF64D2A7A15ED483B8781838E962FD80A1EBF140000000100000014000000B354A7399CB54E93060AC76EAE383984D14F98BF2000000001000000A10200003082029D30820206A00302010202080E49F8F9CBAA439B300D06092A864886F70D01010505003022310B3009060355040613025553311330110603550403130A44656661756C74204341301E170D3130303133303233303531375A170D3139303132383233303531375A3022310B3009060355040613025553311330110603550403130A44656661756C7420434130819F300D06092A864886F70D010101050003818D0030818902818100BF576E7E45AAFF76B53BDAF5C0AF37C7835110FDACDE943983B9E6D1B7CC697601459ECBF3B32FF3AA27C9A3E8449AD75761B352C36EC3BEF8A1E12E49D5894780D78ED7BE90A1BEFEE9FA6844B5F28473C1603ACD59C217DEEAEA8989050026701D706367B62D56FD6555A3E1254F23709BA767C2C6558986F62D6CCB8A98D70203010001A381DB3081D8300E0603551D0F0101FF04040302010630120603551D130101FF040830060101FF020104301106096086480186F8420101040403020106301D0603551D0E04160414B354A7399CB54E93060AC76EAE383984D14F98BF30510603551D23044A30488014B354A7399CB54E93060AC76EAE383984D14F98BFA126A4243022310B3009060355040613025553311330110603550403130A44656661756C7420434182080E49F8F9CBAA439B302D06096086480186F842010D0420161E436572746966696361746520697373756564206279204C6F674D65496E2E300D06092A864886F70D010105050003818100885D2F3F4FA26C8C6311F5E122E498FBDB04D24D7DF75F32EAC43061DD6527A6903B814EF0895828167C4D0250FB7CE11500F2F2ACF4B6D22D94C98287EA8DAFE37DF3C22BFDBC845A79CCC9A98AF8601339C13D12FBD4D5B642B1936B7CC6CACFC4470A5E52E27553053C01BC88BBE69D357B8673CEE83CB500A3F938F08A23
 
Firefox Search
Status             : Scanned
Object             : Bing - http://start.sweetpacks.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search
 
Chrome Homepage
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Homepage
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 0
Failed                : 0


#4 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 05 May 2016 - 04:53 PM

Thank you.

 

is there still ''bdt.femurssculler.com'' issue ?

=======================================================================

 

Please post me MalwareBytes protection log.
https://support.malwarebytes.org/customer/portal/articles/1835323-how-do-i-access-and-save-logs-from-malwarebytes-anti-malware-?b_id=6438


Edited by olgun52, 05 May 2016 - 04:54 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 May 2016 - 04:57 PM

Hello,

 

Yes, I am still having the same issues.  No change.



#6 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 05 May 2016 - 05:28 PM

Please post me MalwareBytes protection log.
https://support.malwarebytes.org/customer/portal/articles/1835323-how-do-i-access-and-save-logs-from-malwarebytes-anti-malware-?b_id=6438


