Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Heur:Trojan.WinLNK.Agent.gen + Verecno googleupdate.a3x + Ink Links External HDD


  • This topic is locked This topic is locked
1 reply to this topic

#1 ExpatJim

ExpatJim

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 12 December 2016 - 02:37 PM

Hello My Friend,

 

Your expertise is very much needed.

 

It has been many years since I've encountered a serious computer problem. If I ever doubt a virus infection, I normally try extracting via Hitman Pro, Malwarebytes, ADWCleaner... as I tried this time.

 

Late night Dec 9th (12/10 after midnight) I was logging off my Toshiba Notebook 64 bit O.S.(i5-4200M CPU) running on Windows 7 Professional, and just as it shut down I noticed it indicated in an interface message of what looked like a program change upon the forced shutdown. I think this occurred after I used iObit Advanced System Care to clean my pc like I have done every night the past year. I think there was an update of a new version of iObit ASC and possibly that lodged the virus on my system because the program file records showed iObit ASC was added 12/10, when I shut down. 

 

I took a note of the program indicated in the interface message before the forced shutdown that night, the program was "cmd.exe".

 

I didn't think much about it but the next morning (12/10 day) when I booted up my computer and went online using Firefox browser and then I started noticing when I click on links I was getting redirected. I don't exactly recall, but somehow after Googling the types of redirects I was getting I came to believe it was "Adf.ly" and some associated malware causing the problem, possibly related to "skypee" infection. I don't recall the exact order but I think the next steps were AWDCleaner, Hitman Pro and then Malwarebytes. I cleaned/removed anything with all. NONE of them discovered anything noteworthy. But after that I did not encounter anymore redirects.

 

But immediately some new problems were discovered within the hour. I went to access my external ADATA HDD and I heard what sounded like it was crashing. I really thought it crashed. I decided to restart my computer and try again, when it booted up I got two interface boxes reading: 

 

"AutoIt Error: Line 0 (File "C:\Google\googleupdate.a3x): Error opening the file"

 

Researching Google, Verecno worm seems to be associated with that problem, but no virus scan has delivered that info ... and that problem continues now.

 

Then I once again tried looking in my external ADATA HDD files, and thank God it did not crash, but suddenly I could see all files had become 1kb size (Ink) shortcuts, but upon clicking on a file it did open up to the destination file I sought (what originally was there with corresponding memory), so the Ink files masked what is behind it. Dumb me, I also have a Maxtor external HDD and I was thinking to backup my notebook on that external Maxtor hard drive and I duplicated the same problem on my two very important external HDDs. I started to search Google and realized I have a worm that spreads by connecting external devices.

 

Investigating the external HDD "Ink shotcuts" by right clicking for "properties", they all show the following:

 

"C:\windows\system32\cmd.exe /c start Drive.bat &"

 

I also obseved a newly [12/10/16] made .bat file on one external HDD, and I am sure the other one as well,

 

I stopped connecting the HDDs once I researched Google and realized what's going on. I did read possible software solutions, like the following:

http://ccm.net/forum/affich-474271-files-on-external-drive-changed-to-shortcuts

http://ccm.net/download/download-11613-autorun-exterminator

https://www.usb-antivirus.com/2014/03/infections-spreading-usb-peripherals/

https://www.sosvirus.net/en/antishortcut-antiusbshortcut/

https://www.usbfix.net/

 

But I decided not to follow any possible software solution until I receive better advice. Most importantly, I do not want to mess that up as I need to retrieve those files because they have vital information that I hate to lose. I also believe my computer needs to be "virus & malware free" before I tackle the external HDD proplem (2nd step) anyway.

 

So I went back to my computer the past 24 hours, and I finally got Kaspersky virus scan to deliver the following result & I deleted all the viruses using Kaspersky :

--------------------------------------------------------
HEUR:Trojan.WinLNK.Agent.gen
File: C:\AdwCleaner\AdwCleaner.lnk
Trojan program
--------------------------------------------------------
not-a-virus:Monitor.Win32.RK.mr
File: C:\AdwCleaner\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlvknlg.exe.vir
User activity monitoring software
--------------------------------------------------------
Trojan.VBS.AutoRun.ag
File: C:\AdwCleaner\Quarantine\C\Users\jmloftis\AppData\Roaming\Run_Dregol\UpdateProc\bkup.dat.vir
Trojan program
--------------------------------------------------------
HEUR:Trojan.WinLNK.Agent.gen
File: C:\Intel\Intel.lnk
Trojan program
--------------------------------------------------------
HEUR:Trojan.WinLNK.Agent.gen
File: C:\Google\Google.lnk
Trojan program
--------------------------------------------------------
Trojan.WinLNK.Agent.ew
File: C:\Google\Skypee.lnk
Trojan program
--------------------------------------------------------
HEUR:Trojan.WinLNK.Agent.gen
File: C:\ProgramData\ProgramData.lnk
Trojan program
--------------------------------------------------------
HEUR:Trojan.WinLNK.Agent.gen
File: C:\TOSHIBA\TOSHIBA.lnk
Trojan program
--------------------------------------------------------
Trojan.WinLNK.Agent.ew
File: C:\Skypee\Skypee.lnk
Trojan program
--------------------------------------------------------
HEUR:Trojan.WinLNK.Agent.gen
File: C:\Skypee\Google.lnk
Trojan program
--------------------------------------------------------
not-a-virus:Downloader.Win32.AdLoad.uhdq
File: C:\Users\jmloftis\Downloads\advanced-systemcare-setup.exe
Legal software that can be used by criminals to damage your computer or personal data

--------------------------------------------------------

 

Important Note: I also removed all recent program files added the past 1-2 weeks, using iObit Uninstall (which I already had) and eliminated all remaining residue (good feature of iObit's Uninstaller)... and finally eliminated iObit's Uninstaller as a last step. I replaced iObit with Avast, at least for this time period. Avast virus scanner turned up nothing, like previos results from AWDCleaner, Hitman Pro and then Malwarebytes.

 

I realized a registry fix will be in order, but I know that I could really mess up viewing/ retreiving my externally HDD files, and other things, so I haven't done anything more than Ccleaner registry fix and kept the backup ".reg" files. Rather than do anything more to that end, I made a  HijackThis log file and noticed, many (file missing) entries and at least two suspicious keys, which follow:

 

O4 - HKCU\..\Run: [AntiWormUpdate] C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x

 

O4 - HKCU\..\Run: [AntiUsbWorm] C:\windows\system32\cmd.exe /c start C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x  & exit

 

I will add the complete HijackThis.log log at the end, after the FRST.txt log below.

 

The past 24 hours, or so, I must use safe mode to access any anti-virus or cleanup exe software on my computer. Interface message outside of safe mode reads:

C:\Prgram Files\____________\__________.exe
Windows cannot access the specified device, path, or file. You may not have appropriate permissions to access the item.

 

Example: Ccleaner or Malwarebytes is in the blank spaces above.

 

So it is hijacking permission and shortly after adding a new program to the start menu, desktop the hijack will occur, one recognized.

 

I use Firefox 95%-100% of the time, so I checked add-ons and there were no new add-ons or extensions. From that exercise, I did get rid of a youtuble video downloader I no longer use. So I think browsers are ok. Chrome is used only rarely, IE never.

