Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Google Testing Removal of WWW Subdomain from Search Results

Featured Deal: Get 95% off The Ultimate MCSE Certification Training Bundle

CryptoWall 3.0 infection - Windows 7 Pro - 64 bit

Started by orlandotech , Dec 18 2015 05:22 PM

This topic is locked

24 replies to this topic

#1 orlandotech

Members
14 posts
OFFLINE

Local time:12:11 AM

Posted 18 December 2015 - 05:22 PM

Hello. I've been asked to help with a ransomware attack, turns out to be CryptoWall 3.0 and the owner does not want the compter wiped/reformatted. I've managed to "clean" 3 other Win7 machines that were connected to the same DropBox account, but this one is being stubborn. Using the ListCwall tool that I found here provides 70k+ infected files, but the tool is unable to move them to the desktop. Starting to bang my head against a wall, hopefully someone here has some time to lend a hand.

Per forum rules/instructions, Farbar results are below:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-12-2015
Ran by Cramirez (administrator) on ADAM-PC (18-12-2015 17:06:27)
Running from C:\Users\Cramirez.Adam-PC\Downloads
Loaded Profiles: Cramirez (Available Profiles: Cramirez & networksupport & Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_comm_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_system_customer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_user_customer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
(FUJITSU LIMITED) C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\FiWiaChecker.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8321568 2009-11-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [FtLnSOP_setup] => C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe
HKLM-x32\...\Run: [FJTWAIN Setup] => C:\Windows\Twain_32\fjscan32\FjtwMkup.exe /Station
HKLM-x32\...\Run: [FiWIA Service Checker] => C:\Windows\Twain_32\Fjscan32\FiWiaChecker.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [FTPWRENV] => C:\Windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
HKLM-x32\...\Run: [**FjISIS WIA Service Checker<*>] => C:\Windows\pixtran\fujitsu\FiWiaChecker.exe [ ] () <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
Winlogon\Notify\ejhinka-x32: C:\Users\Cramirez.Adam-PC\AppData\Local\ejhinka.dll [X]
Winlogon\Notify\sxiaqmb-x32: C:\Users\Cramirez.Adam-PC\AppData\Local\sxiaqmb.dll [X]
Winlogon\Notify\taxxizf-x32: C:\Users\Cramirez.Adam-PC\AppData\Local\taxxizf.dll [X]
HKU\S-1-5-21-1825714650-2300932891-2364857043-1004\...\RunOnce: [Uninstall C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft\OneDrive\17.3.5860.0512] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft\OneDrive\17.3.5860.0512"
HKU\S-1-5-21-1825714650-2300932891-2364857043-1004\...\RunOnce: [Uninstall C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
HKU\S-1-5-21-1825714650-2300932891-2364857043-1004\...\RunOnce: [Uninstall C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\Administrator.Adam-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-12-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-09-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Error Recovery Guide.lnk [2015-10-22]
ShortcutTarget: Error Recovery Guide.lnk -> C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe (PFU LIMITED)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{BCD4C1CA-02CD-461F-9F31-46BD80A23187}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKU\S-1-5-21-1825714650-2300932891-2364857043-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1825714650-2300932891-2364857043-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://hoaccams.dyndns.org:8090/WebClient.exe
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Cramirez.Adam-PC\AppData\Roaming\Mozilla\Firefox\Profiles\1uyhj7u9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2012-01-23] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-17] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Cramirez.Adam-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cramirez.Adam-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-15]
CHR HKLM-x32\...\Chrome\Extension: [biiponhbbifajapmbggbgaepiedinifm] - C:\Program Files (x86)\Unfriend Checker\Chrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-18] (Dropbox, Inc.)
R2 Emc.Captiva.WebCaptureService; C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [39936 2012-04-04] (EMC Corporation) [File not signed]
R2 FJTWMKSV; C:\Windows\twain_32\fjscan32\FJTWMKSV.exe [36864 2011-07-20] (PFU LIMITED) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-02-10] (Macrovision Europe Ltd.) [File not signed]
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_service.exe [610528 2015-10-08] (Citrix Systems, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 CrossLoopService; "C:\Users\amartin\AppData\Local\CrossLoop\CrossLoopService.exe" --service [X]
S3 tvnserver; "C:\Users\amartin\AppData\Local\CrossLoop\tvnserver.exe" -service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-09-01] ()
R3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-15] (support.com, Inc)
S3 BS4209340659; \??\C:\Users\CRAMIR~1.ADA\AppData\Local\Temp\NTFS.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-18 17:06 - 2015-12-18 17:06 - 00019956 _____ C:\Users\Cramirez.Adam-PC\Downloads\FRST.txt
2015-12-18 17:05 - 2015-12-18 17:06 - 00000000 ____D C:\FRST
2015-12-18 17:05 - 2015-12-18 17:05 - 02370048 _____ (Farbar) C:\Users\Cramirez.Adam-PC\Downloads\FRST64.exe
2015-12-18 14:21 - 2015-12-18 14:21 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Desktop\ListCWall_Backup
2015-12-18 12:11 - 2015-12-11 15:00 - 00452424 _____ (Bleeping Computer, LLC) C:\ListCWall.exe
2015-12-18 12:08 - 2015-12-18 12:08 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\FSDART
2015-12-17 10:35 - 2015-12-17 13:32 - 00000000 ___RD C:\Users\Cramirez.Adam-PC\Dropbox (Cardama Law)
2015-12-17 10:35 - 2015-12-17 10:35 - 00001232 _____ C:\Users\Cramirez.Adam-PC\Desktop\Dropbox (Cardama Law).lnk
2015-12-17 10:35 - 2015-12-17 10:35 - 00000000 __HDL C:\Users\Cramirez.Adam-PC\Dropbox
2015-12-14 17:51 - 2015-12-18 14:31 - 19565088 _____ C:\Users\Cramirez.Adam-PC\Desktop\ListCWall.txt
2015-12-14 17:46 - 2015-12-14 17:46 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Desktop\Encrypted_Files
2015-12-14 14:10 - 2015-12-14 14:10 - 00452424 _____ (Bleeping Computer, LLC) C:\Users\networksupport\Downloads\ListCWall.exe
2015-12-14 14:05 - 2015-12-14 14:05 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\ISIS Drivers
2015-12-14 14:04 - 2015-12-14 14:04 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\Adobe
2015-12-14 14:04 - 2015-12-14 14:04 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Local\Google
2015-12-14 14:04 - 2015-12-14 14:04 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Local\Dropbox
2015-12-14 14:04 - 2015-12-14 14:04 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Local\Adobe
2015-12-14 13:57 - 2015-12-14 13:57 - 00126488 _____ C:\Users\networksupport\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Roaming\Roxio
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Roaming\ISIS Drivers
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Roaming\ATI
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Local\Dropbox
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Local\ATI
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Local\Adobe
2015-12-14 13:56 - 2015-12-15 08:25 - 00000000 ____D C:\Users\networksupport\AppData\Roaming\Media Center Programs
2015-12-14 13:56 - 2015-12-15 08:25 - 00000000 ____D C:\Users\networksupport\AppData\Roaming\Macromedia
2015-12-14 13:56 - 2015-12-15 08:25 - 00000000 ____D C:\Users\networksupport\AppData\Local\SoftThinks
2015-12-14 13:56 - 2015-12-15 08:25 - 00000000 ____D C:\Users\networksupport
2015-12-14 13:56 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Roaming\Adobe
2015-12-14 13:56 - 2015-12-14 13:56 - 00001379 _____ C:\Users\networksupport\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-14 13:56 - 2015-12-14 13:56 - 00001108 __RSH C:\Users\networksupport\ntuser.pol
2015-12-14 13:56 - 2015-12-14 13:56 - 00000020 ___SH C:\Users\networksupport\ntuser.ini
2015-12-14 13:56 - 2015-12-14 13:56 - 00000000 _SHDL C:\Users\networksupport\My Documents
2015-12-14 13:56 - 2015-12-14 13:56 - 00000000 _SHDL C:\Users\networksupport\Documents\My Videos
2015-12-14 13:56 - 2015-12-14 13:56 - 00000000 _SHDL C:\Users\networksupport\Documents\My Pictures
2015-12-14 13:56 - 2015-12-14 13:56 - 00000000 _SHDL C:\Users\networksupport\Documents\My Music
2015-12-14 13:56 - 2015-12-14 13:56 - 00000000 ____D C:\Users\networksupport\AppData\Local\Google
2015-12-14 13:56 - 2015-09-01 15:40 - 00000000 ____D C:\Users\networksupport\AppData\Local\Microsoft Help
2015-12-12 15:38 - 2015-12-12 15:38 - 29118980 _____ C:\Users\Cramirez.Adam-PC\AppData\Local\census.cache
2015-12-12 15:37 - 2015-12-12 15:37 - 00147244 _____ C:\Users\Cramirez.Adam-PC\AppData\Local\ars.cache
2015-12-11 23:51 - 2015-12-11 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 16:22 - 2015-12-11 16:22 - 02406064 _____ (Trend Micro Inc.) C:\Users\Cramirez.Adam-PC\Downloads\HousecallLauncher64.exe
2015-12-11 16:22 - 2015-12-11 16:22 - 00000036 _____ C:\Users\Cramirez.Adam-PC\AppData\Local\housecall.guid.cache
2015-12-11 15:00 - 2015-12-14 17:07 - 16623238 _____ C:\Users\Cramirez.Adam-PC\Desktop\ListCWall-1.txt
2015-12-11 15:00 - 2015-12-11 15:00 - 00452424 _____ (Bleeping Computer, LLC) C:\Users\Cramirez.Adam-PC\Downloads\ListCWall.exe
2015-12-11 14:16 - 2015-12-18 01:43 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-11 14:16 - 2015-12-11 14:16 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\TeamViewer
2015-12-11 14:15 - 2015-12-18 01:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-11 14:14 - 2015-12-11 14:14 - 09612112 _____ (TeamViewer GmbH) C:\Users\Cramirez.Adam-PC\Downloads\TeamViewer_Setup_en.exe
2015-12-11 13:30 - 2015-12-11 13:30 - 00452424 _____ (Bleeping Computer, LLC) C:\Users\Cramirez.Adam-PC\Desktop\ListCWall.exe
2015-12-11 08:27 - 2015-12-11 08:27 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-08 14:03 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 14:03 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 14:03 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 14:03 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 14:03 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 14:03 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 14:03 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 14:03 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 14:03 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 14:03 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 14:03 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 14:03 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 14:03 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 14:03 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 14:03 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 14:03 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 14:03 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 14:03 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 14:03 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 14:03 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 14:03 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 14:03 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 14:03 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 14:03 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 14:03 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 14:03 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 14:03 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 14:03 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 14:03 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 14:03 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 14:03 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 14:03 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 14:03 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 14:03 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 14:03 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 14:03 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 14:03 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 14:03 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 14:03 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 14:03 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 14:03 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 14:03 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 14:03 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 14:03 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 14:03 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 14:03 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 14:03 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 14:03 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 14:03 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 14:03 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 14:03 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 14:03 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 14:03 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 14:03 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 14:03 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 14:03 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 14:03 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 14:03 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 14:03 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 14:03 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 14:03 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 14:03 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 14:03 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 14:03 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 14:03 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 14:03 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 14:03 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 14:03 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 14:03 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 14:03 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 14:03 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 14:03 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 14:03 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 14:03 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 14:03 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 14:03 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 14:03 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 14:03 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 14:03 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 14:03 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 14:03 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 14:03 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 14:03 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 14:03 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 14:03 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 14:03 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 14:03 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 14:02 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 14:02 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-07 13:25 - 2015-12-07 13:25 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Roxio Burn
2015-12-04 12:07 - 2015-12-04 12:07 - 00002096 _____ C:\Users\Cramirez.Adam-PC\Desktop\Popcorn Time.lnk
2015-12-03 09:55 - 2015-12-03 09:55 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 09:55 - 2015-12-03 09:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-02 11:21 - 2015-12-02 11:21 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12d1d785c9361.job
2015-11-30 16:39 - 2015-12-16 21:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 16:39 - 2015-11-30 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-30 16:39 - 2015-11-30 16:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-30 16:39 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-30 16:39 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-30 16:39 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-30 16:38 - 2015-11-30 16:38 - 22908888 _____ (Malwarebytes ) C:\Users\Cramirez.Adam-PC\Downloads\mbam-setup-2.2.0.1024.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-18 17:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-18 16:45 - 2012-04-08 14:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-18 16:20 - 2012-02-29 09:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-18 15:27 - 2015-10-22 11:41 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Documents\Outlook Files
