Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse BackDoor.Generic_c.AKAF


  • This topic is locked This topic is locked
10 replies to this topic

#1 Dorty

Dorty

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 21 January 2016 - 06:01 PM

Computer has been run for several years without anti-virus. Installed AVG and Malwarebytes. After 2 scans Malwarebytes says zero threats. AVG scan says "Trojan horse BackDoor.Generic_c.AKAF" status secured, AVG says it must restart to remove the threat, computer restarts, scan again and its still there. Googled the problem and found no solutions.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by Jim McCoy (administrator) on JIMMCCOY-PC (21-01-2016 17:47:55)
Running from C:\Users\Jim McCoy\Desktop
Loaded Profiles: Jim McCoy (Available Profiles: Jim McCoy)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Alcatel-Lucent) C:\Program Files (x86)\ATT\8.3.1.18\ma\bin\MAHostService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Joyent, Inc) C:\Program Files (x86)\ATT\8.3.1.18\ma\bin\node.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Windows\System32\wercon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2008-09-11] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-10-17] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-10-17] (CyberLink)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1092872 2009-12-22] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2016-01-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-29] (Hewlett-Packard)
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [36776 2016-01-18] (Glarysoft Ltd)
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\...\MountPoints2: {317c9503-fe14-11dd-8201-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\...\MountPoints2: {b456ef97-5cf6-11de-9838-00248c2eb347} - J:\LaunchU3.exe -a
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\...\MountPoints2: {b456f003-5cf6-11de-9838-00248c2eb347} - J:\LaunchU3.exe -a
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssBranded.scr [8432640 2008-01-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-06-07]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2008-11-05]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2009-06-19]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Jim McCoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2016-01-21]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7CBFC06D-6F10-44BF-BE19-24C17F86E9C4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BCF8F0B7-32E2-4F07-ABD1-B442A634E347}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxp://mail.google.com/mail/&scc=1&ltmpl=default&ltmplcache=2&emr=1
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {36A7593F-2A71-458C-A463-7DABD74FFB97} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {EF13E7F0-F9DF-40D7-8C7B-E4BC505184A0} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {36A7593F-2A71-458C-A463-7DABD74FFB97} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {EF13E7F0-F9DF-40D7-8C7B-E4BC505184A0} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKU\S-1-5-21-3297909099-1810448441-2807066012-1000 -> {20B027E1-8619-6AD5-08D5-0B4841D78A30} URL =
SearchScopes: HKU\S-1-5-21-3297909099-1810448441-2807066012-1000 -> {36A7593F-2A71-458C-A463-7DABD74FFB97} URL =
SearchScopes: HKU\S-1-5-21-3297909099-1810448441-2807066012-1000 -> {EF13E7F0-F9DF-40D7-8C7B-E4BC505184A0} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-3297909099-1810448441-2807066012-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3297909099-1810448441-2807066012-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3297909099-1810448441-2807066012-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2012-11-05] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2009-11-08] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Jim McCoy\AppData\Roaming\Mozilla\Firefox\Profiles\z2gn9hz6.default
FF DefaultSearchEngine.US: Google
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.3.1.18\ma\bin\npMotive.dll [2013-12-02] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2016-01-20] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2016-01-20] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010-06-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2016-01-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

