Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LAN Settings has weird Russian looking address when I open Chrome


  • This topic is locked This topic is locked
4 replies to this topic

#1 duderinow

duderinow

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 26 January 2016 - 10:48 PM

Everytime I open chrome, I have noticed it has been slow in loading pages.  I finally figured out that there is a strange line being placed inside my LAN Settings under "Use automatic configuration script".  The line of code is: http://ɴ.net/proxy.pac
 
I have created a FRST.txt file and pasted it below as well as attached the Addition.txt file.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by Duder (administrator) on DUDER-HP (18-01-2016 21:07:05)
Running from C:\Users\Duder\Downloads
Loaded Profiles: Duder (Available Profiles: Duder & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alipay.com Inc. ) C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\pcas.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\esClient.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Windows Home Server\WHSConnector.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.36020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-30] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard )
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-04-04] (PDF Complete Inc)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-10-22] (Intuit Inc. All rights reserved.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1951035269-866886281-3166010428-1001\...\Run: [GoToMeeting] => C:\Users\Duder\AppData\Local\Citrix\GoToMeeting\2331\g2mstart.exe [44400 2015-02-12] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1951035269-866886281-3166010428-1001\...\Run: [3xAV] => C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe [1339464 2015-03-05] (Enounce Incorporated)
HKU\S-1-5-21-1951035269-866886281-3166010428-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1951035269-866886281-3166010428-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1867056 2014-02-03] (Sanford, L.P.)
HKU\S-1-5-21-1951035269-866886281-3166010428-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1951035269-866886281-3166010428-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6302856 2015-11-06] (Plex, Inc.)
HKU\S-1-5-21-1951035269-866886281-3166010428-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\PhotoScreensaver.scr [583680 2015-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Duder\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2015-12-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Duder\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2015-12-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Duder\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64\FileSyncShell64.dll [2015-12-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Duder\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2015-12-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Duder\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2015-12-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Duder\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncShell.dll [2015-12-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-01-12]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-01-12]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-01-12]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk [2013-10-08]
ShortcutTarget: Windows Home Server.lnk -> C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe (Microsoft Corporation)
Startup: C:\Users\Duder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-08-25]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1c1c8183-8969-457f-a6f9-a5381f5d0a9f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d09ba6d1-99aa-4800-8cb2-55e494b7cd78}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1951035269-866886281-3166010428-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1951035269-866886281-3166010428-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {87260F3D-E2F2-4D4D-8EDB-FC161C153970} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1951035269-866886281-3166010428-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1951035269-866886281-3166010428-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1951035269-866886281-3166010428-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1951035269-866886281-3166010428-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: BrowserHelper Class -> {9A065C65-4EE7-4DDD-9918-F129089A894A} -> C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-28] (BitComet)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-20] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-20] (Oracle Corporation)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll [2011-01-10] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1951035269-866886281-3166010428-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2015-10-22] (Intuit, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2015-10-29] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Duder\AppData\Roaming\Mozilla\Firefox\Profiles\q7j04exh.default
FF NetworkProxy: "type", 0
FF Plugin: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalicdo64.dll [No File]
FF Plugin: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAlipaydhc64.dll [No File]
FF Plugin: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAliSecCtrl64.dll [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-02-03] ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [No File]
FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]
FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Duder\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-29] (Citrix Online)
FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Duder\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2015-07-01] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\Duder\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Duder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-18]
CHR Extension: (Google Docs) - C:\Users\Duder\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-18]
CHR Extension: (Google Drive) - C:\Users\Duder\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-18]