2015-12-18 14:21 - 2012-02-10 14:55 - 00000000 ____D C:\ProgramData\FLEXnet
2015-12-18 14:21 - 2012-01-23 12:07 - 00000000 ____D C:\ProgramData\Sonic
2015-12-18 14:20 - 2015-07-15 20:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf6625811bb1.job
2015-12-18 12:16 - 2015-10-22 12:46 - 00000000 ____D C:\ProgramData\F-Secure
2015-12-18 12:15 - 2015-10-22 12:46 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\F-Secure
2015-12-18 12:15 - 2009-07-14 00:13 - 00782922 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-18 12:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-18 12:10 - 2009-07-13 23:45 - 00026448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-18 12:10 - 2009-07-13 23:45 - 00026448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-18 12:07 - 2015-06-16 08:25 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Dropbox
2015-12-18 12:05 - 2012-02-29 09:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-18 12:05 - 2012-01-23 12:17 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-12-18 12:05 - 2012-01-23 12:17 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-12-18 12:05 - 2012-01-23 11:50 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-12-18 12:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-17 10:35 - 2015-05-04 14:47 - 00000000 ____D C:\Users\Cramirez.Adam-PC
2015-12-16 14:23 - 2012-08-24 09:29 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 13:55 - 2011-02-10 09:01 - 00000000 ____D C:\dell
2015-12-15 23:55 - 2015-08-26 10:22 - 00000000 ____D C:\ProgramData\VucpAywi
2015-12-15 23:55 - 2015-04-30 14:29 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\GFI Software
2015-12-15 23:55 - 2015-03-16 12:52 - 00000000 ____D C:\ProgramData\RICOH
2015-12-15 23:55 - 2014-06-06 14:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-15 23:55 - 2012-03-18 13:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-15 23:55 - 2012-02-10 12:19 - 00000000 ____D C:\ProgramData\The Fund
2015-12-15 23:55 - 2012-01-23 12:08 - 00000000 ____D C:\ProgramData\PhotoShow Shared Assets
2015-12-15 23:54 - 2014-06-11 14:06 - 00000000 _RSHD C:\OSTCS
2015-12-15 23:54 - 2012-09-19 09:55 - 00000000 ____D C:\ARNOW_fonts
2015-12-15 23:54 - 2012-09-17 12:31 - 00000000 ____D C:\ProgramData\HP
2015-12-15 23:54 - 2012-01-23 13:12 - 00000000 ____D C:\ProgramData\dell
2015-12-15 23:54 - 2012-01-23 12:05 - 00000000 ____D C:\ProgramData\Macrovision
2015-12-15 21:22 - 2012-01-23 12:02 - 00000000 ____D C:\Program Files\Dell Support Center
2015-12-15 21:14 - 2015-08-26 13:06 - 00000000 ____D C:\ProgramData\Outsource Testing, Inc
2015-12-15 21:14 - 2015-06-10 14:22 - 00000000 ____D C:\ProgramData\UAB
2015-12-15 21:14 - 2015-05-07 11:27 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2015-12-15 21:14 - 2015-04-30 14:29 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\Roxio
2015-12-15 21:14 - 2015-04-30 14:29 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\ATI
2015-12-15 21:14 - 2015-04-30 14:29 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Local\ATI
2015-12-15 21:14 - 2015-04-30 14:28 - 00000000 ___RD C:\Users\Administrator.Adam-PC\Desktop\Play Games
2015-12-15 21:14 - 2015-04-30 14:28 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\Media Center Programs
2015-12-15 21:14 - 2015-04-30 14:28 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\Macromedia
2015-12-15 21:14 - 2015-04-30 14:28 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Local\SoftThinks
2015-12-15 21:14 - 2015-04-30 14:28 - 00000000 ____D C:\Users\Administrator.Adam-PC
2015-12-15 21:14 - 2015-04-28 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer
2015-12-15 21:14 - 2015-04-27 14:59 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-12-15 21:14 - 2015-04-27 14:58 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-15 21:14 - 2015-04-27 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USTechSupport LLC
2015-12-15 21:14 - 2015-02-04 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\novaPDF 7
2015-12-15 21:14 - 2015-02-04 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Law Software
2015-12-15 21:14 - 2014-10-23 10:09 - 00000000 ____D C:\ProgramData\Oracle
2015-12-15 21:14 - 2014-10-23 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-15 21:14 - 2014-09-30 18:35 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-15 21:14 - 2014-06-11 14:06 - 00000000 ____D C:\US Tech Support LLC
2015-12-15 21:14 - 2014-06-11 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\US Tech Support LLC
2015-12-15 21:14 - 2014-06-06 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-12-15 21:14 - 2013-12-11 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-12-15 21:14 - 2013-10-07 09:02 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-12-15 21:14 - 2013-05-24 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-15 21:14 - 2013-04-18 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scanner Utility for Microsoft Windows
2015-12-15 21:14 - 2013-04-18 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Error Recovery Guide
2015-12-15 21:14 - 2013-04-18 11:37 - 00000000 ____D C:\ProgramData\ScandAllPRO
2015-12-15 21:14 - 2013-02-20 12:32 - 00000000 ____D C:\ProgramData\Norton
2015-12-15 21:14 - 2013-02-01 15:04 - 00000000 ____D C:\ProgramData\Mozilla
2015-12-15 21:14 - 2012-09-17 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-12-15 21:14 - 2012-09-17 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-12-15 21:14 - 2012-08-24 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-15 21:14 - 2012-02-10 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-15 21:14 - 2012-02-10 14:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-15 21:14 - 2012-02-10 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProPel
2015-12-15 21:14 - 2012-02-10 12:23 - 00000000 ____D C:\ProgramData\SQL Anywhere 11
2015-12-15 21:14 - 2012-02-10 12:09 - 00000000 ____D C:\System
2015-12-15 21:14 - 2012-02-10 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-12-15 21:14 - 2012-01-23 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter
2015-12-15 21:14 - 2012-01-23 12:06 - 00000000 ____D C:\ProgramData\Roxio
2015-12-15 21:14 - 2012-01-23 12:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
2015-12-15 21:14 - 2012-01-23 12:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-12-15 21:14 - 2012-01-23 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-12-15 21:14 - 2012-01-23 11:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Stage
2015-12-15 21:14 - 2012-01-23 11:54 - 00000000 ____D C:\ProgramData\Temp
2015-12-15 21:14 - 2012-01-23 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-15 21:14 - 2012-01-23 11:52 - 00000000 ____D C:\ProgramData\Skype
2015-12-15 21:14 - 2012-01-23 11:50 - 00000000 ____D C:\Temp
2015-12-15 21:14 - 2012-01-23 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2015-12-15 21:14 - 2012-01-23 11:45 - 00000000 ____D C:\ProgramData\WildTangent
2015-12-15 21:14 - 2012-01-23 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-12-15 21:14 - 2012-01-23 11:43 - 00000000 ____D C:\ProgramData\Sun
2015-12-15 21:14 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-15 21:13 - 2015-06-16 08:25 - 00000000 ____D C:\ProgramData\Dropbox
2015-12-15 21:13 - 2015-04-28 14:45 - 00000000 ____D C:\ProgramData\Informer Technologies, Inc
2015-12-15 21:13 - 2015-02-04 10:41 - 00000000 ____D C:\ProgramData\flsplan
2015-12-15 21:13 - 2014-06-11 14:07 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-15 21:13 - 2014-06-06 13:28 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-15 21:13 - 2013-04-18 11:41 - 00000000 ____D C:\ProgramData\InstallShield
2015-12-15 21:13 - 2013-04-18 11:41 - 00000000 ____D C:\ProgramData\Fujitsu
2015-12-15 21:13 - 2012-09-17 12:36 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-12-15 21:13 - 2012-08-24 09:27 - 00000000 ____D C:\ProgramData\Google
2015-12-15 21:13 - 2012-06-01 15:31 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-12-15 21:13 - 2012-02-10 12:01 - 00000000 ____D C:\ProgramData\Brother
2015-12-15 21:13 - 2012-01-23 12:26 - 00000000 ____D C:\ProgramData\ATI
2015-12-15 21:13 - 2012-01-23 12:13 - 00000000 ____D C:\ProgramData\McAfee
2015-12-15 21:13 - 2012-01-23 12:03 - 00000000 ____D C:\ProgramData\Adobe
2015-12-15 21:13 - 2012-01-23 11:54 - 00000000 ____D C:\ProgramData\install_clap
2015-12-15 21:12 - 2015-04-28 14:45 - 00000000 ____D C:\Program Files\Software Informer
2015-12-15 21:12 - 2015-04-28 13:51 - 00000000 ___HD C:\OneDriveTemp
2015-12-15 21:12 - 2015-02-04 10:40 - 00000000 ____D C:\Program Files\Softland
2015-12-15 21:12 - 2014-06-10 12:35 - 00000000 ____D C:\HP Universal Print Driver
2015-12-15 21:12 - 2014-06-06 13:30 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-15 21:12 - 2012-09-17 11:53 - 00000000 ____D C:\Brother
2015-12-15 21:12 - 2012-08-24 09:27 - 00000000 ____D C:\Program Files\Google
2015-12-15 21:12 - 2012-03-18 13:38 - 00000000 ____D C:\Program Files\CCleaner
2015-12-15 21:12 - 2012-02-10 14:35 - 00000000 ____D C:\Program Files\Microsoft Office
2015-12-15 21:12 - 2012-02-10 14:34 - 00000000 __RHD C:\MSOCache
2015-12-15 21:12 - 2012-02-10 11:42 - 00000000 ____D C:\FIND_EULA_PATH
2015-12-15 21:12 - 2012-01-23 13:21 - 00000000 ____D C:\Program Files\Realtek
2015-12-15 21:12 - 2012-01-23 13:01 - 00000000 ____D C:\Program Files\Dell Games Folder
2015-12-15 21:12 - 2012-01-23 12:16 - 00000000 ____D C:\Program Files\dell stage
2015-12-15 21:12 - 2012-01-23 12:08 - 00000000 ____D C:\Program Files\Roxio
2015-12-15 21:12 - 2012-01-23 11:58 - 00000000 ____D C:\Program Files\Windows Live
2015-12-15 21:12 - 2012-01-23 11:43 - 00000000 ____D C:\Program Files\Java
2015-12-15 21:12 - 2012-01-23 11:26 - 00000000 ____D C:\Program Files\Dell Inc
2015-12-15 21:12 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\MSBuild
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-12-15 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Windows NT
2015-12-15 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-15 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-12-15 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services
2015-12-15 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-15 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\PerfLogs
2015-12-15 21:11 - 2015-08-26 10:24 - 00000000 ____D C:\AdwCleaner
2015-12-15 21:11 - 2015-08-06 11:25 - 00000000 ___HD C:\187b57fb
2015-12-15 21:11 - 2014-06-11 14:06 - 00000000 ____D C:\ChromeBackup
2015-12-15 11:13 - 2015-06-02 08:28 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\bank statements
2015-12-15 11:13 - 2015-05-04 14:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\Jaelynn
2015-12-15 11:13 - 2015-05-04 14:50 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Desktop\Misc
2015-12-15 08:25 - 2015-11-05 10:02 - 00000000 ___RD C:\Users\Guest\Desktop\Play Games
2015-12-15 08:25 - 2015-11-05 10:02 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2015-12-15 08:25 - 2015-11-05 10:02 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2015-12-15 08:25 - 2015-11-05 10:02 - 00000000 ____D C:\Users\Guest\AppData\Local\SoftThinks
2015-12-15 08:25 - 2015-11-05 10:02 - 00000000 ____D C:\Users\Guest
2015-12-15 08:25 - 2015-08-28 17:09 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\LocalLow\Sun
2015-12-15 08:25 - 2015-08-26 09:03 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\supportdotcom
2015-12-15 08:25 - 2015-08-25 13:04 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Local Stores
2015-12-15 08:25 - 2015-07-06 09:34 - 00000000 ___RD C:\Users\Cramirez.Adam-PC\OneDrive
2015-12-15 08:25 - 2015-06-10 14:22 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\Driver Support
2015-12-15 08:25 - 2015-05-14 13:07 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\adtasup
2015-12-15 08:25 - 2015-05-12 12:38 - 00000000 ___RD C:\Users\Cramirez.Adam-PC\SkyDrive
2015-12-15 08:25 - 2015-05-07 11:13 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Google
2015-12-15 08:25 - 2015-05-06 15:15 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft Help
2015-12-15 08:25 - 2015-05-05 08:54 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Documents\Updater5
2015-12-15 08:25 - 2015-05-05 08:15 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Mozilla
2015-12-15 08:25 - 2015-05-05 08:15 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Mozilla
2015-12-15 08:25 - 2015-05-04 15:39 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Dropbox
2015-12-15 08:25 - 2015-05-04 15:16 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Adobe
2015-12-15 08:25 - 2015-05-04 14:54 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\SAPV2015VUP
2015-12-15 08:25 - 2015-05-04 14:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\SAPV181VUP
2015-12-15 08:25 - 2015-05-04 14:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\S2MSP_V334UP
2015-12-15 08:25 - 2015-05-04 14:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\installers
2015-12-15 08:25 - 2015-05-04 14:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\Disk1
2015-12-15 08:25 - 2015-05-04 14:48 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Roxio
2015-12-15 08:25 - 2015-05-04 14:48 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\GFI Software
2015-12-15 08:25 - 2015-05-04 14:48 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\ATI
2015-12-15 08:25 - 2015-05-04 14:47 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Media Center Programs
2015-12-15 08:25 - 2015-05-04 14:47 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Macromedia
2015-12-15 08:25 - 2015-05-04 14:47 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\SoftThinks
2015-12-15 08:25 - 2012-02-10 12:06 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-12-15 08:25 - 2012-02-10 12:06 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-12-15 08:25 - 2012-01-23 13:01 - 00000000 ___RD C:\Users\Default\Desktop\Play Games
2015-12-15 08:25 - 2012-01-23 13:01 - 00000000 ___RD C:\Users\Default User\Desktop\Play Games
2015-12-15 08:25 - 2010-11-21 02:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-12-15 08:25 - 2010-11-21 02:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-12-15 08:21 - 2015-06-10 14:18 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Downloaded Installers
2015-12-15 08:21 - 2015-05-06 08:17 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Google
2015-12-15 08:21 - 2015-05-05 08:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Adobe
2015-12-15 08:21 - 2015-05-05 08:17 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Macromedia
2015-12-15 08:21 - 2015-05-04 14:48 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\ATI
2015-12-15 07:09 - 2015-05-04 14:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Documents\Family Law Software
2015-12-15 06:49 - 2015-05-05 08:15 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Dropbox (Old)
2015-12-14 14:04 - 2015-04-30 14:29 - 00126488 _____ C:\Users\Administrator.Adam-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-14 14:04 - 2015-04-30 14:29 - 00001375 _____ C:\Users\Administrator.Adam-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-14 14:04 - 2015-04-30 14:28 - 00001108 __RSH C:\Users\Administrator.Adam-PC\ntuser.pol
2015-12-14 14:04 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-14 13:34 - 2012-11-07 22:16 - 00821004 _____ C:\Windows\ntbtlog.txt
2015-12-14 08:57 - 2009-07-13 23:45 - 00458744 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-11 23:52 - 2015-09-18 08:17 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-11 16:22 - 2015-09-01 08:56 - 00126488 _____ C:\Users\Cramirez.Adam-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-11 08:27 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-09 04:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-09 03:37 - 2013-05-24 13:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 03:37 - 2013-05-24 13:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-08 16:45 - 2012-04-08 14:39 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 16:45 - 2012-01-23 11:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-07 15:05 - 2015-09-16 14:18 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\ElevatedDiagnostics
2015-12-07 13:15 - 2014-06-06 13:36 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-04 12:07 - 2015-09-24 14:52 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Popcorn-Time
2015-12-02 13:18 - 2010-11-20 22:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-02 11:21 - 2015-09-17 00:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f10915d0f2ba.job

