Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing malware named either win32/autoKMS or www.3.org


  • This topic is locked This topic is locked
52 replies to this topic

#1 JimConsidine

JimConsidine

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, Maryland USA
  • Local time:08:28 AM

Posted 07 July 2016 - 10:23 PM

I am not sure if I am using the correct name of this infection. Simply put, it takes over my browser when I am using Amazon by launching a plethora of pop-ups of items for sale from an undetermined source.

I have used everything but Lysol to clear this infection. I have Malwarebytes pro installed and ran a scan which was futile. I purchased Spybot S & D to augment the effort. The scan was taking over 12 hours old and had not finished. I decided to yell for help. I also found the Microsoft Essential Scan took over 12 hours .... Esset scanner detected 39 infections, but not the issue at hand.

------------------------------------------------------------------------------------------------------------------------------------------

I have saved all of my logs from July 6th and will attach them for your review. 
Here are the FRST & Addition logs as p[er your instructions.

 

Thank you for your assistance!

Jim Considine

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Jim Considine (administrator) on JIMCONSIDINE-PC (07-07-2016 22:54:31)
Running from C:\Users\Jim Considine\Downloads\- JUNKWARE REMOVAL SYSTEM\APPLICATIONS
Loaded Profiles: Jim Considine (Available Profiles: Jim Considine)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
() C:\Users\Jim Considine\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Enter Srl) C:\Program Files (x86)\Iperius Backup\Iperius.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXUX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Jim Considine\Downloads\- JUNKWARE REMOVAL SYSTEM\APPLICATIONS\FRST64 (2).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1234216 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-25] (Nullsoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 0
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-05-14] ()
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\Run: [Amazon Music] => C:\Users\Jim Considine\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] ()
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\Run: [Iperius Backup] => C:\Program Files (x86)\Iperius Backup\Iperius.exe [23635856 2015-07-24] (Enter Srl)
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-06-03] (SUPERAntiSpyware)
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [ctfmon.exe] => -
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-08-26]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-03-31]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{35750C58-BC96-4509-A7F7-7A156212F87E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{35750C58-BC96-4509-A7F7-7A156212F87E}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{775B4DEF-903E-47B2-A58A-DCBFAC9B0BB1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{95DD779C-1371-4669-81CA-628457CAA794}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{95DD779C-1371-4669-81CA-628457CAA794}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7B%20var%20lhost%2C%20localIpAddresses%2C%20localDomains%2C%20ipNotation%2C%20i%3B%20function%20isPlainHostNameEx()%20%7B%20return%20!(!!~lhost.indexOf('.')%20%7C%7C%20!!~lhost.indexOf('%3A'))%3B%20%7D%20lhost%20%3D%20host.toLowerCase()%3B%20ipNotation%20%3D%20%2F%5E%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%5C.%5Cd%2B%24%2Fg%3B%20localIpAddresses%20%3D%20%5B'127.0.0.1'%2C'10.*.*.*'%2C'172.1%5B6-9%5D.*.*'%2C'172.2%5B1-9%5D.*.*'%2C'172.3%5B0-1%5D.*.*'%2C'192.168.*.*'%5D%3B%20localDomains%20%3D%20%5B'zeus.pm'%2C'zenguard.biz'%2C'local'%2C'dev'%2C'ip'%2C'box'%2C'lvh.me'%2C'ripe'%2C'invalid'%2C'intra'%2C'intranet'%2C'onion'%2C'vcap.me'%2C'127.0.0.1.xip.io'%2C'smackaho.st'%2C'localtest.me'%2C'site'%5D%3B%20if%20(isPlainHostNameEx())%20%7B%20return%20'DIRECT'%3B%20%7D%20if%20(ipNotation.test(lhost))%20%7B%20for%20(i%20%3D%200%3B%20i%20%3C%20localIpAddresses.length%3B%20i%2B%2B)%20%7B%20if%20(shExpMatch(lhost%2C%20localIpAddresses%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20%7D%20for%20(i%20%3D%200%3B%20i%20%3C%20localDomains.length%3B%20i%2B%2B)%20%7B%20if%20(dnsDomainIs(lhost%2C%20localDomains%5Bi%5D))%20%7B%20return%20'DIRECT'%3B%20%7D%20%7D%20return%20'PROXY%20127.0.0.1%3A49278'%3B%20%7D%20%2F*ZenMate*%2F"
FF NetworkProxy: "type", 2
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-03-25] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-3980735000-1117649075-3546456287-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jim Considine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3980735000-1117649075-3546456287-1000: @talk.google.com/O1DPlugin -> C:\Users\Jim Considine\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jim Considine\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jim Considine\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\google-images.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\imdb.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\ixquick-https.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\kickassto.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\privatelee-https.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\startpage-ssl.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\thepiratebayorg.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\youtube.xml [2014-12-11]
FF Extension: Copy Plain Text 2 - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\extensions\copyplaintext@teo.pl.xpi [2014-11-26] [not signed]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2014-11-26] [not signed]
FF Extension: ZenMate Security & Privacy VPN - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\Extensions\firefox@zenmate.com.xpi [2014-11-26] [not signed]
FF Extension: Google™ Translator - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2014-12-13] [not signed]
FF Extension: YouTube™ Flash® Player - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2014-11-26] [not signed]
FF Extension: AdBlock for Firefox - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-01-02] [not signed]
FF Extension: YouTube™ HD Plus - C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\Extensions\jid1-wkCmfgboni3B1Q@jetpack.xpi [2014-11-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-08-26] [not signed]
FF HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "hxxps://www.google.com/calendar/render#main_7%7Cmonth-3+23194+23238+23201","chrome-extension://iohcojnlgnfbmjfjfkbhahhmppcggdog/options.html#backups","hxxp://www-searching.com/?s=FA8zamobl011652,7bd439f5-ee6f-4d76-b5d9-10dac6b3fc18,"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=FA8zamobl011652,7bd439f5-ee6f-4d76-b5d9-10dac6b3fc18,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Envelopes for Google Docs) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaclkeicedlkpjgnnfkedjomkkhmgcod [2016-03-08]
CHR Extension: (Google Slides) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-08]
CHR Extension: (Google Docs) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-17]
CHR Extension: (Google Drive) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-25]
CHR Extension: (Ribbet Photo Editor) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikpkcdadljalhghbbipfkkhocppkhob [2015-12-22]
CHR Extension: (Google Docs Quick Create) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldgenmjegcnjebiongilahhcjldgmlm [2016-03-08]
CHR Extension: (Adblock Plus) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Google Search) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dropbox for Gmail) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-01-30]
CHR Extension: (Gmail Offline) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-02-10]
CHR Extension: (Tools for Google Maps™) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljpanecjjlonmoiofelcmkkpojcalcb [2016-06-18]
CHR Extension: (Google Sheets) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-08]
CHR Extension: (Scribble Maps) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbfhoiddbgfhccnhnafghphdmlaofgeh [2015-07-03]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2016-07-07]
CHR Extension: (Google Docs Offline) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Podcast App) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpgebcembbojpibjdjbjpnekmabmjmp [2015-09-19]
CHR Extension: (DomainCorrector) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiohikggdjlojnlhbkahkkeggklamphf [2016-07-07]
CHR Extension: (NPR Infinite Player) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2014-08-02]
CHR Extension: (New Tab Page by Speed Dial Team) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\idgeoanibcknhniccgaoaiolihidecjn [2015-03-16]
CHR Extension: (Dropbox) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-01-30]
CHR Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog [2016-04-27]
CHR Extension: (SnapFrame - Photo Frame Maker) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcliiagpebjbmjlbcdcdlblihocolkf [2015-11-27]
CHR Extension: (Spreadsheet Calculator) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfinkdekjifhglflifjjjeandcahkbp [2016-03-08]
CHR Extension: (Google Forms) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg [2016-03-08]
CHR Extension: (Earth) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac [2015-11-27]
CHR Extension: (Convert EPUB to MOBI (Kindle format)) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcichgcjcnjhkkaiglnobgopalkinhe [2014-07-29]
CHR Extension: (Alarm Clock Radio) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi [2014-07-29]
CHR Extension: (Google Play) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-10]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2016-07-07]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-26]
CHR Extension: (Google Drawings) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2016-03-09]
CHR Extension: (App Launcher for Google Drive) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlakbigplfjoajogjccncjholndahoe [2016-03-08]
CHR Extension: (OneDrive) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (XFINITY® TV Go Stream Live TV Online) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbefpbidnpmpfbkledpohpejdcgfnfif [2016-01-28]
CHR Extension: (Map Your List) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgkpanimdijkpkiphodlebaadipofkhb [2014-12-18]
CHR Extension: (Gmail) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JIMCON~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3141088 2016-03-23] (Malwarebytes)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [209160 2015-12-17] (Broadcom Corporation.)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2014-10-30] (Digiarty Software, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-06-02] ()
R3 farflt; C:\Windows\system32\drivers\farflt.sys [59776 2016-07-07] (Malwarebytes)
S3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [66360 2012-08-22] (Trend Micro Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-07-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [21208 2013-02-25] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [31880 2008-09-16] ()
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [202248 2009-02-27] (Sierra Wireless Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 semav6thermal64ro; \??\C:\Windows\system32\drivers\semav6thermal64ro.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-07 12:54 - 2016-07-07 12:54 - 00264584 _____ C:\Users\Jim Considine\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-07 12:53 - 2016-07-07 12:53 - 00748648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-07 12:41 - 2016-07-07 12:41 - 00000000 ___DC C:\Program Files\Common Files\AV
2016-07-07 12:30 - 2016-07-07 13:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-07 12:30 - 2016-07-07 12:30 - 00001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-07-07 12:30 - 2016-07-07 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-07-07 12:29 - 2016-07-07 12:29 - 00045184 _____ C:\Users\Jim Considine\Documents\cc_20160707_122911.reg
2016-07-07 12:28 - 2016-07-07 12:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-07-07 11:55 - 2016-07-07 12:11 - 00068608 ___SH C:\Users\Jim Considine\Downloads\Thumbs.db
2016-07-07 11:47 - 2016-07-07 11:47 - 00000000 ____D C:\Users\Jim Considine\Downloads\MS SECURITY ANALYZER 2016
2016-07-07 11:42 - 2016-07-07 11:43 - 00000000 ____D C:\Users\Jim Considine\Downloads\MS OFFICE 2007
2016-07-06 17:37 - 2016-07-06 19:04 - 00000000 __SDC C:\ComboFix2
2016-07-05 19:52 - 2016-07-05 19:58 - 00000000 ___DC C:\ComboFix
2016-07-05 19:44 - 2016-07-05 19:46 - 00406756 ____C C:\TDSSKiller.3.1.0.9_05.07.2016_19.44.13_log.txt
2016-07-05 19:41 - 2016-07-05 19:41 - 00000366 ____C C:\TDSSKiller.3.0.0.40_05.07.2016_19.41.54_log.txt
2016-07-05 17:27 - 2016-07-07 22:54 - 00000000 ___DC C:\FRST
2016-06-24 11:28 - 2016-06-24 11:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-06-23 22:04 - 2016-06-29 20:02 - 00217328 _____ (Malwarebytes) C:\Windows\system32\Drivers\671F10CD.sys
2016-06-21 23:50 - 2016-06-21 23:50 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-06-21 23:50 - 2016-06-21 23:50 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-06-21 22:11 - 2016-06-21 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-06-21 22:09 - 2016-06-21 23:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-06-21 22:08 - 2016-06-21 22:08 - 00000000 ____D C:\Windows\PCHEALTH
2016-06-21 22:08 - 2016-06-21 22:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2016-06-21 22:04 - 2016-06-21 22:04 - 00000000 ___DC C:\Program Files\Microsoft Office
2016-06-21 15:38 - 2016-06-21 15:38 - 00000000 ____D C:\Users\Jim Considine\AppData\Roaming\MAGIX
2016-06-21 15:32 - 2016-06-21 15:38 - 00000000 ____D C:\ProgramData\MAGIX