CHR Extension: (YouTube) - C:\Users\Duder\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-18]
CHR Extension: (Google Search) - C:\Users\Duder\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-18]
CHR Extension: (Google Sheets) - C:\Users\Duder\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-18]
CHR Extension: (Google Docs Offline) - C:\Users\Duder\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-18]
CHR Extension: (Skype) - C:\Users\Duder\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Duder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-18]
CHR Extension: (Gmail) - C:\Users\Duder\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 arXfrSvc; C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [231280 2011-01-10] (Microsoft Corporation)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2013-11-28] (www.BitComet.com)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 DeviceHealth; C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [196760 2015-01-30] (Microsoft Corporation)
S2 DeviceHealthPluginMgr; C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe [244376 2015-01-30] (Microsoft Corporation)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-02-03] (Sanford, L.P.)
R2 esClient; C:\Program Files\Windows Home Server\esClient.exe [109936 2011-01-10] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-04-04] (PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-10-22] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-10-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-10-22] (Intuit Inc.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311296 2012-03-30] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
R2 WHSConnector; C:\Program Files\Windows Home Server\WHSConnector.exe [489840 2011-01-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [52000 2014-12-13] (AVG Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-18 21:07 - 2016-01-18 21:07 - 00031303 _____ C:\Users\Duder\Downloads\FRST.txt
2016-01-18 21:05 - 2016-01-18 21:07 - 00000000 ____D C:\FRST
2016-01-18 21:05 - 2016-01-18 21:05 - 02370560 _____ (Farbar) C:\Users\Duder\Downloads\FRST64.exe
2016-01-18 21:04 - 2016-01-18 21:04 - 01721856 _____ (Farbar) C:\Users\Duder\Downloads\FRST.exe
2016-01-18 20:47 - 2016-01-18 20:47 - 19334498 _____ C:\Users\Duder\Desktop\Jonathan-Heusman-Business-Accounts-Through-2015(2).zip
2016-01-18 20:45 - 2016-01-18 20:47 - 06944713 _____ C:\Users\Duder\Desktop\Jonathan-Heusman-Business-Accounts-Through-2015(1).zip
2016-01-18 20:27 - 2016-01-18 20:27 - 02640843 _____ C:\Users\Duder\Downloads\Jonathan-Heusman-Paypal-Transactions-2015.csv
2016-01-18 20:17 - 2016-01-18 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-01-18 20:17 - 2016-01-18 20:17 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-01-18 20:15 - 2016-01-18 20:15 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Duder\Downloads\cbSetup.exe
2016-01-18 19:14 - 2016-01-18 19:14 - 00002964 _____ C:\Users\Duder\Desktop\JRT.txt
2016-01-18 19:14 - 2016-01-18 19:14 - 00000000 ____D C:\Users\Duder\AppData\Roaming\TaobaoProtect
2016-01-18 19:01 - 2016-01-18 19:03 - 00000000 ____D C:\AdwCleaner
2016-01-18 18:58 - 2016-01-18 18:58 - 01600184 _____ (Malwarebytes) C:\Users\Duder\Downloads\JRT.exe
2016-01-18 18:58 - 2016-01-18 18:58 - 01505280 _____ C:\Users\Duder\Downloads\adwcleaner_5.030.exe
2016-01-18 09:29 - 2016-01-18 09:29 - 00088609 _____ C:\Users\Duder\Downloads\search-term-report-2015-10-10-56858016779.txt
2016-01-17 23:58 - 2016-01-18 00:06 - 576112851 _____ C:\Users\Duder\Downloads\SHAM.US.0204.NewAGe.rar
2016-01-17 23:58 - 2016-01-18 00:05 - 576211155 _____ C:\Users\Duder\Downloads\SHAM.US.0206.NewAGe.rar
2016-01-17 23:58 - 2016-01-18 00:04 - 576192723 _____ C:\Users\Duder\Downloads\SHAM.US.0205.NewAGe.rar
2016-01-17 23:57 - 2016-01-18 00:05 - 576219347 _____ C:\Users\Duder\Downloads\SHAM.US.0201.NewAGe.rar
2016-01-17 23:57 - 2016-01-18 00:05 - 576198867 _____ C:\Users\Duder\Downloads\SHAM.US.0202.NewAGe.rar
2016-01-17 23:57 - 2016-01-18 00:04 - 576223443 _____ C:\Users\Duder\Downloads\SHAM.US.0203.NewAGe.rar
2016-01-17 22:55 - 2016-01-17 23:04 - 576243923 _____ C:\Users\Duder\Downloads\SHAM.US.0212.NewAGe.rar
2016-01-17 22:55 - 2016-01-17 23:04 - 576221395 _____ C:\Users\Duder\Downloads\SHAM.US.0207.NewAGe.rar
2016-01-17 22:55 - 2016-01-17 23:04 - 576209107 _____ C:\Users\Duder\Downloads\SHAM.US.0209.NewAGe.rar
2016-01-17 22:55 - 2016-01-17 23:04 - 576207059 _____ C:\Users\Duder\Downloads\SHAM.US.0210.NewAGe.rar
2016-01-17 22:55 - 2016-01-17 23:04 - 576196819 _____ C:\Users\Duder\Downloads\SHAM.US.0208.NewAGe.rar
2016-01-17 22:55 - 2016-01-17 23:03 - 576221395 _____ C:\Users\Duder\Downloads\SHAM.US.0211.NewAGe.rar
2016-01-17 22:26 - 2016-01-17 22:26 - 00000040 _____ C:\Users\Duder\Desktop\Uploaded-Account.txt
2016-01-17 20:51 - 2016-01-17 20:51 - 00155866 _____ C:\Users\Duder\Downloads\opp-faq.pdf
2016-01-16 19:49 - 2016-01-16 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2016-01-16 19:49 - 2016-01-16 19:49 - 00000000 ____D C:\Program Files (x86)\Plex
2016-01-16 17:57 - 2016-01-16 17:57 - 17390363 _____ C:\Users\Duder\Downloads\812-1452989744.csv
2016-01-16 17:57 - 2016-01-16 17:57 - 17390363 _____ C:\Users\Duder\Downloads\812-1452989744 (1).csv
2016-01-16 15:39 - 2016-01-16 15:39 - 01512809 _____ C:\Users\Duder\Desktop\walmart-more-toys-1-16-16.csv
2016-01-16 14:47 - 2016-01-16 14:47 - 01942369 _____ C:\Users\Duder\Downloads\812-1452983382.csv
2016-01-16 14:24 - 2016-01-16 14:42 - 00000647 _____ C:\Users\Duder\Downloads\812-1452968701.csv
2016-01-16 14:24 - 2016-01-16 14:24 - 00178102 _____ C:\Users\Duder\Desktop\walmart-kids-games-1-16-16.csv
2016-01-16 10:34 - 2016-01-16 10:34 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-01-16 10:15 - 2016-01-16 10:16 - 00238079 _____ C:\Users\Duder\Desktop\walmart-1-16-16.csv
2016-01-16 10:00 - 2016-01-14 12:10 - 00000000 ____D C:\Users\Duder\Desktop\WalmartScraper
2016-01-16 09:58 - 2016-01-16 09:58 - 00297791 _____ C:\Users\Duder\Downloads\TargetScraper_2.zip
2016-01-16 09:58 - 2016-01-16 09:58 - 00051712 _____ C:\Users\Duder\Downloads\WalmartScraper_5.zip
2016-01-15 21:32 - 2016-01-15 21:32 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-01-15 21:20 - 2016-01-15 21:21 - 00000227 _____ C:\Users\Duder\Desktop\PAID-PROXIES.txt
