Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Followup to 'click-jacker' in 'Am I infected'


  • This topic is locked This topic is locked
12 replies to this topic

#1 latimer141225

latimer141225

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 05 September 2016 - 04:37 PM

Original thread here: http://www.bleepingcomputer.com/forums/t/625717/battling-click-jacker;-stopped-in-browsers-still-in-email-app/

This all started when some click-jacker occupied all my browsers (IE11, FF 48, and a minimally-used Chrome), plus my (dinosaur) Juno offline email app with its intrinsic IE8 or 9. As of now most of the situation has been resolved, as I am not seeing abnormal behaviour when I mouseover a link in any of these.

I ended up here after one of a poster's suggested solutions came close to shutting down good files.

I'm not sure if the other problem with Juno, where the display of both the list of messages in any given folder and the headers of the current message cannot be changed even with the Fonts dialog in Internet Options, is VSTM-related or not.

However, even though I've not seen it in the logs I'd posted there, I was told some form of Trojan.zeroaccess was around. So, we sally forth against our foe.
 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by RD (administrator) on HARRY-HP (05-09-2016 17:11:03)
Running from C:\Users\RD\Desktop
Loaded Profiles: RD (Available Profiles: Frable & RD & Administrator & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Kana Solution) C:\data\Kana Reminder\Reminder.exe
(-) C:\data\command\T-Clock\Clock64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ZabKat) C:\Program Files (x86)\zabkat\xplorer2_lite\xplorer2_lite.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\data\command\PFE32.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-08-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Run: [Kana Reminder highres] => C:\data\Kana Reminder\Reminder.exe [275456 2002-11-17] (Kana Solution)
HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Run: [Visual Subst] => C:\Program Files (x86)\Visual Subst\VSubst.exe [139672 2008-02-02] (NTWind Software)
HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\MountPoints2: {c70de4d3-1636-11e6-9789-001fc69e8b7a} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-826053770-4046741344-3451363063-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\3DPIPE~1.SCR [610304 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Clock Redux x64.lnk [2016-07-04]
ShortcutTarget: T-Clock Redux x64.lnk -> C:\data\command\T-Clock\Clock64.exe (-)
Startup: C:\Users\RD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autoexec.bat.lnk [2016-03-09]
ShortcutTarget: Autoexec.bat.lnk -> C:\Users\RD\Documents\autoexec.bat ()
Startup: C:\Users\RD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Clock64.lnk [2016-03-16]
ShortcutTarget: Clock64.lnk -> C:\data\command\T-Clock\Clock64.exe (-)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{A7CC8A63-2D9B-4CA0-B5D4-973F1271571F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{A7CC8A63-2D9B-4CA0-B5D4-973F1271571F}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www6.enter.net/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-826053770-4046741344-3451363063-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lehighvalleylive.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {32970251-51FB-4C9F-BDF3-F7099337CCAB} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-826053770-4046741344-3451363063-1003 -> DefaultScope {73cd434e-8e1e-46b6-bb8d-7dd935140717} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-826053770-4046741344-3451363063-1003 -> {365D6048-0434-4924-8007-3AE04A08E229} URL = hxxp://search.espn.go.com/results?searchString={searchTerms}&fromForm=true
SearchScopes: HKU\S-1-5-21-826053770-4046741344-3451363063-1003 -> {73cd434e-8e1e-46b6-bb8d-7dd935140717} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-826053770-4046741344-3451363063-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKU\S-1-5-21-826053770-4046741344-3451363063-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-826053770-4046741344-3451363063-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-20] (Oracle Corporation)
BHO: No Name -> {8a194578-81ea-4850-9911-13ba2d71efbd} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-20] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Pop-up Blocker -> {52706EF7-D7A2-49AD-A615-E903858CF284} -> C:\Program Files (x86)\Juno\qsacc\X1IEBHO.dll [2009-06-30] (Juno, Inc.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-08-07] (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
BHO-x32: Juno Toolbar Helper -> {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} -> C:\Program Files (x86)\Juno\ucreg.dll [2010-01-28] (Juno, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\RD\AppData\Roaming\Mozilla\Firefox\Profiles\8taqucee.default-1472656466354
FF Homepage: hxxp://www.lehighvalleylive.com/
 hxxps://www.youtube.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-11-26] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (Video DownloadHelper) - C:\Users\RD\AppData\Roaming\Mozilla\Firefox\Profiles\8taqucee.default-1472656466354\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-09-01]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.12
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.12 [2016-08-09]
FF HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Firefox\Extensions: [supportdept@alltubedownloader.com] -  => not found