2016-06-21 15:32 - 2016-06-21 15:32 - 00000000 ____D C:\Users\Jim Considine\AppData\Local\Xara
2016-06-21 15:31 - 2016-06-21 15:31 - 00000000 ___RD C:\Users\Jim Considine\Documents\Xara
2016-06-21 15:31 - 2016-06-21 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xara
2016-06-21 15:29 - 2016-06-21 15:39 - 00000000 ____D C:\ProgramData\Xara
2016-06-21 15:29 - 2016-06-21 15:29 - 00000000 ___DC C:\Program Files\Xara
2016-06-21 15:29 - 2016-06-21 15:29 - 00000000 ___DC C:\Program Files\Common Files\MAGIX Services
2016-06-21 15:01 - 2016-06-21 15:01 - 00000000 ____D C:\Users\Jim Considine\Downloads\XARA DESIGNER PRO 11
2016-06-21 12:29 - 2016-06-21 12:30 - 00000000 ____D C:\Users\Jim Considine\Downloads\REAL DRAW
2016-06-21 11:58 - 2016-06-21 11:58 - 00003684 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-06-15 17:45 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 17:45 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 17:44 - 2016-06-06 12:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 17:44 - 2016-06-06 12:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 17:44 - 2016-06-03 09:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 17:44 - 2016-05-27 09:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 17:44 - 2016-05-27 09:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 17:44 - 2016-05-27 09:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 17:44 - 2016-05-27 09:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 17:44 - 2016-05-22 09:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 17:44 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 17:44 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 17:44 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 17:44 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 17:44 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 17:44 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 17:44 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 17:44 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 17:44 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 17:44 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 17:44 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 17:44 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 17:44 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 17:44 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 17:44 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 17:44 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 17:44 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 17:44 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 17:44 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 17:44 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 17:44 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 17:44 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 17:44 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 17:44 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 17:44 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 17:44 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 17:44 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 17:44 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 17:44 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 17:44 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 17:44 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 17:44 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 17:44 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 17:44 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 17:44 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 17:44 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 17:44 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 17:44 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 17:44 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 17:44 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 17:44 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 17:44 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 17:44 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 17:44 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 17:44 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 17:44 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 17:44 - 2016-04-14 12:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 17:44 - 2016-04-14 12:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 17:44 - 2016-04-14 12:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 17:44 - 2016-04-14 12:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-15 17:44 - 2016-04-14 12:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 17:44 - 2016-04-14 12:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-15 17:44 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-15 17:44 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 17:44 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-15 17:44 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-15 17:44 - 2016-04-14 11:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-15 17:44 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-15 17:44 - 2016-04-09 02:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 17:44 - 2016-04-09 02:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-15 17:44 - 2016-04-09 02:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 17:44 - 2016-04-09 02:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-15 17:44 - 2016-04-09 01:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 17:44 - 2016-04-09 01:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-15 17:44 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-15 17:44 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-15 17:43 - 2016-05-23 19:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 17:43 - 2016-05-23 18:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 17:43 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 17:43 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 17:43 - 2016-05-20 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 17:43 - 2016-05-20 18:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 17:43 - 2016-05-20 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 17:43 - 2016-05-20 18:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 17:43 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 17:43 - 2016-05-20 18:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 17:43 - 2016-05-20 18:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 17:43 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 17:43 - 2016-05-20 18:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 17:43 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 17:43 - 2016-05-20 18:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 17:43 - 2016-05-20 17:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 17:43 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 17:43 - 2016-05-20 17:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 17:43 - 2016-05-20 17:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 17:43 - 2016-05-20 17:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 17:43 - 2016-05-20 17:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 17:43 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 17:43 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 17:43 - 2016-05-20 17:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 17:43 - 2016-05-20 17:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 17:43 - 2016-05-20 17:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 17:43 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 17:43 - 2016-05-20 17:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 17:43 - 2016-05-20 17:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 17:43 - 2016-05-20 17:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 17:43 - 2016-05-20 17:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 17:43 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 17:43 - 2016-05-20 17:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 17:43 - 2016-05-20 17:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 17:43 - 2016-05-20 17:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 17:43 - 2016-05-20 17:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 17:43 - 2016-05-20 17:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 17:43 - 2016-05-20 17:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 17:43 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 17:43 - 2016-05-20 17:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 17:43 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 17:43 - 2016-05-20 17:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 17:43 - 2016-05-20 17:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 17:43 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 17:43 - 2016-05-20 17:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 17:43 - 2016-05-20 17:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 17:43 - 2016-05-20 17:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 17:43 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 17:43 - 2016-05-20 17:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 17:43 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 17:43 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 17:43 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 17:43 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 17:43 - 2016-05-20 17:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 17:43 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 17:43 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 17:43 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 17:43 - 2016-05-20 17:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 17:43 - 2016-05-20 17:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 17:43 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 17:43 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 17:43 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 17:43 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 17:43 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 17:43 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 17:43 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-07 22:33 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-07 22:13 - 2015-09-30 12:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-07 22:08 - 2012-06-10 11:52 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-07 22:08 - 2009-07-14 00:45 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-07 22:08 - 2009-07-14 00:45 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-07 21:08 - 2012-06-10 11:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-07 19:17 - 2009-07-14 01:13 - 00789824 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-07 19:14 - 2016-03-17 10:43 - 00059776 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-07-07 19:14 - 2015-04-22 09:27 - 00217328 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-07 19:10 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-07 18:58 - 2015-02-21 06:25 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-07-07 12:28 - 2013-10-24 17:51 - 00000000 ____D C:\Users\Jim Considine\Downloads\SPYBOT SEARCH & DESTROY
2016-07-07 12:21 - 2012-06-18 15:06 - 00000000 ____D C:\Users\Jim Considine\AppData\Roaming\PhotoScape
2016-07-07 03:35 - 2012-07-05 19:33 - 00000000 ____D C:\Windows\AutoKMS
2016-07-06 20:39 - 2010-11-20 23:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-05 22:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-05 17:33 - 2014-03-28 13:47 - 00000000 ____D C:\Users\Jim Considine\Downloads\- JUNKWARE REMOVAL SYSTEM
2016-07-05 16:16 - 2015-07-26 15:47 - 00000000 ___DC C:\AdwCleaner
2016-06-26 18:25 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-06-23 09:26 - 2012-06-23 15:17 - 00000000 ___RD C:\Users\Jim Considine\Documents\WORD
2016-06-23 06:01 - 2014-03-28 14:36 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2016-06-23 06:01 - 2014-03-28 14:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-23 01:18 - 2014-03-28 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-23 01:10 - 2009-07-13 22:34 - 00000514 _____ C:\Windows\win.ini
2016-06-22 15:29 - 2016-03-17 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-06-22 15:29 - 2015-02-21 06:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-06-21 23:22 - 2012-06-15 08:37 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-21 22:08 - 2012-06-08 19:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-21 22:08 - 2010-11-21 03:16 - 00000000 ____D C:\Windows\ShellNew
2016-06-21 22:06 - 2009-07-13 23:20 - 00000000 ___DC C:\Program Files\Common Files\Microsoft Shared
2016-06-21 15:25 - 2014-12-17 19:46 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-21 11:57 - 2014-12-17 19:26 - 00000000 ____D C:\Users\Jim Considine\Downloads\TWEAKING.COM
2016-06-21 11:04 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-06-19 18:35 - 2014-03-04 20:59 - 00001766 _____ C:\Users\Jim Considine\AppData\Roaming\burnaware.ini
2016-06-18 11:50 - 2014-10-26 03:41 - 00000000 ___RD C:\Users\Jim Considine\Documents\PDF
2016-06-17 19:14 - 2014-08-31 00:30 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-16 22:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-06-16 13:14 - 2015-09-30 12:41 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-16 13:14 - 2015-09-30 12:41 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-16 13:14 - 2015-09-30 12:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 10:22 - 2015-04-15 10:30 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-16 00:36 - 2002-05-01 23:37 - 00000000 ____D C:\Windows\system32\MRT
2016-06-13 18:32 - 2014-02-02 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
2016-06-13 16:13 - 2014-10-30 15:04 - 00001890 ___SH C:\ProgramData\KGyGaAvL.sys
2016-06-13 15:40 - 2015-04-25 16:17 - 00000000 ____D C:\Users\Jim Considine\.gimp-2.8
2016-06-13 14:01 - 2015-03-16 21:02 - 00001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
 