Chrome:
=======
CHR Profile: C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-11]
CHR Extension: (Google Docs) - C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-08]
CHR Extension: (Google Search) - C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30]
CHR Extension: (Google Sheets) - C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-11]
CHR Extension: (Google Docs Offline) - C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-30]
CHR Extension: (RealDownloader) - C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-11-06]
CHR Extension: (Skype) - C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR HKLM-x32\...\Chrome\Extension: [aaaanobhlcpfoihhejhjhpcclemfaocd] - C:\Users\Jim McCoy\AppData\Local\APN\GoogleCRXs\aaaanobhlcpfoihhejhjhpcclemfaocd_7.15.2.0.crx [2012-05-07]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AT&T Troubleshoot & Resolve; C:\Program Files (x86)\ATT\8.3.1.18\ma\bin\MAHostService.exe [321024 2013-12-02] (Alcatel-Lucent) [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [906752 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2010-09-14] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-08-08] (Intuit Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S1 crlscsi; C:\Windows\SysWow64\Drivers\crlscsi.sys [6144 1995-11-07] (Corel Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-01-20] (Glarysoft Ltd)
R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1486336 2008-09-10] (Conexant Systems, Inc.)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2010-08-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [354320 2010-05-28] (Kaspersky Lab)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 cpuz132; \??\C:\Users\JIMMCC~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 pypprnq; System32\drivers\doctm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-21 17:27 - 2016-01-21 17:27 - 00000102 _____ C:\Users\Jim McCoy\Downloads\FRST.txt
2016-01-21 17:26 - 2016-01-21 17:27 - 00037708 _____ C:\Users\Jim McCoy\Desktop\Addition.txt
2016-01-21 17:25 - 2016-01-21 17:47 - 00027249 _____ C:\Users\Jim McCoy\Desktop\FRST.txt
2016-01-21 17:24 - 2016-01-21 17:47 - 00000000 ____D C:\FRST
2016-01-21 17:22 - 2016-01-21 17:23 - 02370560 _____ (Farbar) C:\Users\Jim McCoy\Desktop\FRST64.exe
2016-01-20 21:46 - 2016-01-20 21:46 - 00001884 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2016-01-20 21:46 - 2016-01-20 21:46 - 00001804 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-01-20 21:42 - 2009-06-20 06:56 - 00589455 _____ C:\Windows\_detmp.1
2016-01-20 21:42 - 2001-02-26 19:48 - 00081920 _____ (Adobe Systems, Inc.) C:\Windows\_detmp.2
2016-01-20 21:23 - 2016-01-20 21:23 - 00000000 ____D C:\Users\Jim McCoy\AppData\Local\Macromedia
2016-01-20 20:25 - 2016-01-20 20:25 - 00000000 ____D C:\Users\Jim McCoy\AppData\Roaming\RealNetworks
2016-01-20 20:23 - 2016-01-20 20:23 - 00001061 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2016-01-20 20:23 - 2016-01-20 20:23 - 00000000 ____D C:\ProgramData\RealNetworks
2016-01-20 20:23 - 2016-01-20 20:23 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2016-01-20 20:15 - 2016-01-20 20:15 - 00000856 _____ C:\Users\Public\Desktop\EssentialPIM.lnk
2016-01-20 20:15 - 2016-01-20 20:15 - 00000000 ____D C:\Users\Jim McCoy\AppData\Local\Package Cache
2016-01-20 20:13 - 2016-01-20 20:13 - 00000000 ____D C:\Users\Jim McCoy\AppData\Local\ECRSC
2016-01-20 20:11 - 2016-01-20 20:12 - 38544480 _____ (RealNetworks, Inc.) C:\Users\Jim McCoy\Downloads\RealPlayer_v16.0.3.51.exe
2016-01-20 20:11 - 2016-01-20 20:11 - 29627072 _____ (Python Software Foundation) C:\Users\Jim McCoy\Downloads\Python(64bit)_v3.5.1.exe
2016-01-20 20:11 - 2016-01-20 20:11 - 11904472 _____ C:\Users\Jim McCoy\Downloads\EssentialPIM_v6.56.exe
2016-01-20 20:10 - 2016-01-20 20:11 - 10145632 _____ (ESTsoft Corp.) C:\Users\Jim McCoy\Downloads\ALZip_v8.51.exe
2016-01-20 20:10 - 2016-01-20 20:10 - 18507456 _____ (Adobe Systems Incorporated) C:\Users\Jim McCoy\Downloads\Adobe_Flash_Player_(IE)_v20.0.0.286.exe
2016-01-20 20:09 - 2016-01-20 20:10 - 18348472 _____ (Adobe Systems Inc.) C:\Users\Jim McCoy\Downloads\Adobe_Air_v20.0.0.233.exe
2016-01-20 20:05 - 2016-01-20 20:05 - 18348472 _____ (Adobe Systems Inc.) C:\Users\Jim McCoy\Downloads\Adobe_Air_v20.0.0.233.exe.part
2016-01-20 19:22 - 2016-01-21 10:53 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-01-20 19:22 - 2016-01-20 19:22 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2016-01-20 19:22 - 2016-01-20 19:22 - 00003326 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2016-01-20 19:22 - 2016-01-20 19:22 - 00002986 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2016-01-20 19:22 - 2016-01-20 19:22 - 00000893 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2016-01-20 19:22 - 2016-01-20 19:22 - 00000881 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2016-01-20 19:22 - 2016-01-20 19:22 - 00000000 ____D C:\Users\Jim McCoy\AppData\Roaming\GlarySoft