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://home.juno.com/"
CHR Profile: C:\Users\RD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\RD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-04]
CHR Extension: (Google Drive) - C:\Users\RD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-04]
CHR Extension: (YouTube) - C:\Users\RD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-04]
CHR Extension: (Google Search) - C:\Users\RD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-05-04]
CHR Extension: (Google Docs Offline) - C:\Users\RD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\RD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\RD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-08-24] (Realtek Semiconductor)
S4 UPWSvc; C:\ProgramData\UserProfileMigrationService.exe [634296 2016-03-01] (ForensiT Limited)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
S3 bthav; C:\Windows\System32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-01] (REALiX™)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2015-02-26] (Qualcomm Atheros Co., Ltd.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-07-04] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2016-03-07] (Duplex Secure Ltd.)
S3 VASDeviceDrm; C:\Windows\System32\drivers\sarpDev.sys [1944176 2014-05-17] (ShiningMorning Inc.)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 17:11 - 2016-09-05 17:11 - 00022678 _____ C:\Users\RD\Desktop\FRST.txt
2016-09-05 16:44 - 2016-09-05 17:10 - 00001121 _____ C:\Users\RD\Documents\bleeping2.asc
2016-09-05 16:42 - 2016-09-05 17:11 - 00000000 ____D C:\FRST
2016-09-05 16:22 - 2016-09-05 16:23 - 02397696 _____ (Farbar) C:\Users\RD\Desktop\FRST64.exe
2016-09-05 15:59 - 2016-09-05 15:59 - 00000186 _____ C:\Users\RD\Documents\810905at40[b]-cue.url
2016-09-05 15:58 - 2016-09-05 15:59 - 00000186 _____ C:\Users\RD\Documents\850914at40[a]-cue.url
2016-09-05 15:58 - 2016-09-05 15:58 - 00000186 _____ C:\Users\RD\Documents\750906at40-cue.url
2016-09-05 13:53 - 2016-09-05 13:54 - 00121676 _____ C:\Windows\File Renamer - Basic Uninstaller.exe
2016-09-05 13:53 - 2016-09-05 13:53 - 00001012 _____ C:\Users\RD\Desktop\FileRenamer.lnk
2016-09-05 13:53 - 2016-09-05 13:53 - 00000000 ____D C:\Users\RD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Renamer - Basic
2016-09-05 13:53 - 2016-09-05 13:53 - 00000000 ____D C:\Program Files (x86)\File Renamer
2016-09-05 13:51 - 2016-09-05 13:53 - 08447629 _____ C:\Users\RD\Desktop\FileRenamerBasic.exe
2016-09-05 13:46 - 2016-09-05 13:33 - 44302336 _____ C:\Windows\system32\config\components.bak
2016-09-05 13:15 - 2016-09-05 13:15 - 00000020 _____ C:\Users\RD\defogger_reenable
2016-09-05 13:14 - 2016-09-05 13:13 - 00024498 ____R C:\Users\RD\Desktop\Pre_Scan_05_09_2016_13_13_57.txt
2016-09-05 13:14 - 2016-09-05 13:13 - 00024498 ____R C:\Pre_Scan_05_09_2016_13_13_57.txt
2016-09-05 13:13 - 2016-09-05 13:13 - 00000950 _____ C:\Users\RD\Desktop\Internet Explorer.lnk
2016-09-05 12:53 - 2009-07-13 21:39 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2016-09-05 12:50 - 2016-09-05 11:43 - 00373965 _____ C:\Users\RD\Documents\tree_p.dat
2016-09-05 12:50 - 2016-09-05 11:43 - 00061729 _____ C:\Users\RD\Documents\tree_n.dat
2016-09-05 12:50 - 2016-09-05 11:43 - 00029544 _____ C:\Users\RD\Documents\tree_o.dat
2016-09-05 12:50 - 2016-09-05 11:43 - 00011157 _____ C:\Users\RD\Documents\tree_v.dat
2016-09-05 12:50 - 2016-09-05 11:43 - 00000609 _____ C:\Users\RD\Documents\gps.dat
2016-09-05 12:50 - 2016-08-19 09:09 - 00000203 _____ C:\Users\RD\Documents\retree.bat
2016-09-05 12:50 - 2011-06-09 12:14 - 01284712 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2016-09-05 12:50 - 2010-11-20 23:25 - 00051200 _____ (Twain Working Group) C:\Windows\twain_32.dll
2016-09-05 12:50 - 2009-06-10 17:41 - 00094784 _____ (Twain Working Group) C:\Windows\twain.dll
2016-09-05 12:50 - 2008-04-14 02:30 - 00610304 _____ (Microsoft Corporation) C:\Windows\3D Pipes.scr
2016-09-05 12:49 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-09-05 12:49 - 2012-02-11 02:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2016-09-05 12:49 - 2010-11-20 23:24 - 00071168 _____ (Microsoft Corporation) C:\Windows\bfsvc.exe
2016-09-05 12:49 - 2009-08-04 13:56 - 00296960 _____ (Microsoft Corporation) C:\Windows\winhlp32.exe
2016-09-05 12:49 - 2009-07-13 21:39 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2016-09-05 12:49 - 2009-07-13 21:39 - 00427008 _____ (Microsoft Corporation) C:\Windows\regedit.exe
2016-09-05 12:49 - 2009-07-13 21:39 - 00016896 _____ (Microsoft Corporation) C:\Windows\hh.exe
2016-09-05 12:49 - 2009-07-13 21:39 - 00015360 _____ (Microsoft Corporation) C:\Windows\fveupdate.exe
2016-09-05 12:49 - 2009-07-13 21:39 - 00010240 _____ (Microsoft Corporation) C:\Windows\write.exe
2016-09-05 12:49 - 2009-07-13 21:14 - 00031232 _____ (Twain Working Group) C:\Windows\twunk_32.exe
2016-09-05 12:49 - 2009-06-10 17:41 - 00049680 _____ (Twain Working Group) C:\Windows\twunk_16.exe
2016-09-05 12:49 - 2002-03-28 04:26 - 00060416 _____ () C:\Windows\sxstall2.exe
2016-09-05 12:49 - 2000-12-08 21:59 - 00122880 _____ C:\Windows\UnGins.exe
2016-09-05 12:49 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2016-09-05 12:49 - 1997-01-16 00:00 - 00071680 _____ (Microsoft Corporation) C:\Windows\ST5UNST.EXE
2016-09-05 11:48 - 2016-09-05 14:29 - 00000000 ____D C:\Pre_Scan
2016-09-05 11:48 - 2016-09-05 11:48 - 00001528 _____ C:\Users\RD\Desktop\Pre_Scan_Restore.lnk
2016-09-05 11:48 - 2016-09-05 11:48 - 00001116 _____ C:\Users\RD\Desktop\Pre_Scan_Donate.lnk
2016-09-05 11:46 - 2016-09-05 11:46 - 00000672 _____ C:\RstHosts.txt
2016-09-05 11:42 - 2016-09-05 11:42 - 00000000 ____D C:\Device
2016-09-05 11:39 - 2016-09-05 11:39 - 00007480 _____ C:\AdsFix.txt
2016-09-05 11:35 - 2016-09-05 11:41 - 00000000 ____D C:\AdsFix
2016-09-05 11:28 - 2016-09-05 11:32 - 06466144 _____ C:\Users\RD\Desktop\rmtool-setup-x64.exe
2016-09-05 11:27 - 2016-09-05 11:38 - 00001836 _____ C:\Users\RD\Documents\instruct2.txt
2016-09-05 11:24 - 2016-09-05 11:42 - 00000126 _____ C:\Users\RD\Documents\inadequateinfirmity2.asc
2016-09-05 11:24 - 2016-09-05 11:25 - 03454376 _____ (SosVirus) C:\Users\RD\Desktop\pre-scan_6_20.07.2016.1.exe
2016-09-05 11:23 - 2016-09-05 11:23 - 00092038 _____ C:\Users\RD\Documents\inadequateinfirmity1.asc
2016-09-05 11:22 - 2016-09-05 11:22 - 00353632 _____ C:\Users\RD\Desktop\rsthosts_2.0.exe
2016-09-05 11:20 - 2016-09-05 11:22 - 06420392 _____ (SosVirus) C:\Users\RD\Desktop\adsfix_3_05.09.2016.1.exe
2016-09-05 11:00 - 2016-09-05 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExamDiff
2016-09-05 11:00 - 2016-09-05 11:00 - 00000000 ____D C:\Program Files (x86)\ExamDiff
2016-09-05 10:12 - 2016-09-05 10:12 - 00001888 _____ C:\Users\Public\Desktop\Juno Quick Help.lnk
2016-09-05 10:12 - 2016-09-05 10:12 - 00001797 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juno Internet.lnk
2016-09-05 10:12 - 2016-09-05 10:12 - 00001791 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Juno Internet.lnk
2016-09-05 10:12 - 2016-09-05 10:12 - 00001785 _____ C:\Users\Public\Desktop\Juno Internet.lnk
2016-09-05 10:12 - 2016-09-05 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juno Internet
2016-09-05 10:11 - 2016-09-05 15:24 - 00000000 ____D C:\Program Files (x86)\Juno
2016-09-05 10:11 - 2016-09-05 10:14 - 00000000 ____D C:\JunoInstaller
2016-09-05 10:11 - 2016-09-05 10:11 - 00000000 ____D C:\ProgramData\Juno
2016-09-04 22:14 - 2016-09-04 22:59 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-04 22:14 - 2016-09-04 22:58 - 00013504 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-09-04 22:14 - 2016-09-04 22:46 - 00134526 _____ C:\Windows\ZAM.krnl.trace
2016-09-04 22:13 - 2016-09-04 22:13 - 00000000 ____D C:\Users\RD\AppData\Local\Zemana
2016-09-04 21:42 - 2016-09-04 22:11 - 00000000 ____D C:\Users\RD\AppData\Roaming\ZHP
2016-09-04 21:03 - 2016-09-04 21:03 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-09-04 21:03 - 2016-09-04 21:03 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-09-03 22:15 - 2016-09-04 20:48 - 00000000 ____D C:\AdwCleaner
2016-09-03 22:12 - 2016-09-03 22:14 - 00203170 _____ C:\TDSSKiller.3.1.0.11_03.09.2016_22.12.58_log.txt
2016-09-03 18:49 - 2016-09-03 18:50 - 04747704 _____ (AO Kaspersky Lab) C:\Users\RD\Downloads\tdsskiller.exe
2016-09-03 17:24 - 2016-09-03 17:32 - 27448600 _____ (SUPERAntiSpyware) C:\Users\RD\Downloads\SAS_602B70D7.EXE
2016-09-03 17:13 - 2016-09-03 17:56 - 137790224 _____ (Microsoft Corporation) C:\Users\RD\Downloads\msert.exe
2016-09-03 16:38 - 2005-01-21 19:53 - 00055296 _____ C:\Windows\system32\huffyuv.dll
2016-09-02 08:58 - 2016-09-02 08:59 - 02312189 _____ C:\Users\RD\Desktop\Free satradio till Sept 6th.pdf
2016-08-31 19:15 - 2016-08-31 19:15 - 00044971 _____ C:\Users\Public\Documents\ge-11339-lucalox®-hi-pressr-sodium-b17-LU70-MED-ECO.pdf
2016-08-30 20:31 - 2016-08-30 20:31 - 00000000 ____D C:\Users\RD\AppData\Local\ElevatedDiagnostics
2016-08-29 21:06 - 2016-08-29 21:08 - 00024018 _____ C:\Users\RD\Documents\Layout 1152 x 864.dtr
2016-08-29 21:03 - 2016-08-30 18:53 - 00002431 _____ C:\Users\RD\Desktop\PHI Org Scores.lnk
2016-08-29 21:00 - 2016-08-29 21:02 - 00002433 _____ C:\Users\RD\Desktop\Intl League Scores.lnk
