Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Heur:Trojan.WinLNK.Agent.gen + Verecno googleupdate.a3x + Ink Links External HDD


  • Please log in to reply
161 replies to this topic

#1 ExpatJim

ExpatJim

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 12 December 2016 - 11:59 PM

Hello Bleeping Computer Expert,

Your expertise is very much needed.


It has been many years since I've encountered a serious computer problem. If I ever doubt a virus infection, I normally try extracting via Hitman Pro, Malwarebytes, ADWCleaner... as I tried this time.


Late night Dec 9th (12/10 after midnight) I was logging off my Toshiba Notebook 64 bit O.S.(i5-4200M CPU) running on Windows 7 Professional, and just as it shut down I noticed it indicated in an interface message of what looked like a program change upon the forced shutdown. I think this occurred after I used iObit Advanced System Care to clean my pc like I have done every night the past year. I think there was an update of a new version of iObit ASC and possibly that lodged the virus on my system because the program file records showed iObit ASC was added 12/10, when I shut down.


I took a note of the program indicated in the interface message before the forced shutdown that night, the program was "cmd.exe".


I didn't think much about it but the next morning (12/10 day) when I booted up my computer and went online using Firefox browser and then I started noticing when I click on links I was getting redirected. I don't exactly recall, but somehow after Googling the types of redirects I was getting I came to believe it was "Adf.ly" and some associated malware causing the problem, possibly related to "skypee" infection. I don't recall the exact order but I think the next steps were AWDCleaner, Hitman Pro and then Malwarebytes. I cleaned/removed anything with all. NONE of them discovered anything noteworthy. But after that I did not encounter anymore redirects.


But immediately some new problems were discovered within the hour. I went to access my external ADATA HDD and I heard what sounded like it was crashing. I really thought it crashed. I decided to restart my computer and try again, when it booted up I got two interface boxes reading:


"AutoIt Error: Line 0 (File "C:\Google\googleupdate.a3x): Error opening the file"


Researching Google, Verecno worm seems to be associated with that problem, but no virus scan has delivered that info ... and that problem continues now.


Then I once again tried looking in my external ADATA HDD files, and thank God it did not crash, but suddenly I could see all files had become 1kb size (Ink) shortcuts, but upon clicking on a file it did open up to the destination file I sought (what originally was there with corresponding memory), so the Ink files masked what is behind it. Dumb me, I also have a Maxtor external HDD and I was thinking to backup my notebook on that external Maxtor hard drive and I duplicated the same problem on my two very important external HDDs. I started to search Google and realized I have a worm that spreads by connecting external devices.


Investigating the external HDD "Ink shotcuts" by right clicking for "properties", they all show the following:


"C:\windows\system32\cmd.exe /c start Drive.bat &"


I also obseved a newly [12/10/16] made .bat file on one external HDD, and I am sure the other one as well,


I stopped connecting the HDDs once I researched Google and realized what's going on. I did read possible software solutions, like the following:


http://ccm.net/forum/affich-474271-files-on-external-drive-changed-to-shortcuts

http://ccm.net/download/download-11613-autorun-exterminator

https://www.usb-antivirus.com/2014/03/infections-spreading-usb-peripherals/

https://www.sosvirus.net/en/antishortcut-antiusbshortcut/

https://www.usbfix.net/


But I decided not to follow any possible software solution until I receive better advice. Most importantly, I do not want to mess that up as I need to retrieve those files because they have vital information that I hate to lose. I also believe my computer needs to be "virus & malware free" before I tackle the external HDD proplem (2nd step) anyway.


So I went back to my computer the past 24 hours, and I finally got Kaspersky virus scan to deliver the following result & I deleted all the viruses using Kaspersky :

--------------------------------------------------------
HEUR:Trojan.WinLNK.Agent.gen
File: C:\AdwCleaner\AdwCleaner.lnk
Trojan program
--------------------------------------------------------
not-a-virus:Monitor.Win32.RK.mr
File: C:\AdwCleaner\Quarantine\C\Program Files (x86)\RelevantKnowledge\rlvknlg.exe.vir
User activity monitoring software
--------------------------------------------------------
Trojan.VBS.AutoRun.ag
File: C:\AdwCleaner\Quarantine\C\Users\jmloftis\AppData\Roaming\Run_Dregol\UpdateProc\bkup.dat.vir
Trojan program
--------------------------------------------------------
HEUR:Trojan.WinLNK.Agent.gen
File: C:\Intel\Intel.lnk
Trojan program
--------------------------------------------------------
HEUR:Trojan.WinLNK.Agent.gen
File: C:\Google\Google.lnk
Trojan program
--------------------------------------------------------
Trojan.WinLNK.Agent.ew
File: C:\Google\Skypee.lnk
Trojan program
--------------------------------------------------------
HEUR:Trojan.WinLNK.Agent.gen
File: C:\ProgramData\ProgramData.lnk
Trojan program
--------------------------------------------------------
HEUR:Trojan.WinLNK.Agent.gen
File: C:\TOSHIBA\TOSHIBA.lnk
Trojan program
--------------------------------------------------------
Trojan.WinLNK.Agent.ew
File: C:\Skypee\Skypee.lnk
Trojan program
--------------------------------------------------------
HEUR:Trojan.WinLNK.Agent.gen
File: C:\Skypee\Google.lnk
Trojan program
--------------------------------------------------------
not-a-virus:Downloader.Win32.AdLoad.uhdq
File: C:\Users\jmloftis\Downloads\advanced-systemcare-setup.exe
Legal software that can be used by criminals to damage your computer or personal data

--------------------------------------------------------


Important Note: I also removed all recent program files added the past 1-2 weeks, using iObit Uninstall (which I already had) and eliminated all remaining residue (good feature of iObit's Uninstaller)... and finally eliminated iObit's Uninstaller as a last step. I replaced iObit with Avast, at least for this time period. Avast virus scanner turned up nothing, like previos results from AWDCleaner, Hitman Pro and then Malwarebytes.


I realized a registry fix will be in order, but I know that I could really mess up viewing/ retreiving my externally HDD files, and other things, so I haven't done anything more than Ccleaner registry fix and kept the backup ".reg" files. Rather than do anything more to that end, I made a  HijackThis log file and noticed, many (file missing) entries and at least two suspicious keys, which follow:


O4 - HKCU\..\Run: [AntiWormUpdate] C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x


O4 - HKCU\..\Run: [AntiUsbWorm] C:\windows\system32\cmd.exe /c start C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x  & exit


I will add the complete HijackThis.log log at the end, after the FRST.txt log below.


The past 24 hours, or so, I must use safe mode to access any anti-virus or cleanup exe software on my computer. Interface message outside of safe mode reads:

C:\Prgram Files\____________\__________.exe
Windows cannot access the specified device, path, or file. You may not have appropriate permissions to access the item.


Example: Ccleaner or Malwarebytes is in the blank spaces above.


So it is hijacking permission and shortly after adding a new program to the start menu, desktop the hijack will occur, one recognized.


I use Firefox 95%-100% of the time, so I checked add-ons and there were no new add-ons or extensions. From that exercise, I did get rid of a youtuble video downloader I no longer use. So I think browsers are ok. Chrome is used only rarely, IE never.


So I hope you can help me:


1) remove all worms/viruses from my Toshiba Satelite computer


2) Fix registry & HKCU Keys of my Toshiba Satelite computer so they will not auto-run and coordinate with the masked files in the two external HDDs (to properly read those files)


3) clean / fix "Ink shortcut" hijack of my external ADATA HDD


4) clean / fix "Ink shortcut" hijack of my external Maxtor HDD

Your help and guidance will be very much appreciated.


An advanced "thank you" for your patience to see me through to solving these issues, the biggest problem I've ever run into, I guess from downloading a new update/program (like iObit update).