2016-01-20 19:22 - 2016-01-20 19:22 - 00000000 ____D C:\Users\Jim McCoy\AppData\Roaming\DiskDefrag
2016-01-20 19:22 - 2016-01-20 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2016-01-20 19:21 - 2016-01-20 19:21 - 15300640 _____ C:\Users\Jim McCoy\Downloads\gu5setup.exe
2016-01-20 15:09 - 2016-01-20 15:09 - 00000000 ____D C:\ProgramData\WindowsSearch
2016-01-20 13:37 - 2016-01-20 13:37 - 00000000 ____D C:\Users\Jim McCoy\AppData\Roaming\AVG
2016-01-20 13:36 - 2016-01-20 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-20 13:35 - 2016-01-20 18:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-20 13:35 - 2016-01-20 13:35 - 00000000 ___HD C:\$AVG
2016-01-20 13:32 - 2016-01-21 15:58 - 00000000 ____D C:\ProgramData\MFAData
2016-01-20 13:32 - 2016-01-20 13:32 - 00000765 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-20 13:32 - 2016-01-20 13:32 - 00000000 ____D C:\Users\Jim McCoy\AppData\Local\MFAData
2016-01-20 13:32 - 2016-01-20 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-01-20 13:30 - 2016-01-20 13:35 - 00000000 ____D C:\ProgramData\Avg
2016-01-20 13:30 - 2016-01-20 13:34 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-20 13:29 - 2016-01-20 13:37 - 00000000 ____D C:\Users\Jim McCoy\AppData\Local\Avg
2016-01-20 13:29 - 2016-01-20 13:35 - 00000000 ____D C:\Users\Jim McCoy\AppData\Local\AvgSetupLog
2016-01-20 13:23 - 2016-01-20 13:24 - 02924856 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jim McCoy\Downloads\AVG_Protection_Free_1025.exe
2016-01-20 13:22 - 2016-01-20 17:19 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-01-20 13:22 - 2016-01-20 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-01-20 13:22 - 2016-01-20 13:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-01-20 13:16 - 2016-01-20 13:16 - 00000903 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-20 13:12 - 2016-01-20 13:12 - 01846024 _____ (Malwarebytes ) C:\Users\Jim McCoy\Downloads\mbae-setup-1.08.1.1045.exe
2016-01-20 13:11 - 2016-01-20 13:12 - 22908888 _____ (Malwarebytes ) C:\Users\Jim McCoy\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-20 13:10 - 2016-01-20 18:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-20 13:10 - 2016-01-20 13:10 - 00000862 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-20 13:10 - 2016-01-20 13:10 - 00000850 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-20 13:10 - 2016-01-20 13:10 - 00000000 ____D C:\Users\Jim McCoy\AppData\Local\Mozilla
2016-01-20 13:10 - 2015-12-15 17:25 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-20 13:10 - 2015-12-15 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-20 13:10 - 2015-12-15 17:18 - 00579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-20 13:10 - 2015-12-15 16:50 - 01814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-20 13:10 - 2015-12-15 16:45 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-20 13:10 - 2015-12-15 16:44 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-20 13:10 - 2015-12-15 16:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-20 13:10 - 2015-12-15 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-20 13:10 - 2015-12-15 16:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-20 13:10 - 2015-12-15 16:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-20 13:10 - 2015-12-15 16:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-20 13:10 - 2015-12-15 16:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-20 13:09 - 2015-12-15 17:28 - 17892352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-20 13:09 - 2015-12-15 17:21 - 10938368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-20 13:09 - 2015-12-15 17:20 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-20 13:09 - 2015-12-15 17:20 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-20 13:09 - 2015-12-15 17:19 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-20 13:09 - 2015-12-15 17:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-20 13:09 - 2015-12-15 17:18 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-20 13:09 - 2015-12-15 17:18 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-20 13:09 - 2015-12-15 17:18 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-20 13:09 - 2015-12-15 17:18 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-20 13:09 - 2015-12-15 17:18 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-20 13:09 - 2015-12-15 17:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-20 13:09 - 2015-12-15 17:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-01-20 13:09 - 2015-12-15 17:18 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-20 13:09 - 2015-12-15 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-20 13:09 - 2015-12-15 17:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-20 13:09 - 2015-12-15 17:18 