2016-08-29 16:55 - 2016-08-29 16:55 - 00000186 _____ C:\Users\RD\Documents\830903at40[b]-cue.url
2016-08-29 16:54 - 2016-08-29 16:55 - 00000186 _____ C:\Users\RD\Documents\860906at40[a]-cue.url
2016-08-29 16:54 - 2016-08-29 16:54 - 00000186 _____ C:\Users\RD\Documents\800105(top-50-of-70s)at40[b]-cue.url
2016-08-29 16:53 - 2016-08-29 16:53 - 00000186 _____ C:\Users\RD\Documents\730901at40[a]-cue.url
2016-08-28 16:15 - 2016-08-28 16:15 - 02092743 _____ C:\Users\Public\Downloads\wackywolf.zip
2016-08-26 09:23 - 2016-09-04 16:41 - 00000320 _____ C:\Windows\Tasks\HPCeeScheduleForRD.job
2016-08-24 22:21 - 2016-08-24 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-23 20:29 - 2015-10-07 17:20 - 00022433 _____ C:\Users\RD\Desktop\diet.odt
2016-08-23 14:50 - 2016-08-23 14:50 - 00000000 ____D C:\Users\RD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Restore
2016-08-23 14:50 - 2016-08-23 14:50 - 00000000 ____D C:\Program Files (x86)\Desktop Restore
2016-08-23 14:12 - 2016-08-23 14:29 - 00000000 ___SD C:\Windows\SysWOW64\AI_RecycleBin
2016-08-22 12:58 - 2016-08-29 11:58 - 00006251 _____ C:\Users\RD\Documents\golq355.txt
2016-08-21 21:08 - 2016-08-21 21:09 - 00000114 _____ C:\Users\RD\Desktop\The 'toob.url
2016-08-17 12:59 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-08-17 12:59 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-08-17 12:59 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-08-17 12:59 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-08-17 12:59 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-08-17 12:59 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-08-17 12:59 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-08-17 12:59 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-08-17 12:59 - 2016-07-01 10:56 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-08-17 12:59 - 2016-07-01 10:56 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-08-17 12:59 - 2016-07-01 10:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-08-17 09:37 - 2016-07-08 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 09:37 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-16 14:16 - 2016-09-02 20:42 - 00000000 ____D C:\Users\RD\dwhelper
2016-08-16 10:30 - 2016-08-31 21:58 - 00000000 ____D C:\Users\RD\Documents\telcodes
2016-08-13 17:03 - 2016-08-19 09:22 - 00001277 _____ C:\Users\RD\Documents\pap-millerbanq.lst
2016-08-10 11:07 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-08-10 11:07 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-08-10 11:07 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-08-10 11:07 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-08-10 11:07 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-08-10 11:07 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-08-10 11:07 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-08-10 11:07 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-08-10 09:51 - 2016-08-02 10:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 09:51 - 2016-08-02 10:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 09:51 - 2016-08-02 02:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 09:51 - 2016-08-02 02:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 09:51 - 2016-08-02 02:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 09:51 - 2016-08-02 02:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 09:51 - 2016-08-02 02:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 09:51 - 2016-08-02 02:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 09:51 - 2016-08-02 02:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 09:51 - 2016-08-02 02:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 09:51 - 2016-08-02 02:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 09:51 - 2016-08-02 02:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 09:51 - 2016-08-02 02:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 09:51 - 2016-08-02 02:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 09:51 - 2016-08-02 02:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 09:51 - 2016-08-02 02:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 09:51 - 2016-08-02 02:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 09:51 - 2016-08-02 02:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 09:51 - 2016-08-02 02:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 09:51 - 2016-08-02 02:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 09:51 - 2016-08-02 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 09:51 - 2016-08-02 02:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 09:51 - 2016-08-02 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 09:51 - 2016-08-02 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 09:51 - 2016-08-02 01:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 09:51 - 2016-08-02 01:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 09:51 - 2016-08-02 01:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 09:51 - 2016-08-02 01:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 09:51 - 2016-08-02 01:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 09:51 - 2016-08-02 01:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 09:51 - 2016-08-02 01:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 09:51 - 2016-08-02 01:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 09:51 - 2016-08-02 01:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 09:51 - 2016-08-02 01:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 09:51 - 2016-08-02 01:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 09:51 - 2016-08-02 01:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 09:51 - 2016-08-02 01:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 09:51 - 2016-08-02 01:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 09:51 - 2016-08-02 01:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 09:51 - 2016-08-02 01:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 09:51 - 2016-08-02 01:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 09:51 - 2016-08-02 01:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 09:51 - 2016-08-02 01:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 09:51 - 2016-08-02 01:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 09:51 - 2016-08-02 01:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 09:51 - 2016-08-02 01:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 09:51 - 2016-08-02 01:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 09:51 - 2016-08-02 01:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 09:51 - 2016-08-02 01:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 09:51 - 2016-08-02 01:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 09:51 - 2016-08-02 01:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 09:51 - 2016-08-02 01:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 09:51 - 2016-08-02 01:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 09:51 - 2016-08-02 01:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 09:51 - 2016-08-02 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 09:51 - 2016-08-02 01:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 09:51 - 2016-08-02 01:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 09:51 - 2016-08-02 01:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 09:51 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 09:51 - 2016-08-02 01:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 09:51 - 2016-08-02 01:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 09:51 - 2016-08-02 01:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 09:51 - 2016-08-02 00:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 09:51 - 2016-08-02 00:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 09:51 - 2016-08-02 00:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 09:51 - 2016-08-02 00:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 09:41 - 2016-07-08 11:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 09:41 - 2016-07-08 11:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 09:41 - 2016-07-08 11:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 09:41 - 2016-07-08 11:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 09:41 - 2016-07-08 11:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 09:41 - 2016-07-08 11:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 09:41 - 2016-07-08 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 09:41 - 2016-07-08 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 09:41 - 2016-07-08 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 09:41 - 2016-07-08 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 09:41 - 2016-07-08 11:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 09:41 - 2016-07-08 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 09:41 - 2016-07-08 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 09:41 - 2016-07-08 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 09:41 - 2016-07-08 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 09:41 - 2016-07-08 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 09:41 - 2016-07-08 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 09:41 - 2016-07-08 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 09:41 - 2016-07-08 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 09:41 - 2016-07-08 11:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 09:41 - 2016-07-08 10:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 09:41 - 2016-07-08 10:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 09:41 - 2016-07-08 10:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 09:41 - 2016-07-08 10:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 09:41 - 2016-07-08 10:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 09:41 - 2016-07-08 10:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-10 09:30 - 2016-07-08 11:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-06 17:32 - 2016-08-06 17:32 - 00000116 _____ C:\Users\RD\Desktop\NBC OLY.url