==================== Files in the root of some directories =======

2015-12-12 15:37 - 2015-12-12 15:37 - 0147244 _____ () C:\Users\Cramirez.Adam-PC\AppData\Local\ars.cache
2015-12-12 15:38 - 2015-12-12 15:38 - 29118980 _____ () C:\Users\Cramirez.Adam-PC\AppData\Local\census.cache
2015-12-11 16:22 - 2015-12-11 16:22 - 0000036 _____ () C:\Users\Cramirez.Adam-PC\AppData\Local\housecall.guid.cache
2012-09-17 12:31 - 2013-02-20 12:20 - 0002238 _____ () C:\ProgramData\hpzinstall.log
2014-06-11 13:51 - 2015-09-01 11:22 - 0062828 _____ () C:\ProgramData\xportnchk.ini

Files to move or delete:
====================
C:\Windows\pixtran\fujitsu\FiWiaChecker.exe

Some files in TEMP:
====================
C:\Users\Cramirez.Adam-PC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeifhds.dll
C:\Users\Guest\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpat3n8q.dll

Some zero byte size files/folders:
==========================
C:\Windows\install_flash_player_18_active_x.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-10 00:42

==================== End of FRST.txt ============================

Attached Files

Addition.txt 59.36KB 3 downloads

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 nasdaq

Malware Response Team
39,909 posts
OFFLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:01:11 AM

Posted 20 December 2015 - 11:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs and Features Applet.