 

So I hope you can help me:

 

1) remove all worms/viruses from my Toshiba Satelite computer

 

2) Fix registry & HKCU Keys of my Toshiba Satelite computer so they will not auto-run and coordinate with the masked files in the two external HDDs (to properly read those files)

 

3) clean / fix "Ink shortcut" hijack of my external ADATA HDD

 

4) clean / fix "Ink shortcut" hijack of my external Maxtor HDD
 

Your help and guidance will be very much appreciated.

 

An advanced "thank you" for your patience to see me through to solving these issues, biggest problem I've ever run into, I guess from downloading a new update/program (like iObit update).

Below, find FRST.txt  and HijackThis.log

 

NOTE: I tried to attach Addition.txt two times, but it failed, so I will paste it at the bottom

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by jmloftis (administrator) on JMLOFTIS-PC (12-12-2016 23:25:38)
Running from C:\Users\jmloftis\Downloads
Loaded Profiles: jmloftis (Available Profiles: jmloftis)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [393320 2016-01-14] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049712 2013-05-03] (Synaptics Incorporated)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [996192 2013-05-21] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-03] ()
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [293760 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [745912 2012-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-04-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-16] (Intel Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-11] (AVAST Software)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [AntiWormUpdate] => C:\Google\AutoIt3.exe [750320 2012-01-29] (AutoIt Team)
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [AntiUsbWorm] => C:\windows\system32\cmd.exe /c start C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x  & exit
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-29] (Piriform Ltd)
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-11] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-12-12]
ShortcutTarget: Start.lnk -> C:\Users\jmloftis\AppData\Roaming\wrvib\uaucjo.exe (Microsoft Corporation)
Startup: C:\Users\jmloftis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-12-12]
ShortcutTarget: Start.lnk -> C:\Users\jmloftis\AppData\Roaming\wrvib\uaucjo.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{67F4AA9A-E231-41CB-8C34-85B12B30D701}: [NameServer] 208.67.220.220,208.67.222.222
Tcpip\..\Interfaces\{67F4AA9A-E231-41CB-8C34-85B12B30D701}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshibamea.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-96689548-2535591333-3550804405-1000 -> DefaultScope {DA2CF463-B698-4D07-B0A7-E3DC3E5A653D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-96689548-2535591333-3550804405-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-96689548-2535591333-3550804405-1000 -> {DA2CF463-B698-4D07-B0A7-E3DC3E5A653D} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-12-11] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-11] (AVAST Software)
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: b2nw7hm7.default
FF ProfilePath: C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default [2016-12-12]
FF user.js: detected! => C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\user.js [2016-12-10]
FF NewTab: Mozilla\Firefox\Profiles\b2nw7hm7.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\b2nw7hm7.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\b2nw7hm7.default -> hxxps://www.google.com/?gfe_rd=cr&ei=ykP1VMrpFMyL8QeYsoCQCA&gws_rd=ssl,cr&fg=1
FF Keyword.URL: Mozilla\Firefox\Profiles\b2nw7hm7.default -> user_pref("keyword.URL", true);
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2016-08-12]
FF Extension: (Lightshot (screenshot tool)) - C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2016-05-20]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2016-11-22]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-11]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\jmloftis\AppData\Local\XDM\xdmff => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-96689548-2535591333-3550804405-1000: @citrixonline.com/appdetectorplugin -> C:\Users\jmloftis\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-07] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default [2016-12-12]
CHR Extension: (Google Slides) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-24]
CHR Extension: (Flash Video Downloader) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-12-09]
CHR Extension: (LeadFuze - Sales Prospecting Tool) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ameidhagnfddjaleejfpigojomffoigm [2016-12-09]
CHR Extension: (Google Docs) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-24]
CHR Extension: (Google Drive) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-24]
CHR Extension: (Google Search) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Facebook Pixel Helper) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2016-12-09]
CHR Extension: (Google Sheets) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-21]
CHR Extension: (Aliexpress Assistant - Price Tracker) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihlaoogegdjakmdbpbilijdghoggkim [2016-12-09]
CHR Extension: (100K Factory Ultra Edition) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaifpfmikklhkkmhcmbnpfbfclphibia [2016-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-21]
CHR Extension: (Gmail) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-11] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-17] (Dropbox, Inc.)
S2 DbxSvc; C:\windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)
S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
S2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [344168 2016-01-14] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-13] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-13] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 9680941D6; C:\windows\System32\drivers\9680941D6.sys [478392 2016-12-11] (Kaspersky Lab ZAO)
S3 Apowersoft_AudioDevice; C:\windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-12-11] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [37144 2016-12-12] (AVAST Software)
S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-12-11] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-12-11] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-11] (AVAST Software)
S1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-12-11] (AVAST Software)
S1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-12-11] (AVAST Software)
S2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-12-11] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-11] (AVAST Software)
S3 ccSet_NARA; C:\windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] ()
S3 GeneStor; C:\windows\System32\DRIVERS\GeneStor.sys [60928 2016-01-14] (GenesysLogic)