==================== Files in the root of some directories =======
 
2014-03-04 20:59 - 2016-06-19 18:35 - 0001766 _____ () C:\Users\Jim Considine\AppData\Roaming\burnaware.ini
2013-10-06 14:15 - 2014-08-11 12:10 - 0038524 _____ () C:\Users\Jim Considine\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-11-10 17:49 - 2014-08-11 11:55 - 0013052 _____ () C:\Users\Jim Considine\AppData\Roaming\Comma Separated Values (DOS).CAL
2014-07-29 17:48 - 2014-08-11 12:38 - 0009413 _____ () C:\Users\Jim Considine\AppData\Roaming\Comma Separated Values (DOS).EML
2012-10-07 15:35 - 2016-03-11 08:55 - 0038474 _____ () C:\Users\Jim Considine\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-01-09 12:08 - 2014-07-01 00:42 - 0011410 _____ () C:\Users\Jim Considine\AppData\Roaming\Comma Separated Values (Windows).CAL
2014-07-29 17:29 - 2014-07-29 17:40 - 0009410 _____ () C:\Users\Jim Considine\AppData\Roaming\Comma Separated Values (Windows).EML
2014-10-10 21:21 - 2014-10-10 21:21 - 0000422 _____ () C:\Users\Jim Considine\AppData\Roaming\KForCE.cfg
2013-10-10 11:29 - 2013-12-15 01:14 - 0000114 _____ () C:\Users\Jim Considine\AppData\Roaming\mbam.context.scan
2013-08-19 16:56 - 2013-08-19 16:56 - 0000104 _____ () C:\Users\Jim Considine\AppData\Roaming\settings.xml
2012-06-08 21:39 - 2012-06-08 21:39 - 0000000 _____ () C:\Users\Jim Considine\AppData\Local\AtStart.txt
2013-02-25 19:41 - 2013-12-18 19:05 - 0009216 _____ () C:\Users\Jim Considine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-08 21:39 - 2012-06-08 21:39 - 0000000 _____ () C:\Users\Jim Considine\AppData\Local\DSwitch.txt
2012-11-29 16:31 - 2012-11-29 17:27 - 0000084 _____ () C:\Users\Jim Considine\AppData\Local\DVDPATH.TXT
2012-06-08 21:39 - 2012-06-08 21:39 - 0000000 _____ () C:\Users\Jim Considine\AppData\Local\QSwitch.txt
2015-06-04 19:23 - 2015-06-04 19:23 - 0000942 _____ () C:\Users\Jim Considine\AppData\Local\recently-used.xbel
2014-05-31 12:27 - 2014-05-31 12:27 - 0003331 _____ () C:\Users\Jim Considine\AppData\Local\recently-used.xbel.WQUSGX
2012-09-08 11:51 - 2016-01-10 13:15 - 0007601 _____ () C:\Users\Jim Considine\AppData\Local\resmon.resmoncfg
2014-09-07 03:57 - 2014-09-07 03:57 - 0000000 _____ () C:\Users\Jim Considine\AppData\Local\{B958DC36-3B6F-4138-BA39-553D6A52007C}
2012-06-08 21:48 - 2013-07-27 07:32 - 0000290 _____ () C:\ProgramData\hpqp.ini
2012-06-10 10:45 - 2015-05-07 21:18 - 0000021 _____ () C:\ProgramData\hpqp.txt
2015-06-29 13:58 - 2016-06-09 11:05 - 0014118 _____ () C:\ProgramData\hpzinstall.log
2014-10-30 15:04 - 2016-06-13 16:13 - 0001890 ___SH () C:\ProgramData\KGyGaAvL.sys
2012-11-20 17:30 - 2012-11-20 17:30 - 0004140 _____ () C:\ProgramData\mtbjfghn.xbe
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-07 04:10
 