2016-01-15 20:53 - 2016-01-18 20:43 - 00000000 ____D C:\Users\Duder\Desktop\WSECU-Credit-Card
2016-01-15 20:51 - 2016-01-18 20:41 - 00000000 ____D C:\Users\Duder\Desktop\WSECU-Checking-Account
2016-01-15 20:44 - 2016-01-18 20:39 - 00000000 ____D C:\Users\Duder\Desktop\USBank-Rapid-Impact-LLC-7074
2016-01-15 20:42 - 2016-01-18 20:36 - 00000000 ____D C:\Users\Duder\Desktop\USBank-Jons-Checking-9847
2016-01-15 20:20 - 2016-01-18 20:35 - 00000000 ____D C:\Users\Duder\Desktop\USBank-Jons-Credit-Card-8366
2016-01-15 08:28 - 2016-01-15 08:28 - 23975525 _____ C:\Users\Duder\Downloads\812-1452844537.csv
2016-01-14 22:47 - 2016-01-14 22:47 - 04460849 _____ C:\Users\Duder\Downloads\812-1452840344.csv
2016-01-14 22:33 - 2016-01-14 22:33 - 24182973 _____ C:\Users\Duder\Downloads\3HonestGreenACTIVE (2).csv
2016-01-14 19:47 - 2016-01-14 19:47 - 05299667 _____ C:\Users\Duder\Downloads\812-1452826195.csv
2016-01-14 18:37 - 2016-01-16 18:52 - 00014371 _____ C:\Users\Duder\Desktop\Walmart-Target-Winners.csv
2016-01-14 17:02 - 2016-01-14 17:02 - 00142132 _____ C:\Users\Duder\Downloads\WalmartScraper_3.zip
2016-01-13 22:46 - 2016-01-13 22:46 - 00031987 _____ C:\Users\Duder\Downloads\package (47).pdf
2016-01-13 22:16 - 2016-01-13 22:16 - 00005557 _____ C:\Users\Duder\Downloads\products (24).pdf
2016-01-13 22:06 - 2016-01-13 22:06 - 00003045 _____ C:\Users\Duder\Downloads\products (23).pdf
2016-01-13 20:11 - 2016-01-13 20:11 - 00429687 _____ C:\Users\Duder\Desktop\moxycut-logo-red.psd
2016-01-13 16:31 - 2016-01-13 16:31 - 00003978 _____ C:\Users\Duder\Downloads\jonathan-heusman-orders-13124-13126-13127.pdf
2016-01-12 22:47 - 2016-01-12 22:47 - 00002731 _____ C:\Users\Duder\Desktop\woodlink-NABAF18-Audubon-Wrap-Around-Squirrel-Baffle-Labels.pdf
2016-01-12 21:52 - 2016-01-12 21:52 - 00000000 ____D C:\Users\Duder\AppData\Local\DunDefLauncher
2016-01-12 19:09 - 2016-01-12 20:01 - 00000000 ____D C:\ProgramData\SQL Anywhere 16
2016-01-12 18:55 - 2016-01-12 18:55 - 00002186 _____ C:\Users\Public\Desktop\QuickBooks Pro 2016.lnk
2016-01-12 18:55 - 2016-01-12 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2016-01-12 18:53 - 2016-01-12 18:53 - 00000000 ____D C:\Users\Public\Documents\Intuit
2016-01-12 18:53 - 2016-01-12 18:53 - 00000000 ____D C:\ProgramData\Nuance
2016-01-12 17:13 - 2016-01-04 18:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 17:13 - 2016-01-04 18:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 17:13 - 2016-01-04 18:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 17:13 - 2016-01-04 18:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-12 17:13 - 2016-01-04 18:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-12 17:13 - 2016-01-04 18:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 17:13 - 2016-01-04 18:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-12 17:13 - 2016-01-04 18:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 17:13 - 2016-01-04 18:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 17:13 - 2016-01-04 18:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 17:13 - 2016-01-04 18:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 17:13 - 2016-01-04 18:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 17:13 - 2016-01-04 18:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 17:13 - 2016-01-04 18:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-12 17:13 - 2016-01-04 18:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-12 17:13 - 2016-01-04 18:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 17:13 - 2016-01-04 18:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 17:13 - 2016-01-04 18:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 17:13 - 2016-01-04 18:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 17:13 - 2016-01-04 18:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 17:13 - 2016-01-04 18:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-12 17:13 - 2016-01-04 18:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 17:13 - 2016-01-04 18:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-12 17:13 - 2016-01-04 18:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 17:13 - 2016-01-04 18:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 17:13 - 2016-01-04 18:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 17:13 - 2016-01-04 18:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 17:13 - 2016-01-04 18:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 17:13 - 2016-01-04 18:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 17:13 - 2016-01-04 18:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 17:13 - 2016-01-04 18:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 17:13 - 2016-01-04 18:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 17:13 - 2016-01-04 18:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 17:13 - 2016-01-04 18:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 17:13 - 2016-01-04 18:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 17:13 - 2016-01-04 17:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-12 17:13 - 2016-01-04 17:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-12 17:13 - 2016-01-04 17:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 17:13 - 2016-01-04 17:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 17:13 - 2016-01-04 17:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 17:13 - 2016-01-04 17:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 17:13 - 2016-01-04 17:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 17:13 - 2016-01-04 17:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 17:13 - 2016-01-04 17:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 17:13 - 2016-01-04 17:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 17:13 - 2016-01-04 17:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 17:13 - 2016-01-04 17:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-12 17:13 - 2016-01-04 17:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 17:13 - 2016-01-04 17:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-12 17:13 - 2016-01-04 17:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 17:13 - 2016-01-04 17:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 17:13 - 2016-01-04 17:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 17:13 - 2016-01-04 17:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 17:13 - 2016-01-04 17:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 17:13 - 2016-01-04 17:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 17:13 - 2016-01-04 17:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 17:13 - 2016-01-04 17:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 17:13 - 2016-01-04 17:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 17:13 - 2016-01-04 17:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 17:13 - 2016-01-04 17:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 17:13 - 2016-01-04 17:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 17:13 - 2016-01-04 17:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 17:13 - 2016-01-04 17:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 17:13 - 2016-01-04 17:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 17:13 - 2016-01-04 17:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 17:13 - 2016-01-04 17:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 17:13 - 2016-01-04 17:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 17:13 - 2016-01-04 17:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-12 17:13 - 2016-01-04 17:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 17:13 - 2016-01-04 17:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 17:13 - 2016-01-04 17:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 17:13 - 2016-01-04 17:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 17:13 - 2016-01-04 17:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 17:13 - 2016-01-04 17:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 17:13 - 2016-01-04 17:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 17:13 - 2016-01-04 17:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 17:13 - 2016-01-04 17:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 17:13 - 2016-01-04 17:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 17:13 - 2016-01-04 17:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 17:13 - 2016-01-04 17:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-12 17:13 - 2016-01-04 17:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 17:13 - 2016-01-04 17:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 17:13 - 2016-01-04 17:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 17:13 - 2016-01-04 17:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 17:13 - 2016-01-04 17:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 17:13 - 2016-01-04 17:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-12 17:13 - 2016-01-04 17:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-11 23:38 - 2016-01-11 23:56 - 00021696 _____ C:\Users\Duder\Downloads\812-1452576044.csv
2016-01-11 21:10 - 2016-01-11 21:11 - 00000000 ____D C:\Users\Duder\Desktop\target.com
2016-01-11 21:09 - 2016-01-11 21:09 - 20335755 _____ C:\Users\Duder\Downloads\target.com_2 (1).zip
2016-01-10 20:30 - 2016-01-12 16:57 - 00000000 ____D C:\Users\Duder\Desktop\Grocery
2016-01-09 21:14 - 2016-01-09 21:14 - 00001068 _____ C:\Users\Duder\Downloads\FBA38PYFH2.txt
2016-01-09 21:09 - 2016-01-09 21:09 - 00032023 _____ C:\Users\Duder\Downloads\package (46).pdf
2016-01-09 20:45 - 2016-01-09 20:45 - 00003053 _____ C:\Users\Duder\Downloads\products (22).pdf
2016-01-09 15:00 - 2016-01-09 15:00 - 00000000 ____D C:\Users\Duder\Desktop\Grocery Items Invoices
2016-01-08 22:06 - 2016-01-08 22:06 - 00011085 _____ C:\Users\Duder\Downloads\1054467950016809.txt
2016-01-08 21:20 - 2016-01-08 21:20 - 05298726 _____ C:\Users\Duder\Downloads\Gorillza Workbook(1).xlsm
2016-01-07 22:50 - 2016-01-07 22:50 - 00125197 _____ C:\Users\Duder\Downloads\package (45).pdf
2016-01-07 22:03 - 2016-01-07 22:03 - 00004646 _____ C:\Users\Duder\Downloads\products (21).pdf
2016-01-07 21:47 - 2016-01-07 21:47 - 00004641 _____ C:\Users\Duder\Downloads\products (20).pdf
2016-01-07 21:46 - 2016-01-07 21:46 - 00004641 _____ C:\Users\Duder\Downloads\products (19).pdf
2016-01-07 21:45 - 2016-01-07 21:45 - 00004645 _____ C:\Users\Duder\Downloads\products (18).pdf
2016-01-07 21:12 - 2016-01-07 21:12 - 00004636 _____ C:\Users\Duder\Downloads\products (17).pdf
2016-01-07 20:49 - 2016-01-15 16:19 - 00033012 _____ C:\Users\Duder\Desktop\WBC-Sorted-1-6-16.csv
2016-01-07 20:43 - 2016-01-07 20:43 - 02117811 _____ C:\Users\Duder\Downloads\resized.zip
2016-01-07 20:39 - 2016-01-09 15:35 - 00000000 ____D C:\Users\Duder\Desktop\Health and Personal Care Invoices
2016-01-07 06:33 - 2016-01-07 06:33 - 02037157 _____ C:\Users\Duder\Downloads\Rapid_Impact_LLC_Reseller_Permit.pdf
2016-01-06 21:10 - 2015-11-17 10:13 - 00008284 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160106-211030.backup
2016-01-06 21:09 - 2016-01-08 22:17 - 00749089 _____ C:\Users\Duder\Desktop\Amazon-Reimbursement-Check.xlsx
2016-01-06 21:05 - 2016-01-06 21:05 - 00013486 _____ C:\Users\Duder\Downloads\ReturnsToFBA.txt
2016-01-06 21:04 - 2016-01-06 21:04 - 00006484 _____ C:\Users\Duder\Downloads\Reimbursements.txt
2016-01-06 21:02 - 2016-01-06 21:02 - 00056111 _____ C:\Users\Duder\Downloads\RefundMasterList.txt
2016-01-06 20:07 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-01-06 20:05 - 2016-01-06 20:05 - 00001462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-01-06 20:05 - 2016-01-06 20:05 - 00001450 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-01-06 20:05 - 2016-01-06 20:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-01-06 20:05 - 2016-01-06 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-01-06 20:04 - 2016-01-06 21:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-06 20:04 - 2016-01-06 20:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-06 20:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-01-06 17:41 - 2016-01-06 17:41 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-06 17:41 - 2016-01-06 17:41 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-06 17:41 - 2016-01-06 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-06 17:41 - 2016-01-06 17:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-06 17:41 - 2016-01-06 17:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-06 17:41 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-06 17:41 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-06 17:41 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-06 17:40 - 2016-01-06 17:40 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Duder\Downloads\spybot-2.4.exe