InfiniNet (HKLM\...\InfiniNet) (Version: 2014.09.30.091225 - InfiniNet) <==== ATTENTION
MySafeProxy for Internet Explorer (HKLM-x32\...\{2535ED3F-5ADD-4A65-B07F-82F04C7358E7}) (Version: 1.0.6 - XTRM Group Ltd.) <==== ATTENTION
Popcorn Time (HKU\S-1-5-21-1825714650-2300932891-2364857043-1004\...\Popcorn Time) (Version: - Popcorn Official)

Press the windows key

+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ejhinka-x32: C:\Users\Cramirez.Adam-PC\AppData\Local\ejhinka.dll [X]
Winlogon\Notify\sxiaqmb-x32: C:\Users\Cramirez.Adam-PC\AppData\Local\sxiaqmb.dll [X]
Winlogon\Notify\taxxizf-x32: C:\Users\Cramirez.Adam-PC\AppData\Local\taxxizf.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Toolbar: HKU\S-1-5-21-1825714650-2300932891-2364857043-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [biiponhbbifajapmbggbgaepiedinifm] - C:\Program Files (x86)\Unfriend Checker\Chrome.crx <not found>
S2 CrossLoopService; "C:\Users\amartin\AppData\Local\CrossLoop\CrossLoopService.exe" --service [X]
S3 tvnserver; "C:\Users\amartin\AppData\Local\CrossLoop\tvnserver.exe" -service [X]
S3 BS4209340659; \??\C:\Users\CRAMIR~1.ADA\AppData\Local\Temp\NTFS.sys [X]
C:\Windows\install_flash_player_18_active_x.exe
CustomCLSID: HKU\S-1-5-21-1825714650-2300932891-2364857043-1004_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\ksuser.dll => No File <==== ATTENTION
Task: {0196AC1A-DE6B-4C5A-B1BF-DF45D2AAACE5} - System32\Tasks\Security Center Update - 163093191 => C:\Users\cramirez\AppData\Roaming\Sucuewac\lyeti.exe <==== ATTENTION
Task: {01F7D9BC-D9CA-4E65-8985-EC620C1CF1F0} - System32\Tasks\Security Center Update - 923669398 => C:\Users\cramirez\AppData\Roaming\Zoifukat\iflek.exe <==== ATTENTION
Task: {0665DF3F-0754-4F03-8036-812DAF294722} - System32\Tasks\Security Center Update - 3017463776 => C:\Users\cramirez\AppData\Roaming\Liidopk\ucleubo.exe <==== ATTENTION
Task: {13C7E577-1BE6-4616-81A3-CED86536B74D} - System32\Tasks\Security Center Update - 263106690 => C:\Users\cramirez\AppData\Roaming\Vyuhnuly\ydcoibz.exe <==== ATTENTION
Task: {1E17F42E-6606-4BD7-BD7B-0B459E875FD2} - System32\Tasks\Security Center Update - 2097292672 => C:\Users\cramirez\AppData\Roaming\Daeghyoh\byapo.exe <==== ATTENTION
Task: {1E4FFEEF-6F08-4506-AD0B-45C242E51E11} - System32\Tasks\Security Center Update - 4240641028 => C:\Users\cramirez\AppData\Roaming\Gooply\ulamex.exe <==== ATTENTION
Task: {1FDE61D0-30F9-4C9D-ACED-E24B3A76AF15} - System32\Tasks\Security Center Update - 1356782755 => C:\Users\cramirez\AppData\Roaming\Ebagenz\coewg.exe <==== ATTENTION
Task: {269032BF-6D28-4CD5-8E63-9913BB35AA61} - System32\Tasks\Security Center Update - 3376435154 => C:\Users\cramirez\AppData\Roaming\Pywelo\bygexu.exe <==== ATTENTION
Task: {2BEFE32E-689F-4C46-B625-1F9A90C40BF0} - System32\Tasks\Security Center Update - 3142294241 => C:\Users\cramirez\AppData\Roaming\Omafifgu\erbaxya.exe <==== ATTENTION
Task: {34190A32-6714-4AD6-88E4-6DADBDFF611E} - System32\Tasks\Security Center Update - 1823691638 => C:\Users\cramirez\AppData\Roaming\Reozopqi\urhec.exe <==== ATTENTION
Task: {393127CE-1BBE-4E3C-A119-C76DAE90845E} - System32\Tasks\Security Center Update - 4088972641 => C:\Users\cramirez\AppData\Roaming\Hiefarog\kadaav.exe <==== ATTENTION
Task: {3A6D023E-C60A-43CE-B17D-EC65F21D04AE} - System32\Tasks\9cc34676-424d-4984-b6b3-a6a32107fa63 => C:\Program Files (x86)\HD-Quality-v3V30.09\9cc34676-424d-4984-b6b3-a6a32107fa63.exe <==== ATTENTION
Task: {41709A95-B1F3-4A71-81F5-B4BAFD117803} - System32\Tasks\Security Center Update - 3855478647 => C:\Users\cramirez\AppData\Roaming\Ometew\fevyav.exe <==== ATTENTION
Task: {41F0384A-EE12-40B9-AFC3-B363E0ECB8C3} - System32\Tasks\Security Center Update - 4164960032 => C:\Users\cramirez\AppData\Roaming\Umbupuyx\ahiwme.exe <==== ATTENTION
Task: {4A40520E-165A-497D-A08D-75000B29317B} - System32\Tasks\Security Center Update - 1292164464 => C:\Users\cramirez\AppData\Roaming\Asxixoo\ututrea.exe <==== ATTENTION
Task: {514E0348-2C99-4491-957D-0D6B3A771182} - System32\Tasks\Security Center Update - 705810063 => C:\Users\cramirez\AppData\Roaming\Agduiz\pegyaxi.exe <==== ATTENTION
Task: {539F1963-523E-4F54-A7CE-6AD75D91A95F} - System32\Tasks\Security Center Update - 924621264 => C:\Users\cramirez\AppData\Roaming\Weybgyad\orzey.exe <==== ATTENTION
Task: {54682CBB-6BCF-4774-B3AB-1CDD07A57D8F} - System32\Tasks\Security Center Update - 2862629905 => C:\Users\cramirez\AppData\Roaming\Izfebog\voygopy.exe <==== ATTENTION
Task: {5B6A024A-B3A5-46A3-9E1D-F0C27355A39E} - System32\Tasks\Security Center Update - 3438838807 => C:\Users\cramirez\AppData\Roaming\Etyxvul\iwcoxa.exe <==== ATTENTION
Task: {61CC43FD-873F-4B4B-B8C6-D96899FD3C82} - System32\Tasks\Security Center Update - 119176254 => C:\Users\cramirez\AppData\Roaming\Ostule\teheo.exe <==== ATTENTION
Task: {62C64A3C-3BB3-4F65-B3B5-34598DE7D84E} - System32\Tasks\Security Center Update - 508372567 => C:\Users\cramirez\AppData\Roaming\Piqaxae\reybp.exe <==== ATTENTION
Task: {6383CCED-9FEF-446F-83D8-A399837D56A5} - System32\Tasks\Security Center Update - 147698991 => C:\Users\cramirez\AppData\Roaming\Ibanuk\yfheex.exe <==== ATTENTION
Task: {6BAE1D21-145B-4607-9A13-D9EAEAEDAF64} - System32\Tasks\Security Center Update - 2732204809 => C:\Users\cramirez\AppData\Roaming\Toexeks\zevyfu.exe <==== ATTENTION
Task: {6F167B34-1D61-463B-9BE4-EE4D54EB153C} - System32\Tasks\Security Center Update - 981445553 => C:\Users\cramirez\AppData\Roaming\Ywyxer\ekvaa.exe <==== ATTENTION
Task: {70578B87-7A2E-40F7-B49C-73B1BD6C62B7} - System32\Tasks\Security Center Update - 1552580464 => C:\Users\cramirez\AppData\Roaming\Olinupwu\uvduy.exe <==== ATTENTION
Task: {733EA289-9D3B-429C-A439-DBD19219EAA6} - System32\Tasks\Security Center Update - 623869663 => C:\Users\cramirez\AppData\Roaming\Nysauft\uroghez.exe <==== ATTENTION
Task: {76EC8AC6-147B-4093-9A4D-690BDB8E8CAD} - System32\Tasks\Security Center Update - 3511344028 => C:\Users\cramirez\AppData\Roaming\Ukigweci\luyhe.exe <==== ATTENTION
Task: {7A1E52ED-09A1-440A-9332-5CC017099100} - System32\Tasks\Security Center Update - 937274463 => C:\Users\cramirez\AppData\Roaming\Yzebtiu\byopri.exe <==== ATTENTION
Task: {7A9E3407-DE4B-44E5-B682-04DC7D9BDCB7} - System32\Tasks\Security Center Update - 4267100392 => C:\Users\cramirez\AppData\Roaming\Soxuvoa\ywedaw.exe <==== ATTENTION
Task: {7B646C30-67B2-4308-8C24-ABF4D8D2B3B0} - System32\Tasks\Security Center Update - 3597488418 => C:\Users\cramirez\AppData\Roaming\Bybiyro\usrioh.exe <==== ATTENTION
Task: {7C7B186A-E4A1-404E-87BF-A0ECF9C61B7D} - System32\Tasks\Security Center Update - 1148036806 => C:\Users\cramirez\AppData\Roaming\Boigapky\coysp.exe <==== ATTENTION
Task: {851178F9-4540-4680-8C81-B5DD3671700D} - System32\Tasks\Security Center Update - 1421359742 => C:\Users\cramirez\AppData\Roaming\Xypukuo\egbyn.exe <==== ATTENTION
Task: {86227FFB-F2FF-450F-9F4D-B0E5A1443449} - System32\Tasks\Security Center Update - 4164928272 => C:\Users\cramirez\AppData\Roaming\Yrekbu\okqeheo.exe <==== ATTENTION
Task: {87285939-3809-461F-ACA8-216084721A23} - System32\Tasks\Security Center Update - 3462065480 => C:\Users\cramirez\AppData\Roaming\Cahuniim\olhea.exe <==== ATTENTION
Task: {9081D39C-E109-49C8-9FA3-3761633C7114} - System32\Tasks\Security Center Update - 2721605167 => C:\Users\cramirez\AppData\Roaming\Orvaafty\azyng.exe <==== ATTENTION
Task: {92A89C36-7581-4299-A594-FAFC2B22DB99} - System32\Tasks\Security Center Update - 744438633 => C:\Users\cramirez\AppData\Roaming\Qiasha\uroqed.exe <==== ATTENTION
Task: {937F896F-1A82-443B-B524-080A982642E3} - System32\Tasks\Security Center Update - 2072723827 => C:\Users\cramirez\AppData\Roaming\Oqilylid\poewxo.exe <==== ATTENTION
Task: {95A44FF3-93BA-4A01-9D78-30BFF9072393} - System32\Tasks\Security Center Update - 677551720 => C:\Users\cramirez\AppData\Roaming\Nyveitbe\upfay.exe <==== ATTENTION
Task: {96483A56-4991-4C27-8836-0E0ABB8D0034} - System32\Tasks\Security Center Update - 2181167080 => C:\Users\cramirez\AppData\Roaming\Ywqabefy\yfifzy.exe <==== ATTENTION
Task: {99E2C5C2-3887-42F8-922A-2BDD798D743E} - System32\Tasks\Security Center Update - 3573270903 => C:\Users\cramirez\AppData\Roaming\Heygqu\ekekyp.exe <==== ATTENTION
Task: {9E1A9A5E-DA95-4F40-8392-7DE977B912C0} - System32\Tasks\Security Center Update - 761697097 => C:\Users\cramirez\AppData\Roaming\Wyikdoe\yqefufz.exe <==== ATTENTION
Task: {A04FF8DB-23D1-4271-A24C-AE8842B83A6A} - System32\Tasks\Security Center Update - 1885689322 => C:\Users\cramirez\AppData\Roaming\Aswaasav\papeipi.exe <==== ATTENTION
Task: {ACA27660-D4C6-4C38-AE6A-7C3FBCAE7E61} - System32\Tasks\Security Center Update - 2394958499 => C:\Users\cramirez\AppData\Roaming\Oqafafa\kimex.exe <==== ATTENTION
Task: {ACB21B63-4902-405A-8F37-99F9450C08B8} - System32\Tasks\Security Center Update - 2255415329 => C:\Users\cramirez\AppData\Roaming\Qoezac\ribyqun.exe <==== ATTENTION
Task: {B127E453-6CE7-426B-8188-631E3B9ED38C} - System32\Tasks\Security Center Update - 637399283 => C:\Users\cramirez\AppData\Roaming\Alekipyb\cekauw.exe <==== ATTENTION
Task: {B4C36EA8-E621-4205-82C5-982642AA915B} - System32\Tasks\Security Center Update - 430952754 => C:\Users\cramirez\AppData\Roaming\Oxadca\xoespy.exe <==== ATTENTION
Task: {BB39A886-6FEB-4C8F-99A1-ABFD69CE07F7} - System32\Tasks\Security Center Update - 688485911 => C:\Users\cramirez\AppData\Roaming\Isroedos\meotxub.exe <==== ATTENTION
Task: {BBF6948B-5514-4653-AC03-8795BACE9292} - System32\Tasks\Security Center Update - 533473218 => C:\Users\cramirez\AppData\Roaming\Zitauc\beefuq.exe <==== ATTENTION
Task: {BC8DBA51-3E1D-44D1-8CF4-6D0942B52D6D} - System32\Tasks\Security Center Update - 343460955 => C:\Users\cramirez\AppData\Roaming\Kazaozo\yqwey.exe <==== ATTENTION
Task: {BD1A0F20-3B0E-45FA-B4E7-CE16CA77050E} - System32\Tasks\Security Center Update - 3066856905 => C:\Users\cramirez\AppData\Roaming\Fyzoxun\qaneoni.exe <==== ATTENTION
Task: {C38A8B50-A707-4BC5-BA79-35E15306663F} - System32\Tasks\Security Center Update - 1789260984 => C:\Users\cramirez\AppData\Roaming\Binyilo\piidwe.exe <==== ATTENTION
Task: {C6F0A2B1-39F4-47B4-B4B3-16C3280B2A69} - System32\Tasks\Security Center Update - 144198273 => C:\Users\cramirez\AppData\Roaming\Ryaqat\nadae.exe <==== ATTENTION
Task: {C954EEBE-94A3-4553-89AC-90A3DB57369B} - System32\Tasks\Security Center Update - 161582437 => C:\Users\cramirez\AppData\Roaming\Anoggym\oqkatio.exe <==== ATTENTION
Task: {CAC5E6EC-D80D-4966-BC5D-CDFC7245D581} - System32\Tasks\Security Center Update - 3103782571 => C:\Users\cramirez\AppData\Roaming\Cacacuy\xaerwai.exe <==== ATTENTION
Task: {CF981AAB-12C4-49BC-8FC7-BF2212C99A7D} - System32\Tasks\Security Center Update - 1843830645 => C:\Users\cramirez\AppData\Roaming\Akasyg\ogmeir.exe <==== ATTENTION
Task: {D4A463F6-96B7-4933-880F-31D3BD5ABB9F} - System32\Tasks\Security Center Update - 847464716 => C:\Users\cramirez\AppData\Roaming\Eruwcu\ymapmoc.exe <==== ATTENTION
Task: {D59EBCBA-B829-4214-85CA-80E6341A2447} - System32\Tasks\Security Center Update - 1667632724 => C:\Users\cramirez\AppData\Roaming\Ostacogy\ysyqezv.exe <==== ATTENTION
Task: {D897AC58-7703-458B-9D17-F6515E03A749} - System32\Tasks\Security Center Update - 2586097406 => C:\Users\cramirez\AppData\Roaming\Uzytheo\wapuisa.exe <==== ATTENTION
Task: {D8DDBAAE-3621-45AA-97F1-BC129F3A640C} - System32\Tasks\Security Center Update - 2544730053 => C:\Users\cramirez\AppData\Roaming\Baruazpo\yhqivi.exe <==== ATTENTION
Task: {E115D942-1EBF-47BB-8AE9-FE47811F3CA7} - System32\Tasks\Security Center Update - 3701708311 => C:\Users\cramirez\AppData\Roaming\Uvteefuh\fubopie.exe <==== ATTENTION
Task: {E11E4B6A-BA9A-4C05-932E-31203EC1B8DD} - System32\Tasks\Security Center Update - 2113314312 => C:\Users\cramirez\AppData\Roaming\Ovoput\koada.exe <==== ATTENTION
Task: {F239C477-124F-4DAC-AE39-3FA810FA4279} - System32\Tasks\Security Center Update - 2054444640 => C:\Users\cramirez\AppData\Roaming\Gocanao\hieqi.exe <==== ATTENTION
Task: {F5970C87-D426-4DE1-B690-4E04AEE354F9} - System32\Tasks\Security Center Update - 1042697273 => C:\Users\cramirez\AppData\Roaming\Muyflo\caudkyf.exe <==== ATTENTION
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\ksuser.dll
C:\Users\cramirez\AppData\Roaming\Sucuewac
C:\Users\cramirez\AppData\Roaming\Zoifukat
C:\Users\cramirez\AppData\Roaming\Liidopk
C:\Users\cramirez\AppData\Roaming\Vyuhnuly
C:\Users\cramirez\AppData\Roaming\Daeghyoh
C:\Users\cramirez\AppData\Roaming\Gooply
C:\Users\cramirez\AppData\Roaming\Ebagenz
C:\Users\cramirez\AppData\Roaming\Pywelo
C:\Users\cramirez\AppData\Roaming\Omafifgu
C:\Users\cramirez\AppData\Roaming\Reozopqi
C:\Users\cramirez\AppData\Roaming\Hiefarog
C:\Program Files (x86)\HD-Quality-v3V30.09
C:\Users\cramirez\AppData\Roaming\Ometew
C:\Users\cramirez\AppData\Roaming\Umbupuyx
C:\Users\cramirez\AppData\Roaming\Asxixoo
C:\Users\cramirez\AppData\Roaming\Agduiz
C:\Users\cramirez\AppData\Roaming\Weybgyad
C:\Users\cramirez\AppData\Roaming\Izfebog
C:\Users\cramirez\AppData\Roaming\Etyxvul
C:\Users\cramirez\AppData\Roaming\Ostule
C:\Users\cramirez\AppData\Roaming\Piqaxae
C:\Users\cramirez\AppData\Roaming\Ibanuk
C:\Users\cramirez\AppData\Roaming\Toexeks
C:\Users\cramirez\AppData\Roaming\Ywyxer
C:\Users\cramirez\AppData\Roaming\Olinupwu
C:\Users\cramirez\AppData\Roaming\Nysauft
C:\Users\cramirez\AppData\Roaming\Ukigweci
C:\Users\cramirez\AppData\Roaming\Yzebtiu
C:\Users\cramirez\AppData\Roaming\Soxuvoa
C:\Users\cramirez\AppData\Roaming\Bybiyro
C:\Users\cramirez\AppData\Roaming\Boigapky
C:\Users\cramirez\AppData\Roaming\Xypukuo
C:\Users\cramirez\AppData\Roaming\Yrekbu
C:\Users\cramirez\AppData\Roaming\Cahuniim
C:\Users\cramirez\AppData\Roaming\Orvaafty
C:\Users\cramirez\AppData\Roaming\Qiasha
C:\Users\cramirez\AppData\Roaming\Oqilylid
C:\Users\cramirez\AppData\Roaming\Nyveitbe
C:\Users\cramirez\AppData\Roaming\Ywqabefy
C:\Users\cramirez\AppData\Roaming\Heygqu
C:\Users\cramirez\AppData\Roaming\Wyikdoe
C:\Users\cramirez\AppData\Roaming\Aswaasav
C:\Users\cramirez\AppData\Roaming\Oqafafa
C:\Users\cramirez\AppData\Roaming\Qoezac
C:\Users\cramirez\AppData\Roaming\Alekipyb
C:\Users\cramirez\AppData\Roaming\Oxadca
C:\Users\cramirez\AppData\Roaming\Isroedos
C:\Users\cramirez\AppData\Roaming\Zitauc
C:\Users\cramirez\AppData\Roaming\Kazaozo
C:\Users\cramirez\AppData\Roaming\Fyzoxun
C:\Users\cramirez\AppData\Roaming\Binyilo
C:\Users\cramirez\AppData\Roaming\Ryaqat
C:\Users\cramirez\AppData\Roaming\Anoggym
C:\Users\cramirez\AppData\Roaming\Cacacuy
C:\Users\cramirez\AppData\Roaming\Akasyg
C:\Users\cramirez\AppData\Roaming\Eruwcu
C:\Users\cramirez\AppData\Roaming\Ostacogy
C:\Users\cramirez\AppData\Roaming\Uzytheo
C:\Users\cramirez\AppData\Roaming\Baruazpo
C:\Users\cramirez\AppData\Roaming\Uvteefuh
C:\Users\cramirez\AppData\Roaming\Ovoput
C:\Users\cramirez\AppData\Roaming\Gocanao
C:\Users\cramirez\AppData\Roaming\Muyflo