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-01-20 13:09 - 2015-12-15 17:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-01-20 13:09 - 2015-12-15 17:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-01-20 13:09 - 2015-12-15 16:49 - 12388864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-20 13:09 - 2015-12-15 16:47 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-20 13:09 - 2015-12-15 16:46 - 09753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-20 13:09 - 2015-12-15 16:45 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-20 13:09 - 2015-12-15 16:44 - 01804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-20 13:09 - 2015-12-15 16:44 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-20 13:09 - 2015-12-15 16:44 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-01-20 13:09 - 2015-12-15 16:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-20 13:09 - 2015-12-15 16:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-20 13:09 - 2015-12-15 16:43 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-20 13:09 - 2015-12-15 16:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-01-20 13:09 - 2015-12-15 16:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-01-20 13:09 - 2015-12-15 16:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-01-20 13:07 - 2016-01-20 13:09 - 45702448 _____ C:\Users\Jim McCoy\Downloads\Firefox Setup 43.0.1.exe
2016-01-17 03:10 - 2015-12-08 12:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-17 03:10 - 2015-12-08 11:39 - 01065984 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-17 03:09 - 2015-12-05 12:02 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-17 03:09 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-17 03:09 - 2015-12-05 11:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-17 03:09 - 2015-12-05 11:40 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-17 03:08 - 2015-12-05 12:03 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-17 03:08 - 2015-12-05 12:03 - 01567744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-17 03:08 - 2015-12-05 12:03 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-17 03:08 - 2015-12-05 12:03 - 01377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-17 03:08 - 2015-12-05 12:03 - 01326080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-17 03:08 - 2015-12-05 12:03 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-17 03:08 - 2015-12-05 12:03 - 01114624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-17 03:08 - 2015-12-05 12:03 - 00867328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-17 03:08 - 2015-12-05 12:03 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-17 03:08 - 2015-12-05 12:03 - 00759296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-17 03:08 - 2015-12-05 12:03 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-17 03:08 - 2015-12-05 12:03 - 00605184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-17 03:08 - 2015-12-05 12:03 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-17 03:08 - 2015-12-05 12:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-17 03:08 - 2015-12-05 12:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-17 03:08 - 2015-12-05 12:03 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-17 03:08 - 2015-12-05 12:03 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-17 03:08 - 2015-12-05 12:02 - 00613888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2VDEC.DLL
2016-01-17 03:08 - 2015-12-05 12:02 - 00606208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-17 03:08 - 2015-12-05 12:02 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-17 03:08 - 2015-12-05 12:02 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-17 03:08 - 2015-12-05 12:02 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ADEC.DLL
2016-01-17 03:08 - 2015-12-05 12:02 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-17 03:08 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-17 03:08 - 2015-12-05 12:02 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-17 03:08 - 2015-12-05 12:02 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-17 03:08 - 2015-12-05 12:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-17 03:08 - 2015-12-05 12:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-17 03:08 - 2015-12-05 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-17 03:08 - 2015-12-05 12:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-17 03:08 - 2015-12-05 11:41 - 01886208 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-17 03:08 - 2015-12-05 11:41 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-17 03:08 - 2015-12-05 11:41 - 01539072 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-17 03:08 - 2015-12-05 11:41 - 01350656 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-17 03:08 - 2015-12-05 11:41 - 01127424 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-17 03:08 - 2015-12-05 11:41 - 01090560 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-17 03:08 - 2015-12-05 11:41 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-17 03:08 - 2015-12-05 11:41 - 00819200 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-17 03:08 - 2015-12-05 11:41 - 00732160 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-17 03:08 - 2015-12-05 11:41 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-17 03:08 - 2015-12-05 11:40 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-17 03:08 - 2015-12-05 11:40 - 01571328 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-17 03:08 - 2015-12-05 11:40 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2VDEC.DLL