2016-08-06 12:11 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-08-06 12:11 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-08-06 12:11 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 16:50 - 2015-06-01 22:38 - 00000000 ____D C:\Users\RD\AppData\Local\ClassicShell
2016-09-05 16:42 - 2016-01-20 12:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-05 16:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
2016-09-05 16:31 - 2012-02-22 20:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-05 15:41 - 2011-10-17 12:20 - 00000000 ____D C:\data
2016-09-05 15:27 - 2011-10-19 16:13 - 00000000 ____D C:\Games
2016-09-05 13:55 - 2009-07-14 00:45 - 00024608 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-05 13:55 - 2009-07-14 00:45 - 00024608 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-05 13:54 - 2011-11-30 16:52 - 00000000 ____D C:\Users\RD\AppData\Local\File Renamer Basic
2016-09-05 13:47 - 2014-02-18 21:05 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-09-05 13:47 - 2012-02-22 20:38 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-05 13:47 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-05 13:46 - 2011-10-17 13:27 - 09568256 _____ C:\Users\RD\ntuser.bak
2016-09-05 13:46 - 2011-10-17 13:27 - 00000000 ____D C:\Users\RD
2016-09-05 13:46 - 2009-07-13 22:34 - 90042368 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-09-05 13:46 - 2009-07-13 22:34 - 14794752 _____ C:\Windows\system32\config\SYSTEM.bak
2016-09-05 13:46 - 2009-07-13 22:34 - 00266240 _____ C:\Windows\system32\config\DEFAULT.bak
2016-09-05 13:46 - 2009-07-13 22:34 - 00090112 _____ C:\Windows\system32\config\SAM.bak
2016-09-05 13:46 - 2009-07-13 22:34 - 00032768 _____ C:\Windows\system32\config\SECURITY.bak
2016-09-05 13:23 - 2014-11-26 12:00 - 00000207 _____ C:\Users\RD\Desktop\AccuWeather PA Radar.url
2016-09-05 13:22 - 2015-10-05 11:24 - 00001611 _____ C:\Users\RD\Desktop\MLB Scoreboard.lnk
2016-09-05 13:22 - 2013-01-14 23:39 - 00000163 _____ C:\Users\RD\Desktop\Reg. season RSN....url
2016-09-05 11:43 - 2016-03-31 19:44 - 00001284 _____ C:\Users\RD\Documents\taebofni.lst
2016-09-05 11:43 - 2015-08-20 15:39 - 00000557 _____ C:\Users\RD\Documents\when-the-time-comes.txt
2016-09-05 11:43 - 2011-10-25 22:45 - 00014204 _____ C:\Users\RD\Documents\infobeat.ltr
2016-09-05 11:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Web
2016-09-05 10:42 - 2011-10-17 13:39 - 00000079 _____ C:\Windows\mail.ini
2016-09-04 23:07 - 2015-06-01 22:43 - 00000000 ____D C:\Users\Frable\AppData\Local\ClassicShell
2016-09-04 21:39 - 2015-10-05 11:20 - 00002394 _____ C:\Users\RD\Desktop\New season....lnk
2016-09-04 21:39 - 2014-05-27 20:07 - 00002442 _____ C:\Users\RD\Desktop\Matt Sarz.lnk
2016-09-04 21:38 - 2014-04-06 20:18 - 00001597 _____ C:\Users\RD\Desktop\Contending....lnk
2016-09-04 21:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-09-04 20:51 - 2015-01-01 00:08 - 00000000 ____D C:\Users\RD\AppData\Roaming\IObit
2016-09-04 20:51 - 2015-01-01 00:08 - 00000000 ____D C:\Program Files (x86)\IObit
2016-09-04 17:08 - 2015-03-11 20:26 - 00015290 _____ C:\Users\RD\Documents\bahnk.ods
2016-09-03 20:40 - 2016-01-15 21:02 - 00020693 _____ C:\Users\RD\Documents\fooddude.odt
2016-09-03 20:35 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-03 20:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-09-03 18:55 - 2016-05-18 21:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-03 17:41 - 2016-05-29 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
2016-09-03 16:38 - 2016-03-06 12:19 - 00003550 _____ C:\Windows\System32\Tasks\klcp_update
2016-09-03 16:38 - 2016-03-06 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-09-03 16:38 - 2016-03-06 12:18 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-09-02 13:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-02 09:06 - 2012-12-13 17:42 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-02 09:05 - 2016-03-06 22:15 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-02 09:05 - 2011-10-17 13:27 - 00001415 _____ C:\Users\RD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-01 09:18 - 2012-12-13 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-08-31 18:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-08-31 14:32 - 2011-10-25 22:39 - 00000000 ____D C:\Users\RD\AppData\Roaming\Microsoft\Windows\Start Menu\Radio
2016-08-31 12:12 - 2011-07-26 00:58 - 00000000 ____D C:\ProgramData\Temp
2016-08-31 12:11 - 2011-10-20 22:55 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-08-30 13:28 - 2014-03-01 22:39 - 00000000 ____D C:\Windows\Hewlett-Packard
2016-08-30 10:31 - 2014-04-08 18:11 - 00000000 ____D C:\Users\RD\AppData\Roaming\Free Download Manager
2016-08-29 14:35 - 2014-03-19 12:10 - 00000000 ____D C:\Users\RD\AppData\Roaming\Anvsoft
2016-08-28 22:53 - 2011-10-25 22:46 - 00001124 _____ C:\Users\RD\Documents\rf.lst
2016-08-28 22:45 - 2016-01-04 16:17 - 00000000 ____D C:\Users\RD\Documents\Any Video Converter
2016-08-28 19:14 - 2016-07-12 20:28 - 00024991 _____ C:\Users\RD\Downloads\spam.txt
2016-08-28 17:32 - 2011-11-02 11:45 - 00000000 ____D C:\Users\RD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bob
2016-08-27 22:36 - 2016-06-27 21:08 - 00000000 ____D C:\Users\RD\AppData\Local\VDownloader
2016-08-27 22:34 - 2012-10-08 22:58 - 00000600 _____ C:\Users\RD\PUTTY.RND
2016-08-27 22:33 - 2016-06-27 21:09 - 00000000 ____D C:\Users\RD\AppData\Roaming\VDownloader
2016-08-26 09:29 - 2016-01-24 15:53 - 00000000 ____D C:\Users\Public\Desktop\Saved Papers
2016-08-26 09:06 - 2009-07-14 01:08 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-25 09:22 - 2013-01-19 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-23 22:00 - 2016-04-02 22:31 - 00000000 ____D C:\Program Files\VDownloader
2016-08-23 13:44 - 2015-03-29 16:14 - 00000000 ____D C:\Program Files\Desktop Restore
2016-08-22 16:42 - 2016-04-17 19:25 - 00000196 _____ C:\Users\RD\Desktop\'16-'17 schedule out.url
2016-08-21 12:54 - 2016-05-10 18:55 - 00001499 _____ C:\Users\RD\Desktop\2016 Schedule (pdf).lnk
2016-08-19 09:17 - 2016-03-09 10:38 - 00000900 _____ C:\Users\RD\Documents\autoexec.bat
2016-08-16 08:43 - 2015-10-05 16:06 - 00001179 _____ C:\Users\RD\Desktop\LANta Schedules.lnk
2016-08-15 16:20 - 2014-05-10 23:29 - 00000000 ____D C:\Program Files (x86)\Password Spectator
2016-08-15 15:32 - 2011-10-25 22:49 - 00000000 ___RD C:\Users\RD\Documents\tramiel
2016-08-15 15:23 - 2016-03-01 23:40 - 00000000 ____D C:\Program Files (x86)\Visual CD
2016-08-15 15:22 - 2011-10-23 23:53 - 00000000 ____D C:\Program Files (x86)\PySol Fan Club edition
2016-08-15 15:21 - 2011-10-30 21:48 - 00000000 ____D C:\Program Files (x86)\Karen's Power Tools
2016-08-10 19:28 - 2015-06-08 22:27 - 00000000 ____D C:\Users\RD\AppData\Local\CutePDF Writer
2016-08-10 11:53 - 2009-07-14 00:45 - 00590296 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-10 11:39 - 2013-07-21 10:21 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 11:13 - 2011-10-18 15:08 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 15:52 - 2011-10-20 10:19 - 00000000 ____D C:\Users\RD\AppData\Local\CrashDumps
2016-08-06 21:30 - 2011-11-13 12:03 - 00000246 _____ C:\Windows\PPViewer.INI
2016-08-06 12:23 - 2015-12-13 23:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-08-06 12:23 - 2015-12-13 23:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-06 12:22 - 2010-11-21 03:16 - 00000000 ____D C:\Windows\ShellNew
2016-08-06 12:18 - 2015-12-13 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-06 10:03 - 2012-01-06 13:32 - 00000000 ____D C:\Users\RD\AppData\Local\Windows Live
2016-08-06 09:55 - 2016-04-05 22:06 - 00000000 ____D C:\Users\Guest
2016-08-06 09:55 - 2016-02-27 17:56 - 00000000 ____D C:\Users\Administrator
2016-08-06 09:55 - 2011-10-17 21:55 - 00000000 ____D C:\Users\Frable
2016-08-06 09:54 - 2013-11-26 22:23 - 00000000 ____D C:\Users\RD\AppData\Roaming\Winamp
2016-08-06 09:54 - 2011-07-26 01:16 - 00000000 ____D C:\Windows\en
2016-08-06 09:53 - 2011-10-18 13:33 - 00000000 ____D C:\Program Files (x86)\IrfanView
2016-08-06 09:53 - 2011-07-26 01:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-08-06 09:53 - 2011-07-26 01:14 - 00000000 ____D C:\Program Files\Windows Live
2016-08-06 09:53 - 2011-07-26 01:14 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-08-06 09:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-08-06 09:31 - 2016-04-05 22:17 - 00000000 ____D C:\Users\Guest\AppData\Local\ClassicShell