End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

What are the remaining issues?

p.s.

When all is well Java Should be updated.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)

#3 orlandotech

Topic Starter

Members
14 posts
OFFLINE

Local time:12:11 AM

Posted 20 December 2015 - 08:22 PM

nasdaq, thanks for your prompt response. The three programs you listed have been removed via control panel, although the first (InfiniNet) showed that it was already removed and prompted for removal from the add/remove programs list. (I searched the registry and there are multiple instances of InfiniNet listed there, but I have not done anything with those)

The contents of FixLog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Cramirez (2015-12-20 19:24:19) Run:1
Running from C:\Users\Cramirez.Adam-PC\Downloads
Loaded Profiles: Cramirez (Available Profiles: Cramirez & networksupport & Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ejhinka-x32: C:\Users\Cramirez.Adam-PC\AppData\Local\ejhinka.dll [X]
Winlogon\Notify\sxiaqmb-x32: C:\Users\Cramirez.Adam-PC\AppData\Local\sxiaqmb.dll [X]
Winlogon\Notify\taxxizf-x32: C:\Users\Cramirez.Adam-PC\AppData\Local\taxxizf.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Toolbar: HKU\S-1-5-21-1825714650-2300932891-2364857043-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [biiponhbbifajapmbggbgaepiedinifm] - C:\Program Files (x86)\Unfriend Checker\Chrome.crx <not found>
S2 CrossLoopService; "C:\Users\amartin\AppData\Local\CrossLoop\CrossLoopService.exe" --service [X]
S3 tvnserver; "C:\Users\amartin\AppData\Local\CrossLoop\tvnserver.exe" -service [X]
S3 BS4209340659; \??\C:\Users\CRAMIR~1.ADA\AppData\Local\Temp\NTFS.sys [X]
C:\Windows\install_flash_player_18_active_x.exe
CustomCLSID: HKU\S-1-5-21-1825714650-2300932891-2364857043-1004_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\ksuser.dll => No File <==== ATTENTION
Task: {0196AC1A-DE6B-4C5A-B1BF-DF45D2AAACE5} - System32\Tasks\Security Center Update - 163093191 => C:\Users\cramirez\AppData\Roaming\Sucuewac\lyeti.exe <==== ATTENTION
Task: {01F7D9BC-D9CA-4E65-8985-EC620C1CF1F0} - System32\Tasks\Security Center Update - 923669398 => C:\Users\cramirez\AppData\Roaming\Zoifukat\iflek.exe <==== ATTENTION
Task: {0665DF3F-0754-4F03-8036-812DAF294722} - System32\Tasks\Security Center Update - 3017463776 => C:\Users\cramirez\AppData\Roaming\Liidopk\ucleubo.exe <==== ATTENTION
Task: {13C7E577-1BE6-4616-81A3-CED86536B74D} - System32\Tasks\Security Center Update - 263106690 => C:\Users\cramirez\AppData\Roaming\Vyuhnuly\ydcoibz.exe <==== ATTENTION
Task: {1E17F42E-6606-4BD7-BD7B-0B459E875FD2} - System32\Tasks\Security Center Update - 2097292672 => C:\Users\cramirez\AppData\Roaming\Daeghyoh\byapo.exe <==== ATTENTION
Task: {1E4FFEEF-6F08-4506-AD0B-45C242E51E11} - System32\Tasks\Security Center Update - 4240641028 => C:\Users\cramirez\AppData\Roaming\Gooply\ulamex.exe <==== ATTENTION
Task: {1FDE61D0-30F9-4C9D-ACED-E24B3A76AF15} - System32\Tasks\Security Center Update - 1356782755 => C:\Users\cramirez\AppData\Roaming\Ebagenz\coewg.exe <==== ATTENTION
Task: {269032BF-6D28-4CD5-8E63-9913BB35AA61} - System32\Tasks\Security Center Update - 3376435154 => C:\Users\cramirez\AppData\Roaming\Pywelo\bygexu.exe <==== ATTENTION
Task: {2BEFE32E-689F-4C46-B625-1F9A90C40BF0} - System32\Tasks\Security Center Update - 3142294241 => C:\Users\cramirez\AppData\Roaming\Omafifgu\erbaxya.exe <==== ATTENTION
Task: {34190A32-6714-4AD6-88E4-6DADBDFF611E} - System32\Tasks\Security Center Update - 1823691638 => C:\Users\cramirez\AppData\Roaming\Reozopqi\urhec.exe <==== ATTENTION
Task: {393127CE-1BBE-4E3C-A119-C76DAE90845E} - System32\Tasks\Security Center Update - 4088972641 => C:\Users\cramirez\AppData\Roaming\Hiefarog\kadaav.exe <==== ATTENTION
Task: {3A6D023E-C60A-43CE-B17D-EC65F21D04AE} - System32\Tasks\9cc34676-424d-4984-b6b3-a6a32107fa63 => C:\Program Files (x86)\HD-Quality-v3V30.09\9cc34676-424d-4984-b6b3-a6a32107fa63.exe <==== ATTENTION
Task: {41709A95-B1F3-4A71-81F5-B4BAFD117803} - System32\Tasks\Security Center Update - 3855478647 => C:\Users\cramirez\AppData\Roaming\Ometew\fevyav.exe <==== ATTENTION
Task: {41F0384A-EE12-40B9-AFC3-B363E0ECB8C3} - System32\Tasks\Security Center Update - 4164960032 => C:\Users\cramirez\AppData\Roaming\Umbupuyx\ahiwme.exe <==== ATTENTION
Task: {4A40520E-165A-497D-A08D-75000B29317B} - System32\Tasks\Security Center Update - 1292164464 => C:\Users\cramirez\AppData\Roaming\Asxixoo\ututrea.exe <==== ATTENTION
Task: {514E0348-2C99-4491-957D-0D6B3A771182} - System32\Tasks\Security Center Update - 705810063 => C:\Users\cramirez\AppData\Roaming\Agduiz\pegyaxi.exe <==== ATTENTION
Task: {539F1963-523E-4F54-A7CE-6AD75D91A95F} - System32\Tasks\Security Center Update - 924621264 => C:\Users\cramirez\AppData\Roaming\Weybgyad\orzey.exe <==== ATTENTION
Task: {54682CBB-6BCF-4774-B3AB-1CDD07A57D8F} - System32\Tasks\Security Center Update - 2862629905 => C:\Users\cramirez\AppData\Roaming\Izfebog\voygopy.exe <==== ATTENTION
Task: {5B6A024A-B3A5-46A3-9E1D-F0C27355A39E} - System32\Tasks\Security Center Update - 3438838807 => C:\Users\cramirez\AppData\Roaming\Etyxvul\iwcoxa.exe <==== ATTENTION
Task: {61CC43FD-873F-4B4B-B8C6-D96899FD3C82} - System32\Tasks\Security Center Update - 119176254 => C:\Users\cramirez\AppData\Roaming\Ostule\teheo.exe <==== ATTENTION
Task: {62C64A3C-3BB3-4F65-B3B5-34598DE7D84E} - System32\Tasks\Security Center Update - 508372567 => C:\Users\cramirez\AppData\Roaming\Piqaxae\reybp.exe <==== ATTENTION
Task: {6383CCED-9FEF-446F-83D8-A399837D56A5} - System32\Tasks\Security Center Update - 147698991 => C:\Users\cramirez\AppData\Roaming\Ibanuk\yfheex.exe <==== ATTENTION
Task: {6BAE1D21-145B-4607-9A13-D9EAEAEDAF64} - System32\Tasks\Security Center Update - 2732204809 => C:\Users\cramirez\AppData\Roaming\Toexeks\zevyfu.exe <==== ATTENTION
Task: {6F167B34-1D61-463B-9BE4-EE4D54EB153C} - System32\Tasks\Security Center Update - 981445553 => C:\Users\cramirez\AppData\Roaming\Ywyxer\ekvaa.exe <==== ATTENTION
Task: {70578B87-7A2E-40F7-B49C-73B1BD6C62B7} - System32\Tasks\Security Center Update - 1552580464 => C:\Users\cramirez\AppData\Roaming\Olinupwu\uvduy.exe <==== ATTENTION
Task: {733EA289-9D3B-429C-A439-DBD19219EAA6} - System32\Tasks\Security Center Update - 623869663 => C:\Users\cramirez\AppData\Roaming\Nysauft\uroghez.exe <==== ATTENTION
Task: {76EC8AC6-147B-4093-9A4D-690BDB8E8CAD} - System32\Tasks\Security Center Update - 3511344028 => C:\Users\cramirez\AppData\Roaming\Ukigweci\luyhe.exe <==== ATTENTION
Task: {7A1E52ED-09A1-440A-9332-5CC017099100} - System32\Tasks\Security Center Update - 937274463 => C:\Users\cramirez\AppData\Roaming\Yzebtiu\byopri.exe <==== ATTENTION
Task: {7A9E3407-DE4B-44E5-B682-04DC7D9BDCB7} - System32\Tasks\Security Center Update - 4267100392 => C:\Users\cramirez\AppData\Roaming\Soxuvoa\ywedaw.exe <==== ATTENTION
Task: {7B646C30-67B2-4308-8C24-ABF4D8D2B3B0} - System32\Tasks\Security Center Update - 3597488418 => C:\Users\cramirez\AppData\Roaming\Bybiyro\usrioh.exe <==== ATTENTION
Task: {7C7B186A-E4A1-404E-87BF-A0ECF9C61B7D} - System32\Tasks\Security Center Update - 1148036806 => C:\Users\cramirez\AppData\Roaming\Boigapky\coysp.exe <==== ATTENTION
Task: {851178F9-4540-4680-8C81-B5DD3671700D} - System32\Tasks\Security Center Update - 1421359742 => C:\Users\cramirez\AppData\Roaming\Xypukuo\egbyn.exe <==== ATTENTION
Task: {86227FFB-F2FF-450F-9F4D-B0E5A1443449} - System32\Tasks\Security Center Update - 4164928272 => C:\Users\cramirez\AppData\Roaming\Yrekbu\okqeheo.exe <==== ATTENTION
Task: {87285939-3809-461F-ACA8-216084721A23} - System32\Tasks\Security Center Update - 3462065480 => C:\Users\cramirez\AppData\Roaming\Cahuniim\olhea.exe <==== ATTENTION
Task: {9081D39C-E109-49C8-9FA3-3761633C7114} - System32\Tasks\Security Center Update - 2721605167 => C:\Users\cramirez\AppData\Roaming\Orvaafty\azyng.exe <==== ATTENTION
Task: {92A89C36-7581-4299-A594-FAFC2B22DB99} - System32\Tasks\Security Center Update - 744438633 => C:\Users\cramirez\AppData\Roaming\Qiasha\uroqed.exe <==== ATTENTION
Task: {937F896F-1A82-443B-B524-080A982642E3} - System32\Tasks\Security Center Update - 2072723827 => C:\Users\cramirez\AppData\Roaming\Oqilylid\poewxo.exe <==== ATTENTION
Task: {95A44FF3-93BA-4A01-9D78-30BFF9072393} - System32\Tasks\Security Center Update - 677551720 => C:\Users\cramirez\AppData\Roaming\Nyveitbe\upfay.exe <==== ATTENTION
Task: {96483A56-4991-4C27-8836-0E0ABB8D0034} - System32\Tasks\Security Center Update - 2181167080 => C:\Users\cramirez\AppData\Roaming\Ywqabefy\yfifzy.exe <==== ATTENTION
Task: {99E2C5C2-3887-42F8-922A-2BDD798D743E} - System32\Tasks\Security Center Update - 3573270903 => C:\Users\cramirez\AppData\Roaming\Heygqu\ekekyp.exe <==== ATTENTION
Task: {9E1A9A5E-DA95-4F40-8392-7DE977B912C0} - System32\Tasks\Security Center Update - 761697097 => C:\Users\cramirez\AppData\Roaming\Wyikdoe\yqefufz.exe <==== ATTENTION
Task: {A04FF8DB-23D1-4271-A24C-AE8842B83A6A} - System32\Tasks\Security Center Update - 1885689322 => C:\Users\cramirez\AppData\Roaming\Aswaasav\papeipi.exe <==== ATTENTION
Task: {ACA27660-D4C6-4C38-AE6A-7C3FBCAE7E61} - System32\Tasks\Security Center Update - 2394958499 => C:\Users\cramirez\AppData\Roaming\Oqafafa\kimex.exe <==== ATTENTION
Task: {ACB21B63-4902-405A-8F37-99F9450C08B8} - System32\Tasks\Security Center Update - 2255415329 => C:\Users\cramirez\AppData\Roaming\Qoezac\ribyqun.exe <==== ATTENTION
Task: {B127E453-6CE7-426B-8188-631E3B9ED38C} - System32\Tasks\Security Center Update - 637399283 => C:\Users\cramirez\AppData\Roaming\Alekipyb\cekauw.exe <==== ATTENTION
Task: {B4C36EA8-E621-4205-82C5-982642AA915B} - System32\Tasks\Security Center Update - 430952754 => C:\Users\cramirez\AppData\Roaming\Oxadca\xoespy.exe <==== ATTENTION
Task: {BB39A886-6FEB-4C8F-99A1-ABFD69CE07F7} - System32\Tasks\Security Center Update - 688485911 => C:\Users\cramirez\AppData\Roaming\Isroedos\meotxub.exe <==== ATTENTION
Task: {BBF6948B-5514-4653-AC03-8795BACE9292} - System32\Tasks\Security Center Update - 533473218 => C:\Users\cramirez\AppData\Roaming\Zitauc\beefuq.exe <==== ATTENTION
Task: {BC8DBA51-3E1D-44D1-8CF4-6D0942B52D6D} - System32\Tasks\Security Center Update - 343460955 => C:\Users\cramirez\AppData\Roaming\Kazaozo\yqwey.exe <==== ATTENTION
Task: {BD1A0F20-3B0E-45FA-B4E7-CE16CA77050E} - System32\Tasks\Security Center Update - 3066856905 => C:\Users\cramirez\AppData\Roaming\Fyzoxun\qaneoni.exe <==== ATTENTION
Task: {C38A8B50-A707-4BC5-BA79-35E15306663F} - System32\Tasks\Security Center Update - 1789260984 => C:\Users\cramirez\AppData\Roaming\Binyilo\piidwe.exe <==== ATTENTION
Task: {C6F0A2B1-39F4-47B4-B4B3-16C3280B2A69} - System32\Tasks\Security Center Update - 144198273 => C:\Users\cramirez\AppData\Roaming\Ryaqat\nadae.exe <==== ATTENTION
Task: {C954EEBE-94A3-4553-89AC-90A3DB57369B} - System32\Tasks\Security Center Update - 161582437 => C:\Users\cramirez\AppData\Roaming\Anoggym\oqkatio.exe <==== ATTENTION
Task: {CAC5E6EC-D80D-4966-BC5D-CDFC7245D581} - System32\Tasks\Security Center Update - 3103782571 => C:\Users\cramirez\AppData\Roaming\Cacacuy\xaerwai.exe <==== ATTENTION
Task: {CF981AAB-12C4-49BC-8FC7-BF2212C99A7D} - System32\Tasks\Security Center Update - 1843830645 => C:\Users\cramirez\AppData\Roaming\Akasyg\ogmeir.exe <==== ATTENTION
Task: {D4A463F6-96B7-4933-880F-31D3BD5ABB9F} - System32\Tasks\Security Center Update - 847464716 => C:\Users\cramirez\AppData\Roaming\Eruwcu\ymapmoc.exe <==== ATTENTION
Task: {D59EBCBA-B829-4214-85CA-80E6341A2447} - System32\Tasks\Security Center Update - 1667632724 => C:\Users\cramirez\AppData\Roaming\Ostacogy\ysyqezv.exe <==== ATTENTION
Task: {D897AC58-7703-458B-9D17-F6515E03A749} - System32\Tasks\Security Center Update - 2586097406 => C:\Users\cramirez\AppData\Roaming\Uzytheo\wapuisa.exe <==== ATTENTION
Task: {D8DDBAAE-3621-45AA-97F1-BC129F3A640C} - System32\Tasks\Security Center Update - 2544730053 => C:\Users\cramirez\AppData\Roaming\Baruazpo\yhqivi.exe <==== ATTENTION
Task: {E115D942-1EBF-47BB-8AE9-FE47811F3CA7} - System32\Tasks\Security Center Update - 3701708311 => C:\Users\cramirez\AppData\Roaming\Uvteefuh\fubopie.exe <==== ATTENTION
Task: {E11E4B6A-BA9A-4C05-932E-31203EC1B8DD} - System32\Tasks\Security Center Update - 2113314312 => C:\Users\cramirez\AppData\Roaming\Ovoput\koada.exe <==== ATTENTION
Task: {F239C477-124F-4DAC-AE39-3FA810FA4279} - System32\Tasks\Security Center Update - 2054444640 => C:\Users\cramirez\AppData\Roaming\Gocanao\hieqi.exe <==== ATTENTION
Task: {F5970C87-D426-4DE1-B690-4E04AEE354F9} - System32\Tasks\Security Center Update - 1042697273 => C:\Users\cramirez\AppData\Roaming\Muyflo\caudkyf.exe <==== ATTENTION
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\ksuser.dll
C:\Users\cramirez\AppData\Roaming\Sucuewac
C:\Users\cramirez\AppData\Roaming\Zoifukat
C:\Users\cramirez\AppData\Roaming\Liidopk
C:\Users\cramirez\AppData\Roaming\Vyuhnuly
C:\Users\cramirez\AppData\Roaming\Daeghyoh
C:\Users\cramirez\AppData\Roaming\Gooply
C:\Users\cramirez\AppData\Roaming\Ebagenz
C:\Users\cramirez\AppData\Roaming\Pywelo
C:\Users\cramirez\AppData\Roaming\Omafifgu
C:\Users\cramirez\AppData\Roaming\Reozopqi
C:\Users\cramirez\AppData\Roaming\Hiefarog
C:\Program Files (x86)\HD-Quality-v3V30.09
C:\Users\cramirez\AppData\Roaming\Ometew
C:\Users\cramirez\AppData\Roaming\Umbupuyx
C:\Users\cramirez\AppData\Roaming\Asxixoo
C:\Users\cramirez\AppData\Roaming\Agduiz
C:\Users\cramirez\AppData\Roaming\Weybgyad
C:\Users\cramirez\AppData\Roaming\Izfebog
C:\Users\cramirez\AppData\Roaming\Etyxvul
C:\Users\cramirez\AppData\Roaming\Ostule
C:\Users\cramirez\AppData\Roaming\Piqaxae
C:\Users\cramirez\AppData\Roaming\Ibanuk
C:\Users\cramirez\AppData\Roaming\Toexeks
C:\Users\cramirez\AppData\Roaming\Ywyxer
C:\Users\cramirez\AppData\Roaming\Olinupwu
C:\Users\cramirez\AppData\Roaming\Nysauft
C:\Users\cramirez\AppData\Roaming\Ukigweci
C:\Users\cramirez\AppData\Roaming\Yzebtiu
C:\Users\cramirez\AppData\Roaming\Soxuvoa
C:\Users\cramirez\AppData\Roaming\Bybiyro
C:\Users\cramirez\AppData\Roaming\Boigapky
C:\Users\cramirez\AppData\Roaming\Xypukuo
C:\Users\cramirez\AppData\Roaming\Yrekbu
C:\Users\cramirez\AppData\Roaming\Cahuniim
C:\Users\cramirez\AppData\Roaming\Orvaafty
C:\Users\cramirez\AppData\Roaming\Qiasha
C:\Users\cramirez\AppData\Roaming\Oqilylid
C:\Users\cramirez\AppData\Roaming\Nyveitbe
C:\Users\cramirez\AppData\Roaming\Ywqabefy
C:\Users\cramirez\AppData\Roaming\Heygqu
C:\Users\cramirez\AppData\Roaming\Wyikdoe
C:\Users\cramirez\AppData\Roaming\Aswaasav
C:\Users\cramirez\AppData\Roaming\Oqafafa
C:\Users\cramirez\AppData\Roaming\Qoezac
C:\Users\cramirez\AppData\Roaming\Alekipyb
C:\Users\cramirez\AppData\Roaming\Oxadca
C:\Users\cramirez\AppData\Roaming\Isroedos
C:\Users\cramirez\AppData\Roaming\Zitauc
C:\Users\cramirez\AppData\Roaming\Kazaozo
C:\Users\cramirez\AppData\Roaming\Fyzoxun
C:\Users\cramirez\AppData\Roaming\Binyilo
C:\Users\cramirez\AppData\Roaming\Ryaqat
C:\Users\cramirez\AppData\Roaming\Anoggym
C:\Users\cramirez\AppData\Roaming\Cacacuy
C:\Users\cramirez\AppData\Roaming\Akasyg
C:\Users\cramirez\AppData\Roaming\Eruwcu
C:\Users\cramirez\AppData\Roaming\Ostacogy
C:\Users\cramirez\AppData\Roaming\Uzytheo
C:\Users\cramirez\AppData\Roaming\Baruazpo
C:\Users\cramirez\AppData\Roaming\Uvteefuh
C:\Users\cramirez\AppData\Roaming\Ovoput
C:\Users\cramirez\AppData\Roaming\Gocanao
C:\Users\cramirez\AppData\Roaming\Muyflo