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 May 2016 - 05:33 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 5/4/2016 7:45 AM, SYSTEM, ZAC-PC, Protection, Malware Protection, Starting, 
Protection, 5/4/2016 7:45 AM, SYSTEM, ZAC-PC, Protection, Malware Protection, Started, 
Protection, 5/4/2016 7:45 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/4/2016 7:45 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Update, 5/4/2016 7:45 AM, SYSTEM, ZAC-PC, Scheduler, Malware Database, 2016.5.3.7, 2016.5.4.4, 
Protection, 5/4/2016 7:45 AM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/4/2016 7:45 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/4/2016 7:45 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/4/2016 7:45 AM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/4/2016 7:45 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/4/2016 7:45 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Scan, 5/4/2016 8:30 AM, SYSTEM, ZAC-PC, Context, Start:5/4/2016 7:45 AM, Duration:39 min 33 sec, Threat Scan, Completed, 0 Malware Detections, 4 Non-Malware Detections, 
Detection, 5/4/2016 8:30 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 54691, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 8:30 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 54691, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 8:30 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 54693, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 8:30 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 54708, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 8:36 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 54919, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 8:36 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 54919, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 8:36 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 54920, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Protection, 5/4/2016 9:42 AM, SYSTEM, ZAC-PC, Protection, Malware Protection, Starting, 
Protection, 5/4/2016 9:42 AM, SYSTEM, ZAC-PC, Protection, Malware Protection, Started, 
Protection, 5/4/2016 9:42 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/4/2016 9:43 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Update, 5/4/2016 10:26 AM, SYSTEM, ZAC-PC, Scheduler, Malware Database, 2016.5.4.4, 2016.5.4.5, 
Protection, 5/4/2016 10:26 AM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/4/2016 10:26 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/4/2016 10:26 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/4/2016 10:27 AM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/4/2016 10:27 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/4/2016 10:27 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Scan, 5/4/2016 11:10 AM, SYSTEM, ZAC-PC, Manual, Start:5/4/2016 9:52 AM, Duration:1 hr 16 min 8 sec, Threat Scan, Completed, 0 Malware Detections, 4 Non-Malware Detections, 
Protection, 5/4/2016 11:17 AM, SYSTEM, ZAC-PC, Protection, Malware Protection, Starting, 
Protection, 5/4/2016 11:17 AM, SYSTEM, ZAC-PC, Protection, Malware Protection, Started, 
Protection, 5/4/2016 11:17 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/4/2016 11:17 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Update, 5/4/2016 1:31 PM, SYSTEM, ZAC-PC, Scheduler, Domain Database, 2016.5.3.4, 2016.5.4.1, 
Protection, 5/4/2016 1:31 PM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/4/2016 1:31 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/4/2016 1:31 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/4/2016 1:32 PM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/4/2016 1:32 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/4/2016 1:32 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Protection, 5/4/2016 1:46 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Starting, 
Protection, 5/4/2016 1:46 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Started, 
Protection, 5/4/2016 1:46 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/4/2016 1:46 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Detection, 5/4/2016 1:55 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.227, bdt.femurssculler.com, 49499, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 1:55 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.227, bdt.femurssculler.com, 49499, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 1:55 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.227, bdt.femurssculler.com, 49500, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 1:55 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.227, bdt.femurssculler.com, 49501, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 1:57 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 49522, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 1:57 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 49523, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 1:57 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 49522, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 1:57 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 49524, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 2:01 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 49686, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 2:01 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 49686, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 2:01 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 49687, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 2:01 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 49699, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 2:01 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 49700, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 2:01 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 49701, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Protection, 5/4/2016 2:04 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Starting, 
Protection, 5/4/2016 2:04 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Started, 
Protection, 5/4/2016 2:04 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/4/2016 2:04 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Detection, 5/4/2016 2:07 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 49296, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 2:07 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 49296, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 2:07 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 49297, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/4/2016 2:07 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 49301, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 5/4/2016 2:27 PM, SYSTEM, ZAC-PC, Scheduler, Malware Database, 2016.5.4.5, 2016.5.4.6, 
Protection, 5/4/2016 2:27 PM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/4/2016 2:27 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/4/2016 2:27 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/4/2016 2:27 PM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/4/2016 2:27 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/4/2016 2:27 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Update, 5/4/2016 2:30 PM, SYSTEM, ZAC-PC, Scheduler, Domain Database, 2016.5.4.1, 2016.5.4.2, 
Protection, 5/4/2016 2:30 PM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/4/2016 2:30 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/4/2016 2:30 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/4/2016 2:30 PM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/4/2016 2:30 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/4/2016 2:30 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Update, 5/4/2016 2:36 PM, SYSTEM, ZAC-PC, Scheduler, IP Database, 2016.5.3.1, 2016.5.4.1, 
Protection, 5/4/2016 2:36 PM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/4/2016 2:36 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/4/2016 2:36 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/4/2016 2:36 PM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/4/2016 2:36 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/4/2016 2:37 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Update, 5/4/2016 3:38 PM, SYSTEM, ZAC-PC, Scheduler, Remediation Database, 2016.4.29.1, 2016.5.4.1, 
Protection, 5/4/2016 3:38 PM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/4/2016 3:38 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/4/2016 3:38 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/4/2016 3:38 PM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/4/2016 3:38 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/4/2016 3:38 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Update, 5/4/2016 4:34 PM, SYSTEM, ZAC-PC, Scheduler, Malware Database, 2016.5.4.6, 2016.5.4.7, 
Protection, 5/4/2016 4:34 PM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/4/2016 4:34 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/4/2016 4:34 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/4/2016 4:35 PM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/4/2016 4:35 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/4/2016 4:35 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Update, 5/4/2016 6:18 PM, SYSTEM, ZAC-PC, Scheduler, Failed, Unable to access update server, 
Protection, 5/4/2016 8:19 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/4/2016 8:19 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/4/2016 8:19 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Stopping, 
Protection, 5/4/2016 8:19 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Stopped, 
 
(end)