Below, find FRST.txt  and HijackThis.log

NOTE: Attached is Addition.txt


Thank you!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by jmloftis (administrator) on JMLOFTIS-PC (12-12-2016 23:25:38)
Running from C:\Users\jmloftis\Downloads
Loaded Profiles: jmloftis (Available Profiles: jmloftis)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [393320 2016-01-14] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049712 2013-05-03] (Synaptics Incorporated)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [996192 2013-05-21] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-03] ()
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [293760 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [745912 2012-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-04-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-16] (Intel Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-11] (AVAST Software)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [AntiWormUpdate] => C:\Google\AutoIt3.exe [750320 2012-01-29] (AutoIt Team)
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [AntiUsbWorm] => C:\windows\system32\cmd.exe /c start C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x  & exit
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-29] (Piriform Ltd)
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-11] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-12-12]
ShortcutTarget: Start.lnk -> C:\Users\jmloftis\AppData\Roaming\wrvib\uaucjo.exe (Microsoft Corporation)
Startup: C:\Users\jmloftis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-12-12]
ShortcutTarget: Start.lnk -> C:\Users\jmloftis\AppData\Roaming\wrvib\uaucjo.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{67F4AA9A-E231-41CB-8C34-85B12B30D701}: [NameServer] 208.67.220.220,208.67.222.222
Tcpip\..\Interfaces\{67F4AA9A-E231-41CB-8C34-85B12B30D701}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshibamea.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-96689548-2535591333-3550804405-1000 -> DefaultScope {DA2CF463-B698-4D07-B0A7-E3DC3E5A653D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-96689548-2535591333-3550804405-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-96689548-2535591333-3550804405-1000 -> {DA2CF463-B698-4D07-B0A7-E3DC3E5A653D} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-12-11] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-11] (AVAST Software)
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: b2nw7hm7.default
FF ProfilePath: C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default [2016-12-12]
FF user.js: detected! => C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\user.js [2016-12-10]
FF NewTab: Mozilla\Firefox\Profiles\b2nw7hm7.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\b2nw7hm7.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\b2nw7hm7.default -> hxxps://www.google.com/?gfe_rd=cr&ei=ykP1VMrpFMyL8QeYsoCQCA&gws_rd=ssl,cr&fg=1
FF Keyword.URL: Mozilla\Firefox\Profiles\b2nw7hm7.default -> user_pref("keyword.URL", true);
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2016-08-12]
FF Extension: (Lightshot (screenshot tool)) - C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2016-05-20]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2016-11-22]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-11]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\jmloftis\AppData\Local\XDM\xdmff => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-96689548-2535591333-3550804405-1000: @citrixonline.com/appdetectorplugin -> C:\Users\jmloftis\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-07] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default [2016-12-12]
CHR Extension: (Google Slides) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-24]
CHR Extension: (Flash Video Downloader) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-12-09]
CHR Extension: (LeadFuze - Sales Prospecting Tool) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ameidhagnfddjaleejfpigojomffoigm [2016-12-09]
CHR Extension: (Google Docs) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-24]
CHR Extension: (Google Drive) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-24]
CHR Extension: (Google Search) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Facebook Pixel Helper) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2016-12-09]
CHR Extension: (Google Sheets) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-21]
CHR Extension: (Aliexpress Assistant - Price Tracker) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihlaoogegdjakmdbpbilijdghoggkim [2016-12-09]
CHR Extension: (100K Factory Ultra Edition) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaifpfmikklhkkmhcmbnpfbfclphibia [2016-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-21]
CHR Extension: (Gmail) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-11] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-17] (Dropbox, Inc.)
S2 DbxSvc; C:\windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)
S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
S2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [344168 2016-01-14] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-13] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-13] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 9680941D6; C:\windows\System32\drivers\9680941D6.sys [478392 2016-12-11] (Kaspersky Lab ZAO)
S3 Apowersoft_AudioDevice; C:\windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-12-11] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [37144 2016-12-12] (AVAST Software)
S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-12-11] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-12-11] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-11] (AVAST Software)
S1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-12-11] (AVAST Software)
S1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-12-11] (AVAST Software)
S2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-12-11] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-11] (AVAST Software)
S3 ccSet_NARA; C:\windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] ()
S3 GeneStor; C:\windows\System32\DRIVERS\GeneStor.sys [60928 2016-01-14] (GenesysLogic)
S1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-24] (REALiX™)
R0 iaStorF; C:\windows\System32\DRIVERS\iaStorF.sys [31712 2016-08-30] (Intel Corporation)
R3 L1C; C:\windows\System32\DRIVERS\L1C62x64.sys [129224 2016-01-14] (Qualcomm Atheros Co., Ltd.)
R3 MEIx64; C:\windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-08-30] (Intel Corporation)
S3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [32936 2016-01-14] (Synaptics Incorporated)
S3 Tosrfcom; no ImagePath
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-12-10] ()
S3 cpuz134; \??\C:\Users\jmloftis\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 npf; \??\C:\windows\system32\drivers\npf.sys [X]
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 23:25 - 2016-12-12 23:26 - 00021752 _____ C:\Users\jmloftis\Downloads\FRST.txt
2016-12-12 23:24 - 2016-12-12 23:25 - 00000000 ____D C:\FRST
2016-12-12 23:10 - 2016-12-12 23:10 - 00018014 _____ C:\Users\jmloftis\Desktop\cc_20161212_230959.reg
2016-12-12 21:23 - 2016-12-12 21:23 - 00098978 _____ C:\Users\jmloftis\Documents\IAAC_finra_firm_10645.pdf
2016-12-12 16:40 - 2016-12-12 16:42 - 02420224 _____ (Farbar) C:\Users\jmloftis\Downloads\FRST64.exe
2016-12-12 15:47 - 2016-12-12 15:47 - 00451707 _____ C:\Users\jmloftis\Desktop\John Gibb_TINY Overview.pdf
2016-12-12 14:52 - 2016-12-12 16:37 - 142028041 _____ C:\Users\jmloftis\Desktop\John Gibb_30 Miliion Visitors In December 2016.mp4
2016-12-12 14:07 - 2016-12-12 14:07 - 00293559 _____ C:\Users\jmloftis\Desktop\18-months-2-blogs-six-figures.pdf
2016-12-12 13:02 - 2016-12-12 21:07 - 00003896 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1481518964
2016-12-12 13:02 - 2016-12-12 13:02 - 00001054 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-12-12 13:02 - 2016-12-12 13:02 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-12 13:01 - 2016-12-12 13:01 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-12-12 02:09 - 2016-12-12 02:09 - 00001806 _____ C:\Users\jmloftis\Desktop\cc_20161212_020944.reg
2016-12-12 01:36 - 2016-12-12 01:45 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-12 01:36 - 2016-12-12 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-12 01:36 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-12-12 01:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-12-12 01:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-12-12 01:12 - 2016-12-12 01:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\jmloftis\Downloads\HijackThis.exe
2016-12-11 23:38 - 2016-12-11 23:52 - 14206800 _____ C:\Users\jmloftis\Desktop\How to Remove Computer Virus Without Antivirus Program _ without using any antivirus New 2016.mp4
2016-12-11 23:37 - 2016-12-11 23:53 - 06022792 _____ C:\Users\jmloftis\Desktop\How to detect a virus.mp4
2016-12-11 22:17 - 2016-12-11 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-12-11 22:17 - 2016-12-11 22:17 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-11 22:15 - 2016-12-11 22:23 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-11 22:06 - 2016-12-11 22:15 - 11581544 _____ (SurfRight B.V.) C:\Users\jmloftis\Downloads\HitmanPro_x64.exe
2016-12-11 19:36 - 2016-12-11 19:36 - 00003041 _____ C:\Users\jmloftis\Desktop\Malwarebytes_File_Potential Treats_12_10_2016.txt
2016-12-11 19:16 - 2016-12-11 19:16 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\AVAST Software
2016-12-11 19:15 - 2016-12-11 19:15 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-12-11 19:15 - 2016-12-11 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-12-11 19:10 - 2016-12-11 19:12 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-12-11 19:10 - 2016-12-11 19:12 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-12-11 19:10 - 2016-12-11 19:12 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-12-11 19:10 - 2016-12-11 19:10 - 00000350 ____H C:\windows\Tasks\avast! Emergency Update.job
2016-12-11 19:10 - 2016-12-11 19:09 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-12-11 19:09 - 2016-12-11 19:09 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-12-11 19:09 - 2016-12-11 19:09 - 00053208 _____ (AVAST Software) C:\windows\avastSS.scr
2016-12-11 18:29 - 2016-12-12 13:01 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-11 18:18 - 2016-10-05 06:39 - 01631928 _____ (Malwarebytes) C:\Users\jmloftis\Desktop\JRT.exe
2016-12-11 16:50 - 2016-12-11 16:50 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Curiolab
2016-12-11 16:45 - 2016-12-11 18:13 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2016-12-11 16:45 - 2016-12-11 16:45 - 00001092 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2016-12-11 16:45 - 2016-12-11 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2016-12-11 16:31 - 2016-12-11 16:42 - 15637544 _____ (CURIOLAB S.M.B.A.) C:\Users\jmloftis\Downloads\ExterminateItSetup.exe
2016-12-11 15:48 - 2016-12-12 22:40 - 00004566 _____ C:\Users\jmloftis\Desktop\Kaspersky Dec 11 Scan Result.txt
2016-12-11 14:37 - 2016-12-11 14:37 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\ProductData
2016-12-11 14:36 - 2016-12-11 14:38 - 00000000 ____D C:\ProgramData\ProductData
2016-12-11 14:35 - 2016-12-11 14:35 - 00478392 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\9680941D6.sys
2016-12-11 13:48 - 2016-12-11 17:35 - 00000000 ____D C:\KVRT_Data
2016-12-11 13:13 - 2016-12-11 13:13 - 00000000 ____D C:\Program Files (x86)\Zone Labs
2016-12-11 13:12 - 2016-12-11 13:12 - 00000000 ____D C:\windows\Internet Logs
2016-12-11 12:24 - 2016-12-11 13:47 - 103531352 _____ (Kaspersky Lab ZAO) C:\Users\jmloftis\Downloads\KVRT.exe
2016-12-10 23:35 - 2016-12-10 23:35 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-10 23:15 - 2016-12-10 23:14 - 00969560 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.148138423840207
2016-12-10 23:15 - 2016-12-10 23:14 - 00513496 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.148138424542210
2016-12-10 23:15 - 2016-12-10 23:14 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys.148138424904112
2016-12-10 22:52 - 2016-12-10 22:59 - 08004763 _____ C:\Users\jmloftis\Desktop\How to remove Verecno _ googleupdate.a3x startup error.mp4
2016-12-10 22:19 - 2016-12-10 22:19 - 00003041 _____ C:\Users\jmloftis\Documents\Malwarebytes_File_Potential Treats_12_10_2016.txt
2016-12-10 22:12 - 2016-12-12 13:01 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-10 22:07 - 2016-12-10 22:12 - 06253640 _____ (AVAST Software) C:\Users\jmloftis\Downloads\avast_free_antivirus_setup_online_cnet_1.exe
2016-12-10 20:33 - 2016-12-11 16:44 - 00000000 ____D C:\ProgramData\TEMP
2016-12-10 20:33 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCTL.OCX
2016-12-10 20:33 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL
2016-12-10 20:12 - 2016-12-10 20:16 - 04291320 _____ (BrightFort LLC ) C:\Users\jmloftis\Downloads\spywareblastersetup55.exe
2016-12-10 19:24 - 2016-12-10 20:17 - 00000000 ____D C:\Users\jmloftis\AppData\Local\IIIQF
2016-12-10 15:24 - 2016-12-10 15:42 - 00000000 ____D C:\Users\jmloftis\Desktop\Adam Short NPFC
2016-12-10 14:22 - 2016-12-10 15:19 - 00000000 ____D C:\Users\jmloftis\Desktop\Dec 2016
2016-12-10 14:16 - 2016-12-10 14:21 - 00000000 ____D C:\Users\jmloftis\Desktop\100K Factory Videos
2016-12-10 13:00 - 2016-12-10 13:00 - 00458363 _____ C:\Users\jmloftis\Documents\Avalara-Tax Software_ecommerce-brochure-1.1.pdf
2016-12-10 12:58 - 2016-12-10 12:58 - 09358257 _____ C:\Users\jmloftis\Documents\Borial Plot_Harley-Investment-Brochure-BLEED.pdf
2016-12-10 02:43 - 2016-12-10 02:43 - 00001690 _____ C:\Users\jmloftis\Documents\cc_20161210_024342.reg
2016-12-10 02:39 - 2016-12-10 02:39 - 00003272 ____N C:\bootsqm.dat
2016-12-10 00:53 - 2016-12-10 01:17 - 34190992 _____ (Adlice Software ) C:\Users\jmloftis\Downloads\RogueKiller.exe
2016-12-10 00:44 - 2016-12-10 00:47 - 03968464 _____ C:\Users\jmloftis\Downloads\adwcleaner.exe
2016-12-09 23:49 - 2016-12-09 23:49 - 00085786 _____ C:\Users\jmloftis\Documents\Nick Loper_50 Outsource Writers-20k-in-Monthly-Recurring-Revenue.compressed.pdf
2016-12-09 23:43 - 2016-12-09 23:43 - 05886224 _____ C:\Users\jmloftis\Documents\Jim_Book -Emotions Handbook.pdf
2016-12-09 23:04 - 2016-12-10 00:24 - 00000000 ____D C:\Program Files\Plumbytes Software
2016-12-09 20:33 - 2016-12-09 21:09 - 22851472 _____ (Malwarebytes ) C:\Users\jmloftis\Downloads\mbam-setup-FileHippo.19901-2.2.1.1043.exe
2016-12-09 18:13 - 2016-12-12 22:03 - 00000000 ___HD C:\Users\jmloftis\AppData\Roaming\wrvib
2016-12-09 16:54 - 2016-12-09 16:54 - 00466788 _____ C:\Users\jmloftis\Documents\Instant Cash Explosion_ 3k per month.pdf
2016-12-09 16:38 - 2016-12-09 16:38 - 00194822 _____ C:\Users\jmloftis\Documents\Sean Mize_Designing-Your-Personal-Blueprint.pdf
2016-12-08 23:14 - 2016-12-08 23:14 - 01809046 _____ C:\Users\jmloftis\Documents\Cadd_Banish Man Boobs (Gynecomastia) With No Drugs or Surgery.pdf
2016-12-08 23:07 - 2016-12-08 23:07 - 00692102 _____ C:\Users\jmloftis\Documents\Cadd_How To Eliminate ManBoobs.pdf
2016-12-08 21:51 - 2016-12-08 22:12 - 22289894 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack3_Buying Intent Keyword trends for Niche Site Formula Students.mp4
2016-12-08 21:49 - 2016-12-08 22:36 - 47444164 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack4_Know Your Competion... Stop Playing Niche Affiliate Marketing Blind Folded!.mp4
2016-12-08 21:09 - 2016-12-08 21:31 - 08387417 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack2 latest.mp4
2016-12-08 20:58 - 2016-12-08 20:58 - 00889344 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack0_MasterChart-Individual Tabs - 20082014.pmd
2016-12-08 20:46 - 2016-12-08 20:59 - 18020422 _____ C:\Users\jmloftis\Documents\John Gibb_Data Packs1 new.mp4
2016-12-08 20:14 - 2016-12-08 20:14 - 00531141 _____ C:\Users\jmloftis\Documents\John Gibb_Welcome To NSF.pdf
2016-12-08 20:11 - 2016-12-08 20:11 - 02428046 _____ C:\Users\jmloftis\Documents\John Gibb_NSF Niche Research Manual.pdf
2016-12-08 02:17 - 2016-12-08 02:17 - 23400187 _____ C:\Users\jmloftis\Desktop\Justin Brooke_Ultimate Email Example Guide.pdf
2016-12-07 21:59 - 2016-12-07 21:59 - 04531807 _____ C:\Users\jmloftis\Documents\4 Hour Body Cheat Sheet.pdf
2016-12-07 21:53 - 2016-12-07 21:53 - 01783937 _____ C:\Users\jmloftis\Documents\Aidan Booth_Textbook_Arbitrage-eComSystem-Cliff-Notes.pdf
2016-12-07 21:49 - 2016-12-07 21:49 - 18373157 _____ C:\Users\jmloftis\Documents\Russel Brunson_Funnel-Hacks-Cliff-Notes.pdf
2016-12-07 21:46 - 2016-12-07 21:46 - 01365129 _____ C:\Users\jmloftis\Documents\MIKE MICHALOWICZ_Profit First_Overview OneSheet_R2.pdf
2016-12-07 21:34 - 2016-12-07 21:34 - 02999709 _____ C:\Users\jmloftis\Documents\Jay Boyer_ASM-Insiders-Guide.pdf
2016-12-07 21:30 - 2016-12-07 21:30 - 02002171 _____ C:\Users\jmloftis\Documents\Jay Boyer_Pinterest Viral Traffic to Amazon Product.pdf
2016-12-07 21:26 - 2016-12-07 21:26 - 06422268 _____ C:\Users\jmloftis\Documents\Jay Boyer_Youtube Money 9-ways.pdf
2016-12-07 21:20 - 2016-12-07 21:20 - 04436026 _____ C:\Users\jmloftis\Documents\Jay Boyer_Zero-Content-Books.pdf
2016-12-07 21:11 - 2016-12-07 21:11 - 01287797 _____ C:\Users\jmloftis\Documents\Jay Boyer_Money-Niches.pdf
2016-12-07 21:08 - 2016-12-07 21:08 - 04170491 _____ C:\Users\jmloftis\Documents\Jay Boyer_Leverage Linkedin To Sell.pdf
2016-12-07 20:59 - 2016-12-07 20:59 - 02956598 _____ C:\Users\jmloftis\Documents\Jay Boyer_Instagram.pdf
2016-12-07 20:57 - 2016-12-07 20:57 - 02509488 _____ C:\Users\jmloftis\Documents\Instagram+Tools+Guide.pdf
2016-12-07 20:54 - 2016-12-07 20:54 - 02646849 _____ C:\Users\jmloftis\Documents\Jay Boyer_2,057hr on Fiverr.pdf
2016-12-07 20:50 - 2016-12-07 20:50 - 02839521 _____ C:\Users\jmloftis\Documents\Jay Boyer_30 Books in 30 Days_wordbotic.pdf
2016-12-07 20:46 - 2016-12-07 20:46 - 03019804 _____ C:\Users\jmloftis\Documents\Jay Boyer_Jason Fladlien_ASM.pdf
2016-12-07 20:43 - 2016-12-07 20:43 - 00810354 _____ C:\Users\jmloftis\Documents\Jay Boyer_First 1k Cheat Sheet.pdf
2016-12-07 20:41 - 2016-12-07 20:41 - 02384224 _____ C:\Users\jmloftis\Documents\Jay Boyer_Zero Cost Marketing Secrets.pdf
2016-12-07 20:36 - 2016-12-07 20:36 - 00528186 _____ C:\Users\jmloftis\Desktop\Aidan Booth_OutsourcingBlueprint.pdf
2016-12-06 18:41 - 2016-12-06 20:51 - 157998350 _____ C:\Users\jmloftis\Desktop\Todd Herman _v2 - 90 Day Achievement Engine.mp4
2016-12-06 16:29 - 2016-12-06 16:58 - 35646523 _____ C:\Users\jmloftis\Desktop\Never Work Again - On The Beach - Phil Town.mp4
2016-12-06 15:03 - 2016-12-06 16:00 - 77692926 _____ C:\Users\jmloftis\Desktop\Never Work Again_Adam Markel_Phil Town!.mp4
2016-12-05 16:18 - 2016-12-05 16:18 - 00531129 _____ C:\Users\jmloftis\Desktop\John Gibb_Welcome NSF.pdf
2016-12-03 23:13 - 2016-12-03 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-03 22:17 - 2016-12-03 22:24 - 02725703 _____ C:\Users\jmloftis\Desktop\Niche Site Formula!.mp4
2016-12-03 21:32 - 2016-12-03 21:32 - 00115200 _____ C:\Users\jmloftis\Documents\Optin Page Audit.pmd
2016-12-02 23:06 - 2016-12-02 23:06 - 00488130 _____ C:\Users\jmloftis\Desktop\BiteSize_Entrepreneurs_Guide_to_Info_Product_Marketing.pdf
2016-12-02 21:26 - 2016-12-02 21:26 - 00175072 _____ C:\Users\jmloftis\Documents\Philip Fisher_3Checklist-People-elements.pdf
2016-12-02 21:24 - 2016-12-02 21:24 - 00212313 _____ C:\Users\jmloftis\Documents\Philip Fisher_2Checklist-Functional-elements.pdf
2016-12-02 21:20 - 2016-12-02 21:20 - 00169847 _____ C:\Users\jmloftis\Documents\Philip Fisher_1 Checklist-Business-characteristics.pdf
2016-12-02 21:17 - 2016-12-02 21:17 - 00101804 _____ C:\Users\jmloftis\Documents\Side-Hustle_Legal Online Business-Questions-Answered.compressed.pdf
2016-12-02 15:58 - 2016-12-02 15:58 - 00903190 _____ C:\Users\jmloftis\Documents\Eugene Schwartz_127_Winning_Advertising_Headlines-1.pdf
2016-12-02 15:43 - 2016-12-02 15:43 - 00382744 _____ C:\Users\jmloftis\Documents\Bill Baren_YES-ConversationsThat Sell.pdf
2016-12-01 22:10 - 2016-12-01 22:10 - 02813042 _____ C:\Users\jmloftis\Documents\JJ_super-affiliate.pdf
2016-12-01 13:36 - 2016-12-01 13:36 - 04868685 _____ C:\Users\jmloftis\Documents\Dan Raine-Report-Gold-Issue-1.pdf
2016-12-01 01:04 - 2016-12-01 01:04 - 05038021 _____ C:\Users\jmloftis\Documents\Fred-Lam_Starting-From-Zero-eBook.pdf
2016-12-01 00:28 - 2016-12-01 00:28 - 02397656 _____ C:\Users\jmloftis\Desktop\NMD-REPORT-WEB-April15-v2.pdf
2016-11-30 21:45 - 2016-11-30 21:45 - 00259259 _____ C:\Users\jmloftis\Documents\Bill Baren_List-Building-Blueprint.pdf
2016-11-30 21:43 - 2016-11-30 21:43 - 02381327 _____ C:\Users\jmloftis\Documents\Bill Baren_Yes Map.pdf
2016-11-30 21:41 - 2016-11-30 21:41 - 00395066 _____ C:\Users\jmloftis\Documents\Bill Baren_Life-One-Year-Road-Map.pdf
2016-11-30 14:20 - 2016-11-30 14:20 - 05925989 _____ C:\Users\jmloftis\Documents\A-B-Testing-Marketo.pdf
2016-11-29 19:17 - 2016-11-29 19:17 - 00676456 _____ C:\Users\jmloftis\Desktop\Jimmy D Brown_Eearncome_3-Shifts-To-An-Extra-3K-Per-Week.pdf
2016-11-29 19:11 - 2016-11-29 19:11 - 00500032 _____ C:\Users\jmloftis\Desktop\Jimmy D Brown_Earncome_Shortcut To Creating Products-module31.pdf
2016-11-29 19:10 - 2016-11-29 19:10 - 01089330 _____ C:\Users\jmloftis\Desktop\Jimmy D Brown_Earncome_Ideas People Want To Read About-module35.pdf
2016-11-29 19:01 - 2016-11-29 19:01 - 00012830 _____ C:\Users\jmloftis\Documents\USAA_20161028_BANK_four_star_checking_4280.pdf
2016-11-29 18:37 - 2016-11-29 18:37 - 00000000 ___DX C:\Users\jmloftis\Desktop\Small Reports__MACOSX
2016-11-29 16:10 - 2016-11-29 16:10 - 03392512 _____ C:\Users\jmloftis\Desktop\FEED A STARVING CROWD-book-v2.pdf
2016-11-28 22:05 - 2016-11-28 22:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2016-11-28 22:05 - 2016-11-28 22:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2016-11-28 22:05 - 2016-11-28 22:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2016-11-28 22:05 - 2016-11-28 22:05 - 00042096 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2016-11-28 21:32 - 2016-11-28 21:32 - 00707709 _____ C:\Users\jmloftis\Documents\INVESTING-101-COURSE-OUTLINE.pdf
2016-11-28 15:37 - 2016-11-28 15:37 - 00043602 _____ C:\Users\jmloftis\Documents\Philippines Real Estate Legal and Documentary Requirements.tmd
2016-11-28 15:06 - 2016-11-28 15:06 - 02793260 _____ C:\Users\jmloftis\Documents\Seth Godin_What-Matters-Now-2.pdf
2016-11-27 23:26 - 2016-11-27 23:26 - 00797152 _____ C:\Users\jmloftis\Desktop\Power_Over_Panic.pdf
2016-11-27 23:20 - 2016-11-27 23:20 - 01492441 _____ C:\Users\jmloftis\Desktop\Affiliate Panic Away ebook.pdf
2016-11-26 17:16 - 2016-12-11 17:36 - 00000000 _RSHD C:\Skypee
2016-11-26 17:15 - 2016-12-11 17:36 - 00000000 _RSHD C:\Google
2016-11-26 16:41 - 2016-11-26 16:41 - 00001588 _____ C:\Users\jmloftis\Desktop\Sewing Machine1.txt
2016-11-26 16:32 - 2016-11-26 16:32 - 00003276 _____ C:\Users\jmloftis\Desktop\Cadd_American Lierature.txt
2016-11-26 15:21 - 2016-11-26 15:21 - 00004071 _____ C:\Users\jmloftis\Desktop\Cadd_Editorial.txt
2016-11-26 13:40 - 2016-11-26 13:40 - 00305748 _____ C:\Users\jmloftis\Documents\Creating-Editorial Article-Newspaper.pdf
2016-11-25 18:18 - 2016-11-25 19:50 - 61415402 _____ C:\Users\jmloftis\Desktop\Tom Poland_5Day Five of Five Day Leadsology® Boot Camp.mp4
2016-11-25 16:08 - 2016-11-25 17:16 - 69916844 _____ C:\Users\jmloftis\Desktop\Tom Poland_4Day Four of Five Day Leadsology® Boot Camp.mp4
2016-11-25 15:27 - 2016-11-25 15:27 - 00519079 _____ C:\Users\jmloftis\Documents\Tom Poland_Definitive Guide To Outsourcing To Asia For Leadsology.pdf
2016-11-25 14:43 - 2016-11-25 14:43 - 01409685 _____ C:\Users\jmloftis\Desktop\John Gibb_DOMINATE-GOOGLE.pdf
2016-11-25 00:09 - 2016-11-25 02:08 - 171136508 _____ C:\Users\jmloftis\Desktop\Clickfunnels Certification Webinar.mp4
2016-11-24 23:57 - 2016-11-24 23:57 - 01674577 _____ C:\Users\jmloftis\Desktop\Copywriting.pdf
2016-11-24 23:53 - 2016-11-24 23:53 - 24733528 _____ C:\Users\jmloftis\Desktop\Neil Patel_Definitive-Guide-to-Growth-Hacking.pdf
2016-11-24 23:20 - 2016-11-24 23:20 - 01037115 _____ C:\Users\jmloftis\Desktop\Viral-Content-Hacks.pdf
2016-11-24 22:26 - 2016-11-24 22:26 - 01606863 _____ C:\Users\jmloftis\Desktop\John Gibb_Health Niche Success_ebook.pdf
2016-11-24 22:25 - 2016-11-24 22:25 - 00289455 _____ C:\Users\jmloftis\Desktop\101-High-Paying-Affiliate-Programs-Final.pdf
2016-11-24 22:17 - 2016-11-24 22:17 - 00402152 _____ C:\Users\jmloftis\Documents\John Gibb_Assessing-Your-SEO-Situation-By-John-Gibb.pdf
2016-11-24 19:34 - 2016-11-24 19:34 - 00199608 _____ C:\Users\jmloftis\Documents\Eben Pagan_Virtual CEO 7 Modules Summary.pdf
2016-11-24 14:39 - 2016-11-24 15:41 - 80645509 _____ C:\Users\jmloftis\Desktop\Tom Poland_3Day Three of Five day Leadsology® Boot Camp - November 2016.mp4
2016-11-23 16:31 - 2016-11-23 16:44 - 08139496 _____ C:\Users\jmloftis\Desktop\Adwords account 2016.mp4
2016-11-23 16:28 - 2016-11-23 16:28 - 03351624 _____ C:\Users\jmloftis\Documents\Simpleology_Singularity.pdf
2016-11-23 14:57 - 2016-11-23 16:10 - 70128267 _____ C:\Users\jmloftis\Desktop\Tom Poland_2Day Two of Five Day Leadsology® Boot Camp - November 2016.mp4
2016-11-23 13:22 - 2016-11-23 13:22 - 05043965 _____ C:\Users\jmloftis\Desktop\HubSpot_LinkedIn_How_to_Become_an_Influencer_in_Your_Industry.pdf
2016-11-22 13:20 - 2016-11-22 13:45 - 21865523 _____ C:\Users\jmloftis\Desktop\Dan Martel_How To Market Against Established Competitors _ Dan Martell.mp4
2016-11-21 23:35 - 2016-11-21 23:35 - 00934029 _____ C:\Users\jmloftis\Desktop\Tom Poland_Working_Summary_V7e.pdf
2016-11-21 23:29 - 2016-11-21 23:30 - 02486139 _____ C:\Users\jmloftis\Desktop\Tom Poland_Your Extraordinary Life Book.pdf
2016-11-21 17:23 - 2016-11-21 18:16 - 70812096 _____ C:\Users\jmloftis\Desktop\Tom Poland_1Day One of Five Day Leadsology® Boot Camp - November 2016.mp4
2016-11-21 02:45 - 2016-11-21 02:45 - 00001554 _____ C:\Users\jmloftis\Documents\cc_20161121_024459.reg
2016-11-21 02:28 - 2016-11-21 02:28 - 00000000 ____D C:\Users\jmloftis\AppData\Local\{738445D8-572C-2960-3AB4-0C881EDCF010}
2016-11-21 02:27 - 2016-11-21 12:56 - 00000000 ____D C:\Users\jmloftis\AppData\Local\chromium
2016-11-21 02:03 - 2016-12-12 23:17 - 00000000 ____D C:\Users\jmloftis\AppData\LocalLow\Mozilla
2016-11-21 01:48 - 2016-10-11 23:45 - 00077424 _____ (eagleGet) C:\windows\system32\Drivers\eagleGet.update
2016-11-21 01:00 - 2016-11-21 01:00 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Subhra Das Gupta
2016-11-20 23:53 - 2016-11-20 23:53 - 00000000 ____D C:\Users\jmloftis\Documents\Apowersoft
2016-11-20 23:53 - 2016-11-20 23:53 - 00000000 ____D C:\Users\jmloftis\AppData\Local\CEF
2016-11-20 16:39 - 2016-11-20 16:39 - 00439668 _____ C:\Users\jmloftis\Documents\Marlon Sanders_80 20 whirlwind.pdf
2016-11-20 16:25 - 2016-12-02 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-20 01:09 - 2016-11-20 01:09 - 04399738 _____ C:\Users\jmloftis\Documents\Jay Boyer_Anik Build a Powerful Email List.pdf
2016-11-19 14:40 - 2016-11-19 14:40 - 00231519 _____ C:\Users\jmloftis\Documents\Danny Inny_Blog Post Checklist.pdf
2016-11-19 01:18 - 2016-11-19 01:18 - 00035405 _____ C:\Users\jmloftis\Desktop\AWAI_Money Making Website.pdf
2016-11-19 01:07 - 2016-11-19 01:07 - 04118747 _____ C:\Users\jmloftis\Documents\IL_FYL+Information+Pack.pdf
2016-11-18 16:37 - 2016-11-18 16:37 - 00087704 _____ C:\Users\jmloftis\Documents\Case Study_Five Dollar Dinners-Recurring-Revenue.compressed.pdf
2016-11-17 20:39 - 2016-11-17 20:39 - 00323185 _____ C:\Users\jmloftis\Documents\Simpleology_60-Second-Success-Reconditioner.pdf
2016-11-16 15:41 - 2016-11-16 15:41 - 00011318 _____ C:\Users\jmloftis\Desktop\Paypal USD PHP Conversion.tmd
2016-11-16 14:57 - 2016-11-16 14:57 - 01909433 _____ C:\Users\jmloftis\Documents\Jim book_Connection Algorithm.pdf
2016-11-16 14:56 - 2016-11-16 14:56 - 01217454 _____ C:\Users\jmloftis\Documents\Danny Inny_Success Mindset.pdf
2016-11-15 16:34 - 2016-11-15 16:34 - 06599119 _____ C:\Users\jmloftis\Desktop\Hustle_eBook.pdf
2016-11-14 03:08 - 2016-11-14 03:08 - 00000996 _____ C:\Users\jmloftis\Documents\cc_20161114_030814.reg
2016-11-13 22:36 - 2016-11-13 22:36 - 02857406 _____ C:\Users\jmloftis\Documents\Adrian Morrison_Second-Business.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 23:15 - 2015-02-28 19:11 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Wise Disk Cleaner
2016-12-12 22:51 - 2016-01-22 13:42 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-12-12 22:46 - 2016-02-24 00:28 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-12 22:46 - 2016-02-24 00:28 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-12 22:45 - 2016-05-17 19:48 - 00000912 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-12 22:28 - 2016-02-03 13:27 - 00371455 _____ C:\Users\jmloftis\Documents\Dan Pena.tmd
2016-12-12 22:25 - 2016-02-03 13:27 - 00371455 _____ C:\Users\jmloftis\Documents\Dan Pena.bak
2016-12-12 20:24 - 2009-07-14 12:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-12 20:24 - 2009-07-14 12:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-12 20:22 - 2009-07-14 13:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-12 20:22 - 2009-07-14 11:20 - 00000000 ____D C:\windows\inf
2016-12-12 20:18 - 2016-05-17 19:55 - 00000000 ___RD C:\Users\jmloftis\Dropbox
2016-12-12 20:17 - 2016-07-21 17:57 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Skype
2016-12-12 20:16 - 2016-05-17 19:48 - 00000908 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-12 20:16 - 2016-01-14 23:26 - 00000000 __SHD C:\Users\jmloftis\IntelGraphicsProfiles
2016-12-12 20:16 - 2015-07-30 21:12 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-12-12 20:16 - 2009-07-14 13:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-12-12 15:55 - 2016-01-07 15:50 - 00156184 _____ C:\Users\jmloftis\Documents\NPFC.tmd
2016-12-12 14:29 - 2016-01-07 15:50 - 00155904 _____ C:\Users\jmloftis\Documents\NPFC.bak
2016-12-12 01:36 - 2015-07-29 21:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-12 01:04 - 2015-07-29 18:50 - 00000000 ____D C:\AdwCleaner
2016-12-11 22:42 - 2015-12-29 22:36 - 00122246 _____ C:\Users\jmloftis\Desktop\INFO after.txt
2016-12-11 20:24 - 2016-07-21 17:52 - 00000000 ____D C:\ProgramData\Skype
2016-12-11 20:23 - 2016-07-21 17:52 - 00000000 ____D C:\Program Files (x86)\Skype
2016-12-11 18:12 - 2016-01-13 16:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2016-12-11 17:36 - 2014-03-20 04:45 - 00000000 ____D C:\TOSHIBA
2016-12-11 16:06 - 2015-02-28 18:51 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-11 14:34 - 2015-02-28 18:52 - 00000000 ____D C:\ProgramData\IObit
2016-12-11 14:34 - 2015-02-28 18:51 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\IObit
2016-12-10 22:20 - 2009-07-14 11:20 - 00000000 ____D C:\windows\PLA
2016-12-10 21:38 - 2016-04-09 12:36 - 00000000 ____D C:\windows\Minidump
2016-12-10 21:35 - 2016-01-13 16:09 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-12-10 21:25 - 2013-10-16 07:35 - 00774404 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-12-10 20:34 - 2009-07-14 11:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2016-12-10 20:34 - 2009-07-14 11:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2016-12-10 13:45 - 2016-08-11 12:15 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Wise Euask
2016-12-10 13:10 - 2009-07-14 13:08 - 00032618 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-12-10 01:56 - 2015-04-02 13:24 - 85483520 _____ C:\windows\system32\config\SOFTWARE.iodefrag.bak
2016-12-10 01:56 - 2015-04-02 13:24 - 00249856 _____ C:\windows\system32\config\DEFAULT.iodefrag.bak
2016-12-10 01:56 - 2015-04-02 13:24 - 00024576 _____ C:\windows\system32\config\SECURITY.iodefrag.bak
2016-12-10 01:56 - 2015-04-02 13:24 - 00024576 _____ C:\windows\system32\config\SAM.iodefrag.bak
2016-12-09 21:24 - 2016-01-07 09:03 - 00000000 ____D C:\Users\jmloftis\AppData\Local\Citrix
2016-12-05 00:14 - 2009-07-14 11:20 - 00000000 ____D C:\windows\system32\NDF
2016-12-03 23:13 - 2016-05-17 19:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-02 14:55 - 2015-12-31 14:47 - 55349248 _____ C:\windows\system32\config\COMPONENTS.iodefrag.bak
2016-12-02 14:44 - 2015-07-31 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-29 18:37 - 2014-03-13 16:18 - 03398392 _____ C:\Users\jmloftis\Desktop\_Small-Reports-Fortune-2-0.pdf
2016-11-29 18:36 - 2014-03-24 07:48 - 00281319 _____ C:\Users\jmloftis\Documents\bonus2-ideas.pdf
2016-11-29 18:36 - 2014-03-24 07:48 - 00281319 _____ C:\Users\jmloftis\Desktop\bonus2-ideas.pdf
2016-11-29 18:36 - 2014-03-13 16:29 - 00281054 _____ C:\Users\jmloftis\Documents\bonus4-improve.pdf
2016-11-29 18:36 - 2014-03-13 16:29 - 00281054 _____ C:\Users\jmloftis\Desktop\bonus4-improve.pdf
2016-11-29 18:36 - 2014-03-13 16:26 - 00297935 _____ C:\Users\jmloftis\Documents\bonus3-promotion.pdf
2016-11-29 18:36 - 2014-03-13 16:26 - 00297935 _____ C:\Users\jmloftis\Desktop\bonus3-promotion.pdf
2016-11-29 18:36 - 2014-03-13 16:21 - 00247061 _____ C:\Users\jmloftis\Documents\bonus1-checklist.pdf
2016-11-29 18:36 - 2014-03-13 16:21 - 00247061 _____ C:\Users\jmloftis\Desktop\bonus1-checklist.pdf
2016-11-29 18:36 - 2014-03-13 16:18 - 03398392 _____ C:\Users\jmloftis\Documents\_Small-Reports-Fortune-2-0.pdf
2016-11-29 12:40 - 2016-05-17 19:48 - 00003908 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 12:40 - 2016-05-17 19:48 - 00003656 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-26 17:16 - 2014-03-20 04:03 - 00000000 ____D C:\Intel
2016-11-20 23:55 - 2016-02-24 12:04 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Apowersoft
2016-11-16 15:46 - 2016-02-24 00:46 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-16 15:46 - 2016-02-24 00:46 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-16 12:40 - 2016-01-03 23:04 - 00000000 ____D C:\Users\jmloftis\Documents\SoftMaker
2016-11-16 12:25 - 2016-04-10 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-16 12:25 - 2016-04-10 15:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit

==================== Files in the root of some directories =======

2015-07-27 18:36 - 2015-07-29 15:17 - 0000102 _____ () C:\Users\jmloftis\AppData\Roaming\WB.CFG
2016-09-05 15:57 - 2016-09-05 15:57 - 0000003 _____ () C:\Users\jmloftis\AppData\Local\updater.log
2016-09-05 15:58 - 2016-09-05 23:52 - 0000424 _____ () C:\Users\jmloftis\AppData\Local\UserProducts.xml
2016-07-29 14:22 - 2016-07-29 14:22 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{2C7171BA-49A8-4ABA-8DE4-6D2061768634}
2016-09-18 16:26 - 2016-09-18 16:27 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{730CEA39-206A-4BC6-9B44-851720AACA71}
2016-03-16 14:16 - 2016-03-16 14:17 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{8D6FC585-049C-4C5D-8BC2-0F6DB25C9ABF}
2016-07-07 16:06 - 2016-07-07 16:06 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{B60A03D4-8345-4CE8-A5CE-4AE36E34075B}
2016-09-17 12:23 - 2016-09-17 12:23 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{C3367165-3704-4A8A-9CB2-F9652A1C90EC}
2016-09-17 12:23 - 2016-09-17 12:23 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{EF044512-92EC-464F-A97E-F8B41640E3B9}
2016-09-18 16:27 - 2016-09-18 16:27 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{F96ED809-0330-4E8B-96F6-088089C3A76A}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-10 17:49

==================== End of FRST.txt ============================


______________________________HijackThis Log Below_____________________________


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:13:10 AM, on 12/12/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17606)

FIREFOX: 50.0.2 (x86 en-US)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\jmloftis\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TEJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - (no file)
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [AntiWormUpdate] C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x
O4 - HKCU\..\Run: [AntiUsbWorm] C:\windows\system32\cmd.exe /c start C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x  & exit
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Start.lnk = ?
O4 - Global Startup: Start.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{67F4AA9A-E231-41CB-8C34-85B12B30D701}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10342 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:55 AM

Posted 13 December 2016 - 08:38 AM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

 

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

2.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 ExpatJim

ExpatJim
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 14 December 2016 - 10:41 AM

Hi fireman4it,

 

First, I am most grateful for your help.

 

The virus/worm/malware on my notebook is severe and aggressive.

 

I have been unable to access forum URLs that both you and nasdaq had responded to with links in my email.

 

Both Firefox and then (I tried) Avast... browsers... got blocked upon trying to reach the specific extended URL links in my email. Copy/paste or clicking them triggered a reset not reaching the forum thread every time. Not a browser add-on problem, but I had noticed the worm/virus/malware attacks some files, like the heur.txt file I made yesterday, with HEUR file name maybe it goes after targeting destroying file names of malware related content or resetting a browser for anything with text names or words related any virus, like the URL extension beginning with HEUR in this forum thread.

 

 

I had to send a non-forum message to boompe to explain what's going on (please touch base with boopme).

 

I could only currently (finally) reach this forum URL via safe mode + network and private Firefox browser selection. I hope I can continue that way. Also you should know that any program like FRST64.exe (Farbar) will not operate unless I open in safe mode (Malwarebytes ADWCleaner, and all others).

 

As I had exlained to boompe via messenger mail, my original message was accidentally posted 3x's due to each time getting an "time out error" 502 message. But now I see the aggressive virus/worm/malware has been the culprit, and each of those messages actually posted. Sorry for that! I asked boompe to close two posts upon discovering. I see now 2 posts were locked by boompe and that the one nasdaq responded to is locked. So I will focus only on this thread (please advise nasdaq and pass along my apologies). I would never try to make multiple posts.

 

Please note that I had better clear the most recent virus corruptions on my laptop before I proceed with your last instruction.

 

Note: the virus/worm/malware already made the original FRST.txt file I saved vanish from my desktop (no longer on the computer).

 

Prior to seeing your message (above) I've been doing Full Avast Scans, two days. FYI: I am noticing some files deleted from my computer and Avast detected 63 LNK:Starter-A [Trj] and PDF:UrlMal-Inf [Trj] infections yesterday (fixed but some files vanished) and today about 10 of the same nature which I quarantined and Avast could not find one that was quarantined. Anyway, I will no longer do AVAST based on you instruction.

 

To be safe, I am re-submitting a new set of FRST.txt (pasted below) and Addition.txt (attached) generated this past hour and saved to my desktop.

 

I removed the original Addition.txt from my desktop, and as explained above, the original FRST.txt was removed by the virus/worm/malware. So I thought it would be prudent to start again and verify if I can still use the fixlist.txt you already attached for me to use.

 

Hopefully I will be able to continuously access this forum thread now that I am using safe mode + network and private browser. If there is no response it will mean my safe mode + network and private browser is also being blocked, so if my response takes more than 24 hours I ask for your advice/ communication via email (if possible). Hopefully safe mode + network and private browser will keep working.

 

Scroll down and review latest FRST.txt and Addition.txt (upload facility was not visible, maybe due to safe mode)

 