S1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-24] (REALiX™)
R0 iaStorF; C:\windows\System32\DRIVERS\iaStorF.sys [31712 2016-08-30] (Intel Corporation)
R3 L1C; C:\windows\System32\DRIVERS\L1C62x64.sys [129224 2016-01-14] (Qualcomm Atheros Co., Ltd.)
R3 MEIx64; C:\windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-08-30] (Intel Corporation)
S3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [32936 2016-01-14] (Synaptics Incorporated)
S3 Tosrfcom; no ImagePath
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-12-10] ()
S3 cpuz134; \??\C:\Users\jmloftis\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 npf; \??\C:\windows\system32\drivers\npf.sys [X]
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 23:25 - 2016-12-12 23:26 - 00021752 _____ C:\Users\jmloftis\Downloads\FRST.txt
2016-12-12 23:24 - 2016-12-12 23:25 - 00000000 ____D C:\FRST
2016-12-12 23:10 - 2016-12-12 23:10 - 00018014 _____ C:\Users\jmloftis\Desktop\cc_20161212_230959.reg
2016-12-12 21:23 - 2016-12-12 21:23 - 00098978 _____ C:\Users\jmloftis\Documents\IAAC_finra_firm_10645.pdf
2016-12-12 16:40 - 2016-12-12 16:42 - 02420224 _____ (Farbar) C:\Users\jmloftis\Downloads\FRST64.exe
2016-12-12 15:47 - 2016-12-12 15:47 - 00451707 _____ C:\Users\jmloftis\Desktop\John Gibb_TINY Overview.pdf
2016-12-12 14:52 - 2016-12-12 16:37 - 142028041 _____ C:\Users\jmloftis\Desktop\John Gibb_30 Miliion Visitors In December 2016.mp4
2016-12-12 14:07 - 2016-12-12 14:07 - 00293559 _____ C:\Users\jmloftis\Desktop\18-months-2-blogs-six-figures.pdf
2016-12-12 13:02 - 2016-12-12 21:07 - 00003896 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1481518964
2016-12-12 13:02 - 2016-12-12 13:02 - 00001054 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-12-12 13:02 - 2016-12-12 13:02 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-12 13:01 - 2016-12-12 13:01 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-12-12 02:09 - 2016-12-12 02:09 - 00001806 _____ C:\Users\jmloftis\Desktop\cc_20161212_020944.reg
2016-12-12 01:36 - 2016-12-12 01:45 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-12 01:36 - 2016-12-12 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-12 01:36 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-12-12 01:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-12-12 01:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-12-12 01:12 - 2016-12-12 01:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\jmloftis\Downloads\HijackThis.exe
2016-12-11 23:38 - 2016-12-11 23:52 - 14206800 _____ C:\Users\jmloftis\Desktop\How to Remove Computer Virus Without Antivirus Program _ without using any antivirus New 2016.mp4
2016-12-11 23:37 - 2016-12-11 23:53 - 06022792 _____ C:\Users\jmloftis\Desktop\How to detect a virus.mp4
2016-12-11 22:17 - 2016-12-11 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-12-11 22:17 - 2016-12-11 22:17 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-11 22:15 - 2016-12-11 22:23 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-11 22:06 - 2016-12-11 22:15 - 11581544 _____ (SurfRight B.V.) C:\Users\jmloftis\Downloads\HitmanPro_x64.exe
2016-12-11 19:36 - 2016-12-11 19:36 - 00003041 _____ C:\Users\jmloftis\Desktop\Malwarebytes_File_Potential Treats_12_10_2016.txt
2016-12-11 19:16 - 2016-12-11 19:16 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\AVAST Software
2016-12-11 19:15 - 2016-12-11 19:15 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-12-11 19:15 - 2016-12-11 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-12-11 19:10 - 2016-12-11 19:12 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-12-11 19:10 - 2016-12-11 19:12 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-12-11 19:10 - 2016-12-11 19:12 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-12-11 19:10 - 2016-12-11 19:10 - 00000350 ____H C:\windows\Tasks\avast! Emergency Update.job
2016-12-11 19:10 - 2016-12-11 19:09 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-12-11 19:09 - 2016-12-11 19:09 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-12-11 19:09 - 2016-12-11 19:09 - 00053208 _____ (AVAST Software) C:\windows\avastSS.scr
2016-12-11 18:29 - 2016-12-12 13:01 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-11 18:18 - 2016-10-05 06:39 - 01631928 _____ (Malwarebytes) C:\Users\jmloftis\Desktop\JRT.exe
2016-12-11 16:50 - 2016-12-11 16:50 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Curiolab
2016-12-11 16:45 - 2016-12-11 18:13 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2016-12-11 16:45 - 2016-12-11 16:45 - 00001092 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2016-12-11 16:45 - 2016-12-11 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2016-12-11 16:31 - 2016-12-11 16:42 - 15637544 _____ (CURIOLAB S.M.B.A.) C:\Users\jmloftis\Downloads\ExterminateItSetup.exe
2016-12-11 15:48 - 2016-12-12 22:40 - 00004566 _____ C:\Users\jmloftis\Desktop\Kaspersky Dec 11 Scan Result.txt
2016-12-11 14:37 - 2016-12-11 14:37 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\ProductData
2016-12-11 14:36 - 2016-12-11 14:38 - 00000000 ____D C:\ProgramData\ProductData
2016-12-11 14:35 - 2016-12-11 14:35 - 00478392 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\9680941D6.sys
2016-12-11 13:48 - 2016-12-11 17:35 - 00000000 ____D C:\KVRT_Data
2016-12-11 13:13 - 2016-12-11 13:13 - 00000000 ____D C:\Program Files (x86)\Zone Labs
2016-12-11 13:12 - 2016-12-11 13:12 - 00000000 ____D C:\windows\Internet Logs
2016-12-11 12:24 - 2016-12-11 13:47 - 103531352 _____ (Kaspersky Lab ZAO) C:\Users\jmloftis\Downloads\KVRT.exe
2016-12-10 23:35 - 2016-12-10 23:35 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-10 23:15 - 2016-12-10 23:14 - 00969560 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.148138423840207
2016-12-10 23:15 - 2016-12-10 23:14 - 00513496 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.148138424542210
2016-12-10 23:15 - 2016-12-10 23:14 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys.148138424904112
2016-12-10 22:52 - 2016-12-10 22:59 - 08004763 _____ C:\Users\jmloftis\Desktop\How to remove Verecno _ googleupdate.a3x startup error.mp4
2016-12-10 22:19 - 2016-12-10 22:19 - 00003041 _____ C:\Users\jmloftis\Documents\Malwarebytes_File_Potential Treats_12_10_2016.txt
2016-12-10 22:12 - 2016-12-12 13:01 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-10 22:07 - 2016-12-10 22:12 - 06253640 _____ (AVAST Software) C:\Users\jmloftis\Downloads\avast_free_antivirus_setup_online_cnet_1.exe
2016-12-10 20:33 - 2016-12-11 16:44 - 00000000 ____D C:\ProgramData\TEMP
2016-12-10 20:33 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCTL.OCX
2016-12-10 20:33 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL
2016-12-10 20:12 - 2016-12-10 20:16 - 04291320 _____ (BrightFort LLC ) C:\Users\jmloftis\Downloads\spywareblastersetup55.exe
2016-12-10 19:24 - 2016-12-10 20:17 - 00000000 ____D C:\Users\jmloftis\AppData\Local\IIIQF