#8 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 05 May 2016 - 05:40 PM

Sorry - I sent you yesterdays log.  Here is today's 5/5 log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 5/5/2016 7:56 AM, SYSTEM, ZAC-PC, Protection, Malware Protection, Starting, 
Protection, 5/5/2016 7:56 AM, SYSTEM, ZAC-PC, Protection, Malware Protection, Started, 
Protection, 5/5/2016 7:56 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/5/2016 7:57 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Update, 5/5/2016 8:29 AM, SYSTEM, ZAC-PC, Scheduler, Domain Database, 2016.5.4.2, 2016.5.5.1, 
Update, 5/5/2016 8:29 AM, SYSTEM, ZAC-PC, Scheduler, IP Database, 2016.5.4.1, 2016.5.5.1, 
Update, 5/5/2016 8:29 AM, SYSTEM, ZAC-PC, Scheduler, Malware Database, 2016.5.4.7, 2016.5.5.3, 
Protection, 5/5/2016 8:29 AM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/5/2016 8:29 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/5/2016 8:29 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/5/2016 8:30 AM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/5/2016 8:30 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/5/2016 8:30 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Protection, 5/5/2016 8:42 AM, SYSTEM, ZAC-PC, Protection, Malware Protection, Starting, 
Protection, 5/5/2016 8:42 AM, SYSTEM, ZAC-PC, Protection, Malware Protection, Started, 
Protection, 5/5/2016 8:42 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/5/2016 8:42 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Detection, 5/5/2016 8:46 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 49351, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 8:46 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 49351, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 8:46 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.228, bdt.femurssculler.com, 49352, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 5/5/2016 10:24 AM, SYSTEM, ZAC-PC, Scheduler, IP Database, 2016.5.5.1, 2016.5.5.2, 
Update, 5/5/2016 10:24 AM, SYSTEM, ZAC-PC, Scheduler, Domain Database, 2016.5.5.1, 2016.5.5.2, 
Update, 5/5/2016 10:24 AM, SYSTEM, ZAC-PC, Scheduler, Malware Database, 2016.5.5.3, 2016.5.5.4, 
Protection, 5/5/2016 10:24 AM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/5/2016 10:24 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/5/2016 10:24 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/5/2016 10:25 AM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/5/2016 10:25 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/5/2016 10:25 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Update, 5/5/2016 10:39 AM, SYSTEM, ZAC-PC, Scheduler, Domain Database, 2016.5.5.2, 2016.5.5.3, 
Protection, 5/5/2016 10:39 AM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/5/2016 10:39 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/5/2016 10:39 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/5/2016 10:41 AM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/5/2016 10:41 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/5/2016 10:41 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Update, 5/5/2016 2:04 PM, SYSTEM, ZAC-PC, Scheduler, Failed, No Internet connection detected, 
Update, 5/5/2016 2:07 PM, SYSTEM, ZAC-PC, Scheduler, Domain Database, 2016.5.5.3, 2016.5.5.4, 
Protection, 5/5/2016 2:07 PM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/5/2016 2:07 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/5/2016 2:08 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/5/2016 2:09 PM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/5/2016 2:09 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/5/2016 2:09 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Protection, 5/5/2016 3:29 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/5/2016 3:29 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/5/2016 3:29 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Stopping, 
Protection, 5/5/2016 3:30 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Stopped, 
Protection, 5/5/2016 4:48 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Starting, 
Protection, 5/5/2016 4:48 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Started, 
Protection, 5/5/2016 4:48 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/5/2016 4:48 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Protection, 5/5/2016 4:51 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/5/2016 4:51 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/5/2016 4:51 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Stopping, 
Protection, 5/5/2016 4:51 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Stopped, 
Protection, 5/5/2016 4:53 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Starting, 
Protection, 5/5/2016 4:53 PM, SYSTEM, ZAC-PC, Protection, Malware Protection, Started, 
Protection, 5/5/2016 4:53 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/5/2016 4:53 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Detection, 5/5/2016 4:54 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.226, bdt.femurssculler.com, 49615, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:54 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.226, bdt.femurssculler.com, 49615, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:54 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.226, bdt.femurssculler.com, 49618, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:54 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 49681, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:54 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 49681, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:54 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 49682, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:54 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 49683, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:55 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 49713, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:55 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 49719, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:55 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 49720, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:55 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.229, bdt.femurssculler.com, 49721, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:56 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 49830, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:56 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 49830, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:56 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 49831, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/5/2016 4:56 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, IP, 8.34.112.226, here.sendevent.net, 49832, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Update, 5/5/2016 5:29 PM, SYSTEM, ZAC-PC, Scheduler, Domain Database, 2016.5.5.4, 2016.5.5.5, 
Update, 5/5/2016 5:29 PM, SYSTEM, ZAC-PC, Scheduler, Malware Database, 2016.5.5.4, 2016.5.5.5, 
Protection, 5/5/2016 5:29 PM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/5/2016 5:29 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/5/2016 5:29 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/5/2016 5:29 PM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/5/2016 5:29 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/5/2016 5:29 PM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Scan, 5/5/2016 5:31 PM, SYSTEM, ZAC-PC, Manual, Start:5/5/2016 5:30 PM, Duration:0 min 37 sec, Threat Scan, Cancelled, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)


#9 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 06 May 2016 - 01:52 PM

Hi again,

Windows Firewall is enabled

Please do disable Windows Firewall.

=====================================================================

Please uninstall:

hitmanpro
SpyHunter
LimeWire.exe
C:\Program Files (x86)\LimeWire
C:\Program Files\Enigma Software Group

And PC restart.

===================================================================

Step 1:
 FRST Script:

Close all open files,folders and browsers.

 Please download this attached Attached File  Fixlist.txt   10.14KB   7 downloads   and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan then Clean / Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:

 

This process is important and you do carefully.

 

Chrome:
Delete your cache, history, and other browser data
https://support.google.com/chrome/answer/95582?hl=en
Next >>
Reset Chrome browser settings

https://support.google.com/chrome/answer/3296214?hl=en

 

And PC restart.