==================== Files in the root of some directories =======

2014-04-30 11:53 - 2014-04-30 11:53 - 0000007 _____ () C:\Program Files (x86)\SysResources Managersyok12.dat
2016-06-27 21:08 - 2016-04-20 16:01 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2016-04-19 12:23 - 2016-04-19 12:23 - 0000000 _____ () C:\Users\RD\AppData\Roaming\atd.txt
2014-03-25 11:15 - 2014-03-25 11:24 - 0000123 _____ () C:\Users\RD\AppData\Roaming\Camdata.ini
2014-03-25 11:15 - 2014-03-25 11:24 - 0000408 _____ () C:\Users\RD\AppData\Roaming\CamLayout.ini
2014-03-25 11:15 - 2014-03-25 11:24 - 0000408 _____ () C:\Users\RD\AppData\Roaming\CamShapes.ini
2014-03-25 11:24 - 2014-03-25 11:24 - 0004536 _____ () C:\Users\RD\AppData\Roaming\CamStudio.cfg
2014-09-28 22:45 - 2014-09-28 22:45 - 0003965 _____ () C:\Users\RD\AppData\Roaming\GoldWaveKeyboard.txt
2013-10-17 16:05 - 2013-10-17 16:05 - 0000071 _____ () C:\Users\RD\AppData\Roaming\mainhst.zgh
2016-07-29 22:41 - 2016-07-29 22:41 - 0000021 _____ () C:\Users\RD\AppData\Roaming\Network Meter_Usage.ini
2015-03-05 22:06 - 2015-03-05 22:06 - 0021055 _____ () C:\Users\RD\AppData\Roaming\UserTile.png
2014-03-25 11:06 - 2014-03-25 11:22 - 0000096 _____ () C:\Users\RD\AppData\Roaming\version2.xml
2011-12-09 22:18 - 2011-12-09 22:18 - 0000017 _____ () C:\Users\RD\AppData\Local\resmon.resmoncfg
2011-12-16 19:04 - 2014-03-01 22:11 - 0010926 _____ () C:\ProgramData\hpzinstall.log
2016-04-23 09:34 - 2016-04-23 09:34 - 0000084 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-10-10 14:50 - 2011-07-26 01:27 - 0000129 _____ () C:\ProgramData\phn.dat
2016-03-01 14:44 - 2016-03-01 14:48 - 0634296 _____ (ForensiT Limited) C:\ProgramData\UserProfileMigrationService.exe

Files to move or delete:
====================
C:\ProgramData\phn.dat
C:\ProgramData\UserProfileMigrationService.exe
C:\Users\RD\IP_Log_Data.js
C:\Users\RD\Network_Meter_Data.js


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-29 14:30

==================== End of FRST.txt ============================

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by RD (05-09-2016 17:13:41)
Running from C:\Users\RD\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-18 01:55:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-826053770-4046741344-3451363063-500 - Administrator - Disabled) => C:\Users\Administrator
Frable (S-1-5-21-826053770-4046741344-3451363063-1000 - Administrator - Enabled) => C:\Users\Frable
Guest (S-1-5-21-826053770-4046741344-3451363063-501 - Limited - Enabled) => C:\Users\Guest
RD (S-1-5-21-826053770-4046741344-3451363063-1003 - Administrator - Enabled) => C:\Users\RD

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Any Video Converter 5.9.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Bandizip (HKLM\...\Bandizip) (Version: 5.13 - Bandisoft.com)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desktop Restore (HKLM\...\{15D07D6F-E4CC-41D9-88A3-94115E5E5A10}) (Version: 1.6.3 - JOConnell)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
ExamDiff 1.9 (Build 1.9.0.2) (HKLM-x32\...\ExamDiff_is1) (Version: 1.9.0.2 - PrestoSoft LLC)
F2200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Family Tree Heritage (HKLM-x32\...\Family Tree Heritage) (Version:  - )
Family Tree Heritage Collaboration Support (HKLM-x32\...\InstallShield_{50BD0B15-5197-4EAF-8BCD-81117D1324B1}) (Version: 1.10.0010 - Individual Software)
Family Tree Heritage Collaboration Support (x32 Version: 1.10.0010 - Individual Software) Hidden
File Renamer - Basic (HKLM-x32\...\File Renamer - Basic) (Version: 6.3 - Sherrod Computers)
FileMenu Tools (HKLM\...\FileMenu Tools_is1) (Version: 7.0.5 - LopeSoft)
Free Download Manager 3.9.6 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
GlobalFind 1.06 (HKLM-x32\...\GlobalFind_is1) (Version:  - KGP Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.19) (Version: 9.19 - Artifex Software Inc.)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{3690900F-85EA-447F-BAD1-5CA25AA9B627}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.37 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Juno Internet (HKLM-x32\...\{a0296e52-6e9b-11d6-ace4-00105a0cf83f}) (Version: Juno QuickStart - United Online)
K-Lite Mega Codec Pack 12.3.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version:  - )
Microsoft Reader Text-to-Speech for English (HKLM-x32\...\{E0E400F5-422B-4540-A14F-B0739D71FEE7}) (Version: 01.00.0000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 en-US)) (Version: 38.2.0 - Mozilla)
Mp3tag v2.77 (HKLM-x32\...\Mp3tag) (Version: v2.77 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
NoteTab Light 7 (Remove only) (HKLM-x32\...\NoteTab Light 7_is1) (Version: 7.2 - Fookes Holding Ltd)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
QWave v1.600 (HKLM-x32\...\QWave) (Version: 1.600 - ACAPsoft)
RealMedia Splitter (HKLM-x32\...\RealMedia Splitter_is1) (Version: 1.4.6.1050 - codecs.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version:  - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Vista Shortcut Manager x64 (HKLM\...\{C7311329-C491-427B-8880-133E84869B3A}) (Version: 2.0 - Frameworkx)
Visual Subst (HKLM-x32\...\Visual Subst) (Version: 1.0.6 - NTWind Software)
WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.2 - WebM Project)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinHTTrack Website Copier 3.48-21 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
Wise Data Recovery 3.83 (HKLM-x32\...\Wise Data Recovery_is1) (Version: 3.83 - WiseCleaner.com, Inc.)
Wise Plugin Manager 1.28 (HKLM-x32\...\Wise Plugin Manager_is1) (Version: 1.28 - WiseCleaner.com, Inc.)
xplorer² lite 32 bit (HKLM-x32\...\xplorer2l) (Version: 3.2.0.2 - Zabkat)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-826053770-4046741344-3451363063-1003_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B3AE96F-45B5-4A1E-8278-1F9FADF2458B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {25F91325-7738-4898-B5E4-5AA6852708ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {3CD30C16-7878-4985-A20C-B15F4D3B02D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {4F37BFF5-B8C6-49FB-BC5E-3027B8AED3D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {56317971-6C23-4BD0-BB7D-87F8CA71E779} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-14] (Advanced Micro Devices, Inc.)
Task: {5C4B6B0E-4A55-4694-A507-6AF25DE77E0C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
Task: {615A9963-5F2B-47DA-B26E-62D4D40D71BE} - System32\Tasks\WiseCleaner\WPMSkipUAC => C:\Program Files (x86)\Wise\Wise Plugin Manager\WisePluginManager.exe [2016-01-19] (WiseCleaner.com)
Task: {62B122EC-E239-41C6-98F1-D44C3D0CFA76} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-06-22] (CyberLink)
Task: {6542028A-945B-4514-A7AE-19B523A46481} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {6CAFE93D-2A69-4011-B4B7-6EAE15151EEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7907527F-DD92-4F6F-94A3-C234EF9D418A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {86F77400-3A8B-4433-9DBF-D9426D2FF623} - System32\Tasks\Games\UpdateCheck_S-1-5-21-826053770-4046741344-3451363063-1003
Task: {901DF3DB-A046-4D64-BE9C-2A5D295C4E7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9E917541-3BC1-4186-A7F7-7C46042A1AD8} - System32\Tasks\{983B3257-99A1-46B4-B1A5-828D7CF6A282} => pcalua.exe -a C:\Users\RD\Desktop\winsdk_web.exe -d C:\Users\RD\Desktop
Task: {B76ADD78-1E70-45B7-8C3F-E7DA5B9D4F82} - System32\Tasks\{0F59FBDD-065A-4771-9634-5FB6987B2925} => pcalua.exe -a C:\Windows\IsUninst.exe -c -f"C:\Program Files (x86)\Expert Software\Bicycle Collection\Uninst.isu"
Task: {BA49406A-46E1-43B1-8FD5-8E93755B861A} - System32\Tasks\{02799159-BD8B-4CC7-A8E0-1FEA0FF25FF2} => pcalua.exe -a C:\Users\Bob\Downloads\miniapps.exe -d C:\Users\Bob\Desktop
Task: {C20DFF6B-267D-465C-A5E1-17D6A9AE8537} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {DC23E677-77B0-43CE-B1FA-CDCC1F776F56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {E4A2F25C-CAE5-4AFC-83DD-370150F8DE0A} - System32\Tasks\{9022C8E9-1B81-43F6-A589-347CAF4846AC} => pcalua.exe -a C:\Users\Bob\Documents\tramiel\src\Flash_Plugin_for_Firefox_Portable_0.1.paf.exe -d C:\Windows\system32
Task: {EE782E6F-D353-45D4-ABCC-535D8CD04DE3} - System32\Tasks\{1C45A859-6E0D-4536-947B-FB0179569C61} => pcalua.exe -a "C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TIV6U434\gfnd10.exe" -d C:\Users\Bob\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRD.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\RD\Desktop\Backup and Log Off.lnk -> C:\data\command\logbacks.bat ()
Shortcut: C:\Users\RD\Desktop\Backup and Shut Down.lnk -> C:\data\command\allbacks.bat ()
Shortcut: C:\Users\RD\Desktop\junoback.lnk -> C:\data\command\junoback.bat ()
Shortcut: C:\Users\RD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autoexec.bat.lnk -> C:\Users\RD\Documents\autoexec.bat ()
Shortcut: C:\Users\RD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bob\GWX Control Panel\GWX Control Panel User Guide.lnk -> hxxp://blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.html
Shortcut: C:\Users\RD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bob\GWX Control Panel\Ultimate Outsider Downloads.lnk -> hxxp://ultimateoutsider.com/downloads/