2016-12-10 15:24 - 2016-12-10 15:42 - 00000000 ____D C:\Users\jmloftis\Desktop\Adam Short NPFC
2016-12-10 14:22 - 2016-12-10 15:19 - 00000000 ____D C:\Users\jmloftis\Desktop\Dec 2016
2016-12-10 14:16 - 2016-12-10 14:21 - 00000000 ____D C:\Users\jmloftis\Desktop\100K Factory Videos
2016-12-10 13:00 - 2016-12-10 13:00 - 00458363 _____ C:\Users\jmloftis\Documents\Avalara-Tax Software_ecommerce-brochure-1.1.pdf
2016-12-10 12:58 - 2016-12-10 12:58 - 09358257 _____ C:\Users\jmloftis\Documents\Borial Plot_Harley-Investment-Brochure-BLEED.pdf
2016-12-10 02:43 - 2016-12-10 02:43 - 00001690 _____ C:\Users\jmloftis\Documents\cc_20161210_024342.reg
2016-12-10 02:39 - 2016-12-10 02:39 - 00003272 ____N C:\bootsqm.dat
2016-12-10 00:53 - 2016-12-10 01:17 - 34190992 _____ (Adlice Software ) C:\Users\jmloftis\Downloads\RogueKiller.exe
2016-12-10 00:44 - 2016-12-10 00:47 - 03968464 _____ C:\Users\jmloftis\Downloads\adwcleaner.exe
2016-12-09 23:49 - 2016-12-09 23:49 - 00085786 _____ C:\Users\jmloftis\Documents\Nick Loper_50 Outsource Writers-20k-in-Monthly-Recurring-Revenue.compressed.pdf
2016-12-09 23:43 - 2016-12-09 23:43 - 05886224 _____ C:\Users\jmloftis\Documents\Jim_Book -Emotions Handbook.pdf
2016-12-09 23:04 - 2016-12-10 00:24 - 00000000 ____D C:\Program Files\Plumbytes Software
2016-12-09 20:33 - 2016-12-09 21:09 - 22851472 _____ (Malwarebytes ) C:\Users\jmloftis\Downloads\mbam-setup-FileHippo.19901-2.2.1.1043.exe
2016-12-09 18:13 - 2016-12-12 22:03 - 00000000 ___HD C:\Users\jmloftis\AppData\Roaming\wrvib
2016-12-09 16:54 - 2016-12-09 16:54 - 00466788 _____ C:\Users\jmloftis\Documents\Instant Cash Explosion_ 3k per month.pdf
2016-12-09 16:38 - 2016-12-09 16:38 - 00194822 _____ C:\Users\jmloftis\Documents\Sean Mize_Designing-Your-Personal-Blueprint.pdf
2016-12-08 23:14 - 2016-12-08 23:14 - 01809046 _____ C:\Users\jmloftis\Documents\Cadd_Banish Man Boobs (Gynecomastia) With No Drugs or Surgery.pdf
2016-12-08 23:07 - 2016-12-08 23:07 - 00692102 _____ C:\Users\jmloftis\Documents\Cadd_How To Eliminate ManBoobs.pdf
2016-12-08 21:51 - 2016-12-08 22:12 - 22289894 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack3_Buying Intent Keyword trends for Niche Site Formula Students.mp4
2016-12-08 21:49 - 2016-12-08 22:36 - 47444164 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack4_Know Your Competion... Stop Playing Niche Affiliate Marketing Blind Folded!.mp4
2016-12-08 21:09 - 2016-12-08 21:31 - 08387417 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack2 latest.mp4
2016-12-08 20:58 - 2016-12-08 20:58 - 00889344 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack0_MasterChart-Individual Tabs - 20082014.pmd
2016-12-08 20:46 - 2016-12-08 20:59 - 18020422 _____ C:\Users\jmloftis\Documents\John Gibb_Data Packs1 new.mp4
2016-12-08 20:14 - 2016-12-08 20:14 - 00531141 _____ C:\Users\jmloftis\Documents\John Gibb_Welcome To NSF.pdf
2016-12-08 20:11 - 2016-12-08 20:11 - 02428046 _____ C:\Users\jmloftis\Documents\John Gibb_NSF Niche Research Manual.pdf
2016-12-08 02:17 - 2016-12-08 02:17 - 23400187 _____ C:\Users\jmloftis\Desktop\Justin Brooke_Ultimate Email Example Guide.pdf
2016-12-07 21:59 - 2016-12-07 21:59 - 04531807 _____ C:\Users\jmloftis\Documents\4 Hour Body Cheat Sheet.pdf
2016-12-07 21:53 - 2016-12-07 21:53 - 01783937 _____ C:\Users\jmloftis\Documents\Aidan Booth_Textbook_Arbitrage-eComSystem-Cliff-Notes.pdf
2016-12-07 21:49 - 2016-12-07 21:49 - 18373157 _____ C:\Users\jmloftis\Documents\Russel Brunson_Funnel-Hacks-Cliff-Notes.pdf
2016-12-07 21:46 - 2016-12-07 21:46 - 01365129 _____ C:\Users\jmloftis\Documents\MIKE MICHALOWICZ_Profit First_Overview OneSheet_R2.pdf
2016-12-07 21:34 - 2016-12-07 21:34 - 02999709 _____ C:\Users\jmloftis\Documents\Jay Boyer_ASM-Insiders-Guide.pdf
2016-12-07 21:30 - 2016-12-07 21:30 - 02002171 _____ C:\Users\jmloftis\Documents\Jay Boyer_Pinterest Viral Traffic to Amazon Product.pdf
2016-12-07 21:26 - 2016-12-07 21:26 - 06422268 _____ C:\Users\jmloftis\Documents\Jay Boyer_Youtube Money 9-ways.pdf
2016-12-07 21:20 - 2016-12-07 21:20 - 04436026 _____ C:\Users\jmloftis\Documents\Jay Boyer_Zero-Content-Books.pdf
2016-12-07 21:11 - 2016-12-07 21:11 - 01287797 _____ C:\Users\jmloftis\Documents\Jay Boyer_Money-Niches.pdf
2016-12-07 21:08 - 2016-12-07 21:08 - 04170491 _____ C:\Users\jmloftis\Documents\Jay Boyer_Leverage Linkedin To Sell.pdf
2016-12-07 20:59 - 2016-12-07 20:59 - 02956598 _____ C:\Users\jmloftis\Documents\Jay Boyer_Instagram.pdf
2016-12-07 20:57 - 2016-12-07 20:57 - 02509488 _____ C:\Users\jmloftis\Documents\Instagram+Tools+Guide.pdf
2016-12-07 20:54 - 2016-12-07 20:54 - 02646849 _____ C:\Users\jmloftis\Documents\Jay Boyer_2,057hr on Fiverr.pdf
2016-12-07 20:50 - 2016-12-07 20:50 - 02839521 _____ C:\Users\jmloftis\Documents\Jay Boyer_30 Books in 30 Days_wordbotic.pdf
2016-12-07 20:46 - 2016-12-07 20:46 - 03019804 _____ C:\Users\jmloftis\Documents\Jay Boyer_Jason Fladlien_ASM.pdf
2016-12-07 20:43 - 2016-12-07 20:43 - 00810354 _____ C:\Users\jmloftis\Documents\Jay Boyer_First 1k Cheat Sheet.pdf
2016-12-07 20:41 - 2016-12-07 20:41 - 02384224 _____ C:\Users\jmloftis\Documents\Jay Boyer_Zero Cost Marketing Secrets.pdf
2016-12-07 20:36 - 2016-12-07 20:36 - 00528186 _____ C:\Users\jmloftis\Desktop\Aidan Booth_OutsourcingBlueprint.pdf
2016-12-06 18:41 - 2016-12-06 20:51 - 157998350 _____ C:\Users\jmloftis\Desktop\Todd Herman _v2 - 90 Day Achievement Engine.mp4
2016-12-06 16:29 - 2016-12-06 16:58 - 35646523 _____ C:\Users\jmloftis\Desktop\Never Work Again - On The Beach - Phil Town.mp4
2016-12-06 15:03 - 2016-12-06 16:00 - 77692926 _____ C:\Users\jmloftis\Desktop\Never Work Again_Adam Markel_Phil Town!.mp4
2016-12-05 16:18 - 2016-12-05 16:18 - 00531129 _____ C:\Users\jmloftis\Desktop\John Gibb_Welcome NSF.pdf
2016-12-03 23:13 - 2016-12-03 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-03 22:17 - 2016-12-03 22:24 - 02725703 _____ C:\Users\jmloftis\Desktop\Niche Site Formula!.mp4
2016-12-03 21:32 - 2016-12-03 21:32 - 00115200 _____ C:\Users\jmloftis\Documents\Optin Page Audit.pmd
2016-12-02 23:06 - 2016-12-02 23:06 - 00488130 _____ C:\Users\jmloftis\Desktop\BiteSize_Entrepreneurs_Guide_to_Info_Product_Marketing.pdf
2016-12-02 21:26 - 2016-12-02 21:26 - 00175072 _____ C:\Users\jmloftis\Documents\Philip Fisher_3Checklist-People-elements.pdf
2016-12-02 21:24 - 2016-12-02 21:24 - 00212313 _____ C:\Users\jmloftis\Documents\Philip Fisher_2Checklist-Functional-elements.pdf
2016-12-02 21:20 - 2016-12-02 21:20 - 00169847 _____ C:\Users\jmloftis\Documents\Philip Fisher_1 Checklist-Business-characteristics.pdf
2016-12-02 21:17 - 2016-12-02 21:17 - 00101804 _____ C:\Users\jmloftis\Documents\Side-Hustle_Legal Online Business-Questions-Answered.compressed.pdf
2016-12-02 15:58 - 2016-12-02 15:58 - 00903190 _____ C:\Users\jmloftis\Documents\Eugene Schwartz_127_Winning_Advertising_Headlines-1.pdf
2016-12-02 15:43 - 2016-12-02 15:43 - 00382744 _____ C:\Users\jmloftis\Documents\Bill Baren_YES-ConversationsThat Sell.pdf
2016-12-01 22:10 - 2016-12-01 22:10 - 02813042 _____ C:\Users\jmloftis\Documents\JJ_super-affiliate.pdf