2016-01-17 03:08 - 2015-12-05 11:40 - 00644608 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-17 03:08 - 2015-12-05 11:40 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-17 03:08 - 2015-12-05 11:40 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ADEC.DLL
2016-01-17 03:08 - 2015-12-05 11:40 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-17 03:08 - 2015-12-05 11:40 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-17 03:08 - 2015-12-05 11:40 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-17 03:08 - 2015-12-05 11:40 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-17 03:08 - 2015-12-05 11:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-17 03:08 - 2015-12-05 11:39 - 01074176 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-17 03:08 - 2015-12-05 11:39 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-17 03:08 - 2015-12-05 11:39 - 00471040 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-17 03:08 - 2015-12-05 11:39 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-17 03:08 - 2015-12-05 11:39 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-17 03:08 - 2015-12-05 11:39 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-17 03:08 - 2015-12-05 11:39 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-17 03:08 - 2015-12-05 11:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-17 03:08 - 2015-12-05 11:22 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-17 03:07 - 2015-12-05 12:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-17 03:07 - 2015-12-05 11:39 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-17 03:02 - 2015-12-05 10:34 - 02799616 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-17 03:01 - 2015-12-30 11:47 - 04694464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-17 03:00 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-17 03:00 - 2015-11-13 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-17 03:00 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-17 03:00 - 2015-11-13 11:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-17 03:00 - 2015-11-13 10:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-09 11:51 - 2016-01-09 11:51 - 00028132 _____ C:\Users\Jim McCoy\Downloads\PaymentConfirmation (10).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-21 17:24 - 2006-11-02 08:33 - 00000000 ____D C:\Windows
2016-01-21 17:21 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-21 17:21 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-21 17:16 - 2013-03-25 15:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-21 10:53 - 2015-12-07 09:55 - 00003354 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3297909099-1810448441-2807066012-1000
2016-01-21 10:53 - 2015-12-07 09:55 - 00003228 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3297909099-1810448441-2807066012-1000
2016-01-21 03:36 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache
2016-01-21 03:28 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf
2016-01-21 03:28 - 2006-11-02 07:46 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-21 03:21 - 2014-01-08 15:06 - 00000000 ____D C:\Program Files (x86)\ATT
2016-01-21 03:20 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-21 03:18 - 2006-11-02 10:42 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-20 21:47 - 2012-02-12 06:18 - 00000000 ____D C:\Users\Jim McCoy\AppData\LocalLow\Macromedia
2016-01-20 21:47 - 2009-06-11 16:42 - 00000000 ____D C:\Users\Jim McCoy\AppData\LocalLow\Adobe
2016-01-20 21:47 - 2009-06-09 16:18 - 00000000 ____D C:\Users\Jim McCoy\AppData\Local\Adobe
2016-01-20 21:47 - 2008-11-05 05:35 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-01-20 21:45 - 2009-06-09 16:18 - 00000000 ____D C:\ProgramData\Adobe
2016-01-20 21:45 - 2009-06-09 16:18 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-20 21:43 - 2009-06-08 18:54 - 00000000 ____D C:\Users\Jim McCoy\AppData\Roaming\Adobe
2016-01-20 21:32 - 2013-03-25 15:19 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 21:32 - 2013-03-25 15:19 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-20 21:32 - 2011-10-14 18:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-20 20:55 - 2015-07-08 00:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-20 20:23 - 2013-05-20 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2016-01-20 20:21 - 2013-05-20 15:16 - 00000000 ____D C:\Program Files (x86)\real