ShortcutWithArgument: C:\Users\RD\Desktop\Contending....lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://ironpigsbaseball.com/
ShortcutWithArgument: C:\Users\RD\Desktop\ESPNLV (AAC).lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> hxxp://icy3.abacast.com/connoisseur-weexamaac-32
ShortcutWithArgument: C:\Users\RD\Desktop\Intl League Scores.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.milb.com/scoreboard/index.jsp?sid=milb&lid=117
ShortcutWithArgument: C:\Users\RD\Desktop\Matt Sarz.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://mattsarzsports.com/
ShortcutWithArgument: C:\Users\RD\Desktop\MLB Scoreboard.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://m.mlb.com/mlb/scoreboard
ShortcutWithArgument: C:\Users\RD\Desktop\New season....lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.phantomshockey.com/
ShortcutWithArgument: C:\Users\RD\Desktop\PHI Org Scores.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.milb.com/scoreboard/index.jsp?sid=milb&org=143
ShortcutWithArgument: C:\Users\RD\Desktop\Pre_Scan_Donate.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN
ShortcutWithArgument: C:\Users\RD\Desktop\IHeart\1470 ESPN Deportes iPhone.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> hxxp://wsan-am.akacast.akamaistream.net/7/253/26904/v1/auth.akacast.akamaistream.net/wsan-am
ShortcutWithArgument: C:\Users\RD\Desktop\IHeart\B104 iPhone.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> hxxp://waeb-fm.akacast.akamaistream.net/7/333/25975/v1/auth.akacast.akamaistream.net/waeb-fm
ShortcutWithArgument: C:\Users\RD\Desktop\IHeart\Rumba 1340+92.3 Reading iPhone.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> hxxp://wraw-am.akacast.akamaistream.net/7/781/99580/v1/auth.akacast.akamaistream.net/wraw-am
ShortcutWithArgument: C:\Users\RD\Desktop\IHeart\WAEB-AM iPhone.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> hxxp://waeb-am.akacast.akamaistream.net/7/494/40718/v1/auth.akacast.akamaistream.net/waeb-am
ShortcutWithArgument: C:\Users\RD\Desktop\IHeart\WHP 580 (H-burg) iPhone.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> hxxp://whp-am.akacast.akamaistream.net/7/22/52424/v1/auth.akacast.akamaistream.net/whp-am
ShortcutWithArgument: C:\Users\RD\Desktop\IHeart\WZZO iPhone.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> hxxp://wzzo-fm.akacast.akamaistream.net/7/746/25976/v1/auth.akacast.akamaistream.net/wzzo-fm
ShortcutWithArgument: C:\Users\RD\Desktop\IHeart\Y102 (Craigers) Reading iPhone.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> hxxp://wrfy-fm.akacast.akamaistream.net/7/113/29321/v1/auth.akacast.akamaistream.net/wrfy-fm
ShortcutWithArgument: C:\Users\RD\AppData\Roaming\Microsoft\Windows\Start Menu\Radio\ESPNLV (local+PIGS).lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> hxxp://icy3.abacast.com:80/connoisseur-weexamaac-32
ShortcutWithArgument: C:\Users\RD\AppData\Roaming\Microsoft\Windows\Start Menu\Radio\PIGS....lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> hxxp://fpdownload.adobe.com/strobe/FlashMediaPlayback_101.swf?src=rtmp://live.aicmail.net/int_lehigh_valley_ironpigs/int_lehigh_valley_ironpigs /title=PIGS...
ShortcutWithArgument: C:\Users\RD\AppData\Roaming\Microsoft\Windows\Start Menu\Quicks\A AT40\I AT40CL IHeart.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> hxxp://at70-fl.akacast.akamaistream.net/7/763/234624/v1/auth.akacast.akamaistream.net/at70-fl

==================== Loaded Modules (Whitelisted) ==============

2015-06-08 22:25 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2016-09-05 12:49 - 2011-10-19 14:14 - 00634943 _____ () C:\data\command\PFE32.EXE

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\advance.net -> advance.net
IE trusted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\blogspot.com -> hxxp://forgottenhits60s.blogspot.com
IE trusted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\boscovs.com -> hxxp://www.boscovs.com
IE trusted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\juno.com -> juno.com
IE trusted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\lehighvalleylive.com -> lehighvalleylive.com
IE trusted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\nj.com -> hxxp://www.nj.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\1001movie.com -> 1001movie.com