==========================================================================

How is now Chrome ? is there still ''bdt.femurssculler.com'' issue ?


Edited by olgun52, 06 May 2016 - 01:53 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 06 May 2016 - 04:29 PM

Hello!  Thank you for your help so far.

I turned off my firewall.

I tried to delete all files; however, I did not find hitmanpro or LimeWire files on my PC.  Their installers were still on my PC so I deleted them as I did use these programs at an earlier date.  I did uninstall SpyHunter.

 

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 03

Ran by Zac4 (2016-05-06 15:50:32) Run:1

Running from C:\Users\Zac4\Desktop\FRST

Loaded Profiles: Zac4 (Available Profiles: Zac2 & Admin & Zac4)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

 

start

CreateRestorePoint:

CloseProcesses:

CustomCLSID: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Zac4\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Zac4\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Zac4\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Zac4\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Zac4\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Zac4\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Zac4\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Zac4\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Zac4\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Zac4\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

Task: {771A1AF1-676F-4613-878E-F833A08FC528} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-05-05] (Enigma Software Group USA, LLC.)

Task: {E4AEE3CF-6204-49A3-B004-09364DA686E1} - System32\Tasks\{7A4CD120-B5BD-42DA-9D76-105A3C3B029B} => pcalua.exe -a C:\Users\Zac4\Downloads\VHSC_inst-(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931545373-1394790331-2704496205-1007Core.job => C:\Users\Zac4\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931545373-1394790331-2704496205-1007UA.job => C:\Users\Zac4\AppData\Local\Google\Update\GoogleUpdate.exe

FirewallRules: [{D31DE576-2AAF-4674-B7BC-3CBF7D29D6FB}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe

FirewallRules: [{21B79451-B0CB-4473-AB3A-8844CB6AFF05}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe

FirewallRules: [TCP Query User{CFE18168-364E-49E5-A7B3-5BF80F491C4D}C:\program files (x86)\limewire\limewire.exe] => (Block) C:\program files (x86)\limewire\limewire.exe

FirewallRules: [UDP Query User{75CE7926-0512-4DCE-B2A6-68A8AAEC3BAF}C:\program files (x86)\limewire\limewire.exe] => (Block) C:\program files (x86)\limewire\limewire.exe

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

HKLM-x32\...\Run: [] => [X]

HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\...\MountPoints2: {775f6ec6-c11a-11e0-8c1c-00241dd92349} - E:\TL-Bootstrap.exe

HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\...\MountPoints2: {a598a9ff-8478-11e1-9f1d-00241dd92349} - E:\TL-Bootstrap.exe

URLSearchHook: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007 -> {1AD1B6CE-EEFD-4e31-B7CB-60DDD4013F00} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}

SearchScopes: HKU\S-1-5-21-3931545373-1394790331-2704496205-1007 -> {D569381D-29F7-4252-9B04-ACB0AA33F4DC} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD

FF ProfilePath: C:\Users\Zac4\AppData\Roaming\Mozilla\Firefox\Profiles\zyhtaiem.default

FF DefaultSearchEngine: Bing

FF SelectedSearchEngine: Bing

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-11-23] (Pando Networks)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)

FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-04] <==== ATTENTION

CHR HomePage: Default -> hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={6E270652-CD78-11E2-9AF3-00241DD92349}

S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-05-05] (Enigma Software Group USA, LLC.)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-05] ()

S4 LMIRfsClientNP; no ImagePath

2016-05-05 08:52 - 2016-05-05 08:52 - 00003318 _____ C:\Windows\System32\Tasks\SpyHunter4Startup

2016-05-05 08:52 - 2016-05-05 08:52 - 00001087 _____ C:\Users\Zac4\Desktop\SpyHunter.lnk

2016-05-05 08:52 - 2016-05-05 08:52 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2016-05-05 08:52 - 2016-05-05 08:52 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\Enigma Software Group

2016-05-05 08:52 - 2016-05-05 08:52 - 00000000 ____D C:\sh4ldr

2016-05-05 08:51 - 2016-05-05 08:51 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys

2016-05-05 08:51 - 2016-05-05 08:51 - 00000000 ____D C:\Program Files\Enigma Software Group

2016-05-05 08:38 - 2016-05-05 08:38 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Zac4\Downloads\SpyHunter-Installer (1).exe

2016-05-04 08:36 - 2016-05-04 08:36 - 11441168 _____ (SurfRight B.V.) C:\Users\Zac4\Downloads\hitmanpro_x64 (1).exe

2016-05-03 19:04 - 2016-05-03 19:04 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Zac4\Downloads\SpyHunter-Installer.exe

 C:\Users\Zac4\AppData\Roaming\PlaysTV

2016-05-02 21:14 - 2016-05-02 21:14 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\library_dir

2016-05-02 21:13 - 2016-05-05 08:45 - 00000000 ____D C:\Users\Zac4\AppData\Roaming\Raptr

2016-04-13 20:46 - 2014-06-04 13:33 - 00000000 __SHD C:\Users\Zac4\AppData\Local\EmieUserList