2016-12-01 13:36 - 2016-12-01 13:36 - 04868685 _____ C:\Users\jmloftis\Documents\Dan Raine-Report-Gold-Issue-1.pdf
2016-12-01 01:04 - 2016-12-01 01:04 - 05038021 _____ C:\Users\jmloftis\Documents\Fred-Lam_Starting-From-Zero-eBook.pdf
2016-12-01 00:28 - 2016-12-01 00:28 - 02397656 _____ C:\Users\jmloftis\Desktop\NMD-REPORT-WEB-April15-v2.pdf
2016-11-30 21:45 - 2016-11-30 21:45 - 00259259 _____ C:\Users\jmloftis\Documents\Bill Baren_List-Building-Blueprint.pdf
2016-11-30 21:43 - 2016-11-30 21:43 - 02381327 _____ C:\Users\jmloftis\Documents\Bill Baren_Yes Map.pdf
2016-11-30 21:41 - 2016-11-30 21:41 - 00395066 _____ C:\Users\jmloftis\Documents\Bill Baren_Life-One-Year-Road-Map.pdf
2016-11-30 14:20 - 2016-11-30 14:20 - 05925989 _____ C:\Users\jmloftis\Documents\A-B-Testing-Marketo.pdf
2016-11-29 19:17 - 2016-11-29 19:17 - 00676456 _____ C:\Users\jmloftis\Desktop\Jimmy D Brown_Eearncome_3-Shifts-To-An-Extra-3K-Per-Week.pdf
2016-11-29 19:11 - 2016-11-29 19:11 - 00500032 _____ C:\Users\jmloftis\Desktop\Jimmy D Brown_Earncome_Shortcut To Creating Products-module31.pdf
2016-11-29 19:10 - 2016-11-29 19:10 - 01089330 _____ C:\Users\jmloftis\Desktop\Jimmy D Brown_Earncome_Ideas People Want To Read About-module35.pdf
2016-11-29 19:01 - 2016-11-29 19:01 - 00012830 _____ C:\Users\jmloftis\Documents\USAA_20161028_BANK_four_star_checking_4280.pdf
2016-11-29 18:37 - 2016-11-29 18:37 - 00000000 ___DX C:\Users\jmloftis\Desktop\Small Reports__MACOSX
2016-11-29 16:10 - 2016-11-29 16:10 - 03392512 _____ C:\Users\jmloftis\Desktop\FEED A STARVING CROWD-book-v2.pdf
2016-11-28 22:05 - 2016-11-28 22:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2016-11-28 22:05 - 2016-11-28 22:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2016-11-28 22:05 - 2016-11-28 22:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2016-11-28 22:05 - 2016-11-28 22:05 - 00042096 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2016-11-28 21:32 - 2016-11-28 21:32 - 00707709 _____ C:\Users\jmloftis\Documents\INVESTING-101-COURSE-OUTLINE.pdf
2016-11-28 15:37 - 2016-11-28 15:37 - 00043602 _____ C:\Users\jmloftis\Documents\Philippines Real Estate Legal and Documentary Requirements.tmd
2016-11-28 15:06 - 2016-11-28 15:06 - 02793260 _____ C:\Users\jmloftis\Documents\Seth Godin_What-Matters-Now-2.pdf
2016-11-27 23:26 - 2016-11-27 23:26 - 00797152 _____ C:\Users\jmloftis\Desktop\Power_Over_Panic.pdf
2016-11-27 23:20 - 2016-11-27 23:20 - 01492441 _____ C:\Users\jmloftis\Desktop\Affiliate Panic Away ebook.pdf
2016-11-26 17:16 - 2016-12-11 17:36 - 00000000 _RSHD C:\Skypee
2016-11-26 17:15 - 2016-12-11 17:36 - 00000000 _RSHD C:\Google
2016-11-26 16:41 - 2016-11-26 16:41 - 00001588 _____ C:\Users\jmloftis\Desktop\Sewing Machine1.txt
2016-11-26 16:32 - 2016-11-26 16:32 - 00003276 _____ C:\Users\jmloftis\Desktop\Cadd_American Lierature.txt
2016-11-26 15:21 - 2016-11-26 15:21 - 00004071 _____ C:\Users\jmloftis\Desktop\Cadd_Editorial.txt
2016-11-26 13:40 - 2016-11-26 13:40 - 00305748 _____ C:\Users\jmloftis\Documents\Creating-Editorial Article-Newspaper.pdf
2016-11-25 18:18 - 2016-11-25 19:50 - 61415402 _____ C:\Users\jmloftis\Desktop\Tom Poland_5Day Five of Five Day Leadsology® Boot Camp.mp4
2016-11-25 16:08 - 2016-11-25 17:16 - 69916844 _____ C:\Users\jmloftis\Desktop\Tom Poland_4Day Four of Five Day Leadsology® Boot Camp.mp4
2016-11-25 15:27 - 2016-11-25 15:27 - 00519079 _____ C:\Users\jmloftis\Documents\Tom Poland_Definitive Guide To Outsourcing To Asia For Leadsology.pdf
2016-11-25 14:43 - 2016-11-25 14:43 - 01409685 _____ C:\Users\jmloftis\Desktop\John Gibb_DOMINATE-GOOGLE.pdf
2016-11-25 00:09 - 2016-11-25 02:08 - 171136508 _____ C:\Users\jmloftis\Desktop\Clickfunnels Certification Webinar.mp4
2016-11-24 23:57 - 2016-11-24 23:57 - 01674577 _____ C:\Users\jmloftis\Desktop\Copywriting.pdf
2016-11-24 23:53 - 2016-11-24 23:53 - 24733528 _____ C:\Users\jmloftis\Desktop\Neil Patel_Definitive-Guide-to-Growth-Hacking.pdf
2016-11-24 23:20 - 2016-11-24 23:20 - 01037115 _____ C:\Users\jmloftis\Desktop\Viral-Content-Hacks.pdf
2016-11-24 22:26 - 2016-11-24 22:26 - 01606863 _____ C:\Users\jmloftis\Desktop\John Gibb_Health Niche Success_ebook.pdf
2016-11-24 22:25 - 2016-11-24 22:25 - 00289455 _____ C:\Users\jmloftis\Desktop\101-High-Paying-Affiliate-Programs-Final.pdf
2016-11-24 22:17 - 2016-11-24 22:17 - 00402152 _____ C:\Users\jmloftis\Documents\John Gibb_Assessing-Your-SEO-Situation-By-John-Gibb.pdf
2016-11-24 19:34 - 2016-11-24 19:34 - 00199608 _____ C:\Users\jmloftis\Documents\Eben Pagan_Virtual CEO 7 Modules Summary.pdf
2016-11-24 14:39 - 2016-11-24 15:41 - 80645509 _____ C:\Users\jmloftis\Desktop\Tom Poland_3Day Three of Five day Leadsology® Boot Camp - November 2016.mp4
2016-11-23 16:31 - 2016-11-23 16:44 - 08139496 _____ C:\Users\jmloftis\Desktop\Adwords account 2016.mp4
2016-11-23 16:28 - 2016-11-23 16:28 - 03351624 _____ C:\Users\jmloftis\Documents\Simpleology_Singularity.pdf
2016-11-23 14:57 - 2016-11-23 16:10 - 70128267 _____ C:\Users\jmloftis\Desktop\Tom Poland_2Day Two of Five Day Leadsology® Boot Camp - November 2016.mp4
2016-11-23 13:22 - 2016-11-23 13:22 - 05043965 _____ C:\Users\jmloftis\Desktop\HubSpot_LinkedIn_How_to_Become_an_Influencer_in_Your_Industry.pdf
2016-11-22 13:20 - 2016-11-22 13:45 - 21865523 _____ C:\Users\jmloftis\Desktop\Dan Martel_How To Market Against Established Competitors _ Dan Martell.mp4
2016-11-21 23:35 - 2016-11-21 23:35 - 00934029 _____ C:\Users\jmloftis\Desktop\Tom Poland_Working_Summary_V7e.pdf
2016-11-21 23:29 - 2016-11-21 23:30 - 02486139 _____ C:\Users\jmloftis\Desktop\Tom Poland_Your Extraordinary Life Book.pdf
2016-11-21 17:23 - 2016-11-21 18:16 - 70812096 _____ C:\Users\jmloftis\Desktop\Tom Poland_1Day One of Five Day Leadsology® Boot Camp - November 2016.mp4
2016-11-21 02:45 - 2016-11-21 02:45 - 00001554 _____ C:\Users\jmloftis\Documents\cc_20161121_024459.reg
2016-11-21 02:28 - 2016-11-21 02:28 - 00000000 ____D C:\Users\jmloftis\AppData\Local\{738445D8-572C-2960-3AB4-0C881EDCF010}
2016-11-21 02:27 - 2016-11-21 12:56 - 00000000 ____D C:\Users\jmloftis\AppData\Local\chromium
2016-11-21 02:03 - 2016-12-12 23:17 - 00000000 ____D C:\Users\jmloftis\AppData\LocalLow\Mozilla
2016-11-21 01:48 - 2016-10-11 23:45 - 00077424 _____ (eagleGet) C:\windows\system32\Drivers\eagleGet.update
2016-11-21 01:00 - 2016-11-21 01:00 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Subhra Das Gupta
2016-11-20 23:53 - 2016-11-20 23:53 - 00000000 ____D C:\Users\jmloftis\Documents\Apowersoft
2016-11-20 23:53 - 2016-11-20 23:53 - 00000000 ____D C:\Users\jmloftis\AppData\Local\CEF
2016-11-20 16:39 - 2016-11-20 16:39 - 00439668 _____ C:\Users\jmloftis\Documents\Marlon Sanders_80 20 whirlwind.pdf
2016-11-20 16:25 - 2016-12-02 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-20 01:09 - 2016-11-20 01:09 - 04399738 _____ C:\Users\jmloftis\Documents\Jay Boyer_Anik Build a Powerful Email List.pdf
2016-11-19 14:40 - 2016-11-19 14:40 - 00231519 _____ C:\Users\jmloftis\Documents\Danny Inny_Blog Post Checklist.pdf