End
*****************

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1825714650-2300932891-2364857043-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1825714650-2300932891-2364857043-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ejhinka" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sxiaqmb" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\taxxizf" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-1825714650-2300932891-2364857043-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@EDVR/WebClient" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\biiponhbbifajapmbggbgaepiedinifm" => key removed successfully
CrossLoopService => service removed successfully
tvnserver => service removed successfully
BS4209340659 => service removed successfully
C:\Windows\install_flash_player_18_active_x.exe => moved successfully
"HKU\S-1-5-21-1825714650-2300932891-2364857043-1004_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0196AC1A-DE6B-4C5A-B1BF-DF45D2AAACE5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0196AC1A-DE6B-4C5A-B1BF-DF45D2AAACE5}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 163093191 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 163093191 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01F7D9BC-D9CA-4E65-8985-EC620C1CF1F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01F7D9BC-D9CA-4E65-8985-EC620C1CF1F0}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 923669398 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 923669398 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0665DF3F-0754-4F03-8036-812DAF294722}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0665DF3F-0754-4F03-8036-812DAF294722}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 3017463776 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3017463776 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13C7E577-1BE6-4616-81A3-CED86536B74D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13C7E577-1BE6-4616-81A3-CED86536B74D}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 263106690 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 263106690 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E17F42E-6606-4BD7-BD7B-0B459E875FD2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E17F42E-6606-4BD7-BD7B-0B459E875FD2}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 2097292672 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2097292672 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E4FFEEF-6F08-4506-AD0B-45C242E51E11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E4FFEEF-6F08-4506-AD0B-45C242E51E11}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 4240641028 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4240641028 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FDE61D0-30F9-4C9D-ACED-E24B3A76AF15}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FDE61D0-30F9-4C9D-ACED-E24B3A76AF15}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 1356782755 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1356782755 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{269032BF-6D28-4CD5-8E63-9913BB35AA61}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{269032BF-6D28-4CD5-8E63-9913BB35AA61}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 3376435154 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3376435154 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BEFE32E-689F-4C46-B625-1F9A90C40BF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BEFE32E-689F-4C46-B625-1F9A90C40BF0}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 3142294241 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3142294241 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34190A32-6714-4AD6-88E4-6DADBDFF611E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34190A32-6714-4AD6-88E4-6DADBDFF611E}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 1823691638 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1823691638 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{393127CE-1BBE-4E3C-A119-C76DAE90845E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{393127CE-1BBE-4E3C-A119-C76DAE90845E}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 4088972641 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4088972641 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A6D023E-C60A-43CE-B17D-EC65F21D04AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A6D023E-C60A-43CE-B17D-EC65F21D04AE}" => key removed successfully
C:\Windows\System32\Tasks\9cc34676-424d-4984-b6b3-a6a32107fa63 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9cc34676-424d-4984-b6b3-a6a32107fa63" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41709A95-B1F3-4A71-81F5-B4BAFD117803}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41709A95-B1F3-4A71-81F5-B4BAFD117803}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 3855478647 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3855478647 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41F0384A-EE12-40B9-AFC3-B363E0ECB8C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41F0384A-EE12-40B9-AFC3-B363E0ECB8C3}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 4164960032 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4164960032 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A40520E-165A-497D-A08D-75000B29317B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A40520E-165A-497D-A08D-75000B29317B}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 1292164464 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1292164464 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{514E0348-2C99-4491-957D-0D6B3A771182}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{514E0348-2C99-4491-957D-0D6B3A771182}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 705810063 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 705810063 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{539F1963-523E-4F54-A7CE-6AD75D91A95F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{539F1963-523E-4F54-A7CE-6AD75D91A95F}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 924621264 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 924621264 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54682CBB-6BCF-4774-B3AB-1CDD07A57D8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54682CBB-6BCF-4774-B3AB-1CDD07A57D8F}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 2862629905 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2862629905 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B6A024A-B3A5-46A3-9E1D-F0C27355A39E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B6A024A-B3A5-46A3-9E1D-F0C27355A39E}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 3438838807 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3438838807 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61CC43FD-873F-4B4B-B8C6-D96899FD3C82}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61CC43FD-873F-4B4B-B8C6-D96899FD3C82}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 119176254 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 119176254 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62C64A3C-3BB3-4F65-B3B5-34598DE7D84E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62C64A3C-3BB3-4F65-B3B5-34598DE7D84E}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 508372567 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 508372567 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6383CCED-9FEF-446F-83D8-A399837D56A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6383CCED-9FEF-446F-83D8-A399837D56A5}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 147698991 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 147698991 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BAE1D21-145B-4607-9A13-D9EAEAEDAF64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BAE1D21-145B-4607-9A13-D9EAEAEDAF64}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 2732204809 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2732204809 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F167B34-1D61-463B-9BE4-EE4D54EB153C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F167B34-1D61-463B-9BE4-EE4D54EB153C}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 981445553 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 981445553 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70578B87-7A2E-40F7-B49C-73B1BD6C62B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70578B87-7A2E-40F7-B49C-73B1BD6C62B7}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 1552580464 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1552580464 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{733EA289-9D3B-429C-A439-DBD19219EAA6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{733EA289-9D3B-429C-A439-DBD19219EAA6}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 623869663 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 623869663 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76EC8AC6-147B-4093-9A4D-690BDB8E8CAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76EC8AC6-147B-4093-9A4D-690BDB8E8CAD}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 3511344028 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3511344028 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A1E52ED-09A1-440A-9332-5CC017099100}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A1E52ED-09A1-440A-9332-5CC017099100}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 937274463 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 937274463 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A9E3407-DE4B-44E5-B682-04DC7D9BDCB7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A9E3407-DE4B-44E5-B682-04DC7D9BDCB7}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 4267100392 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4267100392 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B646C30-67B2-4308-8C24-ABF4D8D2B3B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B646C30-67B2-4308-8C24-ABF4D8D2B3B0}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 3597488418 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3597488418 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C7B186A-E4A1-404E-87BF-A0ECF9C61B7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C7B186A-E4A1-404E-87BF-A0ECF9C61B7D}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 1148036806 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1148036806 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{851178F9-4540-4680-8C81-B5DD3671700D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{851178F9-4540-4680-8C81-B5DD3671700D}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 1421359742 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1421359742 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86227FFB-F2FF-450F-9F4D-B0E5A1443449}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86227FFB-F2FF-450F-9F4D-B0E5A1443449}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 4164928272 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 4164928272 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87285939-3809-461F-ACA8-216084721A23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87285939-3809-461F-ACA8-216084721A23}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 3462065480 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3462065480 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9081D39C-E109-49C8-9FA3-3761633C7114}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9081D39C-E109-49C8-9FA3-3761633C7114}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 2721605167 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2721605167 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92A89C36-7581-4299-A594-FAFC2B22DB99}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92A89C36-7581-4299-A594-FAFC2B22DB99}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 744438633 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 744438633 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{937F896F-1A82-443B-B524-080A982642E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{937F896F-1A82-443B-B524-080A982642E3}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 2072723827 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2072723827 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95A44FF3-93BA-4A01-9D78-30BFF9072393}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95A44FF3-93BA-4A01-9D78-30BFF9072393}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 677551720 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 677551720 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96483A56-4991-4C27-8836-0E0ABB8D0034}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96483A56-4991-4C27-8836-0E0ABB8D0034}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 2181167080 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2181167080 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99E2C5C2-3887-42F8-922A-2BDD798D743E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99E2C5C2-3887-42F8-922A-2BDD798D743E}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 3573270903 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3573270903 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E1A9A5E-DA95-4F40-8392-7DE977B912C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E1A9A5E-DA95-4F40-8392-7DE977B912C0}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 761697097 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 761697097 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A04FF8DB-23D1-4271-A24C-AE8842B83A6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A04FF8DB-23D1-4271-A24C-AE8842B83A6A}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 1885689322 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1885689322 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACA27660-D4C6-4C38-AE6A-7C3FBCAE7E61}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACA27660-D4C6-4C38-AE6A-7C3FBCAE7E61}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 2394958499 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2394958499 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACB21B63-4902-405A-8F37-99F9450C08B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACB21B63-4902-405A-8F37-99F9450C08B8}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 2255415329 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2255415329 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B127E453-6CE7-426B-8188-631E3B9ED38C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B127E453-6CE7-426B-8188-631E3B9ED38C}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 637399283 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 637399283 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4C36EA8-E621-4205-82C5-982642AA915B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4C36EA8-E621-4205-82C5-982642AA915B}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 430952754 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 430952754 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB39A886-6FEB-4C8F-99A1-ABFD69CE07F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB39A886-6FEB-4C8F-99A1-ABFD69CE07F7}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 688485911 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 688485911 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBF6948B-5514-4653-AC03-8795BACE9292}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBF6948B-5514-4653-AC03-8795BACE9292}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 533473218 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 533473218 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC8DBA51-3E1D-44D1-8CF4-6D0942B52D6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC8DBA51-3E1D-44D1-8CF4-6D0942B52D6D}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 343460955 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 343460955 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD1A0F20-3B0E-45FA-B4E7-CE16CA77050E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD1A0F20-3B0E-45FA-B4E7-CE16CA77050E}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 3066856905 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3066856905 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C38A8B50-A707-4BC5-BA79-35E15306663F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C38A8B50-A707-4BC5-BA79-35E15306663F}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 1789260984 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1789260984 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6F0A2B1-39F4-47B4-B4B3-16C3280B2A69}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6F0A2B1-39F4-47B4-B4B3-16C3280B2A69}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 144198273 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 144198273 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C954EEBE-94A3-4553-89AC-90A3DB57369B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C954EEBE-94A3-4553-89AC-90A3DB57369B}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 161582437 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 161582437 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAC5E6EC-D80D-4966-BC5D-CDFC7245D581}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAC5E6EC-D80D-4966-BC5D-CDFC7245D581}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 3103782571 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3103782571 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF981AAB-12C4-49BC-8FC7-BF2212C99A7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF981AAB-12C4-49BC-8FC7-BF2212C99A7D}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 1843830645 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1843830645 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4A463F6-96B7-4933-880F-31D3BD5ABB9F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4A463F6-96B7-4933-880F-31D3BD5ABB9F}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 847464716 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 847464716 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D59EBCBA-B829-4214-85CA-80E6341A2447}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D59EBCBA-B829-4214-85CA-80E6341A2447}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 1667632724 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1667632724 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D897AC58-7703-458B-9D17-F6515E03A749}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D897AC58-7703-458B-9D17-F6515E03A749}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 2586097406 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2586097406 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8DDBAAE-3621-45AA-97F1-BC129F3A640C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8DDBAAE-3621-45AA-97F1-BC129F3A640C}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 2544730053 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2544730053 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E115D942-1EBF-47BB-8AE9-FE47811F3CA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E115D942-1EBF-47BB-8AE9-FE47811F3CA7}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 3701708311 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3701708311 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E11E4B6A-BA9A-4C05-932E-31203EC1B8DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E11E4B6A-BA9A-4C05-932E-31203EC1B8DD}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 2113314312 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2113314312 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F239C477-124F-4DAC-AE39-3FA810FA4279}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F239C477-124F-4DAC-AE39-3FA810FA4279}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 2054444640 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2054444640 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5970C87-D426-4DE1-B690-4E04AEE354F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5970C87-D426-4DE1-B690-4E04AEE354F9}" => key removed successfully
C:\Windows\System32\Tasks\Security Center Update - 1042697273 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1042697273 => key not found.
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\ksuser.dll" => not found.
"C:\Users\cramirez\AppData\Roaming\Sucuewac" => not found.
"C:\Users\cramirez\AppData\Roaming\Zoifukat" => not found.
"C:\Users\cramirez\AppData\Roaming\Liidopk" => not found.
"C:\Users\cramirez\AppData\Roaming\Vyuhnuly" => not found.
"C:\Users\cramirez\AppData\Roaming\Daeghyoh" => not found.
"C:\Users\cramirez\AppData\Roaming\Gooply" => not found.
"C:\Users\cramirez\AppData\Roaming\Ebagenz" => not found.
"C:\Users\cramirez\AppData\Roaming\Pywelo" => not found.
"C:\Users\cramirez\AppData\Roaming\Omafifgu" => not found.
"C:\Users\cramirez\AppData\Roaming\Reozopqi" => not found.
"C:\Users\cramirez\AppData\Roaming\Hiefarog" => not found.
"C:\Program Files (x86)\HD-Quality-v3V30.09" => not found.
"C:\Users\cramirez\AppData\Roaming\Ometew" => not found.
"C:\Users\cramirez\AppData\Roaming\Umbupuyx" => not found.
"C:\Users\cramirez\AppData\Roaming\Asxixoo" => not found.
"C:\Users\cramirez\AppData\Roaming\Agduiz" => not found.
"C:\Users\cramirez\AppData\Roaming\Weybgyad" => not found.
"C:\Users\cramirez\AppData\Roaming\Izfebog" => not found.
"C:\Users\cramirez\AppData\Roaming\Etyxvul" => not found.
"C:\Users\cramirez\AppData\Roaming\Ostule" => not found.
"C:\Users\cramirez\AppData\Roaming\Piqaxae" => not found.
"C:\Users\cramirez\AppData\Roaming\Ibanuk" => not found.
"C:\Users\cramirez\AppData\Roaming\Toexeks" => not found.
"C:\Users\cramirez\AppData\Roaming\Ywyxer" => not found.
"C:\Users\cramirez\AppData\Roaming\Olinupwu" => not found.
"C:\Users\cramirez\AppData\Roaming\Nysauft" => not found.
"C:\Users\cramirez\AppData\Roaming\Ukigweci" => not found.
"C:\Users\cramirez\AppData\Roaming\Yzebtiu" => not found.
"C:\Users\cramirez\AppData\Roaming\Soxuvoa" => not found.
"C:\Users\cramirez\AppData\Roaming\Bybiyro" => not found.
"C:\Users\cramirez\AppData\Roaming\Boigapky" => not found.
"C:\Users\cramirez\AppData\Roaming\Xypukuo" => not found.
"C:\Users\cramirez\AppData\Roaming\Yrekbu" => not found.
"C:\Users\cramirez\AppData\Roaming\Cahuniim" => not found.
"C:\Users\cramirez\AppData\Roaming\Orvaafty" => not found.
"C:\Users\cramirez\AppData\Roaming\Qiasha" => not found.
"C:\Users\cramirez\AppData\Roaming\Oqilylid" => not found.
"C:\Users\cramirez\AppData\Roaming\Nyveitbe" => not found.
"C:\Users\cramirez\AppData\Roaming\Ywqabefy" => not found.
"C:\Users\cramirez\AppData\Roaming\Heygqu" => not found.
"C:\Users\cramirez\AppData\Roaming\Wyikdoe" => not found.
"C:\Users\cramirez\AppData\Roaming\Aswaasav" => not found.
"C:\Users\cramirez\AppData\Roaming\Oqafafa" => not found.
"C:\Users\cramirez\AppData\Roaming\Qoezac" => not found.
"C:\Users\cramirez\AppData\Roaming\Alekipyb" => not found.
"C:\Users\cramirez\AppData\Roaming\Oxadca" => not found.
"C:\Users\cramirez\AppData\Roaming\Isroedos" => not found.
"C:\Users\cramirez\AppData\Roaming\Zitauc" => not found.
"C:\Users\cramirez\AppData\Roaming\Kazaozo" => not found.
"C:\Users\cramirez\AppData\Roaming\Fyzoxun" => not found.
"C:\Users\cramirez\AppData\Roaming\Binyilo" => not found.
"C:\Users\cramirez\AppData\Roaming\Ryaqat" => not found.
"C:\Users\cramirez\AppData\Roaming\Anoggym" => not found.
"C:\Users\cramirez\AppData\Roaming\Cacacuy" => not found.
"C:\Users\cramirez\AppData\Roaming\Akasyg" => not found.
"C:\Users\cramirez\AppData\Roaming\Eruwcu" => not found.
"C:\Users\cramirez\AppData\Roaming\Ostacogy" => not found.
"C:\Users\cramirez\AppData\Roaming\Uzytheo" => not found.
"C:\Users\cramirez\AppData\Roaming\Baruazpo" => not found.
"C:\Users\cramirez\AppData\Roaming\Uvteefuh" => not found.
"C:\Users\cramirez\AppData\Roaming\Ovoput" => not found.
"C:\Users\cramirez\AppData\Roaming\Gocanao" => not found.
"C:\Users\cramirez\AppData\Roaming\Muyflo" => not found.
EmptyTemp: => 4.9 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 20:03:35 ====

Looks like some progress is being made, please advise as to next steps when possible.

#4 nasdaq

Malware Response Team
39,909 posts
OFFLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:01:11 AM

Posted 21 December 2015 - 09:06 AM

Please run the Farbar Recovery Scan Tool. Enter InfiniNet in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

I will give you a fix to remove them.

===

What are the remaining issues with this computer?

#5 orlandotech

Topic Starter

Members
14 posts
OFFLINE

Local time:12:11 AM

Posted 21 December 2015 - 10:26 AM

Thanks again for a prompt response. Posted below are the contents of Search.txt:

Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Cramirez (2015-12-21 10:18:40)
Running from C:\Users\Cramirez.Adam-PC\Downloads
Boot Mode: Normal

================== Search Registry: "InfiniNet" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E177E101-E60A-4F60-A013-127E67650D59}]
""="IInfiniNetBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InfiniNet_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InfiniNet_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\InfiniNet_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\InfiniNet_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\InfiniNet_Setup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\InfiniNet_Setup_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateInfiniNet_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateInfiniNet_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilInfiniNet_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilInfiniNet_RASMANCS]
[HKEY_USERS\S-1-5-21-1825714650-2300932891-2364857043-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilInfiniNet_RASAPI32"

====== End of Search ======

At the moment, I don't know all of the remaining issues with this computer. In comparison with other computers on the network that were affected by CryptoWall, this computer takes a couple of hours to run ListCWall, and gives thousands of results. (ListCWall is running right now to see how many results) The other computers scan immediately and no CryptoWall infected files are found in registry.

#6 nasdaq

Malware Response Team
39,909 posts
OFFLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:01:11 AM

Posted 21 December 2015 - 01:30 PM

Copy the text IN THE CODE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E177E101-E60A-4F60-A013-127E67650D59}]
""=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InfiniNet_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\InfiniNet_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\InfiniNet_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\InfiniNet_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\InfiniNet_Setup_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\InfiniNet_Setup_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateInfiniNet_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateInfiniNet_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilInfiniNet_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilInfiniNet_RASMANCS]
[-HKEY_USERS\S-1-5-21-1825714650-2300932891-2364857043-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"=-

Restart the when completed.

You can delete the fixme.reg file when done.

===

Any improvement?