2016-04-13 20:46 - 2014-06-04 13:33 - 00000000 __SHD C:\Users\Zac4\AppData\Local\EmieSiteList

2015-07-21 21:55 - 2015-07-21 21:55 - 0004001 _____ () C:\Users\Zac4\AppData\Local\recently-used.xbel

2013-02-21 23:27 - 2016-03-29 10:14 - 0007597 _____ () C:\Users\Zac4\AppData\Local\Resmon.ResmonCfg

2010-02-13 17:00 - 2010-02-13 17:00 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

C:\Users\Zac\AppData\Local\Temp\adobe_installer.exe

C:\Users\Zac\AppData\Local\Temp\asktoolbar.exe

C:\Users\Zac\AppData\Local\Temp\CmdLineExt02.dll

C:\Users\Zac\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe

C:\Users\Zac\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe

C:\Users\Zac\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe

C:\Users\Zac\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\Zac\AppData\Local\Temp\setup.exe

C:\Users\Zac\AppData\Local\Temp\SIntf16.dll

C:\Users\Zac\AppData\Local\Temp\SIntf32.dll

C:\Users\Zac\AppData\Local\Temp\SIntfNT.dll

C:\Users\Zac\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Zac\AppData\Local\Temp\toolbar.exe

C:\Users\Zac\AppData\Local\Temp\war3_Install.exe

C:\Users\Zac\AppData\Local\Temp\ytb.exe

C:\Users\Zac\AppData\Local\Temp\_is7B27.exe

C:\Users\Zac2\AppData\Local\Temp\CmdLineExt02.dll

C:\Users\Zac2\AppData\Local\Temp\ITPx64_1033.exe

C:\Users\Zac2\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe

C:\Users\Zac2\AppData\Local\Temp\SIntf16.dll

C:\Users\Zac2\AppData\Local\Temp\SIntf32.dll

C:\Users\Zac2\AppData\Local\Temp\SIntfNT.dll

C:\Users\Zac2\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Zac2\AppData\Local\Temp\war3_Install.exe

C:\Users\Zac4\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe

C:\Users\Zac4\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyh4p4n.dll

C:\Users\Zac4\AppData\Local\Temp\jre-8u66-windows-au.exe

C:\Users\Zac4\AppData\Local\Temp\jre-8u77-windows-au.exe

C:\Users\Zac4\AppData\Local\Temp\libeay32.dll

C:\Users\Zac4\AppData\Local\Temp\msvcr120.dll

C:\Users\Zac4\AppData\Local\Temp\playstv_patch.exe

C:\Users\Zac4\AppData\Local\Temp\raptrpatch.exe

C:\Users\Zac4\AppData\Local\Temp\raptr_stub.exe

C:\Users\Zac4\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Zac4\AppData\Local\Temp\sqlite3.dll

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

ManualProxies:

RemoveProxy:

Emptytemp:

CMD: bitsadmin /reset /allusers

CMD: ipconfig /flushdns

CMD: ipconfig /release

CMD: ipconfig /renew

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: netsh int ip reset

CMD: netsh int ipv4 reset

CMD: netsh int ipv6 reset

CMD: netsh winsock reset

Reboot:

 

 

 

 

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{771A1AF1-676F-4613-878E-F833A08FC528} => key not found.

C:\Windows\System32\Tasks\SpyHunter4Startup => not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => key not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4AEE3CF-6204-49A3-B004-09364DA686E1}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4AEE3CF-6204-49A3-B004-09364DA686E1}" => key removed successfully

C:\Windows\System32\Tasks\{7A4CD120-B5BD-42DA-9D76-105A3C3B029B} => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A4CD120-B5BD-42DA-9D76-105A3C3B029B}" => key removed successfully

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931545373-1394790331-2704496205-1007Core.job => moved successfully

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931545373-1394790331-2704496205-1007UA.job => moved successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D31DE576-2AAF-4674-B7BC-3CBF7D29D6FB} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{21B79451-B0CB-4473-AB3A-8844CB6AFF05} => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CFE18168-364E-49E5-A7B3-5BF80F491C4D}C:\program files (x86)\limewire\limewire.exe => value removed successfully

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{75CE7926-0512-4DCE-B2A6-68A8AAEC3BAF}C:\program files (x86)\limewire\limewire.exe => value removed successfully

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe => No running process found

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{775f6ec6-c11a-11e0-8c1c-00241dd92349}" => key removed successfully

HKCR\CLSID\{775f6ec6-c11a-11e0-8c1c-00241dd92349} => key not found.

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a598a9ff-8478-11e1-9f1d-00241dd92349}" => key removed successfully

HKCR\CLSID\{a598a9ff-8478-11e1-9f1d-00241dd92349} => key not found.

HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => value removed successfully

"HKCR\Wow6432Node\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}" => key removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1AD1B6CE-EEFD-4e31-B7CB-60DDD4013F00}" => key removed successfully

HKCR\CLSID\{1AD1B6CE-EEFD-4e31-B7CB-60DDD4013F00} => key not found.

"HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D569381D-29F7-4252-9B04-ACB0AA33F4DC}" => key removed successfully

HKCR\CLSID\{D569381D-29F7-4252-9B04-ACB0AA33F4DC} => key not found.

FF ProfilePath: C:\Users\Zac4\AppData\Roaming\Mozilla\Firefox\Profiles\zyhtaiem.default => FRST is scripted not to move this directory.

Firefox DefaultSearchEngine removed successfully

Firefox SelectedSearchEngine removed successfully

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully

C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => moved successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader" => key removed successfully

C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => moved successfully

C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully

Chrome HomePage => not found.

SpyHunter 4 Service => service not found.

EsgScanner => service removed successfully

LMIRfsClientNP => service removed successfully

"C:\Windows\System32\Tasks\SpyHunter4Startup" => not found.

"C:\Users\Zac4\Desktop\SpyHunter.lnk" => not found.

"C:\Users\Zac4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter" => not found.

"C:\Users\Zac4\AppData\Roaming\Enigma Software Group" => not found.

"C:\sh4ldr" => not found.

C:\Windows\system32\Drivers\EsgScanner.sys => moved successfully

"C:\Program Files\Enigma Software Group" => not found.

"C:\Users\Zac4\Downloads\SpyHunter-Installer (1).exe" => not found.

C:\Users\Zac4\Downloads\hitmanpro_x64 (1).exe => moved successfully

"C:\Users\Zac4\Downloads\SpyHunter-Installer.exe" => not found.

C:\Users\Zac4\AppData\Roaming\PlaysTV => moved successfully

C:\Users\Zac4\AppData\Roaming\library_dir => moved successfully

C:\Users\Zac4\AppData\Roaming\Raptr => moved successfully

C:\Users\Zac4\AppData\Local\EmieUserList => moved successfully

C:\Users\Zac4\AppData\Local\EmieSiteList => moved successfully

C:\Users\Zac4\AppData\Local\recently-used.xbel => moved successfully

C:\Users\Zac4\AppData\Local\Resmon.ResmonCfg => moved successfully

C:\ProgramData\ezsidmv.dat => moved successfully

C:\Users\Zac\AppData\Local\Temp\adobe_installer.exe => moved successfully

C:\Users\Zac\AppData\Local\Temp\asktoolbar.exe => moved successfully

C:\Users\Zac\AppData\Local\Temp\CmdLineExt02.dll => moved successfully

C:\Users\Zac\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe => moved successfully

C:\Users\Zac\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe => moved successfully

C:\Users\Zac\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe => moved successfully

C:\Users\Zac\AppData\Local\Temp\SecurityScan_Release.exe => moved successfully

C:\Users\Zac\AppData\Local\Temp\setup.exe => moved successfully

C:\Users\Zac\AppData\Local\Temp\SIntf16.dll => moved successfully

C:\Users\Zac\AppData\Local\Temp\SIntf32.dll => moved successfully

C:\Users\Zac\AppData\Local\Temp\SIntfNT.dll => moved successfully

C:\Users\Zac\AppData\Local\Temp\SkypeSetup.exe => moved successfully

C:\Users\Zac\AppData\Local\Temp\toolbar.exe => moved successfully

C:\Users\Zac\AppData\Local\Temp\war3_Install.exe => moved successfully

C:\Users\Zac\AppData\Local\Temp\ytb.exe => moved successfully

C:\Users\Zac\AppData\Local\Temp\_is7B27.exe => moved successfully

C:\Users\Zac2\AppData\Local\Temp\CmdLineExt02.dll => moved successfully

C:\Users\Zac2\AppData\Local\Temp\ITPx64_1033.exe => moved successfully

C:\Users\Zac2\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => moved successfully

C:\Users\Zac2\AppData\Local\Temp\SIntf16.dll => moved successfully

C:\Users\Zac2\AppData\Local\Temp\SIntf32.dll => moved successfully

C:\Users\Zac2\AppData\Local\Temp\SIntfNT.dll => moved successfully

C:\Users\Zac2\AppData\Local\Temp\SkypeSetup.exe => moved successfully

C:\Users\Zac2\AppData\Local\Temp\war3_Install.exe => moved successfully

C:\Users\Zac4\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe => moved successfully

C:\Users\Zac4\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyh4p4n.dll => moved successfully

C:\Users\Zac4\AppData\Local\Temp\jre-8u66-windows-au.exe => moved successfully

C:\Users\Zac4\AppData\Local\Temp\jre-8u77-windows-au.exe => moved successfully

C:\Users\Zac4\AppData\Local\Temp\libeay32.dll => moved successfully

C:\Users\Zac4\AppData\Local\Temp\msvcr120.dll => moved successfully

C:\Users\Zac4\AppData\Local\Temp\playstv_patch.exe => moved successfully

C:\Users\Zac4\AppData\Local\Temp\raptrpatch.exe => moved successfully

C:\Users\Zac4\AppData\Local\Temp\raptr_stub.exe => moved successfully

C:\Users\Zac4\AppData\Local\Temp\SkypeSetup.exe => moved successfully

C:\Users\Zac4\AppData\Local\Temp\sqlite3.dll => moved successfully

 

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully

 

========= RemoveProxy: =========

 

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully

HKU\S-1-5-21-3931545373-1394790331-2704496205-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

 

 

========= End of RemoveProxy: =========

 

 

=========  bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

0 out of 0 jobs canceled.