2016-01-20 20:20 - 2010-04-07 12:50 - 00000000 ____D C:\ProgramData\Real
2016-01-20 20:19 - 2013-05-20 15:17 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2016-01-20 20:18 - 2013-05-20 15:17 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2016-01-20 20:18 - 2013-05-20 15:17 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2016-01-20 20:18 - 2013-05-20 15:17 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2016-01-20 20:15 - 2009-09-02 13:32 - 00000000 ____D C:\Users\Jim McCoy\AppData\Roaming\EssentialPIM
2016-01-20 20:15 - 2009-09-02 13:32 - 00000000 ____D C:\Program Files (x86)\EssentialPIM
2016-01-20 20:13 - 2009-06-20 06:54 - 00000922 _____ C:\ProgramData\Microsoft\Windows\Start Menu\ALZip.lnk
2016-01-20 20:13 - 2009-06-20 06:54 - 00000876 _____ C:\Users\Public\Desktop\ALZip.lnk
2016-01-20 20:13 - 2009-06-20 06:54 - 00000000 ____D C:\Users\Jim McCoy\AppData\Roaming\ESTsoft
2016-01-20 20:13 - 2009-06-20 06:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESTsoft
2016-01-20 20:13 - 2009-06-20 06:54 - 00000000 ____D C:\ProgramData\ESTsoft
2016-01-20 20:13 - 2009-06-20 06:54 - 00000000 ____D C:\Program Files (x86)\ESTsoft
2016-01-20 20:13 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\Resources
2016-01-20 18:28 - 2015-07-08 00:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-20 17:21 - 2009-06-09 16:18 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-20 17:08 - 2006-11-02 10:07 - 00000000 ____D C:\Windows\Performance
2016-01-20 17:07 - 2009-06-09 16:16 - 00000000 ____D C:\Users\Jim McCoy\AppData\Roaming\licenses
2016-01-20 13:47 - 2015-08-25 19:45 - 00000000 ____D C:\Program Files (x86)\Safer Technologies
2016-01-20 13:36 - 2015-08-25 19:52 - 00000000 ____D C:\Users\Jim McCoy\AppData\Roaming\TuneUp Software
2016-01-20 13:16 - 2015-07-08 00:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-20 13:10 - 2013-11-07 15:29 - 00000000 ____D C:\Users\Jim McCoy\AppData\Roaming\Mozilla
2016-01-20 08:27 - 2009-06-08 18:40 - 00191640 _____ C:\Users\Jim McCoy\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-20 08:21 - 2011-10-10 12:39 - 00000350 _____ C:\Windows\Tasks\HPCeeScheduleForJim McCoy.job
2016-01-20 08:21 - 2006-11-02 10:21 - 00574840 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-20 08:20 - 2008-11-05 06:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-20 08:18 - 2008-11-05 05:13 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-01-17 03:11 - 2010-06-04 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-17 03:07 - 2013-08-15 02:05 - 00000000 ____D C:\Windows\system32\MRT
2016-01-17 03:02 - 2006-11-02 07:35 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-01-16 16:44 - 2010-07-19 10:41 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2016-01-16 16:44 - 2010-04-22 12:27 - 00000000 ____D C:\Users\Jim McCoy\AppData\Roaming\HpUpdate
2016-01-16 16:44 - 2008-11-05 06:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2016-01-16 16:25 - 2011-11-15 18:24 - 00003122 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJim McCoy
2016-01-16 16:25 - 2009-06-19 19:21 - 00000000 ____D C:\Users\Jim McCoy\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2009-06-11 14:13 - 2009-06-11 14:13 - 0012358 _____ () C:\Users\Jim McCoy\AppData\Roaming\PFP120JCM.{PB
2009-06-11 14:13 - 2009-06-11 14:13 - 0061678 _____ () C:\Users\Jim McCoy\AppData\Roaming\PFP120JPR.{PB
2009-06-09 15:58 - 2015-11-06 08:55 - 0020026 _____ () C:\Users\Jim McCoy\AppData\Roaming\wklnhst.dat
2009-06-09 15:48 - 2015-12-07 09:51 - 0005324 _____ () C:\Users\Jim McCoy\AppData\Local\d3d9caps.dat
2010-01-14 11:22 - 2013-05-20 15:30 - 0046592 _____ () C:\Users\Jim McCoy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-13 20:42 - 2013-11-13 20:42 - 0386204 _____ () C:\Users\Jim McCoy\AppData\Local\dd_vcredistMSI236D.txt
2013-11-13 20:42 - 2013-11-13 20:42 - 0011392 _____ () C:\Users\Jim McCoy\AppData\Local\dd_vcredistUI236D.txt
2011-09-17 19:18 - 2011-09-17 19:18 - 5141477 _____ () C:\Users\Jim McCoy\AppData\Local\tmpDSC_0073.0
2011-09-17 19:18 - 2011-09-17 19:18 - 1171483 _____ () C:\Users\Jim McCoy\AppData\Local\tmpDSC_0073.JPG
2013-11-07 15:24 - 2013-11-07 15:24 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-06-19 19:31 - 2009-06-19 19:31 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-07-23 10:18 - 2015-07-08 01:52 - 0009113 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Jim McCoy\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Jim McCoy\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Jim McCoy\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Jim McCoy\AppData\Local\Temp\SDShelEx-x64.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-21 03:26