==================== End of FRST.txt ============================
 
 
==================================================================================================================================================================================================================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Jim Considine (2016-07-07 22:57:04)
Running from C:\Users\Jim Considine\Downloads\- JUNKWARE REMOVAL SYSTEM\APPLICATIONS
Windows 7 Home Premium Service Pack 1 (X64) (2012-06-08 23:13:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3980735000-1117649075-3546456287-500 - Administrator - Disabled)
Guest (S-1-5-21-3980735000-1117649075-3546456287-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3980735000-1117649075-3546456287-1002 - Limited - Enabled)
Jim Considine (S-1-5-21-3980735000-1117649075-3546456287-1000 - Administrator - Enabled) => C:\Users\Jim Considine
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.66 - Hulubulu Software)
Amazon Kindle (HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Amazon Music (HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)
Any Video Converter Ultimate 5.9.5 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version:  - Any-Video-Converter.com)
AudioShell 2.1 (HKLM\...\AudioShell_is1) (Version: 2.1 - Softpointer Inc)
Brother Printer Setting Tool (HKLM-x32\...\{8DA2E2DC-C572-4F87-89FC-833DB588CC7B}) (Version: 1.6.0021 - Brother Industries, Ltd.)
Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0610 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM-x32\...\{FC5EDFE4-E073-4863-BC3F-2560AFA63B73}) (Version: 1.0.0110 - Brother Industries, Ltd.)
Brother PT-P700 Series Utility (x32 Version: 1.00.7046 - Brother Industries, Ltd.) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Bullzip PDF Printer 10.10.0.2307 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.10.0.2307 - Bullzip)
BurnAware Free 7.1 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant)
Corel Shell Extension - 64Bit (Version: 14.0 - Corel Corporation) Hidden
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
CorelDRAW Graphics Suite X4 - Capture (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Content (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Draw (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Extra Content (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Filters (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - FontNav (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics SUite X4 - ICA (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - IPM (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang BR (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang EN (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang ES (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - Lang FR (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - PP (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 - VBA (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X4 (x32 Version: 14.2 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (HKLM-x32\...\_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) (Version:  - Corel Corporation)
CorelDRAW® Graphics Suite X4 - Windows Shell Extension (x32 Version: 1.1 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X4 (HKLM-x32\...\_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) (Version:  - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
D4300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GMail Backup (HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\{02eb605c-2775-4f0e-976b-4f6cc446fd6b}) (Version: 1.0.3.13 - UpSafe)
GMail Backup (Version: 1.0.3.13 - UpSafe) Hidden
Google Apps Migration For Microsoft Outlook® 4.0.29.9 (HKLM-x32\...\{E8248BD6-6294-4CF6-9CF9-BDAAC0CC8253}) (Version: 4.0.29.9 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.8.440.1250 (HKLM-x32\...\{091C294E-F243-432C-93E1-DEC4C2B9635B}) (Version: 3.8.440.1250 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Greenfish Icon Editor Pro 3.31 (HKLM-x32\...\{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1) (Version:  - Greenfish Corporation)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{382300D4-777B-4233-A98C-99EA0F6B881F}) (Version: 13.0 - HP)
HP DVD Play 3.7 (HKLM-x32\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: 3.7.2.6908 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation)
Iperius Backup version 4.3.2.0 (HKLM-x32\...\Iperius Backup_is1) (Version: 4.3.2.0 - Enter Srl)
Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
LinkedIn Outlook Connector (HKLM-x32\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.15.416 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-007A-0409-1000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft PhotoDraw 2000 V2 (HKLM-x32\...\{3C5EA394-1033-11D2-A2CB-00C04F72F31D}) (Version: 2.00.00.1428 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Nitro Pro 8 (HKLM\...\{47B42E7A-57E9-407B-8DBB-017B86D7B13F}) (Version: 8.5.2.10 - Nitro)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PhotoSpills4 (HKLM-x32\...\ST6UNST #1) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.6.0 - Prolific Technology INC)
qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
System Requirements Lab for Intel (64-bit) (HKLM\...\{D461E239-6BF6-49D4-AE9F-09BC9374B698}) (Version: 4.5.24.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.3 - Tweaking.com)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
update (x32 Version: 2.00.0000 - Your Company Name) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WordPerfect Lightning - IPM (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (x32 Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (x32 Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (x32 Version: 2.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
Wordperfect Office X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Graphics (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - LegalTools (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Migration Manager (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Oxford (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - PerfectExperts EN (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - PR (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - QP (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Sharepoint (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - Skins (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - System EN (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - Templates (x32 Version: 15.3 - Corel Corporation) Hidden
WordPerfect Office X5 - WP (x32 Version: 15.0 - Corel Corporation) Hidden
WordPerfect Office X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
WordPerfect Office X5 (HKLM-x32\...\_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}) (Version: 15.0.0.505 - Corel Corporation)
WordPerfect Office X5 (x32 Version: 15.0 - Corel Corporation) Hidden
Xara Designer Pro X11 (HKLM\...\MX.{B8B90DDD-85BD-4910-BA97-4ABBF1FC1674}) (Version: 11.2.3.40788 - Xara Group Ltd)
Xara Designer Pro X11 (Version: 11.2.3.40788 - Xara Group Ltd) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{05E88098-3750-457A-AC42-1B019F9E3FE8}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\HDPImport.dll ()
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{171740BB-DE5D-4A3B-A5DD-43D171192819}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\RTFfilter.dll (Xara Group Ltd.)
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{23F5AD84-9742-4A1F-BA77-B39828938730}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\PDFXFilter\PDFXFilter.dll (Xara)
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{2DD6B8AC-9015-4347-A47B-CEDCA2E4C2EA}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\XPSFilter.dll ()
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{3E2079FE-4DB5-4914-B9A0-FBBDA87890C0}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\ODPImport.dll ()
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{44B8B2C4-AFC2-44B3-8F05-02EC6E235862}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\PSDFilter.dll ()
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{4954639E-4AD5-4232-9FC6-753ED3E19DE1}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\PPImport.dll ()
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{5C8E7C70-D9DC-4AB9-B748-4ED125D0CD74}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\WSMFilter.dll ()
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{65545209-E245-4026-94AE-DEABE04DA1BF}\localserver32 -> C:\Program Files\Xara\Xara Designer Pro X11\DesignerPro.exe (Xara Group Ltd.)
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{96379E3B-23DA-4F75-A23A-DBCF805CC406}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\DocImport\DocImport.dll ()
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{C2A30267-3451-441F-93AD-8C8399CB426B}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\HTMLfilter.dll (Xara Group Ltd.)
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{CB58FF31-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> C:\Program Files\Xara\Xara Designer Pro X11\DesignerPro.exe (Xara Group Ltd.)
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{CB58FF32-2539-11D0-BDEE-0020AFE14B84}\localserver32 -> C:\Program Files\Xara\Xara Designer Pro X11\DesignerPro.exe (Xara Group Ltd.)
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{CCC4FDE7-EE88-454F-9B6E-60FD6B562289}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\RAWImport\RAWImport.dll ()
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{E44A4F31-0C8B-42C2-A2A4-E743A0395B5F}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\PDFImport\PDFImport.dll ()
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{E99245A1-DE06-4770-8208-B0494C933C65}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\SVGFilter.dll ()
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{EDC4A498-53B4-496C-A750-3AABCD48A6A3}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\EMFFilter.dll ()