 

========= End of CMD: =========

 

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

=========  ipconfig /release =========

 

 

Windows IP Configuration

 

 

Ethernet adapter Local Area Connection:

 

   Connection-specific DNS Suffix  . :

   IPv6 Address. . . . . . . . . . . : 2602:306:b89c:f0e0::3c

   IPv6 Address. . . . . . . . . . . : 2602:306:b89c:f0e0:b818:bd2d:fc35:f224

   Temporary IPv6 Address. . . . . . : 2602:306:b89c:f0e0:9510:f02e:f21:799c

   Link-local IPv6 Address . . . . . : fe80::b818:bd2d:fc35:f224%10

   Default Gateway . . . . . . . . . : fe80::ea33:81ff:fee0:cf20%10

 

Tunnel adapter isatap.attlocal.net:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

 

========= End of CMD: =========

 

 

=========  ipconfig /renew =========

 

 

Windows IP Configuration

 

 

Ethernet adapter Local Area Connection:

 

   Connection-specific DNS Suffix  . : attlocal.net

   IPv6 Address. . . . . . . . . . . : 2602:306:b89c:f0e0::3c

   IPv6 Address. . . . . . . . . . . : 2602:306:b89c:f0e0:b818:bd2d:fc35:f224

   Temporary IPv6 Address. . . . . . : 2602:306:b89c:f0e0:9510:f02e:f21:799c

   Link-local IPv6 Address . . . . . : fe80::b818:bd2d:fc35:f224%10

   IPv4 Address. . . . . . . . . . . : 192.168.1.64

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : fe80::ea33:81ff:fee0:cf20%10

                                       192.168.1.254

 

Tunnel adapter isatap.attlocal.net:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

 

========= End of CMD: =========

 

 

=========  netsh advfirewall reset =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  netsh advfirewall set allprofiles state ON =========

 

Ok.

 

 

========= End of CMD: =========

 

 

=========  netsh int ip reset =========

 

Reseting Global, OK!

Reseting Interface, OK!

Restart the computer to complete this action.

 

 

========= End of CMD: =========

 

 

=========  netsh int ipv4 reset =========

 

There's no user specified settings to be reset.

 

 

========= End of CMD: =========

 

 

=========  netsh int ipv6 reset =========

 

Reseting Interface, OK!

Restart the computer to complete this action.

 

 

========= End of CMD: =========

 

 

=========  netsh winsock reset =========

 

 

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

 

 

========= End of CMD: =========

 

EmptyTemp: => 5.9 GB temporary data Removed.

 

 

The system needed a reboot.

 

==== End of Fixlog 15:52:59 ====


 

ADWCleaner

# AdwCleaner v5.115 - Logfile created 06/05/2016 at 16:04:02

# Updated 01/05/2016 by Xplode

# Database : 2016-05-04.2 [Server]

# Operating system : Windows 7 Professional Service Pack 1 (X64)

# Username : Zac4 - ZAC-PC

# Running from : C:\Users\Zac4\Desktop\adwcleaner_5.115 (1).exe

# Option : Clean

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

 

***** [ Files ] *****

 

[-] File Deleted : C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage

[-] File Deleted : C:\Users\Zac4\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal

 

***** [ DLLs ] *****

 

 

***** [ WMI ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

 

*************************

 

:: "Tracing" keys deleted

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C1].txt - [2763 bytes] - [03/05/2016 18:02:12]

C:\AdwCleaner\AdwCleaner[C2].txt - [3690 bytes] - [20/12/2015 11:51:23]

C:\AdwCleaner\AdwCleaner[C3].txt - [1181 bytes] - [06/05/2016 16:04:02]

C:\AdwCleaner\AdwCleaner[R0].txt - [18882 bytes] - [14/07/2015 07:36:59]

C:\AdwCleaner\AdwCleaner[S0].txt - [18967 bytes] - [14/07/2015 07:38:36]

C:\AdwCleaner\AdwCleaner[S1].txt - [2529 bytes] - [03/05/2016 18:00:37]

C:\AdwCleaner\AdwCleaner[S2].txt - [3431 bytes] - [20/12/2015 11:48:54]

C:\AdwCleaner\AdwCleaner[S3].txt - [1526 bytes] - [06/05/2016 16:00:55]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1621 bytes] ##########


 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.6 (04.25.2016)

Operating System: Windows 7 Professional x64

Ran by Zac4 (Administrator) on Fri 05/06/2016 at 16:11:00.53

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 8

 

Successfully deleted: C:\Users\Zac4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08TM1YNJ (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Zac4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFDK0W7B (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Zac4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HCZY8OVE (Temporary Internet Files Folder)