2016-01-06 17:40 - 2016-01-06 17:40 - 22908888 _____ (Malwarebytes ) C:\Users\Duder\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-06 17:36 - 2016-01-06 18:05 - 627773087 _____ C:\Users\Duder\Downloads\QuickBooks.Pro.2016.rar
2016-01-06 17:24 - 2016-01-06 17:24 - 00000222 _____ C:\Users\Duder\Desktop\Dungeon Defenders II.url
2016-01-06 17:22 - 2016-01-06 17:22 - 00000000 ____D C:\Users\Duder\AppData\Local\Steam
2016-01-06 17:22 - 2016-01-06 17:22 - 00000000 ____D C:\Users\Duder\AppData\Local\CEF
2016-01-06 17:10 - 2016-01-06 17:10 - 00000000 ____D C:\Users\Duder\AppData\Roaming\SQL Anywhere 16
2016-01-06 17:08 - 2016-01-06 17:08 - 00000010 _____ C:\Users\Duder\Desktop\homegroup password.txt
2016-01-06 17:04 - 2016-01-12 18:56 - 00000000 ____D C:\Users\Duder\AppData\Local\Intuit
2016-01-06 16:52 - 2016-01-12 18:56 - 00000000 ____D C:\WINDOWS\Intuit
2016-01-06 16:52 - 2012-01-05 12:43 - 04218880 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\WINDOWS\SysWOW64\cdintf400.dll
2016-01-06 16:47 - 2016-01-12 18:55 - 00000090 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2016-01-06 16:47 - 2016-01-12 18:53 - 00000000 ____D C:\Program Files (x86)\Intuit
2016-01-05 23:40 - 2016-01-06 00:42 - 12366901 _____ C:\Users\Duder\Downloads\812-1452065251.csv
2016-01-05 21:19 - 2016-01-05 21:32 - 00224848 _____ C:\Users\Duder\Downloads\3CWRElectronicsACTIVE.csv
2016-01-05 21:19 - 2016-01-05 21:30 - 00109734 _____ C:\Users\Duder\Downloads\3EssentialPetProductsACTIVE.csv
2016-01-05 21:19 - 2016-01-05 21:28 - 00267366 _____ C:\Users\Duder\Downloads\3HonestGreenACTIVE (1).csv
2016-01-05 21:19 - 2016-01-05 21:26 - 00968704 _____ C:\Users\Duder\Downloads\Petra_Full_Product_List.xls
2016-01-05 21:19 - 2016-01-05 21:22 - 00005796 _____ C:\Users\Duder\Downloads\3CuttingEdgeProductsACTIVE.csv
2016-01-05 21:19 - 2016-01-05 21:19 - 02083348 _____ C:\Users\Duder\Downloads\3PetStoresUSAACTIVE.csv
2016-01-05 21:18 - 2016-01-05 21:33 - 00364538 _____ C:\Users\Duder\Downloads\3BradleyCaldwellACTIVE.csv
2016-01-05 21:18 - 2016-01-05 21:18 - 36755275 _____ C:\Users\Duder\Downloads\3ASIACTIVE.csv
2016-01-04 23:07 - 2016-01-04 23:07 - 00031546 _____ C:\Users\Duder\Downloads\package (44).pdf
2016-01-04 22:39 - 2016-01-04 22:39 - 00006974 _____ C:\Users\Duder\Downloads\products (16).pdf
2016-01-04 22:08 - 2016-01-04 23:00 - 682898378 _____ C:\Users\Duder\Downloads\TGD.H6-SHULiBAN.rar
2016-01-04 22:07 - 2016-01-04 22:09 - 1047112200 _____ C:\Users\Duder\Downloads\tt3460252.DSCR.rar
2016-01-04 22:05 - 2016-01-05 01:26 - 1401752532 _____ C:\Users\Duder\Downloads\INOU.B18-SHULiBAN.rar
2016-01-03 23:45 - 2016-01-04 00:15 - 00002323 _____ C:\Users\Duder\Downloads\812-1451893092.csv
2016-01-03 23:31 - 2016-01-03 23:45 - 00010450 _____ C:\Users\Duder\Downloads\812-1451892517.csv
2016-01-03 23:11 - 2016-01-03 23:31 - 00010712 _____ C:\Users\Duder\Downloads\812-1451891442.csv
2016-01-03 22:59 - 2016-01-03 23:11 - 00005654 _____ C:\Users\Duder\Downloads\812-1451890477.csv
2016-01-03 22:38 - 2016-01-03 22:59 - 00008380 _____ C:\Users\Duder\Downloads\812-1451889394.csv
2016-01-03 18:30 - 2016-01-03 19:31 - 00012122 _____ C:\Users\Duder\Downloads\812-1451874543.csv
2016-01-03 13:11 - 2016-01-03 13:12 - 00082266 _____ C:\TDSSKiller.3.1.0.9_03.01.2016_13.11.29_log.txt
2016-01-03 13:11 - 2016-01-03 13:11 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Duder\Downloads\tdsskiller.exe
2016-01-03 11:23 - 2016-01-03 11:23 - 00092540 _____ C:\Users\Duder\Downloads\package (43).pdf
2016-01-03 11:22 - 2016-01-03 11:22 - 00092540 _____ C:\Users\Duder\Downloads\package (42).pdf
2016-01-03 11:15 - 2016-01-03 11:15 - 00002289 _____ C:\Users\Duder\Downloads\products (15).pdf
2016-01-02 23:29 - 2016-01-02 23:29 - 00000000 ____D C:\Users\Duder\AppData\Local\Sanford,_L.P
2016-01-02 23:28 - 2016-01-02 23:29 - 00000000 ____D C:\Users\Duder\AppData\Local\DYMO
2016-01-02 23:28 - 2016-01-02 23:28 - 00000000 ____D C:\Users\Duder\Documents\DYMO Label
2016-01-02 23:22 - 2016-01-02 23:22 - 00001227 _____ C:\Users\Public\Desktop\DYMO Label v.8.lnk
2016-01-02 23:22 - 2016-01-02 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO
2016-01-02 23:20 - 2016-01-02 23:20 - 00000000 ____D C:\ProgramData\DYMO
2016-01-02 23:20 - 2016-01-02 23:20 - 00000000 ____D C:\Program Files (x86)\DYMO
2016-01-02 15:34 - 2016-01-02 15:34 - 02044329 _____ C:\Users\Duder\Downloads\SiS_6326_9x.zip
2016-01-02 15:26 - 2016-01-02 15:26 - 00002020 _____ C:\Users\Duder\Downloads\SiS86c326.zip
2016-01-02 13:57 - 2016-01-02 13:57 - 00020321 _____ C:\Users\Duder\Downloads\win98-pn102tx.zip
2016-01-02 12:15 - 2016-01-02 12:15 - 00000000 ____D C:\Users\Duder\AppData\Roaming\gBurner
2016-01-02 12:15 - 2016-01-02 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gBurner
2016-01-02 12:15 - 2016-01-02 12:15 - 00000000 ____D C:\Program Files (x86)\gBurner
2016-01-02 10:01 - 2016-01-02 10:15 - 425349569 _____ C:\Users\Duder\Downloads\Microsoft Windows 98 Second Edition [VMware VM].7z
2016-01-01 21:05 - 2016-01-01 21:17 - 00000000 ____D C:\Users\Duder\Desktop\AMAZON-REPORTS-FOR-TAXES
2015-12-30 21:31 - 2015-12-30 21:31 - 21715975 _____ C:\Users\Duder\Downloads\3HonestGreenACTIVE.csv
2015-12-30 20:55 - 2015-12-30 22:14 - 524288000 _____ C:\Users\Duder\Downloads\sdf8.InttQuckB00ksEntrprsAcbleepnt16R3Full.part1.rar
2015-12-30 20:53 - 2015-12-30 20:53 - 20335755 _____ C:\Users\Duder\Downloads\target.com_2.zip
2015-12-30 20:53 - 2015-12-30 20:53 - 20334245 _____ C:\Users\Duder\Downloads\walmart_9.zip
2015-12-30 18:15 - 2015-12-30 19:00 - 136626767 _____ C:\Users\Duder\Downloads\sdf8.InttQuckB00ksEntrprsAcbleepnt16R3Full.part2.rar
2015-12-28 20:01 - 2015-12-28 20:18 - 00000042 _____ C:\Users\Duder\Desktop\Soldering iron Stand Factory.txt
2015-12-28 18:58 - 2015-12-28 19:32 - 807181100 _____ C:\Users\Duder\Downloads\WBB.Sicario015.1080BlRy.6CH.part2.rar
2015-12-28 18:53 - 2015-12-28 18:56 - 1072693254 _____ C:\Users\Duder\Downloads\WBB.Sicario015.1080BlRy.6CH.part1.rar
2015-12-27 20:42 - 2015-12-27 20:42 - 20349516 _____ C:\Users\Duder\Downloads\walmart_8.zip
2015-12-27 20:41 - 2016-01-11 21:09 - 00000000 ____D C:\Users\Duder\Desktop\Ecomm-Elite Arbitrage