Thanks,

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by jmloftis (administrator) on JMLOFTIS-PC (14-12-2016 21:42:33)
Running from C:\Users\jmloftis\Desktop
Loaded Profiles: jmloftis (Available Profiles: jmloftis)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [393320 2016-01-14] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049712 2013-05-03] (Synaptics Incorporated)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [996192 2013-05-21] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-03] ()
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [293760 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [745912 2012-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-04-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-16] (Intel Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-11] (AVAST Software)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [AntiWormUpdate] => C:\Google\AutoIt3.exe [750320 2012-01-29] (AutoIt Team)
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [AntiUsbWorm] => C:\windows\system32\cmd.exe /c start C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x  & exit
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-29] (Piriform Ltd)
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-11] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-12-14]
ShortcutTarget: Start.lnk -> C:\Users\jmloftis\AppData\Roaming\wrvib\ctugu.exe (Microsoft Corporation)
Startup: C:\Users\jmloftis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-12-14]
ShortcutTarget: Start.lnk -> C:\Users\jmloftis\AppData\Roaming\wrvib\ctugu.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{67F4AA9A-E231-41CB-8C34-85B12B30D701}: [NameServer] 208.67.220.220,208.67.222.222
Tcpip\..\Interfaces\{67F4AA9A-E231-41CB-8C34-85B12B30D701}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshibamea.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-96689548-2535591333-3550804405-1000 -> DefaultScope {DA2CF463-B698-4D07-B0A7-E3DC3E5A653D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-96689548-2535591333-3550804405-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-96689548-2535591333-3550804405-1000 -> {DA2CF463-B698-4D07-B0A7-E3DC3E5A653D} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-12-11] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-11] (AVAST Software)
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: b2nw7hm7.default
FF ProfilePath: C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default [2016-12-14]
FF user.js: detected! => C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\user.js [2016-12-10]
FF NewTab: Mozilla\Firefox\Profiles\b2nw7hm7.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\b2nw7hm7.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\b2nw7hm7.default -> hxxps://www.google.com/?gfe_rd=cr&ei=ykP1VMrpFMyL8QeYsoCQCA&gws_rd=ssl,cr&fg=1
FF Keyword.URL: Mozilla\Firefox\Profiles\b2nw7hm7.default -> user_pref("keyword.URL", true);
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2016-08-12]
FF Extension: (Lightshot (screenshot tool)) - C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2016-05-20]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2016-11-22]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-11]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\jmloftis\AppData\Local\XDM\xdmff => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-96689548-2535591333-3550804405-1000: @citrixonline.com/appdetectorplugin -> C:\Users\jmloftis\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-07] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default [2016-12-14]
CHR Extension: (Google Slides) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-24]
CHR Extension: (Flash Video Downloader) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-12-09]
CHR Extension: (LeadFuze - Sales Prospecting Tool) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ameidhagnfddjaleejfpigojomffoigm [2016-12-09]
CHR Extension: (Google Docs) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-24]
CHR Extension: (Google Drive) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-24]
CHR Extension: (Google Search) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Facebook Pixel Helper) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2016-12-13]
CHR Extension: (Google Sheets) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-21]
CHR Extension: (Avast Online Security) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-13]
CHR Extension: (Aliexpress Assistant - Price Tracker) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihlaoogegdjakmdbpbilijdghoggkim [2016-12-09]
CHR Extension: (100K Factory Ultra Edition) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaifpfmikklhkkmhcmbnpfbfclphibia [2016-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-21]
CHR Extension: (Gmail) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-11] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-17] (Dropbox, Inc.)
S2 DbxSvc; C:\windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)
S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
S2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [344168 2016-01-14] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-13] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-13] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 9680941D6; C:\windows\System32\drivers\9680941D6.sys [478392 2016-12-11] (Kaspersky Lab ZAO)
S3 Apowersoft_AudioDevice; C:\windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-12-11] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [37144 2016-12-12] (AVAST Software)
S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-12-11] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-12-11] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-11] (AVAST Software)
S1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-12-11] (AVAST Software)
S1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-12-11] (AVAST Software)
S2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-12-11] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-11] (AVAST Software)
S3 ccSet_NARA; C:\windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] ()
S3 GeneStor; C:\windows\System32\DRIVERS\GeneStor.sys [60928 2016-01-14] (GenesysLogic)
S1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-24] (REALiX™)
R0 iaStorF; C:\windows\System32\DRIVERS\iaStorF.sys [31712 2016-08-30] (Intel Corporation)
R3 L1C; C:\windows\System32\DRIVERS\L1C62x64.sys [129224 2016-01-14] (Qualcomm Atheros Co., Ltd.)
R3 MEIx64; C:\windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-08-30] (Intel Corporation)
S3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [32936 2016-01-14] (Synaptics Incorporated)
S3 Tosrfcom; no ImagePath
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-12-10] ()
S3 cpuz134; \??\C:\Users\jmloftis\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 npf; \??\C:\windows\system32\drivers\npf.sys [X]
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-14 21:42 - 2016-12-14 21:43 - 00021780 _____ C:\Users\jmloftis\Desktop\FRST.txt
2016-12-14 21:34 - 2016-12-12 16:42 - 02420224 _____ (Farbar) C:\Users\jmloftis\Desktop\FRST64.exe
2016-12-14 19:26 - 2016-12-14 21:11 - 00174110 _____ C:\windows\ntbtlog.txt
2016-12-14 12:25 - 2016-12-14 12:25 - 00115416 _____ C:\Users\jmloftis\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-14 12:24 - 2016-12-14 12:25 - 00452568 _____ C:\windows\system32\FNTCACHE.DAT
2016-12-14 02:57 - 2016-12-14 02:57 - 00000854 _____ C:\Users\jmloftis\Desktop\cc_20161214_025721.reg
2016-12-13 23:21 - 2016-12-14 21:03 - 00371686 _____ C:\Users\jmloftis\Desktop\Dan Pena.tmd
2016-12-13 23:21 - 2016-12-14 20:46 - 00371600 _____ C:\Users\jmloftis\Desktop\Dan Pena.bak
2016-12-13 23:20 - 2016-12-14 02:55 - 00156729 _____ C:\Users\jmloftis\Desktop\NPFC.tmd
2016-12-13 23:20 - 2016-12-14 02:17 - 00156225 _____ C:\Users\jmloftis\Desktop\NPFC.bak
2016-12-13 21:08 - 2016-12-13 21:10 - 02001620 _____ C:\Users\jmloftis\Documents\Boxcryptor - encryption software for Dropbox.mp4
2016-12-13 17:28 - 2016-12-13 17:28 - 00000476 _____ C:\Users\jmloftis\Desktop\cc_20161213_172854.reg
2016-12-13 17:28 - 2016-12-13 17:28 - 00000082 _____ C:\Users\jmloftis\Desktop\cc_20161213_172836.reg
2016-12-12 23:26 - 2016-12-12 23:26 - 00023802 _____ C:\Users\jmloftis\Downloads\Addition.txt
2016-12-12 23:24 - 2016-12-14 21:42 - 00000000 ____D C:\FRST
2016-12-12 23:10 - 2016-12-12 23:10 - 00018014 _____ C:\Users\jmloftis\Desktop\cc_20161212_230959.reg
2016-12-12 21:23 - 2016-12-12 21:23 - 00098978 _____ C:\Users\jmloftis\Documents\IAAC_finra_firm_10645.pdf
2016-12-12 16:40 - 2016-12-12 16:42 - 02420224 _____ (Farbar) C:\Users\jmloftis\Downloads\FRST64.exe
2016-12-12 15:47 - 2016-12-12 15:47 - 00451707 _____ C:\Users\jmloftis\Desktop\John Gibb_TINY Overview.pdf
2016-12-12 14:52 - 2016-12-12 16:37 - 142028041 _____ C:\Users\jmloftis\Desktop\John Gibb_30 Miliion Visitors In December 2016.mp4
2016-12-12 14:07 - 2016-12-12 14:07 - 00293559 _____ C:\Users\jmloftis\Desktop\18-months-2-blogs-six-figures.pdf
2016-12-12 13:02 - 2016-12-12 21:07 - 00003896 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1481518964
2016-12-12 13:02 - 2016-12-12 13:02 - 00001054 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-12-12 13:02 - 2016-12-12 13:02 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-12 13:01 - 2016-12-12 13:01 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-12-12 02:09 - 2016-12-12 02:09 - 00001806 _____ C:\Users\jmloftis\Desktop\cc_20161212_020944.reg
2016-12-12 01:36 - 2016-12-12 01:45 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-12 01:36 - 2016-12-12 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-12 01:36 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-12-12 01:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-12-12 01:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-12-12 01:12 - 2016-12-12 01:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\jmloftis\Downloads\HijackThis.exe
2016-12-11 23:38 - 2016-12-11 23:52 - 14206800 _____ C:\Users\jmloftis\Desktop\How to Remove Computer Virus Without Antivirus Program _ without using any antivirus New 2016.mp4
2016-12-11 23:37 - 2016-12-11 23:53 - 06022792 _____ C:\Users\jmloftis\Desktop\How to detect a virus.mp4
2016-12-11 22:17 - 2016-12-11 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-12-11 22:17 - 2016-12-11 22:17 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-11 22:15 - 2016-12-11 22:23 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-11 22:06 - 2016-12-11 22:15 - 11581544 _____ (SurfRight B.V.) C:\Users\jmloftis\Downloads\HitmanPro_x64.exe
2016-12-11 19:36 - 2016-12-11 19:36 - 00003041 _____ C:\Users\jmloftis\Desktop\Malwarebytes_File_Potential Treats_12_10_2016.txt
2016-12-11 19:16 - 2016-12-11 19:16 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\AVAST Software
2016-12-11 19:15 - 2016-12-11 19:15 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-12-11 19:15 - 2016-12-11 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-12-11 19:10 - 2016-12-11 19:12 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-12-11 19:10 - 2016-12-11 19:12 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-12-11 19:10 - 2016-12-11 19:12 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-12-11 19:10 - 2016-12-11 19:10 - 00000350 ____H C:\windows\Tasks\avast! Emergency Update.job
2016-12-11 19:10 - 2016-12-11 19:09 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-12-11 19:09 - 2016-12-11 19:09 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-12-11 19:09 - 2016-12-11 19:09 - 00053208 _____ (AVAST Software) C:\windows\avastSS.scr
2016-12-11 18:29 - 2016-12-12 13:01 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-11 18:18 - 2016-10-05 06:39 - 01631928 _____ (Malwarebytes) C:\Users\jmloftis\Desktop\JRT.exe
2016-12-11 16:50 - 2016-12-11 16:50 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Curiolab
2016-12-11 16:45 - 2016-12-11 18:13 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2016-12-11 16:45 - 2016-12-11 16:45 - 00001092 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2016-12-11 16:45 - 2016-12-11 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2016-12-11 16:31 - 2016-12-11 16:42 - 15637544 _____ (CURIOLAB S.M.B.A.) C:\Users\jmloftis\Downloads\ExterminateItSetup.exe
2016-12-11 14:37 - 2016-12-11 14:37 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\ProductData
2016-12-11 14:36 - 2016-12-11 14:38 - 00000000 ____D C:\ProgramData\ProductData
2016-12-11 14:35 - 2016-12-11 14:35 - 00478392 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\9680941D6.sys
2016-12-11 13:48 - 2016-12-11 17:35 - 00000000 ____D C:\KVRT_Data
2016-12-11 13:13 - 2016-12-11 13:13 - 00000000 ____D C:\Program Files (x86)\Zone Labs
2016-12-11 13:12 - 2016-12-11 13:12 - 00000000 ____D C:\windows\Internet Logs
2016-12-11 12:24 - 2016-12-11 13:47 - 103531352 _____ (Kaspersky Lab ZAO) C:\Users\jmloftis\Downloads\KVRT.exe
2016-12-10 23:35 - 2016-12-10 23:35 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-10 23:15 - 2016-12-10 23:14 - 00969560 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.148138423840207
2016-12-10 23:15 - 2016-12-10 23:14 - 00513496 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.148138424542210
2016-12-10 23:15 - 2016-12-10 23:14 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys.148138424904112
2016-12-10 22:52 - 2016-12-10 22:59 - 08004763 _____ C:\Users\jmloftis\Desktop\How to remove Verecno _ googleupdate.a3x startup error.mp4
2016-12-10 22:19 - 2016-12-10 22:19 - 00003041 _____ C:\Users\jmloftis\Documents\Malwarebytes_File_Potential Treats_12_10_2016.txt
2016-12-10 22:12 - 2016-12-12 13:01 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-10 22:07 - 2016-12-10 22:12 - 06253640 _____ (AVAST Software) C:\Users\jmloftis\Downloads\avast_free_antivirus_setup_online_cnet_1.exe
2016-12-10 20:33 - 2016-12-11 16:44 - 00000000 ____D C:\ProgramData\TEMP
2016-12-10 20:33 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCTL.OCX
2016-12-10 20:33 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL
2016-12-10 20:12 - 2016-12-10 20:16 - 04291320 _____ (BrightFort LLC ) C:\Users\jmloftis\Downloads\spywareblastersetup55.exe
2016-12-10 19:24 - 2016-12-10 20:17 - 00000000 ____D C:\Users\jmloftis\AppData\Local\IIIQF
2016-12-10 15:24 - 2016-12-13 20:25 - 00000000 ____D C:\Users\jmloftis\Desktop\Adam Short NPFC
2016-12-10 14:22 - 2016-12-13 14:54 - 00000000 ____D C:\Users\jmloftis\Desktop\Dec 2016
2016-12-10 14:16 - 2016-12-10 14:21 - 00000000 ____D C:\Users\jmloftis\Desktop\100K Factory Videos
2016-12-10 13:00 - 2016-12-10 13:00 - 00458363 _____ C:\Users\jmloftis\Documents\Avalara-Tax Software_ecommerce-brochure-1.1.pdf
2016-12-10 12:58 - 2016-12-10 12:58 - 09358257 _____ C:\Users\jmloftis\Documents\Burial Plot_Harley-Investment-Brochure-BLEED.pdf
2016-12-10 02:43 - 2016-12-10 02:43 - 00001690 _____ C:\Users\jmloftis\Documents\cc_20161210_024342.reg
2016-12-10 02:39 - 2016-12-10 02:39 - 00003272 ____N C:\bootsqm.dat
2016-12-10 00:53 - 2016-12-10 01:17 - 34190992 _____ (Adlice Software ) C:\Users\jmloftis\Downloads\RogueKiller.exe
2016-12-10 00:44 - 2016-12-10 00:47 - 03968464 _____ C:\Users\jmloftis\Downloads\adwcleaner.exe
2016-12-09 23:49 - 2016-12-09 23:49 - 00085786 _____ C:\Users\jmloftis\Documents\Nick Loper_50 Outsource Writers-20k-in-Monthly-Recurring-Revenue.compressed.pdf
2016-12-09 23:43 - 2016-12-09 23:43 - 05886224 _____ C:\Users\jmloftis\Documents\Jim_Book -Emotions Handbook.pdf
2016-12-09 23:04 - 2016-12-10 00:24 - 00000000 ____D C:\Program Files\Plumbytes Software
2016-12-09 20:33 - 2016-12-09 21:09 - 22851472 _____ (Malwarebytes ) C:\Users\jmloftis\Downloads\mbam-setup-FileHippo.19901-2.2.1.1043.exe
2016-12-09 18:13 - 2016-12-14 16:55 - 00000000 ___HD C:\Users\jmloftis\AppData\Roaming\wrvib
2016-12-09 16:54 - 2016-12-09 16:54 - 00466788 _____ C:\Users\jmloftis\Documents\Instant Cash Explosion_ 3k per month.pdf
2016-12-09 16:38 - 2016-12-09 16:38 - 00194822 _____ C:\Users\jmloftis\Documents\Sean Mize_Designing-Your-Personal-Blueprint.pdf
2016-12-08 23:14 - 2016-12-08 23:14 - 01809046 _____ C:\Users\jmloftis\Documents\Cadd_Banish Man Boobs (Gynecomastia) With No Drugs or Surgery.pdf
2016-12-08 23:07 - 2016-12-08 23:07 - 00692102 _____ C:\Users\jmloftis\Documents\Cadd_How To Eliminate ManBoobs.pdf
2016-12-08 21:51 - 2016-12-08 22:12 - 22289894 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack3_Buying Intent Keyword trends for Niche Site Formula Students.mp4
2016-12-08 21:49 - 2016-12-08 22:36 - 47444164 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack4_Know Your Competion... Stop Playing Niche Affiliate Marketing Blind Folded!.mp4
2016-12-08 21:09 - 2016-12-08 21:31 - 08387417 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack2 latest.mp4
2016-12-08 20:58 - 2016-12-08 20:58 - 00889344 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack0_MasterChart-Individual Tabs - 20082014.pmd
2016-12-08 20:46 - 2016-12-08 20:59 - 18020422 _____ C:\Users\jmloftis\Documents\John Gibb_Data Packs1 new.mp4
2016-12-08 20:14 - 2016-12-08 20:14 - 00531141 _____ C:\Users\jmloftis\Documents\John Gibb_Welcome To NSF.pdf
2016-12-08 20:11 - 2016-12-08 20:11 - 02428046 _____ C:\Users\jmloftis\Documents\John Gibb_NSF Niche Research Manual.pdf
2016-12-08 02:17 - 2016-12-08 02:17 - 23400187 _____ C:\Users\jmloftis\Desktop\Justin Brooke_Ultimate Email Example Guide.pdf
2016-12-07 21:59 - 2016-12-07 21:59 - 04531807 _____ C:\Users\jmloftis\Documents\4 Hour Body Cheat Sheet.pdf
2016-12-07 21:53 - 2016-12-07 21:53 - 01783937 _____ C:\Users\jmloftis\Documents\Aidan Booth_Textbook_Arbitrage-eComSystem-Cliff-Notes.pdf