Successfully deleted: C:\Users\Zac4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1FNOF57 (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08TM1YNJ (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFDK0W7B (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HCZY8OVE (Temporary Internet Files Folder)

Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1FNOF57 (Temporary Internet Files Folder)

 

 

 

Registry: 0

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 05/06/2016 at 16:15:40.52


End of JRT log


 

ZHPCleaner

~ ZHPCleaner v2016.5.6.63 by Nicolas Coolman (2016/05/06)

~ Run by Zac4 (Administrator)  (06/05/2016 16:25:01)

~ Site : http://www.nicolascoolman.com

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : Version OK

~ Type : Repair

~ Report : C:\Users\Zac4\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\Zac4\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Boot Mode : Normal (Normal boot)

Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)

 

 

---\\  Services (0)

~ No malicious or unnecessary items found.

 

 

---\\  Browser internet (0)

~ No malicious or unnecessary items found.

 

 

---\\  Hosts file (1)

~ The hosts file is legitimate (21)

 

 

---\\  Scheduled automatic tasks. (0)

~ No malicious or unnecessary items found.

 

 

---\\  Explorer ( File, Folder) (20)

MOVED folder: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime

MOVED folder: C:\Windows\Installer\MSI134E.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI16F9.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI19A8.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI23F6.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI2CF3.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI38CF.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI4BC3.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI5007.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI68C6.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI6A40.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI7C6A.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI88DB.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI9925.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSI999.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSIA11B.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSIAD55.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSIC86F.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSIDA25.tmp-  =>Empty

MOVED folder: C:\Windows\Installer\MSIEE2.tmp-  =>Empty

 

 

---\\  Registry ( Key, Value, Data) (2)

DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect

DELETED value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime]  =>Riskware.QuickTime

 

 

---\\  Summary of the elements found (2)

 

 

---\\  Other deletions. (3)

~ Registry Keys Tracing deleted (3)

~ Remove the old reports ZHPCleaner. (0)

 

 

---\\ Result of repair

~ Repair carried out successfully

~ Browser not found (Opera Software)

 

 

---\\ Statistics

~ Items scanned : 538

~ Items found : 0

~ Items cancelled : 0

~ Items repaired : 22

 

 

~ End of clean in 00h00mn11s

~====================

ZHPCleaner-[R]-06052016-16_25_12.txt

ZHPCleaner-[S]-06052016-16_23_11.txt



#11 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 06 May 2016 - 04:39 PM

Hello again!

 

I have restarted my computer and so far SO GOOD!  No alerts as of yet.  I will continue to monitor and will report back in tomorrow.  Thank you very much!!!!

 

-  Iorek



#12 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 06 May 2016 - 04:40 PM

I have restarted my computer and so far SO GOOD!  No alerts as of yet.  I will continue to monitor and will report back in tomorrow.  Thank you very much!!!!

 

Good news.

============================

 

Step 1:

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

Step 2:

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

Edited by olgun52, 06 May 2016 - 04:45 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 06 May 2016 - 04:44 PM

Chrome is working well. I think the bdt.femurssculler.com issue is fixed.

#14 Iorek13

Iorek13
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 07 May 2016 - 09:33 AM

Hello.  This morning I received another bdt.fermurssculler.com issue.

 

Here is a copy of my protection log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 5/7/2016 8:29 AM, SYSTEM, ZAC-PC, Scheduler, Domain Database, 2016.5.7.1, 2016.5.7.2, 
Update, 5/7/2016 8:29 AM, SYSTEM, ZAC-PC, Scheduler, Malware Database, 2016.5.7.2, 2016.5.7.3, 
Protection, 5/7/2016 8:29 AM, SYSTEM, ZAC-PC, Protection, Refresh, Starting, 
Protection, 5/7/2016 8:29 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 5/7/2016 8:29 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 5/7/2016 8:29 AM, SYSTEM, ZAC-PC, Protection, Refresh, Success, 
Protection, 5/7/2016 8:29 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Starting, 
Protection, 5/7/2016 8:29 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Started, 
Scan, 5/7/2016 9:21 AM, SYSTEM, ZAC-PC, Context, Start:5/7/2016 8:29 AM, Duration:43 min 56 sec, Threat Scan, Completed, 0 Malware Detections, 2 Non-Malware Detections, 
Detection, 5/7/2016 9:31 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.227, bdt.femurssculler.com, 53933, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/7/2016 9:31 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.227, bdt.femurssculler.com, 53933, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/7/2016 9:31 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.227, bdt.femurssculler.com, 53937, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
Detection, 5/7/2016 9:31 AM, SYSTEM, ZAC-PC, Protection, Malicious Website Protection, Domain, 8.34.112.227, bdt.femurssculler.com, 53953, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 
 
(end)


#15 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 07 May 2016 - 07:08 PM

I understand.

Please run MalwareBytes Anti-Rootkit scan + RogueKiller scan

http://www.bleepingcomputer.com/forums/t/613091/pop-ups-and-links-are-redirected-bdtfemursscullercom-malware/?p=3994453

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users