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-18 21:05 - 2015-10-29 22:28 - 00000000 ____D C:\Windows
2016-01-18 20:54 - 2013-10-08 18:23 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-18 20:40 - 2014-05-10 07:40 - 00000580 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1951035269-866886281-3166010428-1001.job
2016-01-18 20:28 - 2015-05-29 22:50 - 00000676 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1951035269-866886281-3166010428-1001.job
2016-01-18 20:07 - 2015-12-16 02:14 - 01009800 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-18 20:07 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-18 19:32 - 2013-10-08 17:47 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{34A6C65D-C519-42C9-9DDC-5826DD79D726}
2016-01-18 19:11 - 2013-10-08 20:55 - 00000000 ____D C:\Users\Duder\AppData\Roaming\Skype
2016-01-18 19:11 - 2013-06-11 19:06 - 00000000 ____D C:\ProgramData\Skype
2016-01-18 19:10 - 2014-12-03 21:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-18 19:08 - 2013-10-08 18:23 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-18 19:07 - 2015-12-16 02:14 - 00000000 ____D C:\Users\Duder
2016-01-18 19:07 - 2013-06-11 19:06 - 00000000 ____D C:\ProgramData\PDFC
2016-01-18 19:06 - 2015-12-16 02:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-18 19:06 - 2015-12-16 02:10 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2016-01-18 19:06 - 2015-12-16 02:05 - 07932184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-18 19:05 - 2015-10-29 22:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-18 19:04 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-18 19:00 - 2015-12-17 21:10 - 00000314 _____ C:\Users\Duder\Desktop\rapidimpactllc-business-information.txt
2016-01-18 18:00 - 2015-12-12 16:39 - 00000484 _____ C:\WINDOWS\Tasks\KMSpico Update.job
2016-01-18 02:00 - 2013-12-14 15:03 - 00000000 ____D C:\Users\Duder\AppData\Local\Adobe
2016-01-17 21:24 - 2013-10-11 18:19 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-17 09:00 - 2015-12-16 01:56 - 00000000 ____D C:\Windows.old
2016-01-16 19:49 - 2015-08-06 20:03 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-16 19:46 - 2013-10-08 22:01 - 00000000 ____D C:\Users\Duder\AppData\Roaming\vlc
2016-01-16 15:22 - 2014-04-22 19:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-16 15:16 - 2014-04-22 19:20 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-16 10:37 - 2013-10-29 20:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-16 10:36 - 2013-10-29 20:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-16 10:34 - 2009-07-13 18:34 - 00000478 _____ C:\WINDOWS\win.ini
2016-01-16 10:33 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-15 21:32 - 2015-12-16 02:14 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-15 08:52 - 2015-08-10 22:02 - 00621568 ___SH C:\Users\Duder\Desktop\Thumbs.db
2016-01-14 18:43 - 2014-08-12 17:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-14 17:41 - 2015-08-17 19:09 - 00873472 ___SH C:\Users\Duder\Downloads\Thumbs.db
2016-01-14 14:55 - 2015-08-06 20:23 - 00002286 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-14 13:20 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-13 11:57 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-12 20:31 - 2014-01-27 21:26 - 00099384 _____ C:\Users\Duder\AppData\Roaming\inst.exe
2016-01-12 20:31 - 2014-01-27 21:26 - 00082816 _____ (VSO Software) C:\Users\Duder\AppData\Roaming\pcouffin.sys
2016-01-12 20:31 - 2014-01-27 21:26 - 00007859 _____ C:\Users\Duder\AppData\Roaming\pcouffin.cat
2016-01-12 20:31 - 2014-01-27 21:26 - 00000000 ____D C:\Users\Duder\AppData\Roaming\Vso
2016-01-12 20:31 - 2014-01-27 21:26 - 00000000 ____D C:\Program Files (x86)\VSO
2016-01-12 18:53 - 2014-03-21 12:52 - 00000000 ____D C:\ProgramData\Intuit
2016-01-11 20:50 - 2013-10-10 20:17 - 00001360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-01-10 13:35 - 2015-08-06 20:35 - 00000000 ____D C:\Users\Duder\AppData\Local\Packages
2016-01-09 15:41 - 2014-03-08 08:40 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-01-09 15:37 - 2015-10-29 23:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-01-09 15:07 - 2015-11-25 09:10 - 00000192 _____ C:\Users\Duder\Desktop\wsecu reward account.txt
2016-01-06 20:07 - 2015-06-25 07:19 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-06 17:24 - 2013-10-11 18:22 - 00000000 ____D C:\Users\Duder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-06 17:20 - 2014-03-17 20:38 - 00000000 ____D C:\Users\Duder\Desktop\Program Shortcuts
2016-01-06 17:19 - 2014-11-23 17:56 - 00000000 ____D C:\Users\Duder\Desktop\Movies
2016-01-06 17:18 - 2014-01-05 14:34 - 00000000 ____D C:\Users\Duder\Desktop\IM Products
2016-01-06 17:17 - 2014-04-15 21:27 - 00000000 ____D C:\Users\Duder\Desktop\MY ASM ACCOUNT
2016-01-06 17:15 - 2015-03-31 19:07 - 00000000 ____D C:\Users\Duder\Desktop\Mari-Cody-Business
2016-01-06 17:14 - 2015-12-02 18:19 - 00000000 ____D C:\Users\Duder\Desktop\Friendly Grove Property Info
2016-01-03 23:15 - 2013-10-29 20:37 - 00000000 ____D C:\Users\Duder\AppData\Local\Microsoft Help
2016-01-02 17:40 - 2015-10-29 23:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 17:40 - 2015-10-29 23:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 12:34 - 2015-02-04 20:25 - 00000000 ____D C:\Users\Duder\AppData\Roaming\BitComet
2016-01-01 18:17 - 2014-06-05 18:22 - 00000000 ____D C:\Users\Duder\AppData\Roaming\Kodi
2016-01-01 16:00 - 2013-10-08 17:47 - 00000000 ____D C:\Users\Duder\AppData\Local\PDFC
2016-01-01 12:18 - 2015-11-15 14:14 - 00010694 _____ C:\Users\Duder\Desktop\Picks-With-Seth-Bias.xlsx
2015-12-30 21:38 - 2015-12-12 14:35 - 00000000 ____D C:\Users\Duder\Desktop\Ecomm Elite
2015-12-29 18:32 - 2015-05-29 22:50 - 00003830 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1951035269-866886281-3166010428-1001
2015-12-29 18:32 - 2014-05-10 07:40 - 00003734 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1951035269-866886281-3166010428-1001
2015-12-27 20:40 - 2014-02-13 22:52 - 00000000 ____D C:\Users\Duder\AppData\Roaming\Dogecoin
2015-12-26 19:43 - 2015-06-17 21:43 - 00000000 ____D C:\ProgramData\DeviceHealth
2015-12-19 03:30 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-19 03:30 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\bcastdvr
 