CustomCLSID: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000_Classes\CLSID\{FABA52C3-2D0F-4070-8086-57522F3A9D82}\InprocServer32 -> C:\Program Files\Xara\Xara Designer Pro X11\Filters\ENG\TIFFImport.dll ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02E9531D-655C-4B6A-B1B5-8F9455B8A2FD} - System32\Tasks\{F24AAC10-4845-4704-AB80-7C87ECA86FD1} => pcalua.exe -a "C:\Users\Jim Considine\Downloads\sp47546.exe" -d "C:\Users\Jim Considine\Downloads"
Task: {063B1192-260B-4C89-87F7-3B818E5B6859} - System32\Tasks\{A490A88A-64A2-4638-8EE9-69A0DA7B9498} => C:\Program Files (x86)\Microsoft Office\Office\PHOTODRW.EXE [1999-11-29] (Microsoft Corporation)
Task: {076A92B5-53CA-4959-ADB9-7B6464564651} - System32\Tasks\{75DBA38B-DEF7-4F5F-A05F-1E0A267F109E} => pcalua.exe -a "C:\Users\Jim Considine\Downloads\BCPL WIFI PRINT\clientlauncher.exe" -d "C:\Users\Jim Considine\Downloads\BCPL WIFI PRINT"
Task: {0940B1B1-1EAA-419E-91E6-78F5B9C7EDB0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {0AE1266F-88A7-4962-852A-73D88F888424} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {0AFC2B4A-01D4-4ABF-B30C-0891BD2A8601} - System32\Tasks\{FCC197B6-8953-43F0-9A27-9057F449B917} => C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe [2015-06-12] ()
Task: {0BED4290-B9C5-4EB9-B36F-D3295B374F82} - System32\Tasks\{4779146C-F8C0-441C-AAC8-DB07B2182B0F} => pcalua.exe -a "C:\Users\Jim Considine\AppData\Local\Temp\ENGLISH\SETUP.EXE" -d "C:\Users\Jim Considine\AppData\Local\Temp\ENGLISH"
Task: {151F1F86-10B0-45DC-BB42-7CB3110311DC} - System32\Tasks\{C8C8B3A8-2FE9-45D0-99EE-1AC9A5C860BB} => C:\Program Files (x86)\Microsoft Office\Office\PHOTODRW.EXE [1999-11-29] (Microsoft Corporation)
Task: {1CFE5A05-C96A-4509-AEB2-4CCE32194510} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3980735000-1117649075-3546456287-1000Core => C:\Users\Jim Considine\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-14] (Google Inc.)
Task: {1FB26E1E-EC7E-453C-8E28-871738CDE597} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {23CB7772-7189-44DF-9B48-C80BD5C51AAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {24C10870-F37D-402A-88F6-6A12EBB272D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {34DE128C-9705-4A52-8B82-4C4D07D40DC1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {4573958F-A26F-4397-88D1-FEC6FAACAB5F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {49B0D2B5-635E-4826-A6E1-8AA0CE29DBF2} - System32\Tasks\{861B9405-4671-48B8-BD28-E16507043FB2} => pcalua.exe -a "C:\Program Files (x86)\Nitro\Pro 8\AddinSetupTool.exe" -d "C:\Program Files (x86)\Nitro\Pro 8" -c /InstallExcelAddin 1
Task: {57BE0D10-6860-4DDF-A546-FDF8E12A43BE} - System32\Tasks\{F1764C9C-4850-40F9-9E8E-EB48ED2888F4} => C:\Program Files (x86)\Microsoft Office\Office\PHOTODRW.EXE [1999-11-29] (Microsoft Corporation)
Task: {59009B52-CAE5-436E-AA60-5C5BB68A165B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6F67C55C-C560-42E9-9C78-67EC6BC6F1F0} - \AutoKMSCustom -> No File <==== ATTENTION
Task: {75A7466D-8452-421F-AB26-16B1E0B806E4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {773BBA28-6462-4AFF-B95F-C809996D36D6} - System32\Tasks\{9F4FCAA5-1514-484C-AC09-EB455BF3D8E9} => C:\Program Files (x86)\Microsoft Office\Office\PHOTODRW.EXE [1999-11-29] (Microsoft Corporation)
Task: {7B3BBD4A-D819-40AF-85BF-A9F1336ADB06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {7E18836B-FD1C-45AE-BF19-E1AABE29C98D} - System32\Tasks\{CB1E3069-BFFC-487E-BEB0-CDD4D346786D} => C:\Program Files (x86)\Microsoft Office\Office\PHOTODRW.EXE [1999-11-29] (Microsoft Corporation)
Task: {870499D3-A8C9-40C6-83FE-2C4306C5EBCB} - System32\Tasks\{2F46E43C-2071-4611-904F-4EF09D5E2B07} => pcalua.exe -a "C:\Program Files (x86)\Nitro\Pro 8\AddinSetupTool.exe" -d "C:\Program Files (x86)\Nitro\Pro 8" -c /InstallWordAddin 1
Task: {8FBF27E8-D3CD-4BF3-B082-EA33578CC748} - System32\Tasks\{EDDC9CBE-EA5B-4808-90AB-B552A955DA6A} => C:\Program Files (x86)\Microsoft Office\Office\PHOTODRW.EXE [1999-11-29] (Microsoft Corporation)
Task: {981DE8C4-F3BE-4214-9DBA-3086F4C1E4A3} - System32\Tasks\{645485F8-2216-4EA5-8029-C0CF07D808D2} => pcalua.exe -a "C:\Users\Jim Considine\PhotoDraw V2 Disc 1\SETUP.EXE" -d "C:\Users\Jim Considine\PhotoDraw V2 Disc 1"
Task: {99E97C03-3D59-4EBE-8047-41AB62DD3B63} - System32\Tasks\{E0EA54FA-C9CF-45EF-8BEF-8749EDDF8215} => pcalua.exe -a "C:\Program Files (x86)\Nitro\Pro 8\AddinSetupTool.exe" -d "C:\Program Files (x86)\Nitro\Pro 8" -c /UninstallPowerPointAddin 1
Task: {A914F73E-267B-40C0-81F1-F33AD0BF13D5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {AACECFB8-B6AE-40C7-BD96-F4F03911E18D} - System32\Tasks\{CECDFBDA-88CF-488D-AADB-940C33CA7CBE} => pcalua.exe -a "C:\Users\Jim Considine\Downloads\CANON POWERSHOT A40\A40WI410EN\ENGLISH\SETUP.EXE" -d "C:\Users\Jim Considine\Downloads\CANON POWERSHOT A40\A40WI410EN\ENGLISH"
Task: {AB033AC2-40CA-4EB0-BDD9-21979D90411C} - System32\Tasks\{0E33B858-3B00-4857-B5C6-A7205E72D00D} => C:\Program Files (x86)\Microsoft Office\Office\PHOTODRW.EXE [1999-11-29] (Microsoft Corporation)
Task: {AC2CAB82-BC47-47F2-BA32-601877258F89} - System32\Tasks\{6075EF55-3E98-418B-9A61-9BA4F4E24D83} => C:\Program Files (x86)\Microsoft Office\Office\PHOTODRW.EXE [1999-11-29] (Microsoft Corporation)
Task: {AD84F73A-4DA3-49BE-BA0E-CD228848E6C9} - System32\Tasks\{C9DA48BF-91F9-427D-BC2F-DEE594ADE814} => pcalua.exe -a "C:\Users\Jim Considine\PhotoDraw V2 Disc 1\SETUPPD.EXE" -d "C:\Users\Jim Considine\PhotoDraw V2 Disc 1"
Task: {B3E51730-4C08-447B-9818-2586045CBD35} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {B5A83209-A979-41FD-A782-E1BDA7AEEA59} - System32\Tasks\{247847D9-A7C2-4D39-BC5F-42104EC5BF44} => C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe [2015-06-12] ()
Task: {C0B75371-6A46-4141-8693-B1A6CF7B2746} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {C22AA911-4B03-4AB7-BF5C-724D9D75A0A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3980735000-1117649075-3546456287-1000UA => C:\Users\Jim Considine\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-14] (Google Inc.)
Task: {CB6EE17D-33CB-4E86-BC6E-21087AA06C53} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {D30669EF-864E-4E98-8748-68A64DE5EECE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {D4F7579E-9815-4908-996A-51E1BB6223B4} - System32\Tasks\{C606327F-8474-4BD3-98AE-DFB29072CE10} => pcalua.exe -a "C:\Users\Jim Considine\Downloads\HP DRIVERS FOR INTEL PROSET\sp47546.exe" -d "C:\Users\Jim Considine\Downloads\HP DRIVERS FOR INTEL PROSET"
Task: {D56E2AB7-0436-470C-9822-8B329915527B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {D63B553B-31E9-4CEC-AB5E-36DED40EFC52} - System32\Tasks\{0C23116F-3B6B-416D-BBC7-3B25B85CED48} => pcalua.exe -a C:\Users\JIMCON~1\AppData\Local\Temp\dlm6DB4.tmp\iconst7p.exe -d "C:\Users\Jim Considine\Downloads\ICON COOL STUDIO"
Task: {EA0645FE-70F5-4253-8CFF-96A956EF5008} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {EAB70206-527B-4061-AB7B-661613BAEEC1} - System32\Tasks\{6014E729-EAD0-4112-AB8C-5B0F1BADD37F} => pcalua.exe -a "C:\Users\Jim Considine\Downloads\IMAGE ANALYZER\AdvancedFiltersPlugin.exe" -d "C:\Users\Jim Considine\Downloads\IMAGE ANALYZER"
Task: {EB466230-5538-443E-8B55-BA4A371D6197} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {F74FF4AA-B40D-4365-B2D8-B7F302E33042} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe <==== ATTENTION
Task: {F7D65524-D295-44D1-9EEA-397885CBD358} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {FA576457-E062-427A-A829-0F96DC95AB81} - System32\Tasks\{7297F33A-B535-4AEA-972F-2C0BF936769C} => pcalua.exe -a "C:\Users\Jim Considine\Downloads\CANNON SCANNER\lide60vst6411111a_64en\SetupSG.exe" -d "C:\Users\Jim Considine\Downloads\CANNON SCANNER\lide60vst6411111a_64en"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3980735000-1117649075-3546456287-1000Core.job => C:\Users\Jim Considine\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3980735000-1117649075-3546456287-1000UA.job => C:\Users\Jim Considine\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_occpjibghkbopohbefbejkklnfdkdmok\piZap Photo Editor.lnk -> C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_occpjibghkbopohbefbejkklnfdkdmok\piZap Photo Editor.ico? () ->  --profile-directory=Default --app-id=occpjibghkbopohbefbejkklnfdkdmok
ShortcutWithArgument: C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mgndgikekgjfcpckkfioiadnlibdjbkf\Chrome.lnk -> C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mgndgikekgjfcpckkfioiadnlibdjbkf\Chrome.ico? () ->  --profile-directory=Default --app-id=mgndgikekgjfcpckkfioiadnlibdjbkf
ShortcutWithArgument: C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_emkkfkcbnpdnhgeolpbggbdogfngiadf\Photovisi - Photo Collage Maker.lnk -> C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_emkkfkcbnpdnhgeolpbggbdogfngiadf\Photovisi - Photo Collage Maker.ico? () ->  --profile-directory=Default --app-id=emkkfkcbnpdnhgeolpbggbdogfngiadf
ShortcutWithArgument: C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ejidjjhkpiempkbhmpbfngldlkglhimk\Gmail Offline.lnk -> C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ejidjjhkpiempkbhmpbfngldlkglhimk\Gmail Offline.ico () ->  --profile-directory=Default --app-id=ejidjjhkpiempkbhmpbfngldlkglhimk
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-17 10:41 - 2016-04-16 17:31 - 01047520 ____C () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll
2015-03-28 14:40 - 2015-03-02 18:44 - 05886272 _____ () C:\Users\Jim Considine\AppData\Local\Amazon Music\Amazon Music Helper.exe
2016-03-17 10:41 - 2016-02-08 17:01 - 00759808 ____C () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-17 19:14 - 2016-06-15 04:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 19:14 - 2016-06-15 04:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-17 19:14 - 2016-06-15 04:26 - 31519384 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll
2016-07-07 12:29 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-07-07 12:29 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-07-07 12:29 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-07-07 12:30 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\...\123simsen.com -> www.123simsen.com
 