There are 6106 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-09-05 11:46 - 00000089 __RAS C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-826053770-4046741344-3451363063-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\RD\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VDownloader => "C:\Program Files\VDownloader\VDownloader4.exe" /silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D38EFBC2-E68F-4AE5-8FB3-C13AFDE9844C}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{B11E04AD-B971-437F-BDAE-133E0143788B}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{1585B613-2853-4C84-9833-60321DC26ED5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{262E4546-3FF9-47FD-969B-8362D929517B}] => (Allow) LPort=2869
FirewallRules: [{C5DD06D4-6F04-4380-BE6A-7AD58AD686DE}] => (Allow) LPort=1900
FirewallRules: [{6C35FB32-6F8A-4237-82B1-4B13FAC5EC18}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{F203209C-0C08-4F70-B05F-EE7D2F6A9008}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{4F601DB3-613A-41A2-9B4D-9FE17D329FB8}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{BDA4CD97-C764-49ED-B49A-4C6A4B0E4837}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{24ECC4DE-BF76-43C1-AAF5-4199A7550246}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{4D2551EE-8630-4222-9DB9-732695D1CAFD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D460BDF2-7D3F-4F3A-91FB-DF8258E4E0E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{74E74450-71EB-4EE2-9394-3322E34CE996}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{194F4034-5A1F-48C0-917F-B02BCB6786DE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A3B83678-60DF-43AA-AE6D-E59080643EED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{790EF8B8-A4D7-488F-BFB7-F79A633C2241}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{EC7D7CC2-5E8F-4915-BF62-749706993748}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{BC58C901-C036-41C9-BEAF-068368F80889}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{CE72B21A-6CBB-4E0F-808A-1ABE9F0841AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{9E96B508-C591-4B84-8684-615A38EFCFDF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{D5E731DC-AE05-44FD-BA77-37065B5FC770}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{AAEF3FDA-B319-41EE-BC4F-2C736CDD1409}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{7BAF8879-3B01-4086-837B-9040AC7E6D23}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{B99179D5-D897-4521-A3E1-6377A60B1CD2}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{757B9EC8-2DFF-43EA-B586-3506A7D860E8}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{F0E726D5-F808-45E6-8EAB-9FD9AD0EA104}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{F5CC2400-062D-416D-BE38-8FA38C57FE14}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{612B7035-7C9B-4D95-A2BB-9C76D2A9640E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{5BC2F7C4-901F-4C25-9AAF-38AC5EE2461F}C:\program files (x86)\westell\diagnostic icon\dgnicon.exe] => (Allow) C:\program files (x86)\westell\diagnostic icon\dgnicon.exe
FirewallRules: [UDP Query User{33948D83-94FC-4212-A704-70337893E314}C:\program files (x86)\westell\diagnostic icon\dgnicon.exe] => (Allow) C:\program files (x86)\westell\diagnostic icon\dgnicon.exe
FirewallRules: [TCP Query User{1299856B-CD91-4CB8-AF35-BB22183016F8}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{B4472143-0139-4F08-82E7-7A6FF53FAF75}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [TCP Query User{3C7BD4E9-16C8-445A-BD6E-21099B2A8055}C:\data\command\u1504.exe] => (Allow) C:\data\command\u1504.exe
FirewallRules: [UDP Query User{819DB473-7E3A-4B5E-AF27-30A346CD6450}C:\data\command\u1504.exe] => (Allow) C:\data\command\u1504.exe
FirewallRules: [TCP Query User{EB55FD84-A7E8-4FB7-BB4E-52C2098B856B}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{B72D1B34-2883-4ED8-AEA2-D94AD3C3118F}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{9E857854-3D6B-4405-A18D-9E34B4F08D24}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A38B3A05-ED84-47DA-B8FA-FE1E459E866F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56D423DA-F8BD-408C-BEDA-B85EAEDA34D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A80137C5-6CBA-412B-A1EC-D75758F79773}C:\Users\RD\Desktop\pre-scan_6_20.07.2016.1.exe] => (Allow) C:\Users\RD\Desktop\pre-scan_6_20.07.2016.1.exe
FirewallRules: [UDP Query User{8086F52E-78FA-489A-B2C4-2651DAE624EB}C:\Users\RD\Desktop\pre-scan_6_20.07.2016.1.exe] => (Allow) C:\Users\RD\Desktop\pre-scan_6_20.07.2016.1.exe
StandardProfile\AuthorizedApplications: [C:\Users\RD\Desktop\pre-scan_6_20.07.2016.1.exe] => Enabled:pre-scan_6_20.07.2016.1

==================== Restore Points =========================

23-08-2016 14:11:54 Installed Should I Remove It
23-08-2016 14:28:34 Removed Should I Remove It
23-08-2016 14:50:12 Installed Desktop Restore
24-08-2016 15:56:48 Windows Update
28-08-2016 09:53:30 Windows Update
31-08-2016 14:41:21 Windows Update
03-09-2016 21:05:55 Windows Update
04-09-2016 20:49:14 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2016 01:27:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18427 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f90

Start Time: 01d206d1581e1f4b

Termination Time: 412

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/26/2016 09:14:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 48.0.2.6079 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 554

Start Time: 01d1ff9ad207c448

Termination Time: 132

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 01d8e691-6b8f-11e6-b310-001fc69e8b7a

Error: (08/24/2016 08:29:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18427 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1284

Start Time: 01d1fe66f6c9ff9f

Termination Time: 232

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/23/2016 12:11:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program exec.exe version 8.8.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c8c

Start Time: 01d1fd56cec14278

Termination Time: 20

Application Path: C:\Program Files (x86)\Juno\exec.exe

Report Id: 3a554c7b-694c-11e6-bdf7-001fc69e8b7a

Error: (08/08/2016 03:52:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 48.0.0.6051, time stamp: 0x5797a45d
Faulting module name: mozglue.dll, version: 48.0.0.6051, time stamp: 0x5797951c
Exception code: 0x80000003
Fault offset: 0x0000f035
Faulting process id: 0x430
Faulting application start time: 0x01d1f1ab557f296f
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 97bcdc56-5da1-11e6-a426-001fc69e8b7a

Error: (08/05/2016 02:30:59 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: HARRY-HP)
Description: Application or service 'Windows Search' could not be shut down.

Error: (07/31/2016 04:26:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.1.6018, time stamp: 0x576c9637
Faulting module name: mozglue.dll, version: 47.0.1.6018, time stamp: 0x576c85ba
Exception code: 0x80000003
Fault offset: 0x0000f02b
Faulting process id: 0x1060
Faulting application start time: 0x01d1eb690ad522c2
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 0a7d7526-575d-11e6-86c9-001fc69e8b7a

Error: (07/19/2016 07:53:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: de4

Start Time: 01d1e218a04719b1

Termination Time: 468

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (07/14/2016 09:42:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13e8

Start Time: 01d1ddd57b773a4a

Termination Time: 2195

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (07/01/2016 09:03:06 AM) (Source: HP Active Health) (EventID: 401) (User: )
Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]


System errors:
=============
Error: (09/05/2016 01:47:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/05/2016 01:47:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/05/2016 01:47:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/05/2016 01:47:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/05/2016 01:47:23 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

    Signatures Attempted: Current

    Error Code: 0x80070003

    Error description: The system cannot find the path specified.