==================== Files in the root of some directories =======
 
2016-01-02 23:21 - 2016-01-02 23:22 - 0044086 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2013-12-15 13:41 - 2014-08-13 19:55 - 0000132 _____ () C:\Users\Duder\AppData\Roaming\Adobe PNG Format CC Prefs
2015-11-17 10:09 - 2015-12-04 22:34 - 0000034 _____ () C:\Users\Duder\AppData\Roaming\AdobeWLCMCache.dat
2014-01-27 21:26 - 2016-01-12 20:31 - 0099384 _____ () C:\Users\Duder\AppData\Roaming\inst.exe
2014-01-27 21:26 - 2016-01-12 20:31 - 0007859 _____ () C:\Users\Duder\AppData\Roaming\pcouffin.cat
2014-01-27 21:26 - 2016-01-12 20:31 - 0001167 _____ () C:\Users\Duder\AppData\Roaming\pcouffin.inf
2014-01-27 21:26 - 2016-01-12 20:31 - 0000055 _____ () C:\Users\Duder\AppData\Roaming\pcouffin.log
2014-01-27 21:26 - 2016-01-12 20:31 - 0082816 _____ (VSO Software) C:\Users\Duder\AppData\Roaming\pcouffin.sys
2014-01-27 21:24 - 2014-01-27 21:24 - 27628568 _____ (VSO-Software                                                ) C:\Users\Duder\AppData\Roaming\vsoConvertXtoDVD5_setup.exe
2014-01-10 18:34 - 2014-01-22 21:29 - 142848334 _____ () C:\Users\Duder\AppData\Local\ACCCx2_3_0_322.zip.aamdownload
2014-01-10 18:34 - 2014-01-22 21:29 - 0001796 _____ () C:\Users\Duder\AppData\Local\ACCCx2_3_0_322.zip.aamdownload.aamd
2013-12-16 23:10 - 2013-12-16 23:10 - 0001456 _____ () C:\Users\Duder\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-11-06 20:36 - 2015-02-24 20:45 - 0007680 _____ () C:\Users\Duder\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 14:33 - 2014-09-26 14:33 - 0000017 _____ () C:\Users\Duder\AppData\Local\resmon.resmoncfg
2014-03-21 12:55 - 2015-02-21 12:42 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\Duder\AppData\Local\Temp\Abspdf.exe
C:\Users\Duder\AppData\Local\Temp\acfpdfu.dll
C:\Users\Duder\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Duder\AppData\Local\Temp\acfpdfui.dll
C:\Users\Duder\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Duder\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Duder\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Duder\AppData\Local\Temp\cdintf.dll
C:\Users\Duder\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Duder\AppData\Local\Temp\sqlite3.dll
C:\Users\Duder\AppData\Local\Temp\xmllite.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-16 10:23
 
==================== End of FRST.txt ============================
 
 
Thank you for any help.
 
Jon

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:27 AM

Posted 28 January 2016 - 10:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

my LAN Settings under "Use automatic configuration script". The line of code is: http://ɴ.net/proxy.pac


Remove the "Use automatic configuration script" remove the entry in the Address box,
Select "Automacically detect settings" CLICK THE APPLY BUTTON

Do not restart the computer just yet.


Remove theses programs via the Control Panel > Programs and Features applet if listed.
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1951035269-866886281-3166010428-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1951035269-866886281-3166010428-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-1951035269-866886281-3166010428-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalicdo64.dll [No File]
FF Plugin: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAlipaydhc64.dll [No File]
FF Plugin: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAliSecCtrl64.dll [No File]
FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [No File]
FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]
U3 idsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-1951035269-866886281-3166010428-1001_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1951035269-866886281-3166010428-1001_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll => No File
Task: {1C24B610-392A-4378-B6EB-EAFB57AF0AB2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2454C0E4-3FB2-4D31-852A-C61288D84A68} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {46F88B9D-3FDC-4E70-8BA4-88C76F32D27C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4B52DEDD-4A23-4E29-9C00-19B4577AD61F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7D8F6288-CA1F-45DE-A2AE-A9E76FEC6C18} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8B575BE8-ED2A-46D9-B3DD-4C29864221A3} - System32\Tasks\KMSpico Update => Wscript.exe //nologo //B //E:jscript "C:\Users\Duder\AppData\Roaming\KMSpico\settings.ini" <==== ATTENTION
Task: {8CA56B26-EB74-4B8E-AD01-FF6BE7DB8B40} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9B224B58-7D55-42DC-88ED-3977A1FF442E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9F163AF9-0260-40E9-9630-50B9B318D14F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A9E16D05-6CD3-43BB-BFC4-FCFE5C15FDBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B2D1C01A-13AE-469D-8352-7344BA6409B7} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {E8415C05-892A-4DB3-97AD-D5D27D309707} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F616E78F-0E3E-49A0-BEDA-F434E5B546EC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\KMSpico Update.job => Wscript.exe O/nologo /B /E:jscript C:\Users\Duder\AppData\Roaming\KMSpico\settings.ini <==== ATTENTION
C:\Program Files\KMSpico

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

Let me know if the problem persists.
We may have to find out what is causing this.
For my reference.
https://forums.techguy.org/threads/how-can-i-permanently-remove-the-this-use-automatic-configuration-script.79820/