There are 7864 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-11-07 15:19 - 00000762 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
::1             localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jim Considine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{231A019C-F0B5-4713-9118-CA3BD11F606A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{883E4DAD-81EC-47B2-88B3-D5529F543A95}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{346F9F4E-3017-4A88-A107-1542F79E6478}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{D2CF1E42-6F8E-4656-84FF-2BF549CAB79A}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{185BF6C5-F93E-49FC-A71E-9F6CCAE45BD1}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{3A54C47E-36E3-4C32-85BC-BD089B74D6F6}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{E5A7D63D-7E1A-4DC5-BB99-65DAF4B31EBE}] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{A9AD3C4D-34E1-4E2C-8CCE-9B55BC616C26}] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{596C286E-4E74-4F9A-9123-FF8648E9AB35}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
23-06-2016 01:09:10 Windows Update
23-06-2016 07:12:57 Revo Uninstaller's restore point - Real-Draw PRO 5.2.4
26-06-2016 09:41:49 Windows Update
29-06-2016 09:58:43 Windows Update
03-07-2016 12:49:36 Windows Update
05-07-2016 18:36:43 JRT Pre-Junkware Removal
06-07-2016 16:23:12 Windows Update
07-07-2016 10:55:15 Microsoft Antimalware Checkpoint
07-07-2016 12:41:16 Removed Jasc Paint Shop Pro 9
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/07/2016 10:45:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (07/07/2016 12:55:46 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/07/2016 12:55:46 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/07/2016 12:55:46 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/07/2016 12:55:46 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (07/07/2016 12:55:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/07/2016 12:55:34 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (07/07/2016 12:55:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/07/2016 12:55:34 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/07/2016 12:55:34 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
 