2016-12-07 21:49 - 2016-12-07 21:49 - 18373157 _____ C:\Users\jmloftis\Documents\Russel Brunson_Funnel-Hacks-Cliff-Notes.pdf
2016-12-07 21:46 - 2016-12-07 21:46 - 01365129 _____ C:\Users\jmloftis\Documents\MIKE MICHALOWICZ_Profit First_Overview OneSheet_R2.pdf
2016-12-07 21:34 - 2016-12-07 21:34 - 02999709 _____ C:\Users\jmloftis\Documents\Jay Boyer_ASM-Insiders-Guide.pdf
2016-12-07 21:30 - 2016-12-07 21:30 - 02002171 _____ C:\Users\jmloftis\Documents\Jay Boyer_Pinterest Viral Traffic to Amazon Product.pdf
2016-12-07 21:26 - 2016-12-07 21:26 - 06422268 _____ C:\Users\jmloftis\Documents\Jay Boyer_Youtube Money 9-ways.pdf
2016-12-07 21:20 - 2016-12-07 21:20 - 04436026 _____ C:\Users\jmloftis\Documents\Jay Boyer_Zero-Content-Books.pdf
2016-12-07 21:11 - 2016-12-07 21:11 - 01287797 _____ C:\Users\jmloftis\Documents\Jay Boyer_Money-Niches.pdf
2016-12-07 21:08 - 2016-12-07 21:08 - 04170491 _____ C:\Users\jmloftis\Documents\Jay Boyer_Leverage Linkedin To Sell.pdf
2016-12-07 20:59 - 2016-12-07 20:59 - 02956598 _____ C:\Users\jmloftis\Documents\Jay Boyer_Instagram.pdf
2016-12-07 20:57 - 2016-12-07 20:57 - 02509488 _____ C:\Users\jmloftis\Documents\Instagram+Tools+Guide.pdf
2016-12-07 20:54 - 2016-12-07 20:54 - 02646849 _____ C:\Users\jmloftis\Documents\Jay Boyer_2,057hr on Fiverr.pdf
2016-12-07 20:50 - 2016-12-07 20:50 - 02839521 _____ C:\Users\jmloftis\Documents\Jay Boyer_30 Books in 30 Days_wordbotic.pdf
2016-12-07 20:46 - 2016-12-07 20:46 - 03019804 _____ C:\Users\jmloftis\Documents\Jay Boyer_Jason Fladlien_ASM.pdf
2016-12-07 20:43 - 2016-12-07 20:43 - 00810354 _____ C:\Users\jmloftis\Documents\Jay Boyer_First 1k Cheat Sheet.pdf
2016-12-07 20:41 - 2016-12-07 20:41 - 02384224 _____ C:\Users\jmloftis\Documents\Jay Boyer_Zero Cost Marketing Secrets.pdf
2016-12-07 20:36 - 2016-12-07 20:36 - 00528186 _____ C:\Users\jmloftis\Desktop\Aidan Booth_OutsourcingBlueprint.pdf
2016-12-06 18:41 - 2016-12-06 20:51 - 157998350 _____ C:\Users\jmloftis\Desktop\Todd Herman _v2 - 90 Day Achievement Engine.mp4
2016-12-06 16:29 - 2016-12-06 16:58 - 35646523 _____ C:\Users\jmloftis\Desktop\Never Work Again - On The Beach - Phil Town.mp4
2016-12-06 15:03 - 2016-12-06 16:00 - 77692926 _____ C:\Users\jmloftis\Desktop\Never Work Again_Adam Markel_Phil Town!.mp4
2016-12-05 16:18 - 2016-12-05 16:18 - 00531129 _____ C:\Users\jmloftis\Desktop\John Gibb_Welcome NSF.pdf
2016-12-03 23:13 - 2016-12-03 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-03 22:17 - 2016-12-03 22:24 - 02725703 _____ C:\Users\jmloftis\Desktop\Niche Site Formula!.mp4
2016-12-03 21:32 - 2016-12-03 21:32 - 00115200 _____ C:\Users\jmloftis\Documents\Optin Page Audit.pmd
2016-12-02 23:06 - 2016-12-02 23:06 - 00488130 _____ C:\Users\jmloftis\Desktop\BiteSize_Entrepreneurs_Guide_to_Info_Product_Marketing.pdf
2016-12-02 21:26 - 2016-12-02 21:26 - 00175072 _____ C:\Users\jmloftis\Documents\Philip Fisher_3Checklist-People-elements.pdf
2016-12-02 21:24 - 2016-12-02 21:24 - 00212313 _____ C:\Users\jmloftis\Documents\Philip Fisher_2Checklist-Functional-elements.pdf
2016-12-02 21:20 - 2016-12-02 21:20 - 00169847 _____ C:\Users\jmloftis\Documents\Philip Fisher_1 Checklist-Business-characteristics.pdf
2016-12-02 21:17 - 2016-12-02 21:17 - 00101804 _____ C:\Users\jmloftis\Documents\Side-Hustle_Legal Online Business-Questions-Answered.compressed.pdf
2016-12-02 15:58 - 2016-12-02 15:58 - 00903190 _____ C:\Users\jmloftis\Documents\Eugene Schwartz_127_Winning_Advertising_Headlines-1.pdf
2016-12-02 15:43 - 2016-12-02 15:43 - 00382744 _____ C:\Users\jmloftis\Documents\Bill Baren_YES-ConversationsThat Sell.pdf
2016-12-01 22:10 - 2016-12-01 22:10 - 02813042 _____ C:\Users\jmloftis\Documents\JJ_super-affiliate.pdf
2016-12-01 13:36 - 2016-12-01 13:36 - 04868685 _____ C:\Users\jmloftis\Documents\Dan Raine-Report-Gold-Issue-1.pdf
2016-12-01 01:04 - 2016-12-01 01:04 - 05038021 _____ C:\Users\jmloftis\Documents\Fred-Lam_Starting-From-Zero-eBook.pdf
2016-12-01 00:28 - 2016-12-01 00:28 - 02397656 _____ C:\Users\jmloftis\Desktop\NMD-REPORT-WEB-April15-v2.pdf
2016-11-30 21:45 - 2016-11-30 21:45 - 00259259 _____ C:\Users\jmloftis\Documents\Bill Baren_List-Building-Blueprint.pdf
2016-11-30 21:43 - 2016-11-30 21:43 - 02381327 _____ C:\Users\jmloftis\Documents\Bill Baren_Yes Map.pdf
2016-11-30 21:41 - 2016-11-30 21:41 - 00395066 _____ C:\Users\jmloftis\Documents\Bill Baren_Life-One-Year-Road-Map.pdf
2016-11-30 14:20 - 2016-11-30 14:20 - 05925989 _____ C:\Users\jmloftis\Documents\A-B-Testing-Marketo.pdf
2016-11-29 19:17 - 2016-11-29 19:17 - 00676456 _____ C:\Users\jmloftis\Desktop\Jimmy D Brown_Eearncome_3-Shifts-To-An-Extra-3K-Per-Week.pdf
2016-11-29 19:11 - 2016-11-29 19:11 - 00500032 _____ C:\Users\jmloftis\Desktop\Jimmy D Brown_Earncome_Shortcut To Creating Products-module31.pdf
2016-11-29 19:10 - 2016-11-29 19:10 - 01089330 _____ C:\Users\jmloftis\Desktop\Jimmy D Brown_Earncome_Ideas People Want To Read About-module35.pdf
2016-11-29 18:37 - 2016-11-29 18:37 - 00000000 ___DX C:\Users\jmloftis\Desktop\Small Reports__MACOSX
2016-11-29 16:10 - 2016-11-29 16:10 - 03392512 _____ C:\Users\jmloftis\Desktop\FEED A STARVING CROWD-book-v2.pdf
2016-11-28 22:05 - 2016-11-28 22:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2016-11-28 22:05 - 2016-11-28 22:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2016-11-28 22:05 - 2016-11-28 22:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2016-11-28 22:05 - 2016-11-28 22:05 - 00042096 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2016-11-28 21:32 - 2016-11-28 21:32 - 00707709 _____ C:\Users\jmloftis\Documents\INVESTING-101-COURSE-OUTLINE.pdf
2016-11-28 15:37 - 2016-11-28 15:37 - 00043602 _____ C:\Users\jmloftis\Documents\Philippines Real Estate Legal and Documentary Requirements.tmd
2016-11-28 15:06 - 2016-11-28 15:06 - 02793260 _____ C:\Users\jmloftis\Documents\Seth Godin_What-Matters-Now-2.pdf
2016-11-27 23:26 - 2016-11-27 23:26 - 00797152 _____ C:\Users\jmloftis\Desktop\Power_Over_Panic.pdf
2016-11-27 23:20 - 2016-11-27 23:20 - 01492441 _____ C:\Users\jmloftis\Desktop\Affiliate Panic Away ebook.pdf
2016-11-26 17:16 - 2016-12-11 17:36 - 00000000 _RSHD C:\Skypee
2016-11-26 17:15 - 2016-12-11 17:36 - 00000000 _RSHD C:\Google
2016-11-26 16:41 - 2016-11-26 16:41 - 00001588 _____ C:\Users\jmloftis\Desktop\Sewing Machine1.txt
2016-11-26 16:32 - 2016-12-14 16:44 - 00003941 _____ C:\Users\jmloftis\Desktop\Cadd_American Lierature.txt
2016-11-26 15:21 - 2016-11-26 15:21 - 00004071 _____ C:\Users\jmloftis\Desktop\Cadd_Editorial.txt
2016-11-26 13:40 - 2016-11-26 13:40 - 00305748 _____ C:\Users\jmloftis\Documents\Creating-Editorial Article-Newspaper.pdf
2016-11-25 18:18 - 2016-11-25 19:50 - 61415402 _____ C:\Users\jmloftis\Desktop\Tom Poland_5Day Five of Five Day Leadsology® Boot Camp.mp4
2016-11-25 16:08 - 2016-11-25 17:16 - 69916844 _____ C:\Users\jmloftis\Desktop\Tom Poland_4Day Four of Five Day Leadsology® Boot Camp.mp4
2016-11-25 15:27 - 2016-11-25 15:27 - 00519079 _____ C:\Users\jmloftis\Documents\Tom Poland_Definitive Guide To Outsourcing To Asia For Leadsology.pdf
2016-11-25 14:43 - 2016-11-25 14:43 - 01409685 _____ C:\Users\jmloftis\Desktop\John Gibb_DOMINATE-GOOGLE.pdf
2016-11-25 00:09 - 2016-11-25 02:08 - 171136508 _____ C:\Users\jmloftis\Desktop\Clickfunnels Certification Webinar.mp4
2016-11-24 23:57 - 2016-11-24 23:57 - 01674577 _____ C:\Users\jmloftis\Desktop\Copywriting.pdf
2016-11-24 23:53 - 2016-11-24 23:53 - 24733528 _____ C:\Users\jmloftis\Desktop\Neil Patel_Definitive-Guide-to-Growth-Hacking.pdf
2016-11-24 23:20 - 2016-11-24 23:20 - 01037115 _____ C:\Users\jmloftis\Desktop\Viral-Content-Hacks.pdf
2016-11-24 22:26 - 2016-11-24 22:26 - 01606863 _____ C:\Users\jmloftis\Desktop\John Gibb_Health Niche Success_ebook.pdf
2016-11-24 22:25 - 2016-11-24 22:25 - 00289455 _____ C:\Users\jmloftis\Desktop\101-High-Paying-Affiliate-Programs-Final.pdf
2016-11-24 22:17 - 2016-11-24 22:17 - 00402152 _____ C:\Users\jmloftis\Documents\John Gibb_Assessing-Your-SEO-Situation-By-John-Gibb.pdf
2016-11-24 19:34 - 2016-11-24 19:34 - 00199608 _____ C:\Users\jmloftis\Documents\Eben Pagan_Virtual CEO 7 Modules Summary.pdf
2016-11-24 14:39 - 2016-11-24 15:41 - 80645509 _____ C:\Users\jmloftis\Desktop\Tom Poland_3Day Three of Five day Leadsology® Boot Camp - November 2016.mp4
2016-11-23 16:31 - 2016-11-23 16:44 - 08139496 _____ C:\Users\jmloftis\Desktop\Adwords account 2016.mp4
2016-11-23 16:28 - 2016-11-23 16:28 - 03351624 _____ C:\Users\jmloftis\Documents\Simpleology_Singularity.pdf
2016-11-23 14:57 - 2016-11-23 16:10 - 70128267 _____ C:\Users\jmloftis\Desktop\Tom Poland_2Day Two of Five Day Leadsology® Boot Camp - November 2016.mp4
2016-11-23 13:22 - 2016-11-23 13:22 - 05043965 _____ C:\Users\jmloftis\Desktop\HubSpot_LinkedIn_How_to_Become_an_Influencer_in_Your_Industry.pdf
2016-11-22 13:20 - 2016-11-22 13:45 - 21865523 _____ C:\Users\jmloftis\Desktop\Dan Martel_How To Market Against Established Competitors _ Dan Martell.mp4
2016-11-21 23:35 - 2016-11-21 23:35 - 00934029 _____ C:\Users\jmloftis\Desktop\Tom Poland_Working_Summary_V7e.pdf
2016-11-21 23:29 - 2016-11-21 23:30 - 02486139 _____ C:\Users\jmloftis\Desktop\Tom Poland_Your Extraordinary Life Book.pdf
2016-11-21 17:23 - 2016-11-21 18:16 - 70812096 _____ C:\Users\jmloftis\Desktop\Tom Poland_1Day One of Five Day Leadsology® Boot Camp - November 2016.mp4
2016-11-21 02:45 - 2016-11-21 02:45 - 00001554 _____ C:\Users\jmloftis\Documents\cc_20161121_024459.reg
2016-11-21 02:28 - 2016-11-21 02:28 - 00000000 ____D C:\Users\jmloftis\AppData\Local\{738445D8-572C-2960-3AB4-0C881EDCF010}
2016-11-21 02:27 - 2016-11-21 12:56 - 00000000 ____D C:\Users\jmloftis\AppData\Local\chromium
2016-11-21 02:03 - 2016-12-14 19:27 - 00000000 ____D C:\Users\jmloftis\AppData\LocalLow\Mozilla
2016-11-21 01:48 - 2016-10-11 23:45 - 00077424 _____ (eagleGet) C:\windows\system32\Drivers\eagleGet.update
2016-11-21 01:00 - 2016-11-21 01:00 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Subhra Das Gupta
2016-11-20 23:53 - 2016-11-20 23:53 - 00000000 ____D C:\Users\jmloftis\Documents\Apowersoft
2016-11-20 23:53 - 2016-11-20 23:53 - 00000000 ____D C:\Users\jmloftis\AppData\Local\CEF
2016-11-20 16:39 - 2016-11-20 16:39 - 00439668 _____ C:\Users\jmloftis\Documents\Marlon Sanders_80 20 whirlwind.pdf
2016-11-20 16:25 - 2016-12-14 12:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-20 01:09 - 2016-11-20 01:09 - 04399738 _____ C:\Users\jmloftis\Documents\Jay Boyer_Anik Build a Powerful Email List.pdf
2016-11-19 14:40 - 2016-11-19 14:40 - 00231519 _____ C:\Users\jmloftis\Documents\Danny Inny_Blog Post Checklist.pdf
2016-11-19 01:18 - 2016-11-19 01:18 - 00035405 _____ C:\Users\jmloftis\Desktop\AWAI_Money Making Website.pdf
2016-11-19 01:07 - 2016-11-19 01:07 - 04118747 _____ C:\Users\jmloftis\Documents\IL_FYL+Information+Pack.pdf
2016-11-18 16:37 - 2016-11-18 16:37 - 00087704 _____ C:\Users\jmloftis\Documents\Case Study_Five Dollar Dinners-Recurring-Revenue.compressed.pdf
2016-11-17 20:39 - 2016-11-17 20:39 - 00323185 _____ C:\Users\jmloftis\Documents\Simpleology_60-Second-Success-Reconditioner.pdf
2016-11-16 15:41 - 2016-11-16 15:41 - 00011318 _____ C:\Users\jmloftis\Desktop\Paypal USD PHP Conversion.tmd
2016-11-16 14:57 - 2016-11-16 14:57 - 01909433 _____ C:\Users\jmloftis\Documents\Jim book_Connection Algorithm.pdf
2016-11-16 14:56 - 2016-11-16 14:56 - 01217454 _____ C:\Users\jmloftis\Documents\Danny Inny_Success Mindset.pdf
2016-11-15 16:34 - 2016-11-15 16:34 - 06599119 _____ C:\Users\jmloftis\Desktop\Hustle_eBook.pdf
2016-11-14 03:08 - 2016-11-14 03:08 - 00000996 _____ C:\Users\jmloftis\Documents\cc_20161114_030814.reg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-14 17:02 - 2009-07-14 11:20 - 00000000 ____D C:\windows\inf
2016-12-14 16:51 - 2016-01-22 13:42 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-12-14 16:46 - 2016-02-24 00:28 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-14 16:45 - 2016-05-17 19:48 - 00000912 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-14 16:39 - 2016-05-17 19:55 - 00000000 ___RD C:\Users\jmloftis\Dropbox
2016-12-14 14:11 - 2016-01-22 13:42 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 14:10 - 2013-10-16 07:39 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 14:10 - 2013-10-16 07:39 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 14:10 - 2013-10-16 07:39 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-12-14 14:10 - 2013-10-16 07:39 - 00000000 ____D C:\windows\system32\Macromed
2016-12-14 12:45 - 2016-05-17 19:48 - 00000908 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-14 12:36 - 2009-07-14 12:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-14 12:36 - 2009-07-14 12:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-14 12:35 - 2009-07-14 13:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-14 12:26 - 2016-07-21 17:57 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Skype
2016-12-14 12:25 - 2016-02-24 00:28 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-14 12:25 - 2016-01-14 23:26 - 00000000 __SHD C:\Users\jmloftis\IntelGraphicsProfiles
2016-12-14 12:25 - 2009-07-14 13:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-12-14 02:58 - 2015-02-28 19:11 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Wise Disk Cleaner
2016-12-13 23:32 - 2016-01-07 15:50 - 00156303 _____ C:\Users\jmloftis\Documents\NPFC.tmd
2016-12-13 23:29 - 2016-01-07 15:50 - 00156227 _____ C:\Users\jmloftis\Documents\NPFC.bak
2016-12-13 17:29 - 2014-11-20 20:22 - 00000000 ____D C:\Users\jmloftis
2016-12-12 22:28 - 2016-02-03 13:27 - 00371455 _____ C:\Users\jmloftis\Documents\Dan Pena.tmd
2016-12-12 22:25 - 2016-02-03 13:27 - 00371455 _____ C:\Users\jmloftis\Documents\Dan Pena.bak
2016-12-12 20:16 - 2015-07-30 21:12 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-12-12 01:36 - 2015-07-29 21:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-12 01:04 - 2015-07-29 18:50 - 00000000 ____D C:\AdwCleaner
2016-12-11 22:42 - 2015-12-29 22:36 - 00122246 _____ C:\Users\jmloftis\Desktop\INFO after.txt
2016-12-11 20:24 - 2016-07-21 17:52 - 00000000 ____D C:\ProgramData\Skype
2016-12-11 20:23 - 2016-07-21 17:52 - 00000000 ____D C:\Program Files (x86)\Skype
2016-12-11 18:12 - 2016-01-13 16:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2016-12-11 17:36 - 2014-03-20 04:45 - 00000000 ____D C:\TOSHIBA
2016-12-11 16:06 - 2015-02-28 18:51 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-11 14:34 - 2015-02-28 18:52 - 00000000 ____D C:\ProgramData\IObit
2016-12-11 14:34 - 2015-02-28 18:51 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\IObit
2016-12-10 22:20 - 2009-07-14 11:20 - 00000000 ____D C:\windows\PLA
2016-12-10 21:38 - 2016-04-09 12:36 - 00000000 ____D C:\windows\Minidump
2016-12-10 21:35 - 2016-01-13 16:09 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-12-10 21:25 - 2013-10-16 07:35 - 00774404 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-12-10 20:34 - 2009-07-14 11:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2016-12-10 20:34 - 2009-07-14 11:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2016-12-10 13:45 - 2016-08-11 12:15 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Wise Euask
2016-12-10 13:10 - 2009-07-14 13:08 - 00032618 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-12-10 01:56 - 2015-04-02 13:24 - 85483520 _____ C:\windows\system32\config\SOFTWARE.iodefrag.bak
2016-12-10 01:56 - 2015-04-02 13:24 - 00249856 _____ C:\windows\system32\config\DEFAULT.iodefrag.bak
2016-12-10 01:56 - 2015-04-02 13:24 - 00024576 _____ C:\windows\system32\config\SECURITY.iodefrag.bak
2016-12-10 01:56 - 2015-04-02 13:24 - 00024576 _____ C:\windows\system32\config\SAM.iodefrag.bak
2016-12-09 21:24 - 2016-01-07 09:03 - 00000000 ____D C:\Users\jmloftis\AppData\Local\Citrix
2016-12-05 00:14 - 2009-07-14 11:20 - 00000000 ____D C:\windows\system32\NDF
2016-12-03 23:13 - 2016-05-17 19:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-02 14:55 - 2015-12-31 14:47 - 55349248 _____ C:\windows\system32\config\COMPONENTS.iodefrag.bak
2016-12-02 14:44 - 2015-07-31 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-29 18:37 - 2014-03-13 16:18 - 03398392 _____ C:\Users\jmloftis\Desktop\_Small-Reports-Fortune-2-0.pdf
2016-11-29 18:36 - 2014-03-24 07:48 - 00281319 _____ C:\Users\jmloftis\Documents\bonus2-ideas.pdf
2016-11-29 18:36 - 2014-03-24 07:48 - 00281319 _____ C:\Users\jmloftis\Desktop\bonus2-ideas.pdf
2016-11-29 18:36 - 2014-03-13 16:29 - 00281054 _____ C:\Users\jmloftis\Documents\bonus4-improve.pdf
2016-11-29 18:36 - 2014-03-13 16:29 - 00281054 _____ C:\Users\jmloftis\Desktop\bonus4-improve.pdf
2016-11-29 18:36 - 2014-03-13 16:26 - 00297935 _____ C:\Users\jmloftis\Documents\bonus3-promotion.pdf
2016-11-29 18:36 - 2014-03-13 16:26 - 00297935 _____ C:\Users\jmloftis\Desktop\bonus3-promotion.pdf
2016-11-29 18:36 - 2014-03-13 16:21 - 00247061 _____ C:\Users\jmloftis\Documents\bonus1-checklist.pdf
2016-11-29 18:36 - 2014-03-13 16:21 - 00247061 _____ C:\Users\jmloftis\Desktop\bonus1-checklist.pdf
2016-11-29 18:36 - 2014-03-13 16:18 - 03398392 _____ C:\Users\jmloftis\Documents\_Small-Reports-Fortune-2-0.pdf
2016-11-29 12:40 - 2016-05-17 19:48 - 00003908 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 12:40 - 2016-05-17 19:48 - 00003656 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-26 17:16 - 2014-03-20 04:03 - 00000000 ____D C:\Intel
2016-11-20 23:55 - 2016-02-24 12:04 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Apowersoft
2016-11-16 15:46 - 2016-02-24 00:46 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-16 15:46 - 2016-02-24 00:46 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-16 12:40 - 2016-01-03 23:04 - 00000000 ____D C:\Users\jmloftis\Documents\SoftMaker
2016-11-16 12:25 - 2016-04-10 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-16 12:25 - 2016-04-10 15:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit

==================== Files in the root of some directories =======

2015-07-27 18:36 - 2015-07-29 15:17 - 0000102 _____ () C:\Users\jmloftis\AppData\Roaming\WB.CFG
2016-09-05 15:57 - 2016-09-05 15:57 - 0000003 _____ () C:\Users\jmloftis\AppData\Local\updater.log
2016-09-05 15:58 - 2016-09-05 23:52 - 0000424 _____ () C:\Users\jmloftis\AppData\Local\UserProducts.xml
2016-07-29 14:22 - 2016-07-29 14:22 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{2C7171BA-49A8-4ABA-8DE4-6D2061768634}
2016-09-18 16:26 - 2016-09-18 16:27 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{730CEA39-206A-4BC6-9B44-851720AACA71}
2016-03-16 14:16 - 2016-03-16 14:17 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{8D6FC585-049C-4C5D-8BC2-0F6DB25C9ABF}
2016-07-07 16:06 - 2016-07-07 16:06 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{B60A03D4-8345-4CE8-A5CE-4AE36E34075B}
2016-09-17 12:23 - 2016-09-17 12:23 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{C3367165-3704-4A8A-9CB2-F9652A1C90EC}
2016-09-17 12:23 - 2016-09-17 12:23 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{EF044512-92EC-464F-A97E-F8B41640E3B9}
2016-09-18 16:27 - 2016-09-18 16:27 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{F96ED809-0330-4E8B-96F6-088089C3A76A}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-10 17:49

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by jmloftis (14-12-2016 21:43:28)
Running from C:\Users\jmloftis\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-11-20 12:22:51)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-96689548-2535591333-3550804405-500 - Administrator - Disabled)
Guest (S-1-5-21-96689548-2535591333-3550804405-501 - Limited - Disabled)
jmloftis (S-1-5-21-96689548-2535591333-3550804405-1000 - Administrator - Enabled) => C:\Users\jmloftis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.4.1245.72462 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.4.1245.72462 - Alcor Micro Corp.) Hidden
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 2.0.0.9 - Qualcomm Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.13(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CSVed 2.3.2 (HKLM-x32\...\CSVed_is1) (Version: 2.3.2 - Sam Francke)
Dropbox (HKLM-x32\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Edge Tools 1.3.1 (HKLM-x32\...\{76CA2567-FE77-4023-8C51-ECE03DAE2FAC}}_is1) (Version:  - Raine Ventures LLC.)
Exterminate It! (HKLM-x32\...\Exterminate It!) (Version: 2.12.06.06 - CURIOLAB S.M.B.A.)
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)
FreshKey (HKLM-x32\...\FreshKey) (Version: 1.5.3 - Infomastery, LLC)
FreshKey (x32 Version: 1.5.3 - Infomastery, LLC) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3293 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Malwarebytes Anti-Exploit version 1.9.1.1261 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1261 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SoftMaker FreeOffice (HKLM-x32\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 1.0.3515 - SoftMaker Software GmbH)
SWFPlayer 2.6.2.0 (HKLM-x32\...\SWFPlayer_is1) (Version: 2.6.2.0 - Michael Faust, Alpha Interactive)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.2.8 - Synaptics Incorporated)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.11 - Toshiba Corporation)
TOSHIBA Battery Manager (HKLM\...\{D7C7641F-0C96-4635-BFE1-29EBB3B05CC8}) (Version: 9.0.0.64 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.12 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.23.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.01.6402 - Toshiba Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0029 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.14 - TOSHIBA Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.14 - TOSHIBA)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.0.6402 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.01.00.64 - TOSHIBA Corporation)
TOSHIBA Power Saver (HKLM\...\{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}) (Version: 9.0.0.6404 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0011 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.1.6401 - Toshiba Corporation)
Wise Disk Cleaner 9.29 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.29 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-96689548-2535591333-3550804405-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-96689548-2535591333-3550804405-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\jmloftis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-96689548-2535591333-3550804405-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\jmloftis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-96689548-2535591333-3550804405-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\jmloftis\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00226A71-B8AD-4D26-AE02-BDBF2121FA15} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {12C07B59-0306-4734-848B-162A02EA2664} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-17] (Dropbox, Inc.)
Task: {15FCC68C-E81F-40C9-B166-4B25568E3668} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-17] (Dropbox, Inc.)
Task: {1F789175-8FA1-496F-82AA-28B5D21CAA62} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {1FE72088-8581-480D-976D-1FED681A2152} - System32\Tasks\{439F7D0F-7A2C-4CFC-97BF-9B19222D753C} => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2016-11-15] (Malwarebytes Corporation)
Task: {43D21D47-C4A7-4226-BA8E-3C5AEB780053} - System32\Tasks\{C84213BF-5F76-43B6-BFBB-6EB90BC5E143} => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2016-11-15] (Malwarebytes Corporation)
Task: {51572203-531E-4520-90C9-36C701028004} - \update-S-1-5-21-96689548-2535591333-3550804405-1000 -> No File <==== ATTENTION
Task: {58BE06AB-3C5A-4ADC-9A3B-F57B64ED2563} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-29] (Piriform Ltd)
Task: {63346695-75FD-4EC6-9845-AB685D1106B0} - \Driver Booster SkipUAC (jmloftis) -> No File <==== ATTENTION
Task: {664D8D0D-5DFD-4991-B5C9-B6F99DBDAB41} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {798F313E-7A66-4D03-8BA6-264615C20B5E} - System32\Tasks\{8DB67F95-D2AC-4760-9431-7D901AF87E30} => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2016-11-15] (Malwarebytes Corporation)
Task: {98B9DDDC-26C3-4AC3-ACD4-5E8CEAAE9087} - System32\Tasks\SafeZone scheduled Autoupdate 1481518964 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {A08FEF56-3F06-4B55-B7CC-D1391A1AAF32} - \update-sys -> No File <==== ATTENTION
Task: {A3FA1677-3B61-4563-B71B-BBB9C4E9FA74} - \Dregol fofe -> No File <==== ATTENTION
Task: {B4B6E562-9D56-4443-B0D2-C31F12A1D0FB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {D88532D8-5F76-4819-94C4-0B160B7F6484} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-24] (Google Inc.)
Task: {FD8A266C-AED1-466B-9790-2966EF5A5662} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
river"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17175808.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9680941D6.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\08909918.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17175808.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\9680941D6.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\1001movie.com -> 1001movie.com