===
p.s.
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

#3 duderinow

duderinow
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 28 January 2016 - 11:08 PM

Did the steps.  I also removed an entry from the registry as I saw another post with the exact same issue and was able to locate the same registry entry and delete it.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by Duder (2016-01-28 19:50:46) Run:1
Running from C:\Users\Duder\Downloads
Loaded Profiles: Duder (Available Profiles: Duder & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1951035269-866886281-3166010428-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1951035269-866886281-3166010428-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-1951035269-866886281-3166010428-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @alipay.com/npalicert -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalicdo64.dll [No File]
FF Plugin: @alipay.com/npAliInetHealth -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAlipaydhc64.dll [No File]
FF Plugin: @alipay.com/npAliSecCtrl -> C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAliSecCtrl64.dll [No File]
FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll [No File]
FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File]
FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File]
U3 idsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-1951035269-866886281-3166010428-1001_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1951035269-866886281-3166010428-1001_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files (x86)\TradeManager\AliIMX_64.dll => No File
Task: {1C24B610-392A-4378-B6EB-EAFB57AF0AB2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2454C0E4-3FB2-4D31-852A-C61288D84A68} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {46F88B9D-3FDC-4E70-8BA4-88C76F32D27C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4B52DEDD-4A23-4E29-9C00-19B4577AD61F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7D8F6288-CA1F-45DE-A2AE-A9E76FEC6C18} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8B575BE8-ED2A-46D9-B3DD-4C29864221A3} - System32\Tasks\KMSpico Update => Wscript.exe //nologo //B //E:jscript "C:\Users\Duder\AppData\Roaming\KMSpico\settings.ini" <==== ATTENTION
Task: {8CA56B26-EB74-4B8E-AD01-FF6BE7DB8B40} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9B224B58-7D55-42DC-88ED-3977A1FF442E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9F163AF9-0260-40E9-9630-50B9B318D14F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A9E16D05-6CD3-43BB-BFC4-FCFE5C15FDBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B2D1C01A-13AE-469D-8352-7344BA6409B7} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {E8415C05-892A-4DB3-97AD-D5D27D309707} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F616E78F-0E3E-49A0-BEDA-F434E5B546EC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\KMSpico Update.job => Wscript.exe O/nologo /B /E:jscript C:\Users\Duder\AppData\Roaming\KMSpico\settings.ini <==== ATTENTION
C:\Program Files\KMSpico
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
"HKU\S-1-5-21-1951035269-866886281-3166010428-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKU\S-1-5-21-1951035269-866886281-3166010428-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
HKU\S-1-5-21-1951035269-866886281-3166010428-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
"HKLM\Software\MozillaPlugins\@alipay.com/npalicert" => key removed successfully
"HKLM\Software\MozillaPlugins\@alipay.com/npAliInetHealth" => key removed successfully
"HKLM\Software\MozillaPlugins\@alipay.com/npAliSecCtrl" => key removed successfully
"HKU\S-1-5-21-1951035269-866886281-3166010428-1001\Software\MozillaPlugins\@alibaba.com/npAliSSOLogin;version=1.0" => key removed successfully
C:\Program Files (x86)\TradeManager\npAliSSOLogin.dll => not found.
HKU\S-1-5-21-1951035269-866886281-3166010428-1001\Software\MozillaPlugins\FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File] => key not found. 
FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @alibaba.com/nptrademanager;version=1.0 -> "C:\Program Files (x86)\TradeManager\nptrademanager.dll" [No File] => not found.
HKU\S-1-5-21-1951035269-866886281-3166010428-1001\Software\MozillaPlugins\FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File] => key not found. 
FF Plugin HKU\S-1-5-21-1951035269-866886281-3166010428-1001: @alibaba.com/npwangwang;version=1.0 -> "C:\Program Files (x86)\TradeManager\npwangwang.dll" [No File] => not found.
idsvc => service removed successfully
"HKU\S-1-5-21-1951035269-866886281-3166010428-1001_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}" => key removed successfully
"HKU\S-1-5-21-1951035269-866886281-3166010428-1001_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C24B610-392A-4378-B6EB-EAFB57AF0AB2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C24B610-392A-4378-B6EB-EAFB57AF0AB2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2454C0E4-3FB2-4D31-852A-C61288D84A68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2454C0E4-3FB2-4D31-852A-C61288D84A68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46F88B9D-3FDC-4E70-8BA4-88C76F32D27C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46F88B9D-3FDC-4E70-8BA4-88C76F32D27C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B52DEDD-4A23-4E29-9C00-19B4577AD61F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B52DEDD-4A23-4E29-9C00-19B4577AD61F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7D8F6288-CA1F-45DE-A2AE-A9E76FEC6C18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D8F6288-CA1F-45DE-A2AE-A9E76FEC6C18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B575BE8-ED2A-46D9-B3DD-4C29864221A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B575BE8-ED2A-46D9-B3DD-4C29864221A3}" => key removed successfully
C:\WINDOWS\System32\Tasks\KMSpico Update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSpico Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CA56B26-EB74-4B8E-AD01-FF6BE7DB8B40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CA56B26-EB74-4B8E-AD01-FF6BE7DB8B40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B224B58-7D55-42DC-88ED-3977A1FF442E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B224B58-7D55-42DC-88ED-3977A1FF442E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F163AF9-0260-40E9-9630-50B9B318D14F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F163AF9-0260-40E9-9630-50B9B318D14F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9E16D05-6CD3-43BB-BFC4-FCFE5C15FDBE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9E16D05-6CD3-43BB-BFC4-FCFE5C15FDBE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2D1C01A-13AE-469D-8352-7344BA6409B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2D1C01A-13AE-469D-8352-7344BA6409B7}" => key removed successfully
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8415C05-892A-4DB3-97AD-D5D27D309707}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8415C05-892A-4DB3-97AD-D5D27D309707}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F616E78F-0E3E-49A0-BEDA-F434E5B546EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F616E78F-0E3E-49A0-BEDA-F434E5B546EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
C:\WINDOWS\Tasks\KMSpico Update.job => moved successfully
"C:\Program Files\KMSpico" => not found.
EmptyTemp: => 4.7 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:51:48 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:27 AM

Posted 29 January 2016 - 08:35 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:27 AM

Posted 03 February 2016 - 10:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users