System errors:
=============
Error: (07/07/2016 07:12:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (07/07/2016 07:12:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (07/07/2016 07:10:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center Scheduler Service service to connect.
 
Error: (07/07/2016 07:10:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center Receiver Service service to connect.
 
Error: (07/07/2016 12:59:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (07/07/2016 12:59:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (07/07/2016 12:56:43 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
 
Error: (07/07/2016 12:55:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/07/2016 12:55:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (07/07/2016 12:54:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
 
CodeIntegrity:
===================================
  Date: 2016-07-07 22:45:11.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-07 22:24:43.370
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-07 22:04:33.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-11 12:49:38.068
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-11 12:49:38.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 80%
Total physical RAM: 3003.19 MB
Available physical RAM: 570.68 MB
Total Virtual: 6004.57 MB
Available Virtual: 2181.64 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:275.24 GB) NTFS
Drive g: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:540.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C2DA5CF2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: D77AC8EB)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:28 AM

Posted 08 July 2016 - 07:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18\...\Run: [ctfmon.exe] => -
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\ixquick-https.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\privatelee-https.xml [2014-12-11]
FF SearchPlugin: C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\startpage-ssl.xml [2014-12-11]
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=FA8zamobl011652,7bd439f5-ee6f-4d76-b5d9-10dac6b3fc18,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog [2016-04-27]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2016-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKU\S-1-5-21-3980735000-1117649075-3546456287-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JIMCON~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 semav6thermal64ro; \??\C:\Windows\system32\drivers\semav6thermal64ro.sys [X]
Task: {6F67C55C-C560-42E9-9C78-67EC6BC6F1F0} - \AutoKMSCustom -> No File <==== ATTENTION
Task: {EA0645FE-70F5-4253-8CFF-96A956EF5008} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\AutoKMS
C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\ixquick-https.xml
C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\privatelee-https.xml
C:\Users\Jim Considine\AppData\Roaming\Mozilla\Firefox\Profiles\in5snufn.default\searchplugins\startpage-ssl.xml
C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog
C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa
C:\Users\Jim Considine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 JimConsidine

JimConsidine
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, Maryland USA
  • Local time:08:28 AM

Posted 08 July 2016 - 05:16 PM

Nasdaq,
Hello. Thank you for your assistance on this matter.
I followed your instructions and the only thing that changed was that all of my extensions/plug-ins for my browser Google Chrome are not functioning. I assume that this is a result of FRST and this can be fixed later. Unfortunately, when I opened Amazon, the malware came right back.
  • Would you like me to send you a screenshot of the malware?
  • I ran a complete scan with Spybot S&D last night and will attach this log.
I look forward to hearing from you.
 
Jim Considine
xxx-xxx-9150
 
PS - The malware jumped on a page baseball reference.com for some reason. Malware bytes blocked the page.

Attached Files


Edited by nasdaq, 09 July 2016 - 06:22 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:28 AM

Posted 09 July 2016 - 06:31 AM

Please do not give your phone number in any forum.
The number can be gather from a BOT.

===

all of my extensions/plug-ins for my browser Google Chrome are not functioning
Only a few bad ones were removed.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

How is it now?

===

PS - The malware jumped on a page baseball reference.com for some reason. Malware bytes blocked the page.

Malwarebytes may be protecting you. The notifications can be stopped.
Try this.
https://support.malwarebytes.com/customer/en/portal/articles/1835324-how-do-i-disable-notifications-when-malwarebytes-anti-malware-blocks-a-file-or-website-?b_id=6438

Keep me posted.

#5 JimConsidine

JimConsidine
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, Maryland USA
  • Local time:08:28 AM

Posted 09 July 2016 - 07:34 AM

Nasdaq,

I think that did the trick. I just placed an order with Amazon without any interference.

I have two three four questions ...

  1. Is there a specific name or scenario to describe the malware infection I sustained?
  2. Can I reinstall/reactivate the extensions that I was using before resetting Chrome?
  3. I disconnected my backup 1 Tb external hard drive in order to expedite the considerable time it was taking to scan my 500 gb hard drive. I deleted the folder that was suspect on both drives. It was scanned 2 days ago by Eset, BC's Junkware removal tool and Rootkit killer, and Malware bytes anti-malware/anti-exploit/ anti-ransomware Can I plug the backup drive in and run the Spybot S&D or FRST (fix option)
  4. My security plan right now is ...
    • Windows Security Essentials with a scheduled weekly "quick" scan
    • Windows 7 standard firewall
    • Malware Bytes:
      • anti-malware (premium version/wwekly scan scheduled)
      • anti-exploit (premium version which I believe has been incorporated into the Google Chrome browser)
      • anti-ransomware - Beta
  • Spybot Search and Destroy (premium/weekly scan scheduled)
  • My files are backed up daily. I run CC cleaner weekly and review my installed programs with Revo uninstaller. I lean towards deleting any program that is not being used.

Do you have any recomendations on improvements that I should make

 

 

Thank you for your assistance with this matter



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:28 AM

Posted 09 July 2016 - 12:45 PM

Is there a specific name or scenario to describe the malware infection I sustained?

No. What was removed was possibly installed without your consent.
When you install new programs, run the AdwCleaner to me sure nothing was installed other than the program.

===

Can I reinstall/reactivate the extensions that I was using before resetting Chrome?
Yes but run the AdwCleaner after and decide if you want to keep it.