There are 6127 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2016-02-12 12:25 - 00000828 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jmloftis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.220.220 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{281763E9-0DC2-4DD9-B584-BDF28F26C7C4}] => C:\Users\jmloftis\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{A9C2628D-6432-45F1-BFDD-794E985B77ED}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8C04644-4242-496F-89B6-65B48FEE0C5B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5A7EADD9-1A11-4462-B0B8-23768997CCD9}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{85B8EED8-DAEF-4596-8E3D-9191246895B4}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{93BB3EB4-CE66-4AF9-A359-1A58A24B8417}] => C:\Program Files (x86)\IObit\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{D6B01ADD-C46E-4455-95D8-F2F84291CB01}] => C:\Program Files (x86)\IObit\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{6D41EEC4-02DC-440E-8BE2-B8764D34F6FA}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{97B1AE60-AB72-4A98-A4C5-92B698A7CA56}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{C9EC9BD6-DF4D-4C0B-A7F0-B4199A920FE0}] => C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

10-12-2016 19:32:47 WinThruster (64-bit) Backup
10-12-2016 20:17:03 WinThruster restore point
10-12-2016 20:20:57 WinThruster restore point
11-12-2016 14:02:43 Windows Update
11-12-2016 16:05:18 Smart Defrag 5 restore point
11-12-2016 16:08:28 HitmanPro 3.7 restore point
11-12-2016 16:09:53 Advanced SystemCare 10 restore point
11-12-2016 17:36:37 Windows Update
11-12-2016 18:19:59 JRT Pre-Junkware Removal
11-12-2016 20:21:15 ASU_MSI_TRAN
12-12-2016 00:19:40 Windows Update
12-12-2016 17:08:33 Windows Update
12-12-2016 22:41:31 Windows Update
14-12-2016 12:29:22 Windows Update

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! VM Monitor
Description: avast! VM Monitor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Revert
Description: avast! Revert
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2016 09:13:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/14/2016 07:27:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/14/2016 12:26:39 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070020, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

Error: (12/14/2016 12:25:49 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2016 12:25:49 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2016 12:25:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2016 12:25:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2016 12:25:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/14/2016 12:25:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/14/2016 12:25:49 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)


System errors:
=============
Error: (12/14/2016 09:38:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} did not register with DCOM within the required timeout.

Error: (12/14/2016 09:12:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/14/2016 09:12:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/14/2016 09:11:52 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/14/2016 09:11:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswVmm
discache
ESProtectionDriver
HWiNFO32
spldr
Wanarpv6

Error: (12/14/2016 09:11:47 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/14/2016 09:11:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:08:07 PM on ‎12/‎14/‎2016 was unexpected.

Error: (12/14/2016 08:37:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (12/14/2016 07:26:51 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/14/2016 07:26:51 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


==================== Memory info ===========================

Processor: Intel® Core™ i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 12%
Total physical RAM: 6056.05 MB
Available physical RAM: 5297.97 MB
Total Virtual: 12110.29 MB
Available Virtual: 11382.07 MB

==================== Drives ================================

Drive c: (TI31154100C) (Fixed) (Total:687.33 GB) (Free:477.22 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 9F467080)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=687.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=17)

==================== End of Addition.txt ============================



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:55 AM

Posted 15 December 2016 - 03:47 PM

Please follow the directions in my previous reply as they still apply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 ExpatJim

ExpatJim
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 16 December 2016 - 09:27 AM

Hi fireman4it,

 

Your reply yesterday was about 4;30 a.m. my time. I am an expat based in Asia, so I think our hours can't accommodate real time responses.

 

As for my laptop infection, from the outset, I should let you know, for Adwcleaner objective #2, there was some difference from your steps. Not by choice.

 

Upon right-clicking and selecting (Windows 7) Run As Administrator, it gave me the message:

 

"You are currently running an outdated version of Adwcleaner. Please click [OK] in order to open AdwCleaner download page in which you can get latest version.

 

I clicked OK and it took me to: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

I compared the version it showed there to the one on my desktop, but suddenly noticed that AdwCleaner.exe had been wiped from my desktop.

 

My guess is that it would have been ok to download, but seeing Adwcleaner.exe was wiped from my desktop led me to do the procedure again and this time not choose OK, but choose Cancel, which opened the 6.0.4.0 version that had been loaded onto my desktop.

 

I did not want to be dooped! I could not verify toolslib.net is authorized by Malwarebytes, so I thought: "better safe than sorry"

 

Important Note: opening Adwcleaner version 6.0.4.0 on my desktop, by way of Cancel button, the tool opened, but I never noticed it update database (per you instruction)... your instruction to...  please wait until update is complete was not witnessed, even after waiting a few minutes there was no indication it ever updated. I tried a few times, even opening it again (via Cancel button) to be sure. Maybe the method changed, When I hit "scan" there is an initial "engine" check.

 

Anyway, I followed your instructions every step, but needed to report that variation.

 

Below are important observations going through your instructed steps:

 

I proceeded using safe mode + network except for the normal "automatic restarts" after each of the two procedures.

 

Upon the normal restarts, a good thing is that the 2 previous message boxes did NOT appear. Remember? It had previously been launching 2 message boxes showing: "AutoIt Error: Line 0 (File "C:\Google\googleupdate.a3x): Error opening the file"

 

So I was a bit optimistic, but upon trying to reach this forum thread through normal browsing in Firefox, AVAST's automated warning system gave me the warning message it detected a threat, like the previous (63+ infection) types, as follows:

 

LNK:Starter-A [Trj].

 

I did NOT scan with AVAST, it simply warned and I noticed the messages. indicated a LNK:Starter-A [Trj] threat.

 

Also note that I was, once again, unable to reach this Bleeping Computer Forum in normal mode, the page loaded ultra-slow, and a white "time out" page indicated "reset" of the connection.

 

So even though Adwcleaner found no threats, my pc is surely still infected.

 

Please keep in mind, that finally, per my original message, we will also need to clean /fix "Ink shortcuts" that completely infected and hijacked two external drives that I sometimes plug-in and use for backing up personal files [1. external ADATA HDD. 2. external Maxtor HDD]. They were completely infected with"Ink shotcuts" - right clicking "properties" for every file, all show the following base: 

"C:\windows\system32\cmd.exe /c start Drive.bat &"

 

Note; I have not reconnected those external HDDs since 5 days ago, as I believe that will be our final set of steps, after my computer is cleared as fully disinfected. Please keep in mind those still need to be fixed after the laptop,

 

I paste below the two files you need. I look forward to your next steps.

____________________________________________________________________________________

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by jmloftis (16-12-2016 16:30:22) Run:1
Running from C:\Users\jmloftis\Desktop
Loaded Profiles: jmloftis (Available Profiles: jmloftis)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [AntiWormUpdate] => C:\Google\AutoIt3.exe [750320 2012-01-29] (AutoIt Team)
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [AntiUsbWorm] => C:\windows\system32\cmd.exe /c start C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x  & exi
C:\Google\AutoIt3.exe
HKLM\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-12-12]
ShortcutTarget: Start.lnk -> C:\Users\jmloftis\AppData\Roaming\wrvib\uaucjo.exe (Microsoft Corporation)
Startup: C:\Users\jmloftis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-12-12]
ShortcutTarget: Start.lnk -> C:\Users\jmloftis\AppData\Roaming\wrvib\uaucjo.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{67F4AA9A-E231-41CB-8C34-85B12B30D701}: [NameServer] 208.67.220.220,208.67.222.222
Tcpip\..\Interfaces\{67F4AA9A-E231-41CB-8C34-85B12B30D701}: [DhcpNameServer] 8.8.8.8 8.8.4.4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshibamea.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-96689548-2535591333-3550804405-1000 -> DefaultScope {DA2CF463-B698-4D07-B0A7-E3DC3E5A653D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-96689548-2535591333-3550804405-1000 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-96689548-2535591333-3550804405-1000 -> {DA2CF463-B698-4D07-B0A7-E3DC3E5A653D} URL = hxxps://www.google.com/search?q={searchTerms}
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF NewTab: Mozilla\Firefox\Profiles\b2nw7hm7.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\b2nw7hm7.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\b2nw7hm7.default -> hxxps://www.google.com/?gfe_rd=cr&ei=ykP1VMrpFMyL8QeYsoCQCA&gws_rd=ssl,cr&fg=1
FF Keyword.URL: Mozilla\Firefox\Profiles\b2nw7hm7.default -> user_pref("keyword.URL", true);
FF HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\jmloftis\AppData\Local\XDM\xdmff => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 Tosrfcom; no ImagePath
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-12-10] ()
S3 cpuz134; \??\C:\Users\jmloftis\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S2 npf; \??\C:\windows\system32\drivers\npf.sys [X]
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]
Task: {51572203-531E-4520-90C9-36C701028004} - \update-S-1-5-21-96689548-2535591333-3550804405-1000 -> No File <==== ATTENTION
Task: {1F789175-8FA1-496F-82AA-28B5D21CAA62} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {A08FEF56-3F06-4B55-B7CC-D1391A1AAF32} - \update-sys -> No File <==== ATTENTION
Task: {A3FA1677-3B61-4563-B71B-BBB9C4E9FA74} - \Dregol fofe -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
Emptytemp
Hosts
*****************

HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AntiWormUpdate => value removed successfully
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AntiUsbWorm => value removed successfully
C:\Google\AutoIt3.exe => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk => moved successfully
C:\Users\jmloftis\AppData\Roaming\wrvib\uaucjo.exe => not found.
C:\Users\jmloftis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk => moved successfully
C:\Users\jmloftis\AppData\Roaming\wrvib\uaucjo.exe => not found.
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67F4AA9A-E231-41CB-8C34-85B12B30D701}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{67F4AA9A-E231-41CB-8C34-85B12B30D701}\\DhcpNameServer => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-96689548-2535591333-3550804405-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}" => key removed successfully
HKCR\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => key not found.
"HKU\S-1-5-21-96689548-2535591333-3550804405-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA2CF463-B698-4D07-B0A7-E3DC3E5A653D}" => key removed successfully
HKCR\CLSID\{DA2CF463-B698-4D07-B0A7-E3DC3E5A653D} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}" => key removed successfully
HKCR\Wow6432Node\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664} => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
Firefox "newtab" removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Mozilla\Firefox\Extensions\\xdmff@xdman.sourceforge.net => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Tosrfcom => service removed successfully
TrueSight => service removed successfully
cpuz134 => service removed successfully
dbx => service removed successfully
npf => service removed successfully
TDEIO => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51572203-531E-4520-90C9-36C701028004}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51572203-531E-4520-90C9-36C701028004}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-96689548-2535591333-3550804405-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F789175-8FA1-496F-82AA-28B5D21CAA62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F789175-8FA1-496F-82AA-28B5D21CAA62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A08FEF56-3F06-4B55-B7CC-D1391A1AAF32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A08FEF56-3F06-4B55-B7CC-D1391A1AAF32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3FA1677-3B61-4563-B71B-BBB9C4E9FA74}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3FA1677-3B61-4563-B71B-BBB9C4E9FA74}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dregol fofe => key not found.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
Emptytemp => Error: No automatic fix found for this entry.
Hosts => Error: No automatic fix found for this entry.


The system needed a reboot.

==== End of Fixlog 16:30:22 ====

 

 

 

# AdwCleaner v6.040 - Logfile created 16/12/2016 at 19:45:35
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-02.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : jmloftis - JMLOFTIS-PC
# Running from : C:\Users\jmloftis\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: " Image File Execution Options" keys deleted
:: "Prefetch" files deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [13581 Bytes] - [10/12/2016 02:09:10]
C:\AdwCleaner\AdwCleaner[C2].txt - [6136 Bytes] - [10/12/2016 21:52:31]
C:\AdwCleaner\AdwCleaner[C3].txt - [998 Bytes] - [16/12/2016 19:45:35]
C:\AdwCleaner\AdwCleaner[R0].txt - [4706 Bytes] - [29/07/2015 18:50:28]
C:\AdwCleaner\AdwCleaner[R10].txt - [1516 Bytes] - [30/07/2015 15:31:25]
C:\AdwCleaner\AdwCleaner[R11].txt - [1576 Bytes] - [30/07/2015 15:32:32]
C:\AdwCleaner\AdwCleaner[R12].txt - [1636 Bytes] - [30/07/2015 15:33:06]
C:\AdwCleaner\AdwCleaner[R13].txt - [1819 Bytes] - [30/07/2015 20:09:20]
C:\AdwCleaner\AdwCleaner[R14].txt - [1879 Bytes] - [30/07/2015 20:10:43]
C:\AdwCleaner\AdwCleaner[R15].txt - [1818 Bytes] - [30/07/2015 20:11:23]
C:\AdwCleaner\AdwCleaner[R16].txt - [1937 Bytes] - [30/07/2015 20:17:35]
C:\AdwCleaner\AdwCleaner[R17].txt - [2056 Bytes] - [30/07/2015 20:18:56]
C:\AdwCleaner\AdwCleaner[R18].txt - [2057 Bytes] - [30/07/2015 20:19:17]
C:\AdwCleaner\AdwCleaner[R19].txt - [2117 Bytes] - [30/07/2015 20:20:17]
C:\AdwCleaner\AdwCleaner[R1].txt - [925 Bytes] - [29/07/2015 18:53:18]
C:\AdwCleaner\AdwCleaner[R20].txt - [2177 Bytes] - [30/07/2015 20:21:38]
C:\AdwCleaner\AdwCleaner[R21].txt - [2237 Bytes] - [30/07/2015 20:22:54]
C:\AdwCleaner\AdwCleaner[R22].txt - [2297 Bytes] - [30/07/2015 20:23:54]
C:\AdwCleaner\AdwCleaner[R23].txt - [2357 Bytes] - [30/07/2015 20:24:48]
C:\AdwCleaner\AdwCleaner[R24].txt - [2417 Bytes] - [30/07/2015 20:25:38]
C:\AdwCleaner\AdwCleaner[R25].txt - [2477 Bytes] - [30/07/2015 20:57:49]
C:\AdwCleaner\AdwCleaner[R26].txt - [2537 Bytes] - [30/07/2015 20:58:42]
C:\AdwCleaner\AdwCleaner[R27].txt - [2579 Bytes] - [31/07/2015 13:38:38]
C:\AdwCleaner\AdwCleaner[R28].txt - [2639 Bytes] - [31/07/2015 13:40:33]
C:\AdwCleaner\AdwCleaner[R29].txt - [2699 Bytes] - [31/07/2015 13:42:14]
C:\AdwCleaner\AdwCleaner[R2].txt - [1041 Bytes] - [29/07/2015 18:56:09]
C:\AdwCleaner\AdwCleaner[R30].txt - [2721 Bytes] - [31/07/2015 13:44:48]
C:\AdwCleaner\AdwCleaner[R31].txt - [2781 Bytes] - [31/07/2015 13:45:53]
C:\AdwCleaner\AdwCleaner[R32].txt - [2841 Bytes] - [31/07/2015 13:47:33]
C:\AdwCleaner\AdwCleaner[R33].txt - [3002 Bytes] - [31/07/2015 14:55:16]
C:\AdwCleaner\AdwCleaner[R34].txt - [3062 Bytes] - [31/07/2015 15:04:19]
C:\AdwCleaner\AdwCleaner[R35].txt - [3243 Bytes] - [31/07/2015 16:31:59]
C:\AdwCleaner\AdwCleaner[R36].txt - [3156 Bytes] - [31/07/2015 16:34:39]
C:\AdwCleaner\AdwCleaner[R37].txt - [3216 Bytes] - [31/07/2015 16:35:29]
C:\AdwCleaner\AdwCleaner[R38].txt - [3276 Bytes] - [31/07/2015 16:36:23]
C:\AdwCleaner\AdwCleaner[R39].txt - [3457 Bytes] - [31/07/2015 18:56:26]
C:\AdwCleaner\AdwCleaner[R3].txt - [1101 Bytes] - [29/07/2015 18:56:56]
C:\AdwCleaner\AdwCleaner[R40].txt - [3455 Bytes] - [31/07/2015 18:59:08]
C:\AdwCleaner\AdwCleaner[R41].txt - [3515 Bytes] - [31/07/2015 19:00:49]
C:\AdwCleaner\AdwCleaner[R42].txt - [3575 Bytes] - [31/07/2015 19:07:46]
C:\AdwCleaner\AdwCleaner[R43].txt - [3635 Bytes] - [31/07/2015 19:08:55]
C:\AdwCleaner\AdwCleaner[R44].txt - [3695 Bytes] - [31/07/2015 19:09:45]
C:\AdwCleaner\AdwCleaner[R45].txt - [3755 Bytes] - [31/07/2015 19:10:40]
C:\AdwCleaner\AdwCleaner[R46].txt - [3815 Bytes] - [31/07/2015 19:11:41]
C:\AdwCleaner\AdwCleaner[R47].txt - [3875 Bytes] - [31/07/2015 20:33:55]
C:\AdwCleaner\AdwCleaner[R48].txt - [3935 Bytes] - [31/07/2015 20:34:48]
C:\AdwCleaner\AdwCleaner[R49].txt - [3995 Bytes] - [31/07/2015 20:35:37]
C:\AdwCleaner\AdwCleaner[R4].txt - [1160 Bytes] - [30/07/2015 15:25:04]
C:\AdwCleaner\AdwCleaner[R50].txt - [4055 Bytes] - [31/07/2015 20:36:26]
C:\AdwCleaner\AdwCleaner[R51].txt - [4250 Bytes] - [10/01/2016 16:48:36]
C:\AdwCleaner\AdwCleaner[R52].txt - [4311 Bytes] - [10/01/2016 16:50:05]
C:\AdwCleaner\AdwCleaner[R53].txt - [4375 Bytes] - [10/01/2016 16:54:48]
C:\AdwCleaner\AdwCleaner[R54].txt - [4496 Bytes] - [10/01/2016 17:14:21]
C:\AdwCleaner\AdwCleaner[R5].txt - [1219 Bytes] - [30/07/2015 15:26:18]
C:\AdwCleaner\AdwCleaner[R6].txt - [1279 Bytes] - [30/07/2015 15:27:16]
C:\AdwCleaner\AdwCleaner[R7].txt - [1338 Bytes] - [30/07/2015 15:28:43]
C:\AdwCleaner\AdwCleaner[R8].txt - [1397 Bytes] - [30/07/2015 15:29:42]
C:\AdwCleaner\AdwCleaner[R9].txt - [1456 Bytes] - [30/07/2015 15:30:34]
C:\AdwCleaner\AdwCleaner[S0].txt - [4766 Bytes] - [29/07/2015 18:51:12]
C:\AdwCleaner\AdwCleaner[S10].txt - [6105 Bytes] - [12/12/2016 01:04:26]
C:\AdwCleaner\AdwCleaner[S11].txt - [6177 Bytes] - [16/12/2016 19:42:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [988 Bytes] - [29/07/2015 18:54:28]
C:\AdwCleaner\AdwCleaner[S2].txt - [2004 Bytes] - [30/07/2015 20:11:55]
C:\AdwCleaner\AdwCleaner[S3].txt - [3310 Bytes] - [31/07/2015 16:32:40]
C:\AdwCleaner\AdwCleaner[S4].txt - [3522 Bytes] - [31/07/2015 18:57:05]
C:\AdwCleaner\AdwCleaner[S5].txt - [4373 Bytes] - [10/01/2016 16:50:19]
C:\AdwCleaner\AdwCleaner[S6].txt - [4435 Bytes] - [10/01/2016 16:55:08]
C:\AdwCleaner\AdwCleaner[S7].txt - [4556 Bytes] - [10/01/2016 17:14:51]
C:\AdwCleaner\AdwCleaner[S8].txt - [12251 Bytes] - [10/12/2016 02:08:22]
C:\AdwCleaner\AdwCleaner[S9].txt - [6172 Bytes] - [10/12/2016 21:45:33]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [6007 Bytes] ##########



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:55 AM

Posted 16 December 2016 - 11:03 AM

Please run FRST as you did the first time you ever ran it and post the new FRST.txt.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 ExpatJim

ExpatJim
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 16 December 2016 - 12:49 PM

Hi fireman4it,

 

At least I can return your latest request within a short time, but It is past 1:30 a.m. here so I must sleep before I awaken to your next instructiion.