#7 orlandotech

Topic Starter

Members
14 posts
OFFLINE

Local time:12:11 AM

Posted 21 December 2015 - 02:25 PM

Not sure yet. Registry was merged, machine restarted and fixme.reg deleted, and I ran the FARBAR scan tool once again to see where we're at:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Cramirez (administrator) on ADAM-PC (21-12-2015 14:19:55)
Running from C:\Users\Cramirez.Adam-PC\Downloads
Loaded Profiles: Cramirez (Available Profiles: Cramirez & networksupport & Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_comm_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_system_customer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_user_customer.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
(FUJITSU LIMITED) C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\FiWiaChecker.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8321568 2009-11-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [FtLnSOP_setup] => C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe
HKLM-x32\...\Run: [FJTWAIN Setup] => C:\Windows\Twain_32\fjscan32\FjtwMkup.exe /Station
HKLM-x32\...\Run: [FiWIA Service Checker] => C:\Windows\Twain_32\Fjscan32\FiWiaChecker.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [FTPWRENV] => C:\Windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
HKLM-x32\...\Run: [**FjISIS WIA Service Checker<*>] => C:\Windows\pixtran\fujitsu\FiWiaChecker.exe [ ] () <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
HKU\S-1-5-21-1825714650-2300932891-2364857043-1004\...\RunOnce: [Uninstall C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft\OneDrive\17.3.5860.0512] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft\OneDrive\17.3.5860.0512"
HKU\S-1-5-21-1825714650-2300932891-2364857043-1004\...\RunOnce: [Uninstall C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
HKU\S-1-5-21-1825714650-2300932891-2364857043-1004\...\RunOnce: [Uninstall C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\Administrator.Adam-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-12-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-09-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Error Recovery Guide.lnk [2015-10-22]
ShortcutTarget: Error Recovery Guide.lnk -> C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe (PFU LIMITED)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{BCD4C1CA-02CD-461F-9F31-46BD80A23187}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKU\S-1-5-21-1825714650-2300932891-2364857043-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} hxxp://hoaccams.dyndns.org:8090/WebClient.exe
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Cramirez.Adam-PC\AppData\Roaming\Mozilla\Firefox\Profiles\1uyhj7u9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2012-01-23] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-17] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Cramirez.Adam-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cramirez.Adam-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-18] (Dropbox, Inc.)
R2 Emc.Captiva.WebCaptureService; C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [39936 2012-04-04] (EMC Corporation) [File not signed]
R2 FJTWMKSV; C:\Windows\twain_32\fjscan32\FJTWMKSV.exe [36864 2011-07-20] (PFU LIMITED) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-02-10] (Macrovision Europe Ltd.) [File not signed]
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\888\g2ax_service.exe [610528 2015-10-08] (Citrix Systems, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-09-01] ()
R3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-15] (support.com, Inc)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-21 10:18 - 2015-12-21 10:18 - 00001395 _____ C:\Users\Cramirez.Adam-PC\Downloads\Search.txt
2015-12-20 19:24 - 2015-12-20 20:03 - 00053742 _____ C:\Users\Cramirez.Adam-PC\Downloads\Fixlog_1.txt
2015-12-20 19:23 - 2015-12-20 19:23 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\FRST-OlderVersion
2015-12-18 17:07 - 2015-12-18 17:08 - 00060785 _____ C:\Users\Cramirez.Adam-PC\Downloads\Addition.txt
2015-12-18 17:06 - 2015-12-21 14:19 - 00018693 _____ C:\Users\Cramirez.Adam-PC\Downloads\FRST.txt
2015-12-18 17:05 - 2015-12-21 14:19 - 00000000 ____D C:\FRST
2015-12-18 17:05 - 2015-12-20 19:23 - 02370560 _____ (Farbar) C:\Users\Cramirez.Adam-PC\Downloads\FRST64.exe
2015-12-18 14:21 - 2015-12-18 14:21 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Desktop\ListCWall_Backup
2015-12-18 12:11 - 2015-12-11 15:00 - 00452424 _____ (Bleeping Computer, LLC) C:\ListCWall.exe
2015-12-18 12:08 - 2015-12-20 20:13 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\FSDART
2015-12-17 10:35 - 2015-12-17 13:32 - 00000000 ___RD C:\Users\Cramirez.Adam-PC\Dropbox (Cardama Law)
2015-12-17 10:35 - 2015-12-17 10:35 - 00001232 _____ C:\Users\Cramirez.Adam-PC\Desktop\Dropbox (Cardama Law).lnk
2015-12-17 10:35 - 2015-12-17 10:35 - 00000000 __HDL C:\Users\Cramirez.Adam-PC\Dropbox
2015-12-14 17:51 - 2015-12-21 14:18 - 00000926 _____ C:\Users\Cramirez.Adam-PC\Desktop\ListCWall.txt
2015-12-14 17:46 - 2015-12-14 17:46 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Desktop\Encrypted_Files
2015-12-14 14:10 - 2015-12-14 14:10 - 00452424 _____ (Bleeping Computer, LLC) C:\Users\networksupport\Downloads\ListCWall.exe
2015-12-14 14:05 - 2015-12-14 14:05 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\ISIS Drivers
2015-12-14 14:04 - 2015-12-14 14:04 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\Adobe
2015-12-14 14:04 - 2015-12-14 14:04 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Local\Google
2015-12-14 14:04 - 2015-12-14 14:04 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Local\Dropbox
2015-12-14 14:04 - 2015-12-14 14:04 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Local\Adobe
2015-12-14 13:57 - 2015-12-14 13:57 - 00126488 _____ C:\Users\networksupport\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Roaming\Roxio
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Roaming\ISIS Drivers
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Roaming\ATI
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Local\Dropbox
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Local\ATI
2015-12-14 13:57 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Local\Adobe
2015-12-14 13:56 - 2015-12-15 08:25 - 00000000 ____D C:\Users\networksupport\AppData\Roaming\Media Center Programs
2015-12-14 13:56 - 2015-12-15 08:25 - 00000000 ____D C:\Users\networksupport\AppData\Roaming\Macromedia
2015-12-14 13:56 - 2015-12-15 08:25 - 00000000 ____D C:\Users\networksupport\AppData\Local\SoftThinks
2015-12-14 13:56 - 2015-12-15 08:25 - 00000000 ____D C:\Users\networksupport
2015-12-14 13:56 - 2015-12-14 13:57 - 00000000 ____D C:\Users\networksupport\AppData\Roaming\Adobe
2015-12-14 13:56 - 2015-12-14 13:56 - 00001379 _____ C:\Users\networksupport\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-14 13:56 - 2015-12-14 13:56 - 00001108 __RSH C:\Users\networksupport\ntuser.pol
2015-12-14 13:56 - 2015-12-14 13:56 - 00000020 ___SH C:\Users\networksupport\ntuser.ini
2015-12-14 13:56 - 2015-12-14 13:56 - 00000000 _SHDL C:\Users\networksupport\My Documents
2015-12-14 13:56 - 2015-12-14 13:56 - 00000000 _SHDL C:\Users\networksupport\Documents\My Videos
2015-12-14 13:56 - 2015-12-14 13:56 - 00000000 _SHDL C:\Users\networksupport\Documents\My Pictures
2015-12-14 13:56 - 2015-12-14 13:56 - 00000000 _SHDL C:\Users\networksupport\Documents\My Music
2015-12-14 13:56 - 2015-12-14 13:56 - 00000000 ____D C:\Users\networksupport\AppData\Local\Google
2015-12-14 13:56 - 2015-09-01 15:40 - 00000000 ____D C:\Users\networksupport\AppData\Local\Microsoft Help
2015-12-12 15:38 - 2015-12-12 15:38 - 29118980 _____ C:\Users\Cramirez.Adam-PC\AppData\Local\census.cache
2015-12-12 15:37 - 2015-12-12 15:37 - 00147244 _____ C:\Users\Cramirez.Adam-PC\AppData\Local\ars.cache
2015-12-11 23:51 - 2015-12-11 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 16:22 - 2015-12-11 16:22 - 02406064 _____ (Trend Micro Inc.) C:\Users\Cramirez.Adam-PC\Downloads\HousecallLauncher64.exe
2015-12-11 16:22 - 2015-12-11 16:22 - 00000036 _____ C:\Users\Cramirez.Adam-PC\AppData\Local\housecall.guid.cache
2015-12-11 15:00 - 2015-12-14 17:07 - 16623238 _____ C:\Users\Cramirez.Adam-PC\Desktop\ListCWall-1.txt
2015-12-11 15:00 - 2015-12-11 15:00 - 00452424 _____ (Bleeping Computer, LLC) C:\Users\Cramirez.Adam-PC\Downloads\ListCWall.exe
2015-12-11 14:16 - 2015-12-18 01:43 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-11 14:16 - 2015-12-11 14:16 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\TeamViewer
2015-12-11 14:15 - 2015-12-18 01:43 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-11 14:14 - 2015-12-11 14:14 - 09612112 _____ (TeamViewer GmbH) C:\Users\Cramirez.Adam-PC\Downloads\TeamViewer_Setup_en.exe
2015-12-11 13:30 - 2015-12-11 13:30 - 00452424 _____ (Bleeping Computer, LLC) C:\Users\Cramirez.Adam-PC\Desktop\ListCWall.exe
2015-12-11 08:27 - 2015-12-11 08:27 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-08 14:03 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 14:03 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 14:03 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 14:03 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 14:03 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 14:03 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 14:03 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 14:03 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 14:03 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 14:03 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 14:03 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 14:03 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 14:03 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 14:03 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 14:03 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 14:03 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 14:03 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 14:03 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 14:03 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 14:03 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 14:03 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 14:03 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 14:03 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 14:03 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 14:03 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 14:03 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 14:03 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 14:03 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 14:03 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 14:03 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 14:03 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 14:03 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 14:03 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 14:03 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 14:03 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 14:03 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 14:03 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 14:03 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 14:03 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 14:03 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 14:03 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 14:03 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 14:03 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 14:03 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 14:03 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 14:03 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 14:03 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 14:03 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 14:03 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 14:03 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 14:03 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 14:03 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 14:03 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 14:03 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 14:03 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 14:03 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 14:03 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 14:03 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 14:03 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 14:03 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 14:03 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 14:03 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 14:03 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 14:03 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 14:03 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 14:03 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 14:03 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 14:03 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 14:03 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 14:03 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 14:03 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 14:03 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 14:03 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 14:03 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 14:03 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 14:03 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 14:03 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 14:03 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 14:03 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 14:03 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 14:03 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 14:03 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 14:03 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 14:03 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 14:03 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 14:03 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 14:03 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 14:03 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 14:02 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 14:02 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-07 13:25 - 2015-12-07 13:25 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Roxio Burn
2015-12-03 09:55 - 2015-12-03 09:55 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 09:55 - 2015-12-03 09:55 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-02 11:21 - 2015-12-02 11:21 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12d1d785c9361.job
2015-11-30 16:39 - 2015-12-16 21:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-30 16:39 - 2015-11-30 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-30 16:39 - 2015-11-30 16:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-30 16:39 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-30 16:39 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-30 16:39 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-30 16:38 - 2015-11-30 16:38 - 22908888 _____ (Malwarebytes ) C:\Users\Cramirez.Adam-PC\Downloads\mbam-setup-2.2.0.1024.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-21 14:20 - 2015-07-15 20:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0bf6625811bb1.job
2015-12-21 14:20 - 2012-02-29 09:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-21 14:14 - 2015-06-16 08:25 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Dropbox
2015-12-21 14:14 - 2012-02-29 09:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-21 14:14 - 2012-01-23 12:17 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-12-21 14:14 - 2012-01-23 12:17 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-12-21 14:14 - 2012-01-23 11:50 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-12-21 14:14 - 2009-07-13 23:45 - 00026448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-21 14:14 - 2009-07-13 23:45 - 00026448 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-21 14:10 - 2009-07-14 00:13 - 00782922 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-21 14:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-21 14:06 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-21 13:45 - 2012-04-08 14:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-20 20:17 - 2012-01-23 12:07 - 00000000 ____D C:\ProgramData\Sonic
2015-12-20 19:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-18 15:27 - 2015-10-22 11:41 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Documents\Outlook Files
2015-12-18 14:21 - 2012-02-10 14:55 - 00000000 ____D C:\ProgramData\FLEXnet
2015-12-18 12:16 - 2015-10-22 12:46 - 00000000 ____D C:\ProgramData\F-Secure
2015-12-18 12:15 - 2015-10-22 12:46 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\F-Secure
2015-12-17 10:35 - 2015-05-04 14:47 - 00000000 ____D C:\Users\Cramirez.Adam-PC
2015-12-16 14:23 - 2012-08-24 09:29 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 13:55 - 2011-02-10 09:01 - 00000000 ____D C:\dell
2015-12-15 23:55 - 2015-08-26 10:22 - 00000000 ____D C:\ProgramData\VucpAywi
2015-12-15 23:55 - 2015-04-30 14:29 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\GFI Software
2015-12-15 23:55 - 2015-03-16 12:52 - 00000000 ____D C:\ProgramData\RICOH
2015-12-15 23:55 - 2014-06-06 14:37 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-15 23:55 - 2012-03-18 13:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-15 23:55 - 2012-02-10 12:19 - 00000000 ____D C:\ProgramData\The Fund
2015-12-15 23:55 - 2012-01-23 12:08 - 00000000 ____D C:\ProgramData\PhotoShow Shared Assets
2015-12-15 23:54 - 2014-06-11 14:06 - 00000000 _RSHD C:\OSTCS
2015-12-15 23:54 - 2012-09-19 09:55 - 00000000 ____D C:\ARNOW_fonts
2015-12-15 23:54 - 2012-09-17 12:31 - 00000000 ____D C:\ProgramData\HP
2015-12-15 23:54 - 2012-01-23 13:12 - 00000000 ____D C:\ProgramData\dell
2015-12-15 23:54 - 2012-01-23 12:05 - 00000000 ____D C:\ProgramData\Macrovision
2015-12-15 21:22 - 2012-01-23 12:02 - 00000000 ____D C:\Program Files\Dell Support Center
2015-12-15 21:14 - 2015-08-26 13:06 - 00000000 ____D C:\ProgramData\Outsource Testing, Inc
2015-12-15 21:14 - 2015-06-10 14:22 - 00000000 ____D C:\ProgramData\UAB
2015-12-15 21:14 - 2015-05-07 11:27 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2015-12-15 21:14 - 2015-04-30 14:29 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\Roxio
2015-12-15 21:14 - 2015-04-30 14:29 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\ATI
2015-12-15 21:14 - 2015-04-30 14:29 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Local\ATI
2015-12-15 21:14 - 2015-04-30 14:28 - 00000000 ___RD C:\Users\Administrator.Adam-PC\Desktop\Play Games
2015-12-15 21:14 - 2015-04-30 14:28 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\Media Center Programs
2015-12-15 21:14 - 2015-04-30 14:28 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Roaming\Macromedia
2015-12-15 21:14 - 2015-04-30 14:28 - 00000000 ____D C:\Users\Administrator.Adam-PC\AppData\Local\SoftThinks
2015-12-15 21:14 - 2015-04-30 14:28 - 00000000 ____D C:\Users\Administrator.Adam-PC
2015-12-15 21:14 - 2015-04-28 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer
2015-12-15 21:14 - 2015-04-27 14:59 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-12-15 21:14 - 2015-04-27 14:58 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-15 21:14 - 2015-04-27 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USTechSupport LLC
2015-12-15 21:14 - 2015-02-04 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\novaPDF 7
2015-12-15 21:14 - 2015-02-04 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Law Software
2015-12-15 21:14 - 2014-10-23 10:09 - 00000000 ____D C:\ProgramData\Oracle
2015-12-15 21:14 - 2014-10-23 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-15 21:14 - 2014-09-30 18:35 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-15 21:14 - 2014-06-11 14:06 - 00000000 ____D C:\US Tech Support LLC
2015-12-15 21:14 - 2014-06-11 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\US Tech Support LLC
2015-12-15 21:14 - 2014-06-06 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-12-15 21:14 - 2013-12-11 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-12-15 21:14 - 2013-10-07 09:02 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-12-15 21:14 - 2013-05-24 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-15 21:14 - 2013-04-18 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scanner Utility for Microsoft Windows
2015-12-15 21:14 - 2013-04-18 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Error Recovery Guide
2015-12-15 21:14 - 2013-04-18 11:37 - 00000000 ____D C:\ProgramData\ScandAllPRO
2015-12-15 21:14 - 2013-02-20 12:32 - 00000000 ____D C:\ProgramData\Norton
2015-12-15 21:14 - 2013-02-01 15:04 - 00000000 ____D C:\ProgramData\Mozilla
2015-12-15 21:14 - 2012-09-17 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-12-15 21:14 - 2012-09-17 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-12-15 21:14 - 2012-08-24 09:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-15 21:14 - 2012-02-10 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-15 21:14 - 2012-02-10 14:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-15 21:14 - 2012-02-10 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProPel
2015-12-15 21:14 - 2012-02-10 12:23 - 00000000 ____D C:\ProgramData\SQL Anywhere 11
2015-12-15 21:14 - 2012-02-10 12:09 - 00000000 ____D C:\System
2015-12-15 21:14 - 2012-02-10 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-12-15 21:14 - 2012-01-23 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter
2015-12-15 21:14 - 2012-01-23 12:06 - 00000000 ____D C:\ProgramData\Roxio
2015-12-15 21:14 - 2012-01-23 12:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
2015-12-15 21:14 - 2012-01-23 12:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-12-15 21:14 - 2012-01-23 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-12-15 21:14 - 2012-01-23 11:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Stage
2015-12-15 21:14 - 2012-01-23 11:54 - 00000000 ____D C:\ProgramData\Temp
2015-12-15 21:14 - 2012-01-23 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-15 21:14 - 2012-01-23 11:52 - 00000000 ____D C:\ProgramData\Skype
2015-12-15 21:14 - 2012-01-23 11:50 - 00000000 ____D C:\Temp
2015-12-15 21:14 - 2012-01-23 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe
2015-12-15 21:14 - 2012-01-23 11:45 - 00000000 ____D C:\ProgramData\WildTangent
2015-12-15 21:14 - 2012-01-23 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-12-15 21:14 - 2012-01-23 11:43 - 00000000 ____D C:\ProgramData\Sun
2015-12-15 21:14 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-15 21:13 - 2015-06-16 08:25 - 00000000 ____D C:\ProgramData\Dropbox
2015-12-15 21:13 - 2015-04-28 14:45 - 00000000 ____D C:\ProgramData\Informer Technologies, Inc
2015-12-15 21:13 - 2015-02-04 10:41 - 00000000 ____D C:\ProgramData\flsplan
2015-12-15 21:13 - 2014-06-11 14:07 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-15 21:13 - 2014-06-06 13:28 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-15 21:13 - 2013-04-18 11:41 - 00000000 ____D C:\ProgramData\InstallShield
2015-12-15 21:13 - 2013-04-18 11:41 - 00000000 ____D C:\ProgramData\Fujitsu
2015-12-15 21:13 - 2012-09-17 12:36 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-12-15 21:13 - 2012-08-24 09:27 - 00000000 ____D C:\ProgramData\Google
2015-12-15 21:13 - 2012-06-01 15:31 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-12-15 21:13 - 2012-02-10 12:01 - 00000000 ____D C:\ProgramData\Brother
2015-12-15 21:13 - 2012-01-23 12:26 - 00000000 ____D C:\ProgramData\ATI
2015-12-15 21:13 - 2012-01-23 12:13 - 00000000 ____D C:\ProgramData\McAfee
2015-12-15 21:13 - 2012-01-23 12:03 - 00000000 ____D C:\ProgramData\Adobe
2015-12-15 21:13 - 2012-01-23 11:54 - 00000000 ____D C:\ProgramData\install_clap
2015-12-15 21:12 - 2015-04-28 14:45 - 00000000 ____D C:\Program Files\Software Informer
2015-12-15 21:12 - 2015-04-28 13:51 - 00000000 ___HD C:\OneDriveTemp
2015-12-15 21:12 - 2015-02-04 10:40 - 00000000 ____D C:\Program Files\Softland
2015-12-15 21:12 - 2014-06-10 12:35 - 00000000 ____D C:\HP Universal Print Driver
2015-12-15 21:12 - 2014-06-06 13:30 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-15 21:12 - 2012-09-17 11:53 - 00000000 ____D C:\Brother
2015-12-15 21:12 - 2012-08-24 09:27 - 00000000 ____D C:\Program Files\Google
2015-12-15 21:12 - 2012-03-18 13:38 - 00000000 ____D C:\Program Files\CCleaner
2015-12-15 21:12 - 2012-02-10 14:35 - 00000000 ____D C:\Program Files\Microsoft Office
2015-12-15 21:12 - 2012-02-10 14:34 - 00000000 __RHD C:\MSOCache
2015-12-15 21:12 - 2012-02-10 11:42 - 00000000 ____D C:\FIND_EULA_PATH
2015-12-15 21:12 - 2012-01-23 13:21 - 00000000 ____D C:\Program Files\Realtek
2015-12-15 21:12 - 2012-01-23 13:01 - 00000000 ____D C:\Program Files\Dell Games Folder
2015-12-15 21:12 - 2012-01-23 12:16 - 00000000 ____D C:\Program Files\dell stage
2015-12-15 21:12 - 2012-01-23 12:08 - 00000000 ____D C:\Program Files\Roxio
2015-12-15 21:12 - 2012-01-23 11:58 - 00000000 ____D C:\Program Files\Windows Live
2015-12-15 21:12 - 2012-01-23 11:43 - 00000000 ____D C:\Program Files\Java
2015-12-15 21:12 - 2012-01-23 11:26 - 00000000 ____D C:\Program Files\Dell Inc
2015-12-15 21:12 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\MSBuild
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-12-15 21:12 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-12-15 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Windows NT
2015-12-15 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-15 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-12-15 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Services
2015-12-15 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-15 21:12 - 2009-07-13 22:20 - 00000000 ____D C:\PerfLogs
2015-12-15 21:11 - 2015-08-26 10:24 - 00000000 ____D C:\AdwCleaner
2015-12-15 21:11 - 2015-08-06 11:25 - 00000000 ___HD C:\187b57fb
2015-12-15 21:11 - 2014-06-11 14:06 - 00000000 ____D C:\ChromeBackup
2015-12-15 11:13 - 2015-06-02 08:28 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\bank statements
2015-12-15 11:13 - 2015-05-04 14:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\Jaelynn
2015-12-15 11:13 - 2015-05-04 14:50 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Desktop\Misc
2015-12-15 08:25 - 2015-11-05 10:02 - 00000000 ___RD C:\Users\Guest\Desktop\Play Games
2015-12-15 08:25 - 2015-11-05 10:02 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2015-12-15 08:25 - 2015-11-05 10:02 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2015-12-15 08:25 - 2015-11-05 10:02 - 00000000 ____D C:\Users\Guest\AppData\Local\SoftThinks
2015-12-15 08:25 - 2015-11-05 10:02 - 00000000 ____D C:\Users\Guest
2015-12-15 08:25 - 2015-08-28 17:09 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\LocalLow\Sun
2015-12-15 08:25 - 2015-08-26 09:03 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\supportdotcom
2015-12-15 08:25 - 2015-08-25 13:04 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Local Stores
2015-12-15 08:25 - 2015-07-06 09:34 - 00000000 ___RD C:\Users\Cramirez.Adam-PC\OneDrive
2015-12-15 08:25 - 2015-06-10 14:22 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\Driver Support
2015-12-15 08:25 - 2015-05-14 13:07 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\adtasup
2015-12-15 08:25 - 2015-05-12 12:38 - 00000000 ___RD C:\Users\Cramirez.Adam-PC\SkyDrive
2015-12-15 08:25 - 2015-05-07 11:13 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Google
2015-12-15 08:25 - 2015-05-06 15:15 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Microsoft Help
2015-12-15 08:25 - 2015-05-05 08:54 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Documents\Updater5
2015-12-15 08:25 - 2015-05-05 08:15 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Mozilla
2015-12-15 08:25 - 2015-05-05 08:15 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Mozilla
2015-12-15 08:25 - 2015-05-04 15:39 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Dropbox
2015-12-15 08:25 - 2015-05-04 15:16 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Adobe
2015-12-15 08:25 - 2015-05-04 14:54 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\SAPV2015VUP
2015-12-15 08:25 - 2015-05-04 14:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\SAPV181VUP
2015-12-15 08:25 - 2015-05-04 14:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\S2MSP_V334UP
2015-12-15 08:25 - 2015-05-04 14:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\installers
2015-12-15 08:25 - 2015-05-04 14:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Downloads\Disk1
2015-12-15 08:25 - 2015-05-04 14:48 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Roxio
2015-12-15 08:25 - 2015-05-04 14:48 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\GFI Software
2015-12-15 08:25 - 2015-05-04 14:48 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\ATI
2015-12-15 08:25 - 2015-05-04 14:47 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Media Center Programs
2015-12-15 08:25 - 2015-05-04 14:47 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Roaming\Macromedia
2015-12-15 08:25 - 2015-05-04 14:47 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\SoftThinks
2015-12-15 08:25 - 2012-02-10 12:06 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-12-15 08:25 - 2012-02-10 12:06 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-12-15 08:25 - 2012-01-23 13:01 - 00000000 ___RD C:\Users\Default\Desktop\Play Games
2015-12-15 08:25 - 2012-01-23 13:01 - 00000000 ___RD C:\Users\Default User\Desktop\Play Games
2015-12-15 08:25 - 2010-11-21 02:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-12-15 08:25 - 2010-11-21 02:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-12-15 08:21 - 2015-06-10 14:18 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Downloaded Installers
2015-12-15 08:21 - 2015-05-06 08:17 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Google
2015-12-15 08:21 - 2015-05-05 08:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Adobe
2015-12-15 08:21 - 2015-05-05 08:17 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\Macromedia
2015-12-15 08:21 - 2015-05-04 14:48 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\ATI
2015-12-15 07:09 - 2015-05-04 14:53 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Documents\Family Law Software
2015-12-15 06:49 - 2015-05-05 08:15 - 00000000 ____D C:\Users\Cramirez.Adam-PC\Dropbox (Old)
2015-12-14 14:04 - 2015-04-30 14:29 - 00126488 _____ C:\Users\Administrator.Adam-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-14 14:04 - 2015-04-30 14:29 - 00001375 _____ C:\Users\Administrator.Adam-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-14 14:04 - 2015-04-30 14:28 - 00001108 __RSH C:\Users\Administrator.Adam-PC\ntuser.pol
2015-12-14 14:04 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-14 13:34 - 2012-11-07 22:16 - 00821004 _____ C:\Windows\ntbtlog.txt
2015-12-14 08:57 - 2009-07-13 23:45 - 00458744 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-11 23:52 - 2015-09-18 08:17 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-11 16:22 - 2015-09-01 08:56 - 00126488 _____ C:\Users\Cramirez.Adam-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-11 08:27 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-09 04:28 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-09 03:37 - 2013-05-24 13:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 03:37 - 2013-05-24 13:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-08 16:45 - 2012-04-08 14:39 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 16:45 - 2012-01-23 11:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-07 15:05 - 2015-09-16 14:18 - 00000000 ____D C:\Users\Cramirez.Adam-PC\AppData\Local\ElevatedDiagnostics
2015-12-07 13:15 - 2014-06-06 13:36 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-02 13:18 - 2010-11-20 22:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-02 11:21 - 2015-09-17 00:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f10915d0f2ba.job