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 PM

Posted 22 January 2016 - 11:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Not very secured. All applications are out of date. Update for your security.

AV: Microsoft Security Essentials (Enabled - Out of date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: AVG AntiVirus Free Edition (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Microsoft Security Essentials (Enabled - Out of date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}

===

Remove via the Control Panel > Programs and Features.
SweetIM for Messenger 3.1 (HKLM-x32\...\{DA95E878-B181-4366-A433-6145592707A8}) (Version: 3.1.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {36A7593F-2A71-458C-A463-7DABD74FFB97} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {36A7593F-2A71-458C-A463-7DABD74FFB97} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\S-1-5-21-3297909099-1810448441-2807066012-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3297909099-1810448441-2807066012-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3297909099-1810448441-2807066012-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
CHR HKLM-x32\...\Chrome\Extension: [aaaanobhlcpfoihhejhjhpcclemfaocd] - C:\Users\Jim McCoy\AppData\Local\APN\GoogleCRXs\aaaanobhlcpfoihhejhjhpcclemfaocd_7.15.2.0.crx [2012-05-07]
S3 cpuz132; \??\C:\Users\JIMMCC~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 pypprnq; System32\drivers\doctm.sys [X]
C:\Users\Jim McCoy\AppData\Local\APN\GoogleCRXs\aaaanobhlcpfoihhejhjhpcclemfaocd_7.15.2.0.crx
Task: {5EE708D6-D91E-4FA9-A94E-D9A918A43419} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {7FC55430-A9C9-4990-8E5F-F79CE6501C9D} - \PastaQuotes -> No File <==== ATTENTION
Task: {951B77AB-B6D0-47A1-A6C7-59CC2C116EA1} - \ProPCCleaner_Start -> No File <==== ATTENTION
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\Software\Classes\.exe:  =>  <===== ATTENTION
C:\Users\Jim McCoy\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Jim McCoy\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Jim McCoy\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Jim McCoy\AppData\Local\Temp\SDShelEx-x64.dll

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists.

#3 Dorty

Dorty
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 22 January 2016 - 01:54 PM

You specified that these steps be done in order, I ran into a problem uninstalling SweetIM for Messenger. When I click uninstall an error message appears that says

"The feature you are trying to use is on a network resource that is unavailable.

Click OK to try again, or enter an alternate path to a folder containing the installation package "SweetIMSetup.msi" in the box below"



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 PM

Posted 22 January 2016 - 02:01 PM

Possibly it was uninstalled.

Leave it and continue...

#5 Dorty

Dorty
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 22 January 2016 - 05:40 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Jim McCoy (2016-01-22 14:07:44) Run:1
Running from C:\Users\Jim McCoy\Desktop
Loaded Profiles: Jim McCoy (Available Profiles: Jim McCoy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {36A7593F-2A71-458C-A463-7DABD74FFB97} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {36A7593F-2A71-458C-A463-7DABD74FFB97} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\S-1-5-21-3297909099-1810448441-2807066012-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3297909099-1810448441-2807066012-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3297909099-1810448441-2807066012-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
CHR HKLM-x32\...\Chrome\Extension: [aaaanobhlcpfoihhejhjhpcclemfaocd] - C:\Users\Jim McCoy\AppData\Local\APN\GoogleCRXs\aaaanobhlcpfoihhejhjhpcclemfaocd_7.15.2.0.crx [2012-05-07]
S3 cpuz132; \??\C:\Users\JIMMCC~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 pypprnq; System32\drivers\doctm.sys [X]
C:\Users\Jim McCoy\AppData\Local\APN\GoogleCRXs\aaaanobhlcpfoihhejhjhpcclemfaocd_7.15.2.0.crx
Task: {5EE708D6-D91E-4FA9-A94E-D9A918A43419} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {7FC55430-A9C9-4990-8E5F-F79CE6501C9D} - \PastaQuotes -> No File <==== ATTENTION
Task: {951B77AB-B6D0-47A1-A6C7-59CC2C116EA1} - \ProPCCleaner_Start -> No File <==== ATTENTION
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\Software\Classes\.exe:  =>  <===== ATTENTION
C:\Users\Jim McCoy\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Jim McCoy\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Jim McCoy\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Jim McCoy\AppData\Local\Temp\SDShelEx-x64.dll