    Signature version: 0.0.0.0;0.0.0.0

    Engine version: 0.0.0.0

Error: (09/05/2016 01:17:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel AGP Bus Filter service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/05/2016 11:48:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/05/2016 11:48:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/05/2016 11:48:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/05/2016 11:48:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 62%
Total physical RAM: 2662.55 MB
Available physical RAM: 990.09 MB
Total Virtual: 3236.73 MB
Available Virtual: 940.33 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:454.53 GB) (Free:389.08 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.13 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (OS) (Fixed) (Total:454.53 GB) (Free:389.08 GB) NTFS
Drive j: (OS) (Fixed) (Total:454.53 GB) (Free:389.08 GB) NTFS
Drive m: (OS) (Fixed) (Total:454.53 GB) (Free:389.08 GB) NTFS
Drive n: (OS) (Fixed) (Total:454.53 GB) (Free:389.08 GB) NTFS
Drive o: (ORANGE, ORANGE!) (Removable) (Total:29.82 GB) (Free:7.87 GB) NTFS
Drive p: (USB30FD-64) (Removable) (Total:62.81 GB) (Free:36.79 GB) NTFS
Drive t: (OS) (Fixed) (Total:454.53 GB) (Free:389.08 GB) NTFS
Drive u: (OS) (Fixed) (Total:454.53 GB) (Free:389.08 GB) NTFS
Drive v: (OS) (Fixed) (Total:454.53 GB) (Free:389.08 GB) NTFS
Drive w: (OS) (Fixed) (Total:454.53 GB) (Free:389.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F5AD30E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 62.8 GB) (Disk ID: 002941FF)
Partition 1: (Not Active) - (Size=62.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 29.8 GB) (Disk ID: 0075F93E)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:29 PM

Posted 06 September 2016 - 08:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-826053770-4046741344-3451363063-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKU\S-1-5-21-826053770-4046741344-3451363063-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}No Name -> {8a194578-81ea-4850-9911-13ba2d71efbd} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Firefox\Extensions: [supportdept@alltubedownloader.com] -  => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\RD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know if the problem persists.

Edited by nasdaq, 06 September 2016 - 08:30 AM.


#3 latimer141225

latimer141225
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 06 September 2016 - 05:37 PM

nasdaq, here you go:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by RD (06-09-2016 17:46:05) Run:1
Running from C:\Users\RD\Desktop
Loaded Profiles: RD (Available Profiles: Frable & RD & Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-826053770-4046741344-3451363063-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKU\S-1-5-21-826053770-4046741344-3451363063-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}No Name -> {8a194578-81ea-4850-9911-13ba2d71efbd} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF HKU\S-1-5-21-826053770-4046741344-3451363063-1003\...\Firefox\Extensions: [supportdept@alltubedownloader.com] -  => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\RD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
AlternateDataStreams: C:\Windows:nlsPreferences [0]
End

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-826053770-4046741344-3451363063-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully
C:\Windows\SysWOW64\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\S-1-5-21-826053770-4046741344-3451363063-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-826053770-4046741344-3451363063-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\smartwebprinting@hp.com => value removed successfully
HKU\S-1-5-21-826053770-4046741344-3451363063-1003\Software\Mozilla\Firefox\Extensions\\smartwebprinting@hp.com => value removed successfully
HKU\S-1-5-21-826053770-4046741344-3451363063-1003\Software\Mozilla\Firefox\Extensions\\supportdept@alltubedownloader.com => value removed successfully
C:\Users\RD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
ZAMSvc => service removed successfully
ZAM => service removed successfully
ZAM_Guard => service removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30418508 B
Java, Flash, Steam htmlcache => 30792 B
Windows/system/drivers => 212742605 B
Edge => 0 B
Chrome => 7465100 B
Firefox => 379930599 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 7335368 B
LocalService => 0 B
NetworkService => 270360 B
Frable => 734700678 B
RD => 107153128 B
Administrator => 59828 B
Guest => 11880678 B

RecycleBin => 17252855 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:10:30 ====

 

 

 

The click-jacker appears to have been vanquished, but the view-font issue remains. Both items remain 10pt Arial.

 

Oddly, GiveawayOfTheDay.com within the last few days offered Zemana.  I didn't get it there. :)

 

EDIT 18:44:49 (UTC-4) 6 Sept 2016:

 

Breaking news: When I clicked on the scroll bar in the Juno browser window to move it, another hijack occurred.

 

I did pickup two URLs:

 

http://brokerltd.com/ads/?utm_source=Unknown&utm_campaign=57cce3c47ebd2a06801f65d9

http://xk2zz.alldownloads.7113658.com/?sov=2766120248&hid=emmwkqmeiqig&&redid=33477&gsid=68&campaign_id=29&id=XNSX.s1%3A%3As2%3A%3As3-r33477-t68
 

I'm going to have to just not use the intrinsic browser until something else is done. I don't want to just export the mail to the other offline app for fear that something could be hiding there.

 

dL

 

 

dL


Edited by latimer141225, 06 September 2016 - 05:49 PM.


#4 latimer141225

latimer141225
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 06 September 2016 - 05:57 PM

Addendum: On many occasions when Juno is open, a questionable-certificate dialog appears. "Revocation information for the (something) certificate is not available. Do you want to proceed?" On enough occasions I've answered 'yes' and I'm starting to wonder if that's having any bearing on this situation.

 

dL



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:29 PM

Posted 07 September 2016 - 08:29 AM



Juno has possibly changed the browsers settings installed on your computer.

Navigate to this page and restore the default settings for the browsers you use.
http://www.shouldiremoveit.com/Juno-Internet-30611-program.aspx

How to at the end of the page.

When done do not used the Juno Browser object.

Open a your default browser and use the search box provided.

===

cannot be changed even with the Fonts dialog in Internet Options

Have you checked the Style option?
I do not use Juno but my style is set to Default.


is VSTM-related or not.

What is VSTM?

#6 latimer141225

latimer141225
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 07 September 2016 - 09:02 AM

Juno has possibly changed the browsers settings installed on your computer.

Navigate to this page and restore the default settings for the browsers you use.
http://www.shouldiremoveit.com/Juno-Internet-30611-program.aspx

How to at the end of the page.

When done do not used the Juno Browser object.

Open a your default browser and use the search box provided.

===
 

cannot be changed even with the Fonts dialog in Internet Options

Have you checked the Style option?
I do not use Juno but my style is set to Default.


is VSTM-related or not.

What is VSTM?

 

 

I presume you're referring to the Styles option under Accessibility in Internet options? I've already tried that, and it didn't impact the font issue in Juno. It makes a LOT of other sites I read look... objectionable. I'm going to conclude [A] Juno meant for the font to be changed, made a(n irreversible) update making the change, and [B] will continue to (have customer service) fudge any further responses to my inquiries. Meanwhile, I will quit using the intrinsic browser until/unless the others catastrophically fail.

 

VSTM-related = Virus / spyware / trojan / malware-related. I believe(d) the Juno font issue may have been so related.


Edited by latimer141225, 07 September 2016 - 09:18 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:29 PM

Posted 07 September 2016 - 12:19 PM

I presume you're referring to the Styles option under Accessibility in Internet options?

No it's under the View menu in IE.

You wll find Text size and Style options

#8 latimer141225

latimer141225
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 07 September 2016 - 01:43 PM

 

I presume you're referring to the Styles option under Accessibility in Internet options?

No it's under the View menu in IE.

You wll find Text size and Style options

 

 

Set to medium and default, respectively.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:29 PM

Posted 08 September 2016 - 08:36 AM

This is a long shut, let see what we can find in the registry.

Please run the Farbar Recovery Scan Tool. Enter click-jacker in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#10 latimer141225

latimer141225
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 08 September 2016 - 10:56 AM

Clean:

 

Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by RD (08-09-2016 11:54:36)
Running from C:\Users\RD\Desktop
Boot Mode: Normal

================== Search Registry: "click-jacker" ===========

====== End of Search ======



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:29 PM

Posted 08 September 2016 - 12:25 PM


This is my search with Google.
https://www.google.ca/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=juno%20font%20size


Can these two link help?

http://discuss.junolab.org/t/help-to-increase-font-size-in-juno-editor/257

https://support.mozilla.org/en-US/questions/1082701

You may find some other links if you check further.

#12 latimer141225

latimer141225
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 08 September 2016 - 01:48 PM

The Juno referred-to in many of those results, is a version of the Eclipse programming/development system, which is not the same thing as the Juno Online Services e-mail/Internet app provided by United Online, part of the reason for my post. (Wikipedia links)

 

The information in the (years old) Juno Online article was among the first I read about this issue.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:29 PM

Posted 09 September 2016 - 08:57 AM

Sorry I but I do not what else to suggest.

Contact Juno if possible or start a new topic in this forum

http://www.bleepingcomputer.com/forums/f/57/all-other-applications/

Someone with that experience can possibly help you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users