===

Can I plug the backup drive in and run the Spybot S&D or FRST (fix option)

Plug the backup drive.
Run the Spybot & D.
My fix did not remove anything other than from the C: drive. No need to run the Farbar tool.

... Do you have any recommendations on improvements that I should make


Have a look at these recommendations.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#7 JimConsidine

JimConsidine
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, Maryland USA
  • Local time:08:28 AM

Posted 10 July 2016 - 10:24 AM

Dear Nasdaq,

This morning, the malware reappeared on Amazon. Yesterday, I put the computer through some basic maintenance such as defragging. I ran the Spybot rootkit cleaner and ran a malware deep scan. I will attach these logs. I did not worry about restoring my browser to it former configuration. But, I could not even set Google.com as my home page!

I reboot and run Adware Cleaner and send you the log.

I was convinced that I am seriously infected since the entire system is running extremely slow and sluggish.

Again, I thank you for your time and advice.

Jim

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:28 AM

Posted 10 July 2016 - 12:57 PM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

p.s.
Any other computer connected to your router and have similar problems?

#9 JimConsidine

JimConsidine
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, Maryland USA
  • Local time:08:28 AM

Posted 10 July 2016 - 01:15 PM

Dear Nasdaq, I am writing you on my phone. I forgot to tell you that my internet quit on me twice this week. The first time I blamed Comcast, the second time, I new it eas something fishy. I just caught it before it went down and shut down. I noticed that MS Security Essentials had shut down.
Regarding your message, I ran the root killer program before I comtacted you. I will run it again and get back to you. I just got this phone and am getting used to it. I also have a Mac that I have only turned on once. So communication may be tough on my end.

#10 JimConsidine

JimConsidine
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, Maryland USA
  • Local time:08:28 AM

Posted 10 July 2016 - 02:36 PM

Dear Nasdaq, I am writing you on my phone. I forgot to tell you that my internet quit on me twice this week. The first time I blamed Comcast, the second time, I new it eas something fishy. I just caught it before it went down and shut down. I noticed that MS Security Essentials had shut down.
Regarding your message, I ran the root killer program before I comtacted you. I will run it again and get back to you. I just got this phone and am getting used to it. I also have a Mac that I have only turned on once. So communication may be tough on my end.

#11 JimConsidine

JimConsidine
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, Maryland USA
  • Local time:08:28 AM

Posted 10 July 2016 - 03:21 PM

Nasdaq, Geez, I've got three devices in front of me right now trying to communicate with the world!

 

Here is the log from Rogue Killer. I deleted everything they detected ... nothing very interesting.

 

RogueKiller V12.3.7.0 [Jul  4 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jim Considine [Administrator]
Started from : C:\Users\Jim Considine\Downloads\- JUNKWARE REMOVAL SYSTEM\APPLICATIONS\RogueKiller.exe
Mode : Delete -- Date : 07/10/2016 16:03:17
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 21 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:21320  -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:21320  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 1localhost:21320  -> Deleted
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 1localhost:21320  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 1localhost:21320  -> Deleted
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3980735000-1117649075-3546456287-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Replaced (1)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] in5snufn.default : user_pref("network.proxy.type", 2); -> Replaced (0)
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-22A1YT0 ATA Device +++++
--- User ---
[MBR] e417e7daaeccd13a657368f32de61a9a
[BSP] 868efe29896de48e26b9b8e165e6213c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#12 JimConsidine

JimConsidine
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, Maryland USA
  • Local time:08:28 AM

Posted 10 July 2016 - 04:31 PM

Oh and to answer your question about other computers, the Macbook is brand new and running on wifi ... this laptop is hard wired to router and the smartphone is wifi.



#13 JimConsidine

JimConsidine
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, Maryland USA
  • Local time:08:28 AM

Posted 10 July 2016 - 04:38 PM

Here is a strange one ... I am having difficulty setting Google.com as my home page. Attached is a screenshot of where it takes me. I have trouble believing this page is for real.

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,198 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:28 AM

Posted 11 July 2016 - 06:41 AM

Clean your cookies from Chrome.

https://support.google.com/accounts/answer/32050?hl=en

Keep me posted.

#15 JimConsidine

JimConsidine
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Baltimore, Maryland USA
  • Local time:08:28 AM

Posted 11 July 2016 - 01:58 PM

Dear Nasdaq,

I cleaned up cookies on Chrome. Just for fun, I ran the old Microsoft disc clean utility which cleared 144 mb of information.

I then opened Amazon and the pop-ups returned within 30 seconds.

I think I need to emphasize at this point that whatever malware I have contracted, it is exerting a lot of control on my system. It took my computer almost three minutes to open the reply window in order for me to send this message. Just to review:

 

  1. Last week, I noticed the pop-ups on Amazon. I expect that they would appear anywhere I might be shopping.
    1. I should have mentioned this earlier, but I had been infected by this malware about a month earlier. I used the unscientific method of running every malware/rootkiller/junkware removal/spyware cleaner that is highlighted on the Bleeping computer site. Specifically, I ran:
    • MS. Security Essentials full scan
    • Malwarebytes anti-malware full scan
    • Eset online scanner
    • Microsoft Security Essentials - full scan 
    • Adware cleaner
    • FSS - (I started using FRST/64 bit at your suggestion when we started working together on the problem)
    • Rkill
    • TDSkill
    • and finally, Combo Fix
    1. The problem went away for 30 days. <Note: it just took me 45 seconds to complete typing this line of type due to the system stalls>
  2. My internet connection was disrupted twice last week. I was able to restore it by resetting my router using a Comcast process of disconnecting the coax first and then unplugging the unit for 10 seconds. It appears that if I stay online for an extended period of time, (+3 hours) the connection will begin to erode. I caught it in process yesterday.  I could see the system trying to reconnect on the toolbar. At that moment, I also noticed that the icon for MS Security Essentials was the color "red", in other words it was not operating.
  3. In order to eliminate the malware, I decided to repeat what had proved successful earlier. HOWEVER, there were some remedies that I ran that would not complete. For example, I ran Combo Fix about 10 times, and it never successfully ran to completion. The best result I got was it progressed to "Stage 48" and stayed at this level for an hour.
  4. I purchased a copy of Spybot Search and Destroy. I ran this application to eliminate spyware and a rootkiller run. Both turned in results. I saved all the logs of any completed spyware eliminating process.
  5. I had some minor problems with other utilities, which I was able to get around by rebooting before running a utility.
  6. I ran CC cleaner and ran it's registry repair operation. I run CC cleaner regularly.
  7. I also use CC Cleaner's program "Defraggler" on my main hard drive. I use this program regularly also.
  8. My standard security protection that runs all of time is:
    • MS Security Essentials which includes a firewall
    • Malwarebytes Anti-Malware (not the free version)
      • I also installed Malwarebytes Anti-Exploit (premium) which I believe Google purchased and has added to it's Chrome browser
      • I even have Malwarebytes Anti-Ransomware beta running
  9. After going through all of these processes, I contacted the forum of Bleeping Computer and turned myself over to your guidance.

 

As always, thank you for your assistance with this matter. I am at a point when I would like to replace my laptop, which is about 6 years old. However, I have to get ready of this infection before moving my files to a new PC.

I got a good deal on a new Macbook Air. I wanted to learn the ways of Apple as I received my first laptop from my employer in 1992 on which I installed Windows 3.1






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users