End
*****************

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36A7593F-2A71-458C-A463-7DABD74FFB97}" => key removed successfully
HKCR\CLSID\{36A7593F-2A71-458C-A463-7DABD74FFB97} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{36A7593F-2A71-458C-A463-7DABD74FFB97}" => key removed successfully
HKCR\Wow6432Node\CLSID\{36A7593F-2A71-458C-A463-7DABD74FFB97} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaanobhlcpfoihhejhjhpcclemfaocd" => key removed successfully
C:\Users\Jim McCoy\AppData\Local\APN\GoogleCRXs\aaaanobhlcpfoihhejhjhpcclemfaocd_7.15.2.0.crx => moved successfully
cpuz132 => service removed successfully
IpInIp => service removed successfully
MREMPR5 => service removed successfully
MRENDIS5 => service removed successfully
NwlnkFlt => service removed successfully
NwlnkFwd => service removed successfully
pypprnq => service removed successfully
"C:\Users\Jim McCoy\AppData\Local\APN\GoogleCRXs\aaaanobhlcpfoihhejhjhpcclemfaocd_7.15.2.0.crx" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EE708D6-D91E-4FA9-A94E-D9A918A43419}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EE708D6-D91E-4FA9-A94E-D9A918A43419}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FC55430-A9C9-4990-8E5F-F79CE6501C9D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FC55430-A9C9-4990-8E5F-F79CE6501C9D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{951B77AB-B6D0-47A1-A6C7-59CC2C116EA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{951B77AB-B6D0-47A1-A6C7-59CC2C116EA1}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => key not found.
"HKU\S-1-5-21-3297909099-1810448441-2807066012-1000\Software\Classes\.exe" => key removed successfully
C:\Users\Jim McCoy\AppData\Local\Temp\DseShExt-x64.dll => moved successfully
C:\Users\Jim McCoy\AppData\Local\Temp\DseShExt-x86.dll => moved successfully
C:\Users\Jim McCoy\AppData\Local\Temp\SDShelEx-win32.dll => moved successfully
C:\Users\Jim McCoy\AppData\Local\Temp\SDShelEx-x64.dll => moved successfully
EmptyTemp: => 897.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 15:46:11 ====

 

 

 

# AdwCleaner v5.030 - Logfile created 22/01/2016 at 17:29:57
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Jim McCoy - JIMMCCOY-PC
# Running from : C:\Users\Jim McCoy\Desktop\adwcleaner_5.030.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[#] Folder Deleted : C:\Program Files (x86)\Babylon
[#] Folder Deleted : C:\Program Files (x86)\Babylon-English
[#] Folder Deleted : C:\Program Files (x86)\w3i
[#] Folder Deleted : C:\ProgramData\apn
[#] Folder Deleted : C:\ProgramData\Ask
[#] Folder Deleted : C:\ProgramData\Driver Mender
[#] Folder Deleted : C:\ProgramData\FileCure
[#] Folder Deleted : C:\ProgramData\w3i
[#] Folder Deleted : C:\Users\Jim McCoy\AppData\Local\apn
[#] Folder Deleted : C:\Users\Jim McCoy\AppData\Local\Ilivid Player
[#] Folder Deleted : C:\Users\Jim McCoy\AppData\LocalLow\Conduit
[#] Folder Deleted : C:\Users\Jim McCoy\AppData\LocalLow\HPAppData
[#] Folder Deleted : C:\Users\Jim McCoy\AppData\LocalLow\Toolbar4
[#] Folder Deleted : C:\Users\Jim McCoy\AppData\Roaming\download Manager
[#] Folder Deleted : C:\Users\Jim McCoy\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\NpApp
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\W3I
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DA95E878-B181-4366-A433-6145592707A8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DA95E878-B181-4366-A433-6145592707A8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Trusted Software Assistant_is1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632

***** [ Web browsers ] *****

[-] [C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearchdial.com
[-] [C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dhkplhfnhceodhffomolpfigojocbpcb
[-] [C:\Users\Jim McCoy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : edmgmpmklgfbohogafcfobonnkogchec

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12347 bytes] ##########
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 PM

Posted 23 January 2016 - 08:56 AM

Looking good.

Any remaining issues?

#7 Dorty

Dorty
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 23 January 2016 - 10:31 AM

Still having the same issue, but it lists the location

 

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\vista2\systemAgeDetect.jse



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 PM

Posted 23 January 2016 - 02:27 PM


It could be a false positive.

Read this article.

http://h30434.www3.hp.com/t5/Desktop-Operating-Systems-and-Recovery/systemagedetect-jse/td-p/5441159

Did you update your AVG recently as I have suggested?

#9 Dorty

Dorty
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 26 January 2016 - 10:02 AM

Yes I update every time I run AVG.
There are no other problems and it seems to be running much better.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 PM

Posted 26 January 2016 - 03:04 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:27 PM

Posted 01 February 2016 - 08:45 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users