2016-11-19 01:18 - 2016-11-19 01:18 - 00035405 _____ C:\Users\jmloftis\Desktop\AWAI_Money Making Website.pdf
2016-11-19 01:07 - 2016-11-19 01:07 - 04118747 _____ C:\Users\jmloftis\Documents\IL_FYL+Information+Pack.pdf
2016-11-18 16:37 - 2016-11-18 16:37 - 00087704 _____ C:\Users\jmloftis\Documents\Case Study_Five Dollar Dinners-Recurring-Revenue.compressed.pdf
2016-11-17 20:39 - 2016-11-17 20:39 - 00323185 _____ C:\Users\jmloftis\Documents\Simpleology_60-Second-Success-Reconditioner.pdf
2016-11-16 15:41 - 2016-11-16 15:41 - 00011318 _____ C:\Users\jmloftis\Desktop\Paypal USD PHP Conversion.tmd
2016-11-16 14:57 - 2016-11-16 14:57 - 01909433 _____ C:\Users\jmloftis\Documents\Jim book_Connection Algorithm.pdf
2016-11-16 14:56 - 2016-11-16 14:56 - 01217454 _____ C:\Users\jmloftis\Documents\Danny Inny_Success Mindset.pdf
2016-11-15 16:34 - 2016-11-15 16:34 - 06599119 _____ C:\Users\jmloftis\Desktop\Hustle_eBook.pdf
2016-11-14 03:08 - 2016-11-14 03:08 - 00000996 _____ C:\Users\jmloftis\Documents\cc_20161114_030814.reg
2016-11-13 22:36 - 2016-11-13 22:36 - 02857406 _____ C:\Users\jmloftis\Documents\Adrian Morrison_Second-Business.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 23:15 - 2015-02-28 19:11 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Wise Disk Cleaner
2016-12-12 22:51 - 2016-01-22 13:42 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-12-12 22:46 - 2016-02-24 00:28 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-12 22:46 - 2016-02-24 00:28 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-12 22:45 - 2016-05-17 19:48 - 00000912 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-12 22:28 - 2016-02-03 13:27 - 00371455 _____ C:\Users\jmloftis\Documents\Dan Pena.tmd
2016-12-12 22:25 - 2016-02-03 13:27 - 00371455 _____ C:\Users\jmloftis\Documents\Dan Pena.bak
2016-12-12 20:24 - 2009-07-14 12:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-12 20:24 - 2009-07-14 12:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-12 20:22 - 2009-07-14 13:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-12 20:22 - 2009-07-14 11:20 - 00000000 ____D C:\windows\inf
2016-12-12 20:18 - 2016-05-17 19:55 - 00000000 ___RD C:\Users\jmloftis\Dropbox
2016-12-12 20:17 - 2016-07-21 17:57 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Skype
2016-12-12 20:16 - 2016-05-17 19:48 - 00000908 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-12 20:16 - 2016-01-14 23:26 - 00000000 __SHD C:\Users\jmloftis\IntelGraphicsProfiles
2016-12-12 20:16 - 2015-07-30 21:12 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-12-12 20:16 - 2009-07-14 13:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-12-12 15:55 - 2016-01-07 15:50 - 00156184 _____ C:\Users\jmloftis\Documents\NPFC.tmd
2016-12-12 14:29 - 2016-01-07 15:50 - 00155904 _____ C:\Users\jmloftis\Documents\NPFC.bak
2016-12-12 01:36 - 2015-07-29 21:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-12 01:04 - 2015-07-29 18:50 - 00000000 ____D C:\AdwCleaner
2016-12-11 22:42 - 2015-12-29 22:36 - 00122246 _____ C:\Users\jmloftis\Desktop\INFO after.txt
2016-12-11 20:24 - 2016-07-21 17:52 - 00000000 ____D C:\ProgramData\Skype
2016-12-11 20:23 - 2016-07-21 17:52 - 00000000 ____D C:\Program Files (x86)\Skype
2016-12-11 18:12 - 2016-01-13 16:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2016-12-11 17:36 - 2014-03-20 04:45 - 00000000 ____D C:\TOSHIBA
2016-12-11 16:06 - 2015-02-28 18:51 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-11 14:34 - 2015-02-28 18:52 - 00000000 ____D C:\ProgramData\IObit
2016-12-11 14:34 - 2015-02-28 18:51 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\IObit
2016-12-10 22:20 - 2009-07-14 11:20 - 00000000 ____D C:\windows\PLA
2016-12-10 21:38 - 2016-04-09 12:36 - 00000000 ____D C:\windows\Minidump
2016-12-10 21:35 - 2016-01-13 16:09 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-12-10 21:25 - 2013-10-16 07:35 - 00774404 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-12-10 20:34 - 2009-07-14 11:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2016-12-10 20:34 - 2009-07-14 11:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2016-12-10 13:45 - 2016-08-11 12:15 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Wise Euask
2016-12-10 13:10 - 2009-07-14 13:08 - 00032618 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-12-10 01:56 - 2015-04-02 13:24 - 85483520 _____ C:\windows\system32\config\SOFTWARE.iodefrag.bak
2016-12-10 01:56 - 2015-04-02 13:24 - 00249856 _____ C:\windows\system32\config\DEFAULT.iodefrag.bak
2016-12-10 01:56 - 2015-04-02 13:24 - 00024576 _____ C:\windows\system32\config\SECURITY.iodefrag.bak
2016-12-10 01:56 - 2015-04-02 13:24 - 00024576 _____ C:\windows\system32\config\SAM.iodefrag.bak
2016-12-09 21:24 - 2016-01-07 09:03 - 00000000 ____D C:\Users\jmloftis\AppData\Local\Citrix
2016-12-05 00:14 - 2009-07-14 11:20 - 00000000 ____D C:\windows\system32\NDF
2016-12-03 23:13 - 2016-05-17 19:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-02 14:55 - 2015-12-31 14:47 - 55349248 _____ C:\windows\system32\config\COMPONENTS.iodefrag.bak
2016-12-02 14:44 - 2015-07-31 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-29 18:37 - 2014-03-13 16:18 - 03398392 _____ C:\Users\jmloftis\Desktop\_Small-Reports-Fortune-2-0.pdf
2016-11-29 18:36 - 2014-03-24 07:48 - 00281319 _____ C:\Users\jmloftis\Documents\bonus2-ideas.pdf
2016-11-29 18:36 - 2014-03-24 07:48 - 00281319 _____ C:\Users\jmloftis\Desktop\bonus2-ideas.pdf
2016-11-29 18:36 - 2014-03-13 16:29 - 00281054 _____ C:\Users\jmloftis\Documents\bonus4-improve.pdf
2016-11-29 18:36 - 2014-03-13 16:29 - 00281054 _____ C:\Users\jmloftis\Desktop\bonus4-improve.pdf
2016-11-29 18:36 - 2014-03-13 16:26 - 00297935 _____ C:\Users\jmloftis\Documents\bonus3-promotion.pdf
2016-11-29 18:36 - 2014-03-13 16:26 - 00297935 _____ C:\Users\jmloftis\Desktop\bonus3-promotion.pdf
2016-11-29 18:36 - 2014-03-13 16:21 - 00247061 _____ C:\Users\jmloftis\Documents\bonus1-checklist.pdf
2016-11-29 18:36 - 2014-03-13 16:21 - 00247061 _____ C:\Users\jmloftis\Desktop\bonus1-checklist.pdf
2016-11-29 18:36 - 2014-03-13 16:18 - 03398392 _____ C:\Users\jmloftis\Documents\_Small-Reports-Fortune-2-0.pdf
2016-11-29 12:40 - 2016-05-17 19:48 - 00003908 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 12:40 - 2016-05-17 19:48 - 00003656 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-26 17:16 - 2014-03-20 04:03 - 00000000 ____D C:\Intel
2016-11-20 23:55 - 2016-02-24 12:04 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Apowersoft
2016-11-16 15:46 - 2016-02-24 00:46 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-16 15:46 - 2016-02-24 00:46 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-16 12:40 - 2016-01-03 23:04 - 00000000 ____D C:\Users\jmloftis\Documents\SoftMaker
2016-11-16 12:25 - 2016-04-10 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-16 12:25 - 2016-04-10 15:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit

==================== Files in the root of some directories =======

2015-07-27 18:36 - 2015-07-29 15:17 - 0000102 _____ () C:\Users\jmloftis\AppData\Roaming\WB.CFG
2016-09-05 15:57 - 2016-09-05 15:57 - 0000003 _____ () C:\Users\jmloftis\AppData\Local\updater.log
2016-09-05 15:58 - 2016-09-05 23:52 - 0000424 _____ () C:\Users\jmloftis\AppData\Local\UserProducts.xml
2016-07-29 14:22 - 2016-07-29 14:22 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{2C7171BA-49A8-4ABA-8DE4-6D2061768634}
2016-09-18 16:26 - 2016-09-18 16:27 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{730CEA39-206A-4BC6-9B44-851720AACA71}
2016-03-16 14:16 - 2016-03-16 14:17 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{8D6FC585-049C-4C5D-8BC2-0F6DB25C9ABF}
2016-07-07 16:06 - 2016-07-07 16:06 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{B60A03D4-8345-4CE8-A5CE-4AE36E34075B}
2016-09-17 12:23 - 2016-09-17 12:23 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{C3367165-3704-4A8A-9CB2-F9652A1C90EC}
2016-09-17 12:23 - 2016-09-17 12:23 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{EF044512-92EC-464F-A97E-F8B41640E3B9}
2016-09-18 16:27 - 2016-09-18 16:27 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{F96ED809-0330-4E8B-96F6-088089C3A76A}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-10 17:49

==================== End of FRST.txt ============================

 

______________________________HijackThis Below_____________________________

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:13:10 AM, on 12/12/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17606)

FIREFOX: 50.0.2 (x86 en-US)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\jmloftis\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TEJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - (no file)
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [AntiWormUpdate] C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x
O4 - HKCU\..\Run: [AntiUsbWorm] C:\windows\system32\cmd.exe /c start C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x  & exit
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Start.lnk = ?
O4 - Global Startup: Start.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{67F4AA9A-E231-41CB-8C34-85B12B30D701}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10342 bytes
 