==================== Files in the root of some directories =======

2015-12-12 15:37 - 2015-12-12 15:37 - 0147244 _____ () C:\Users\Cramirez.Adam-PC\AppData\Local\ars.cache
2015-12-12 15:38 - 2015-12-12 15:38 - 29118980 _____ () C:\Users\Cramirez.Adam-PC\AppData\Local\census.cache
2015-12-11 16:22 - 2015-12-11 16:22 - 0000036 _____ () C:\Users\Cramirez.Adam-PC\AppData\Local\housecall.guid.cache
2012-09-17 12:31 - 2013-02-20 12:20 - 0002238 _____ () C:\ProgramData\hpzinstall.log
2014-06-11 13:51 - 2015-09-01 11:22 - 0062828 _____ () C:\ProgramData\xportnchk.ini

Files to move or delete:
====================
C:\Windows\pixtran\fujitsu\FiWiaChecker.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-20 00:50

==================== End of FRST.txt ============================

#8 nasdaq

Malware Response Team
39,909 posts
OFFLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:01:11 AM

Posted 22 December 2015 - 08:22 AM

If you did not get an error message then there are deleted.
You can always run the FRSt search and find out.

===

If your problem persists try this.

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.
http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7

#9 nasdaq

Malware Response Team
39,909 posts
OFFLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:01:11 AM

Posted 28 December 2015 - 11:18 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 orlandotech

Topic Starter

Members
14 posts
OFFLINE

Local time:12:11 AM

Posted 01 January 2016 - 02:25 PM

nasdaq, sorry for the delayed response. I'm back at this task, currently running ListCwall to see if there is a difference in the number of files it finds. I'll post with results when the scan completes.

#11 orlandotech

Topic Starter

Members
14 posts
OFFLINE

Local time:12:11 AM

Posted 01 January 2016 - 08:48 PM

What I've found at this point is that if I run ListCWall on a separate user account, I receive "No files encrypted by CryptoWall were found in the registry". However, on the primary user account, where I have been working to contain/clean the infection, ListCWall continues to give me a result of 70,038 encrypted files found. The same number was found upon initial scan utilizing ListCWall. Will ListCWall be giving me false positives, or have I missed something in the process of trying to eliminate CryptoWall?

I'm not seeing any unusual activity on the computer/user account, but I want to be sure that the CryptoWall infection is removed prior to releasing the computer next week.

#12 nasdaq

Malware Response Team
39,909 posts
OFFLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:01:11 AM

Posted 02 January 2016 - 08:54 AM

Quoted from this article.
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

How to find files that have been encrypted by CryptoWall

When CryptoWall encrypts a file it will store the file and its path as a value in the Windows Registry. The location of the subkey is in the following format:
HKCU\Software\<unique computer id>\<random id>
With an actual example being HKCU\Software\03DA0C0D2383CCC2BC8232DD0AAAD117\01133428ABDEEEFF. CryptoWall will then create a value for each file that it encrypts under this key.

etc...

The HKCU key(s) that was created by the infection mays still be in the registry.

Are the key(s) listed in the ListCwall.txt file that was created.

Attach a copy of the ListCwall.txt for my review.
Let me know if the keys are still in the registry.

#13 orlandotech

Topic Starter

Members
14 posts
OFFLINE

Local time:12:11 AM

Posted 02 January 2016 - 02:16 PM

Part one of ListCwall.txt attached. I had to break file in two parts to upload it.

Attached Files

ListCWall.txt 7.41MB 2 downloads

#14 orlandotech

Topic Starter

Members
14 posts
OFFLINE

Local time:12:11 AM

Posted 02 January 2016 - 02:21 PM

I'm unable to upload the 2nd part of ListCwall.txt due to file size restrictions.

One thing I did notice while scanning through the results of ListCWall, is that both of those users with infected files (Adam and cramirez) have been deleted, along with the related folders, so I'm not sure whey they appear in the results. The folders aren't visible in WIndows Explorer, or via command prompt. Hopefully that helps.

#15 nasdaq

Malware Response Team
39,909 posts
OFFLINE

Gender:Male
Location:Montreal, QC. Canada
Local time:01:11 AM

Posted 02 January 2016 - 03:49 PM

mcafee informs me it has quarantined a trojan - Artemis! - 9E52F321A396.

Sorry I should have checked this statement. I had in mind that MBAM was reporting it.
===

Please run the Farbar Recovery Scan Tool. Enter PE_Rom.dll in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

<<<>>>

The report from ListCwall.txt is as far as I know a picture of what entries are listed in the Registry.

Start by cleaning your Recycle bin all the users.

===

You can delete these files if found.
C:\11458558.zip
C:\11523271.zip
C:\14222775.zip
C:\14261254.zip
C:\ARNOW_fonts\GnuMICR.raw
C:\ARNOW_fonts\test.ps

Let me know if these files are located in the computer

C:\ProgramData\FLEXnet\adobe_00080000_event.log.bak
C:\ProgramData\GFI Software\AntiMalware\Logs\Agent-Msi.csv

and check a few of the others.

To make sure you see all the folders and files

Check this out.

Unhide files/folders Windows 7. <- make sure you can see all.
How To:
http://windows.microsoft.com/en-ca/windows/show-hidden-files#show-hidden-files=windows-7
<<<>>>

Keep me posted.