______________________________Addition.txt Below_____________________________

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by jmloftis (12-12-2016 23:26:21)
Running from C:\Users\jmloftis\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-11-20 12:22:51)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-96689548-2535591333-3550804405-500 - Administrator - Disabled)
Guest (S-1-5-21-96689548-2535591333-3550804405-501 - Limited - Disabled)
jmloftis (S-1-5-21-96689548-2535591333-3550804405-1000 - Administrator - Enabled) => C:\Users\jmloftis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.4.1245.72462 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.4.1245.72462 - Alcor Micro Corp.) Hidden
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 2.0.0.9 - Qualcomm Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.13(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CSVed 2.3.2 (HKLM-x32\...\CSVed_is1) (Version: 2.3.2 - Sam Francke)
Dropbox (HKLM-x32\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Edge Tools 1.3.1 (HKLM-x32\...\{76CA2567-FE77-4023-8C51-ECE03DAE2FAC}}_is1) (Version:  - Raine Ventures LLC.)
Exterminate It! (HKLM-x32\...\Exterminate It!) (Version: 2.12.06.06 - CURIOLAB S.M.B.A.)
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)
FreshKey (HKLM-x32\...\FreshKey) (Version: 1.5.3 - Infomastery, LLC)
FreshKey (x32 Version: 1.5.3 - Infomastery, LLC) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3293 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Malwarebytes Anti-Exploit version 1.9.1.1261 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1261 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SoftMaker FreeOffice (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 1.0.3515 - SoftMaker Software GmbH)
SWFPlayer 2.6.2.0 (HKLM-x32\...\SWFPlayer_is1) (Version: 2.6.2.0 - Michael Faust, Alpha Interactive)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.2.8 - Synaptics Incorporated)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.11 - Toshiba Corporation)
TOSHIBA Battery Manager (HKLM\...\{D7C7641F-0C96-4635-BFE1-29EBB3B05CC8}) (Version: 9.0.0.64 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.12 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.23.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.01.6402 - Toshiba Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0029 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.14 - TOSHIBA Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.14 - TOSHIBA)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.0.6402 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.01.00.64 - TOSHIBA Corporation)
TOSHIBA Power Saver (HKLM\...\{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}) (Version: 9.0.0.6404 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0011 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.1.6401 - Toshiba Corporation)
Wise Disk Cleaner 9.29 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.29 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-96689548-2535591333-3550804405-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-96689548-2535591333-3550804405-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\jmloftis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-96689548-2535591333-3550804405-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\jmloftis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-96689548-2535591333-3550804405-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\jmloftis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00226A71-B8AD-4D26-AE02-BDBF2121FA15} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {12C07B59-0306-4734-848B-162A02EA2664} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-17] (Dropbox, Inc.)
Task: {15FCC68C-E81F-40C9-B166-4B25568E3668} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-17] (Dropbox, Inc.)
Task: {1F789175-8FA1-496F-82AA-28B5D21CAA62} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {1FE72088-8581-480D-976D-1FED681A2152} - System32\Tasks\{439F7D0F-7A2C-4CFC-97BF-9B19222D753C} => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2016-11-15] (Malwarebytes Corporation)
Task: {43D21D47-C4A7-4226-BA8E-3C5AEB780053} - System32\Tasks\{C84213BF-5F76-43B6-BFBB-6EB90BC5E143} => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2016-11-15] (Malwarebytes Corporation)
Task: {51572203-531E-4520-90C9-36C701028004} - \update-S-1-5-21-96689548-2535591333-3550804405-1000 -> No File <==== ATTENTION
Task: {58BE06AB-3C5A-4ADC-9A3B-F57B64ED2563} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-29] (Piriform Ltd)
Task: {63346695-75FD-4EC6-9845-AB685D1106B0} - \Driver Booster SkipUAC (jmloftis) -> No File <==== ATTENTION
Task: {664D8D0D-5DFD-4991-B5C9-B6F99DBDAB41} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {798F313E-7A66-4D03-8BA6-264615C20B5E} - System32\Tasks\{8DB67F95-D2AC-4760-9431-7D901AF87E30} => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2016-11-15] (Malwarebytes Corporation)
Task: {98B9DDDC-26C3-4AC3-ACD4-5E8CEAAE9087} - System32\Tasks\SafeZone scheduled Autoupdate 1481518964 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {A08FEF56-3F06-4B55-B7CC-D1391A1AAF32} - \update-sys -> No File <==== ATTENTION
Task: {A3FA1677-3B61-4563-B71B-BBB9C4E9FA74} - \Dregol fofe -> No File <==== ATTENTION
Task: {B4B6E562-9D56-4443-B0D2-C31F12A1D0FB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {D88532D8-5F76-4819-94C4-0B160B7F6484} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-24] (Google Inc.)
Task: {FD8A266C-AED1-466B-9790-2966EF5A5662} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
river"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17175808.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9680941D6.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\08909918.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17175808.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\9680941D6.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\1001movie.com -> 1001movie.com

There are 6127 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2016-02-12 12:25 - 00000828 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jmloftis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.220.220 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{281763E9-0DC2-4DD9-B584-BDF28F26C7C4}] => C:\Users\jmloftis\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{A9C2628D-6432-45F1-BFDD-794E985B77ED}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8C04644-4242-496F-89B6-65B48FEE0C5B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5A7EADD9-1A11-4462-B0B8-23768997CCD9}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{85B8EED8-DAEF-4596-8E3D-9191246895B4}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{93BB3EB4-CE66-4AF9-A359-1A58A24B8417}] => C:\Program Files (x86)\IObit\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{D6B01ADD-C46E-4455-95D8-F2F84291CB01}] => C:\Program Files (x86)\IObit\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{6D41EEC4-02DC-440E-8BE2-B8764D34F6FA}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{97B1AE60-AB72-4A98-A4C5-92B698A7CA56}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{C9EC9BD6-DF4D-4C0B-A7F0-B4199A920FE0}] => C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

10-12-2016 03:00:16 Windows Update
10-12-2016 13:41:36 Windows Update
10-12-2016 17:32:22 Windows Update
10-12-2016 19:32:47 WinThruster (64-bit) Backup
10-12-2016 20:17:03 WinThruster restore point
10-12-2016 20:20:57 WinThruster restore point
11-12-2016 14:02:43 Windows Update
11-12-2016 16:05:18 Smart Defrag 5 restore point
11-12-2016 16:08:28 HitmanPro 3.7 restore point
11-12-2016 16:09:53 Advanced SystemCare 10 restore point
11-12-2016 17:36:37 Windows Update
11-12-2016 18:19:59 JRT Pre-Junkware Removal
11-12-2016 20:21:15 ASU_MSI_TRAN
12-12-2016 00:19:40 Windows Update
12-12-2016 17:08:33 Windows Update
12-12-2016 22:41:31 Windows Update

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/12/2016 11:06:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============

==================== Memory info ===========================

Processor: Intel® Core™ i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 16%
Total physical RAM: 6056.05 MB
Available physical RAM: 5067.71 MB
Total Virtual: 12110.29 MB
Available Virtual: 11194.36 MB

==================== Drives ================================

Drive c: (TI31154100C) (Fixed) (Total:687.33 GB) (Free:541.44 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 9F467080)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=687.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=17)

==================== End of Addition.txt ============================
 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:16 AM

Posted 13 December 2016 - 08:58 AM

Duplicate the topic will be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users