 

Below is the new FRST.txt I just generated:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by jmloftis (administrator) on JMLOFTIS-PC (17-12-2016 01:38:33)
Running from C:\Users\jmloftis\Desktop
Loaded Profiles: jmloftis (Available Profiles: jmloftis)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [393320 2016-01-14] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049712 2013-05-03] (Synaptics Incorporated)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [996192 2013-05-21] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-03] ()
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [293760 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [745912 2012-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-04-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-16] (Intel Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-11] (AVAST Software)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-29] (Piriform Ltd)
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-11] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{67F4AA9A-E231-41CB-8C34-85B12B30D701}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TEJB
HKU\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-12-11] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-11] (AVAST Software)

FireFox:
========
FF DefaultProfile: b2nw7hm7.default
FF ProfilePath: C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default [2016-12-17]
FF user.js: detected! => C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\user.js [2016-12-10]
FF Homepage: Mozilla\Firefox\Profiles\b2nw7hm7.default -> hxxps://www.google.com/?gws_rd=ssl
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2016-08-12]
FF Extension: (Lightshot (screenshot tool)) - C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2016-05-20]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\jmloftis\AppData\Roaming\Mozilla\Firefox\Profiles\b2nw7hm7.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2016-11-22]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-11]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-13] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-96689548-2535591333-3550804405-1000: @citrixonline.com/appdetectorplugin -> C:\Users\jmloftis\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-07] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default [2016-12-14]
CHR Extension: (Google Slides) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-24]
CHR Extension: (Flash Video Downloader) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-12-09]
CHR Extension: (LeadFuze - Sales Prospecting Tool) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ameidhagnfddjaleejfpigojomffoigm [2016-12-09]
CHR Extension: (Google Docs) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-24]
CHR Extension: (Google Drive) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-24]
CHR Extension: (Google Search) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Facebook Pixel Helper) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2016-12-13]
CHR Extension: (Google Sheets) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-21]
CHR Extension: (Avast Online Security) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-13]
CHR Extension: (Aliexpress Assistant - Price Tracker) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihlaoogegdjakmdbpbilijdghoggkim [2016-12-09]
CHR Extension: (100K Factory Ultra Edition) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaifpfmikklhkkmhcmbnpfbfclphibia [2016-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-21]
CHR Extension: (Gmail) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-24]
CHR Extension: (Chrome Media Router) - C:\Users\jmloftis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-11] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-17] (Dropbox, Inc.)
S2 DbxSvc; C:\windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)
S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
S2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [344168 2016-01-14] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-13] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-13] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-07-20] (IObit)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-02] (Symantec Corporation)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 9680941D6; C:\windows\System32\drivers\9680941D6.sys [478392 2016-12-11] (Kaspersky Lab ZAO)
S3 Apowersoft_AudioDevice; C:\windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 aswHwid; C:\windows\system32\drivers\aswHwid.sys [37656 2016-12-11] (AVAST Software)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [37144 2016-12-12] (AVAST Software)
S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [108816 2016-12-11] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [103064 2016-12-11] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-11] (AVAST Software)
S1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [969184 2016-12-11] (AVAST Software)
S1 aswSP; C:\windows\system32\drivers\aswSP.sys [513632 2016-12-11] (AVAST Software)
S2 aswStm; C:\windows\system32\drivers\aswStm.sys [163416 2016-12-11] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-11] (AVAST Software)
S3 ccSet_NARA; C:\windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 GeneStor; C:\windows\System32\DRIVERS\GeneStor.sys [60928 2016-01-14] (GenesysLogic)
S1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-24] (REALiX™)
R0 iaStorF; C:\windows\System32\DRIVERS\iaStorF.sys [31712 2016-08-30] (Intel Corporation)
R3 L1C; C:\windows\System32\DRIVERS\L1C62x64.sys [129224 2016-01-14] (Qualcomm Atheros Co., Ltd.)
R3 MEIx64; C:\windows\System32\DRIVERS\TeeDriverx64.sys [181304 2016-08-30] (Intel Corporation)
S3 SmbDrvI; C:\windows\System32\DRIVERS\Smb_driver_Intel.sys [32936 2016-01-14] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-17 01:38 - 2016-12-17 01:39 - 00018634 _____ C:\Users\jmloftis\Desktop\FRST.txt
2016-12-17 00:21 - 2016-12-17 00:21 - 00695731 _____ C:\Users\jmloftis\Documents\Danny Iny_Business Trend 2017.pdf
2016-12-16 20:11 - 2016-12-16 20:11 - 00006086 _____ C:\Users\jmloftis\Desktop\AdwCleaner[C3].txt
2016-12-16 19:30 - 2016-12-16 19:33 - 03968464 _____ C:\Users\jmloftis\Desktop\AdwCleaner.exe
2016-12-16 16:32 - 2016-12-16 16:32 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-12-16 16:30 - 2016-12-16 16:30 - 00010234 _____ C:\Users\jmloftis\Desktop\Fixlog.txt
2016-12-16 15:34 - 2016-12-16 15:34 - 00277327 _____ C:\Users\jmloftis\Documents\James Altucher_9-skills.pdf
2016-12-16 15:17 - 2016-12-16 15:17 - 00712029 _____ C:\Users\jmloftis\Documents\Zacks_Valuation.pdf
2016-12-16 15:15 - 2016-12-16 15:15 - 01792643 _____ C:\Users\jmloftis\Documents\Zacks10 winning_strategies.pdf
2016-12-16 15:11 - 2016-12-16 15:11 - 05098738 _____ C:\Users\jmloftis\Desktop\Zacks_7 stock_report.pdf
2016-12-16 14:32 - 2016-12-16 14:32 - 03854315 _____ C:\Users\jmloftis\Documents\Jim_Life-Blueprint-Evergreen-v1.pdf
2016-12-16 14:06 - 2016-12-16 14:06 - 02364965 _____ C:\Users\jmloftis\Documents\Altucher-James_Choose Yourself.pdf
2016-12-16 01:36 - 2016-12-16 04:41 - 301491129 _____ C:\Users\jmloftis\Downloads\file.mp4
2016-12-16 00:28 - 2016-12-16 01:17 - 64270320 _____ (APOWERSOFT LIMITED ) C:\Users\jmloftis\Downloads\video-download-capture.exe
2016-12-16 00:23 - 2016-12-16 01:30 - 00000000 ____D C:\Users\jmloftis\AppData\Local\Apowersoft
2016-12-16 00:22 - 2016-12-16 00:23 - 01226104 _____ (Apowersoft Ltd. ) C:\Users\jmloftis\Downloads\apowersoft-online-launcher.exe
2016-12-15 23:18 - 2016-12-15 23:18 - 00621836 _____ C:\Users\jmloftis\Documents\Amazing-Images.pdf
2016-12-15 22:43 - 2016-12-15 22:43 - 13551706 _____ C:\Users\jmloftis\Documents\Reed Floren_week3HowtoCreateYourOwnInfoProduct.pdf
2016-12-15 16:57 - 2016-12-15 17:10 - 17999776 _____ C:\Users\jmloftis\Documents\Kathleen_Lief_Finances_Workshop_1.pdf
2016-12-15 16:52 - 2016-12-15 16:54 - 02585399 _____ C:\Users\jmloftis\Documents\Kathleen_Lief_VISAS RESIDENCY_Workshop_3.pdf
2016-12-15 16:51 - 2016-12-15 16:52 - 01996831 _____ C:\Users\jmloftis\Documents\Kathleen_Lief_HEALTHCARE_Workshop_6.pdf
2016-12-15 14:56 - 2016-12-15 14:56 - 00135481 _____ C:\Users\jmloftis\Documents\Niche Hacks_High-Paying-Affiliate-Niches.pdf
2016-12-15 14:56 - 2016-12-15 14:56 - 00114310 _____ C:\Users\jmloftis\Documents\Niche Hacks_65-High-Paying-Affiliate-Programs.pdf
2016-12-15 14:46 - 2016-12-15 14:46 - 00049242 _____ C:\Users\jmloftis\Documents\Niche Hacks_Case-Studies-Resources.pdf
2016-12-15 14:40 - 2016-12-15 14:40 - 00205312 _____ C:\Users\jmloftis\Documents\Niche Hacks_1109-Niches1.xls
2016-12-15 14:38 - 2016-12-15 14:38 - 00641071 _____ C:\Users\jmloftis\Documents\Niche Hacks_Niche-Guide.pdf
2016-12-15 14:34 - 2016-12-15 14:34 - 00694347 _____ C:\Users\jmloftis\Documents\Niche Hacks_The-Ultimate-Guide-To-Finding-A-Niche-Market-PDF.pdf
2016-12-15 14:25 - 2016-12-15 14:25 - 01823816 _____ C:\Users\jmloftis\Documents\Niche Hacks_Affiliate-Fortune-Secret.pdf
2016-12-15 14:20 - 2016-12-15 14:20 - 00289444 _____ C:\Users\jmloftis\Documents\Niche Hacks_101-High-Paying-Affiliate-Programs-Final.pdf
2016-12-15 14:18 - 2016-12-15 14:18 - 01037097 _____ C:\Users\jmloftis\Documents\Niche Hacks_Viral-Content-Hacks.pdf
2016-12-15 14:15 - 2016-12-15 14:15 - 00166395 _____ C:\Users\jmloftis\Documents\Niche Hacks_Find-Biggest-Affiliates.pdf
2016-12-15 14:14 - 2016-12-15 14:14 - 01354359 _____ C:\Users\jmloftis\Documents\Niche Hacks_Top-100-Guides-Of-The-Year.pdf
2016-12-15 14:07 - 2016-12-15 14:07 - 23767804 _____ C:\Users\jmloftis\Documents\Niche Hacks_32k Amazon Niche Sites.pdf
2016-12-15 13:42 - 2016-12-15 13:42 - 00500005 _____ C:\Users\jmloftis\Documents\Niche Hacks_32-MarketingTitans-PromotionTechniques.pdf
2016-12-15 13:32 - 2016-12-15 13:32 - 00037376 _____ C:\Users\jmloftis\Documents\Niche Hacks_20-Hottest-Clickbank-Niches.xls
2016-12-15 13:28 - 2016-12-15 13:28 - 00086528 _____ C:\Users\jmloftis\Documents\Niche Hacks_Insomnia-Keywords.xls
2016-12-15 13:27 - 2016-12-15 13:27 - 00090624 _____ C:\Users\jmloftis\Documents\Niche Hacks_Paleo-Diet-Keywords.xls
2016-12-15 13:23 - 2016-12-15 13:23 - 00328192 _____ C:\Users\jmloftis\Documents\Niche Hacks_1781-Niches-Opt-In-Giveaway.xls
2016-12-14 21:34 - 2016-12-12 16:42 - 02420224 _____ (Farbar) C:\Users\jmloftis\Desktop\FRST64.exe
2016-12-14 19:26 - 2016-12-16 20:31 - 00844166 _____ C:\windows\ntbtlog.txt
2016-12-14 12:25 - 2016-12-14 12:25 - 00115416 _____ C:\Users\jmloftis\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-14 12:24 - 2016-12-14 12:25 - 00452568 _____ C:\windows\system32\FNTCACHE.DAT
2016-12-14 02:57 - 2016-12-14 02:57 - 00000854 _____ C:\Users\jmloftis\Desktop\cc_20161214_025721.reg
2016-12-13 23:21 - 2016-12-17 01:09 - 00375230 _____ C:\Users\jmloftis\Desktop\Dan Pena.tmd
2016-12-13 23:21 - 2016-12-16 23:37 - 00375194 _____ C:\Users\jmloftis\Desktop\Dan Pena.bak
2016-12-13 23:20 - 2016-12-14 02:55 - 00156729 _____ C:\Users\jmloftis\Desktop\NPFC.tmd
2016-12-13 23:20 - 2016-12-14 02:17 - 00156225 _____ C:\Users\jmloftis\Desktop\NPFC.bak
2016-12-13 21:08 - 2016-12-13 21:10 - 02001620 _____ C:\Users\jmloftis\Documents\Boxcryptor - encryption software for Dropbox.mp4
2016-12-13 17:28 - 2016-12-13 17:28 - 00000476 _____ C:\Users\jmloftis\Desktop\cc_20161213_172854.reg
2016-12-13 17:28 - 2016-12-13 17:28 - 00000082 _____ C:\Users\jmloftis\Desktop\cc_20161213_172836.reg
2016-12-12 23:26 - 2016-12-12 23:26 - 00023802 _____ C:\Users\jmloftis\Downloads\Addition.txt
2016-12-12 23:24 - 2016-12-17 01:38 - 00000000 ____D C:\FRST
2016-12-12 23:10 - 2016-12-12 23:10 - 00018014 _____ C:\Users\jmloftis\Desktop\cc_20161212_230959.reg
2016-12-12 21:23 - 2016-12-12 21:23 - 00098978 _____ C:\Users\jmloftis\Documents\IAAC_finra_firm_10645.pdf
2016-12-12 16:40 - 2016-12-12 16:42 - 02420224 _____ (Farbar) C:\Users\jmloftis\Downloads\FRST64.exe
2016-12-12 15:47 - 2016-12-12 15:47 - 00451707 _____ C:\Users\jmloftis\Desktop\John Gibb_TINY Overview.pdf
2016-12-12 14:52 - 2016-12-12 16:37 - 142028041 _____ C:\Users\jmloftis\Desktop\John Gibb_30 Miliion Visitors In December 2016.mp4
2016-12-12 14:07 - 2016-12-12 14:07 - 00293559 _____ C:\Users\jmloftis\Desktop\18-months-2-blogs-six-figures.pdf
2016-12-12 13:02 - 2016-12-12 21:07 - 00003896 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1481518964
2016-12-12 13:02 - 2016-12-12 13:02 - 00001054 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-12-12 13:02 - 2016-12-12 13:02 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-12 13:01 - 2016-12-12 13:01 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-12-12 02:09 - 2016-12-12 02:09 - 00001806 _____ C:\Users\jmloftis\Desktop\cc_20161212_020944.reg
2016-12-12 01:36 - 2016-12-12 01:45 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-12 01:36 - 2016-12-12 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-12 01:36 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-12-12 01:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-12-12 01:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-12-12 01:12 - 2016-12-12 01:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\jmloftis\Downloads\HijackThis.exe
2016-12-11 23:38 - 2016-12-11 23:52 - 14206800 _____ C:\Users\jmloftis\Desktop\How to Remove Computer Virus Without Antivirus Program _ without using any antivirus New 2016.mp4
2016-12-11 23:37 - 2016-12-11 23:53 - 06022792 _____ C:\Users\jmloftis\Desktop\How to detect a virus.mp4
2016-12-11 22:17 - 2016-12-11 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-12-11 22:17 - 2016-12-11 22:17 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-11 22:15 - 2016-12-11 22:23 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-11 22:06 - 2016-12-11 22:15 - 11581544 _____ (SurfRight B.V.) C:\Users\jmloftis\Downloads\HitmanPro_x64.exe
2016-12-11 19:36 - 2016-12-11 19:36 - 00003041 _____ C:\Users\jmloftis\Desktop\Malwarebytes_File_Potential Treats_12_10_2016.txt
2016-12-11 19:16 - 2016-12-11 19:16 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\AVAST Software
2016-12-11 19:15 - 2016-12-11 19:15 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-12-11 19:15 - 2016-12-11 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-12-11 19:10 - 2016-12-11 19:12 - 00969184 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2016-12-11 19:10 - 2016-12-11 19:12 - 00513632 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2016-12-11 19:10 - 2016-12-11 19:12 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-12-11 19:10 - 2016-12-11 19:10 - 00000350 ____H C:\windows\Tasks\avast! Emergency Update.job
2016-12-11 19:10 - 2016-12-11 19:09 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-12-11 19:10 - 2016-12-11 19:09 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-12-11 19:09 - 2016-12-11 19:09 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-12-11 19:09 - 2016-12-11 19:09 - 00053208 _____ (AVAST Software) C:\windows\avastSS.scr
2016-12-11 18:29 - 2016-12-12 13:01 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-11 18:18 - 2016-10-05 06:39 - 01631928 _____ (Malwarebytes) C:\Users\jmloftis\Desktop\JRT.exe
2016-12-11 16:50 - 2016-12-11 16:50 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Curiolab
2016-12-11 16:45 - 2016-12-11 18:13 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2016-12-11 16:45 - 2016-12-11 16:45 - 00001092 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2016-12-11 16:45 - 2016-12-11 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2016-12-11 16:31 - 2016-12-11 16:42 - 15637544 _____ (CURIOLAB S.M.B.A.) C:\Users\jmloftis\Downloads\ExterminateItSetup.exe
2016-12-11 14:37 - 2016-12-11 14:37 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\ProductData
2016-12-11 14:36 - 2016-12-11 14:38 - 00000000 ____D C:\ProgramData\ProductData
2016-12-11 14:35 - 2016-12-11 14:35 - 00478392 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\9680941D6.sys
2016-12-11 13:48 - 2016-12-11 17:35 - 00000000 ____D C:\KVRT_Data
2016-12-11 13:13 - 2016-12-11 13:13 - 00000000 ____D C:\Program Files (x86)\Zone Labs
2016-12-11 13:12 - 2016-12-11 13:12 - 00000000 ____D C:\windows\Internet Logs
2016-12-11 12:24 - 2016-12-11 13:47 - 103531352 _____ (Kaspersky Lab ZAO) C:\Users\jmloftis\Downloads\KVRT.exe
2016-12-10 23:35 - 2016-12-10 23:35 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-10 23:15 - 2016-12-10 23:14 - 00969560 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.148138423840207
2016-12-10 23:15 - 2016-12-10 23:14 - 00513496 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.148138424542210
2016-12-10 23:15 - 2016-12-10 23:14 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys.148138424904112
2016-12-10 22:52 - 2016-12-10 22:59 - 08004763 _____ C:\Users\jmloftis\Desktop\How to remove Verecno _ googleupdate.a3x startup error.mp4
2016-12-10 22:19 - 2016-12-10 22:19 - 00003041 _____ C:\Users\jmloftis\Documents\Malwarebytes_File_Potential Treats_12_10_2016.txt
2016-12-10 22:12 - 2016-12-12 13:01 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-10 22:07 - 2016-12-10 22:12 - 06253640 _____ (AVAST Software) C:\Users\jmloftis\Downloads\avast_free_antivirus_setup_online_cnet_1.exe
2016-12-10 20:33 - 2016-12-11 16:44 - 00000000 ____D C:\ProgramData\TEMP
2016-12-10 20:33 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCTL.OCX
2016-12-10 20:33 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSSTDFMT.DLL
2016-12-10 20:12 - 2016-12-10 20:16 - 04291320 _____ (BrightFort LLC ) C:\Users\jmloftis\Downloads\spywareblastersetup55.exe
2016-12-10 19:24 - 2016-12-10 20:17 - 00000000 ____D C:\Users\jmloftis\AppData\Local\IIIQF
2016-12-10 15:24 - 2016-12-13 20:25 - 00000000 ____D C:\Users\jmloftis\Desktop\Adam Short NPFC
2016-12-10 14:22 - 2016-12-13 14:54 - 00000000 ____D C:\Users\jmloftis\Desktop\Dec 2016
2016-12-10 14:16 - 2016-12-10 14:21 - 00000000 ____D C:\Users\jmloftis\Desktop\100K Factory Videos
2016-12-10 13:00 - 2016-12-10 13:00 - 00458363 _____ C:\Users\jmloftis\Documents\Avalara-Tax Software_ecommerce-brochure-1.1.pdf
2016-12-10 12:58 - 2016-12-10 12:58 - 09358257 _____ C:\Users\jmloftis\Documents\Burial Plot_Harley-Investment-Brochure-BLEED.pdf
2016-12-10 02:43 - 2016-12-10 02:43 - 00001690 _____ C:\Users\jmloftis\Documents\cc_20161210_024342.reg
2016-12-10 02:39 - 2016-12-10 02:39 - 00003272 ____N C:\bootsqm.dat
2016-12-10 00:53 - 2016-12-10 01:17 - 34190992 _____ (Adlice Software ) C:\Users\jmloftis\Downloads\RogueKiller.exe
2016-12-10 00:44 - 2016-12-10 00:47 - 03968464 _____ C:\Users\jmloftis\Downloads\adwcleaner.exe
2016-12-09 23:49 - 2016-12-09 23:49 - 00085786 _____ C:\Users\jmloftis\Documents\Nick Loper_50 Outsource Writers-20k-in-Monthly-Recurring-Revenue.compressed.pdf
2016-12-09 23:43 - 2016-12-09 23:43 - 05886224 _____ C:\Users\jmloftis\Documents\Jim_Book -Emotions Handbook.pdf
2016-12-09 23:04 - 2016-12-10 00:24 - 00000000 ____D C:\Program Files\Plumbytes Software
2016-12-09 20:33 - 2016-12-09 21:09 - 22851472 _____ (Malwarebytes ) C:\Users\jmloftis\Downloads\mbam-setup-FileHippo.19901-2.2.1.1043.exe
2016-12-09 18:13 - 2016-12-14 16:55 - 00000000 ___HD C:\Users\jmloftis\AppData\Roaming\wrvib
2016-12-09 16:54 - 2016-12-09 16:54 - 00466788 _____ C:\Users\jmloftis\Documents\Instant Cash Explosion_ 3k per month.pdf
2016-12-09 16:38 - 2016-12-09 16:38 - 00194822 _____ C:\Users\jmloftis\Documents\Sean Mize_Designing-Your-Personal-Blueprint.pdf
2016-12-08 23:14 - 2016-12-08 23:14 - 01809046 _____ C:\Users\jmloftis\Documents\Cadd_Banish Man Boobs (Gynecomastia) With No Drugs or Surgery.pdf
2016-12-08 23:07 - 2016-12-08 23:07 - 00692102 _____ C:\Users\jmloftis\Documents\Cadd_How To Eliminate ManBoobs.pdf
2016-12-08 21:51 - 2016-12-08 22:12 - 22289894 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack3_Buying Intent Keyword trends for Niche Site Formula Students.mp4
2016-12-08 21:49 - 2016-12-08 22:36 - 47444164 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack4_Know Your Competion... Stop Playing Niche Affiliate Marketing Blind Folded!.mp4
2016-12-08 21:09 - 2016-12-08 21:31 - 08387417 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack2 latest.mp4
2016-12-08 20:58 - 2016-12-08 20:58 - 00889344 _____ C:\Users\jmloftis\Documents\John Gibb_Data Pack0_MasterChart-Individual Tabs - 20082014.pmd
2016-12-08 20:46 - 2016-12-08 20:59 - 18020422 _____ C:\Users\jmloftis\Documents\John Gibb_Data Packs1 new.mp4
2016-12-08 20:14 - 2016-12-08 20:14 - 00531141 _____ C:\Users\jmloftis\Documents\John Gibb_Welcome To NSF.pdf
2016-12-08 20:11 - 2016-12-08 20:11 - 02428046 _____ C:\Users\jmloftis\Documents\John Gibb_NSF Niche Research Manual.pdf
2016-12-08 02:17 - 2016-12-08 02:17 - 23400187 _____ C:\Users\jmloftis\Desktop\Justin Brooke_Ultimate Email Example Guide.pdf
2016-12-07 21:59 - 2016-12-07 21:59 - 04531807 _____ C:\Users\jmloftis\Documents\4 Hour Body Cheat Sheet.pdf
2016-12-07 21:53 - 2016-12-07 21:53 - 01783937 _____ C:\Users\jmloftis\Documents\Aidan Booth_Textbook_Arbitrage-eComSystem-Cliff-Notes.pdf
2016-12-07 21:49 - 2016-12-07 21:49 - 18373157 _____ C:\Users\jmloftis\Documents\Russel Brunson_Funnel-Hacks-Cliff-Notes.pdf
2016-12-07 21:46 - 2016-12-07 21:46 - 01365129 _____ C:\Users\jmloftis\Documents\MIKE MICHALOWICZ_Profit First_Overview OneSheet_R2.pdf
2016-12-07 21:34 - 2016-12-07 21:34 - 02999709 _____ C:\Users\jmloftis\Documents\Jay Boyer_ASM-Insiders-Guide.pdf
2016-12-07 21:30 - 2016-12-07 21:30 - 02002171 _____ C:\Users\jmloftis\Documents\Jay Boyer_Pinterest Viral Traffic to Amazon Product.pdf
2016-12-07 21:26 - 2016-12-07 21:26 - 06422268 _____ C:\Users\jmloftis\Documents\Jay Boyer_Youtube Money 9-ways.pdf
2016-12-07 21:20 - 2016-12-07 21:20 - 04436026 _____ C:\Users\jmloftis\Documents\Jay Boyer_Zero-Content-Books.pdf
2016-12-07 21:11 - 2016-12-07 21:11 - 01287797 _____ C:\Users\jmloftis\Documents\Jay Boyer_Money-Niches.pdf
2016-12-07 21:08 - 2016-12-07 21:08 - 04170491 _____ C:\Users\jmloftis\Documents\Jay Boyer_Leverage Linkedin To Sell.pdf
2016-12-07 20:59 - 2016-12-07 20:59 - 02956598 _____ C:\Users\jmloftis\Documents\Jay Boyer_Instagram.pdf
2016-12-07 20:57 - 2016-12-07 20:57 - 02509488 _____ C:\Users\jmloftis\Documents\Instagram+Tools+Guide.pdf
2016-12-07 20:54 - 2016-12-07 20:54 - 02646849 _____ C:\Users\jmloftis\Documents\Jay Boyer_2,057hr on Fiverr.pdf
2016-12-07 20:50 - 2016-12-07 20:50 - 02839521 _____ C:\Users\jmloftis\Documents\Jay Boyer_30 Books in 30 Days_wordbotic.pdf
2016-12-07 20:46 - 2016-12-07 20:46 - 03019804 _____ C:\Users\jmloftis\Documents\Jay Boyer_Jason Fladlien_ASM.pdf
2016-12-07 20:43 - 2016-12-07 20:43 - 00810354 _____ C:\Users\jmloftis\Documents\Jay Boyer_First 1k Cheat Sheet.pdf
2016-12-07 20:41 - 2016-12-07 20:41 - 02384224 _____ C:\Users\jmloftis\Documents\Jay Boyer_Zero Cost Marketing Secrets.pdf
2016-12-07 20:36 - 2016-12-07 20:36 - 00528186 _____ C:\Users\jmloftis\Desktop\Aidan Booth_OutsourcingBlueprint.pdf
2016-12-06 16:29 - 2016-12-06 16:58 - 35646523 _____ C:\Users\jmloftis\Desktop\Never Work Again - On The Beach - Phil Town.mp4
2016-12-06 15:03 - 2016-12-06 16:00 - 77692926 _____ C:\Users\jmloftis\Desktop\Never Work Again_Adam Markel_Phil Town!.mp4
2016-12-05 16:18 - 2016-12-05 16:18 - 00531129 _____ C:\Users\jmloftis\Desktop\John Gibb_Welcome NSF.pdf
2016-12-03 23:13 - 2016-12-03 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-03 22:17 - 2016-12-03 22:24 - 02725703 _____ C:\Users\jmloftis\Desktop\Niche Site Formula!.mp4
2016-12-03 21:32 - 2016-12-03 21:32 - 00115200 _____ C:\Users\jmloftis\Documents\Optin Page Audit.pmd
2016-12-02 23:06 - 2016-12-02 23:06 - 00488130 _____ C:\Users\jmloftis\Desktop\BiteSize_Entrepreneurs_Guide_to_Info_Product_Marketing.pdf
2016-12-02 21:26 - 2016-12-02 21:26 - 00175072 _____ C:\Users\jmloftis\Documents\Philip Fisher_3Checklist-People-elements.pdf
2016-12-02 21:24 - 2016-12-02 21:24 - 00212313 _____ C:\Users\jmloftis\Documents\Philip Fisher_2Checklist-Functional-elements.pdf
2016-12-02 21:20 - 2016-12-02 21:20 - 00169847 _____ C:\Users\jmloftis\Documents\Philip Fisher_1 Checklist-Business-characteristics.pdf
2016-12-02 21:17 - 2016-12-02 21:17 - 00101804 _____ C:\Users\jmloftis\Documents\Side-Hustle_Legal Online Business-Questions-Answered.compressed.pdf
2016-12-02 15:58 - 2016-12-02 15:58 - 00903190 _____ C:\Users\jmloftis\Documents\Eugene Schwartz_127_Winning_Advertising_Headlines-1.pdf
2016-12-02 15:43 - 2016-12-02 15:43 - 00382744 _____ C:\Users\jmloftis\Documents\Bill Baren_YES-ConversationsThat Sell.pdf
2016-12-01 22:10 - 2016-12-01 22:10 - 02813042 _____ C:\Users\jmloftis\Documents\JJ_super-affiliate.pdf
2016-12-01 13:36 - 2016-12-01 13:36 - 04868685 _____ C:\Users\jmloftis\Documents\Dan Raine-Report-Gold-Issue-1.pdf
2016-12-01 01:04 - 2016-12-01 01:04 - 05038021 _____ C:\Users\jmloftis\Documents\Fred-Lam_Starting-From-Zero-eBook.pdf
2016-12-01 00:28 - 2016-12-01 00:28 - 02397656 _____ C:\Users\jmloftis\Desktop\NMD-REPORT-WEB-April15-v2.pdf
2016-11-30 21:45 - 2016-11-30 21:45 - 00259259 _____ C:\Users\jmloftis\Documents\Bill Baren_List-Building-Blueprint.pdf
2016-11-30 21:43 - 2016-11-30 21:43 - 02381327 _____ C:\Users\jmloftis\Documents\Bill Baren_Yes Map.pdf
2016-11-30 21:41 - 2016-11-30 21:41 - 00395066 _____ C:\Users\jmloftis\Documents\Bill Baren_Life-One-Year-Road-Map.pdf
2016-11-30 14:20 - 2016-11-30 14:20 - 05925989 _____ C:\Users\jmloftis\Documents\A-B-Testing-Marketo.pdf
2016-11-29 19:17 - 2016-11-29 19:17 - 00676456 _____ C:\Users\jmloftis\Desktop\Jimmy D Brown_Eearncome_3-Shifts-To-An-Extra-3K-Per-Week.pdf
2016-11-29 19:11 - 2016-11-29 19:11 - 00500032 _____ C:\Users\jmloftis\Desktop\Jimmy D Brown_Earncome_Shortcut To Creating Products-module31.pdf
2016-11-29 19:10 - 2016-11-29 19:10 - 01089330 _____ C:\Users\jmloftis\Desktop\Jimmy D Brown_Earncome_Ideas People Want To Read About-module35.pdf
2016-11-29 18:37 - 2016-11-29 18:37 - 00000000 ___DX C:\Users\jmloftis\Desktop\Small Reports__MACOSX
2016-11-29 16:10 - 2016-11-29 16:10 - 03392512 _____ C:\Users\jmloftis\Desktop\FEED A STARVING CROWD-book-v2.pdf
2016-11-28 22:05 - 2016-11-28 22:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2016-11-28 22:05 - 2016-11-28 22:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2016-11-28 22:05 - 2016-11-28 22:05 - 00075888 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2016-11-28 22:05 - 2016-11-28 22:05 - 00042096 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2016-11-28 21:32 - 2016-11-28 21:32 - 00707709 _____ C:\Users\jmloftis\Documents\INVESTING-101-COURSE-OUTLINE.pdf
2016-11-28 15:37 - 2016-11-28 15:37 - 00043602 _____ C:\Users\jmloftis\Documents\Philippines Real Estate Legal and Documentary Requirements.tmd
2016-11-28 15:06 - 2016-11-28 15:06 - 02793260 _____ C:\Users\jmloftis\Documents\Seth Godin_What-Matters-Now-2.pdf
2016-11-27 23:26 - 2016-11-27 23:26 - 00797152 _____ C:\Users\jmloftis\Desktop\Power_Over_Panic.pdf
2016-11-27 23:20 - 2016-11-27 23:20 - 01492441 _____ C:\Users\jmloftis\Desktop\Affiliate Panic Away ebook.pdf
2016-11-26 17:16 - 2016-12-11 17:36 - 00000000 _RSHD C:\Skypee
2016-11-26 17:15 - 2016-12-16 16:30 - 00000000 _RSHD C:\Google
2016-11-26 16:41 - 2016-11-26 16:41 - 00001588 _____ C:\Users\jmloftis\Desktop\Sewing Machine1.txt
2016-11-26 16:32 - 2016-12-16 17:12 - 00005124 _____ C:\Users\jmloftis\Desktop\Cadd_American Lierature.txt
2016-11-26 15:21 - 2016-11-26 15:21 - 00004071 _____ C:\Users\jmloftis\Desktop\Cadd_Editorial.txt
2016-11-26 13:40 - 2016-11-26 13:40 - 00305748 _____ C:\Users\jmloftis\Documents\Creating-Editorial Article-Newspaper.pdf
2016-11-25 18:18 - 2016-11-25 19:50 - 61415402 _____ C:\Users\jmloftis\Desktop\Tom Poland_5Day Five of Five Day Leadsology® Boot Camp.mp4
2016-11-25 16:08 - 2016-11-25 17:16 - 69916844 _____ C:\Users\jmloftis\Desktop\Tom Poland_4Day Four of Five Day Leadsology® Boot Camp.mp4
2016-11-25 15:27 - 2016-11-25 15:27 - 00519079 _____ C:\Users\jmloftis\Documents\Tom Poland_Definitive Guide To Outsourcing To Asia For Leadsology.pdf
2016-11-25 14:43 - 2016-11-25 14:43 - 01409685 _____ C:\Users\jmloftis\Desktop\John Gibb_DOMINATE-GOOGLE.pdf
2016-11-25 00:09 - 2016-11-25 02:08 - 171136508 _____ C:\Users\jmloftis\Desktop\Clickfunnels Certification Webinar.mp4
2016-11-24 23:57 - 2016-11-24 23:57 - 01674577 _____ C:\Users\jmloftis\Desktop\Copywriting.pdf
2016-11-24 23:53 - 2016-11-24 23:53 - 24733528 _____ C:\Users\jmloftis\Desktop\Neil Patel_Definitive-Guide-to-Growth-Hacking.pdf
2016-11-24 23:20 - 2016-11-24 23:20 - 01037115 _____ C:\Users\jmloftis\Desktop\Viral-Content-Hacks.pdf
2016-11-24 22:26 - 2016-11-24 22:26 - 01606863 _____ C:\Users\jmloftis\Desktop\John Gibb_Health Niche Success_ebook.pdf
2016-11-24 22:25 - 2016-11-24 22:25 - 00289455 _____ C:\Users\jmloftis\Desktop\101-High-Paying-Affiliate-Programs-Final.pdf
2016-11-24 22:17 - 2016-11-24 22:17 - 00402152 _____ C:\Users\jmloftis\Documents\John Gibb_Assessing-Your-SEO-Situation-By-John-Gibb.pdf
2016-11-24 19:34 - 2016-11-24 19:34 - 00199608 _____ C:\Users\jmloftis\Documents\Eben Pagan_Virtual CEO 7 Modules Summary.pdf
2016-11-24 14:39 - 2016-11-24 15:41 - 80645509 _____ C:\Users\jmloftis\Desktop\Tom Poland_3Day Three of Five day Leadsology® Boot Camp - November 2016.mp4
2016-11-23 16:31 - 2016-11-23 16:44 - 08139496 _____ C:\Users\jmloftis\Desktop\Adwords account 2016.mp4
2016-11-23 16:28 - 2016-11-23 16:28 - 03351624 _____ C:\Users\jmloftis\Documents\Simpleology_Singularity.pdf
2016-11-23 14:57 - 2016-11-23 16:10 - 70128267 _____ C:\Users\jmloftis\Desktop\Tom Poland_2Day Two of Five Day Leadsology® Boot Camp - November 2016.mp4
2016-11-23 13:22 - 2016-11-23 13:22 - 05043965 _____ C:\Users\jmloftis\Desktop\HubSpot_LinkedIn_How_to_Become_an_Influencer_in_Your_Industry.pdf
2016-11-22 13:20 - 2016-11-22 13:45 - 21865523 _____ C:\Users\jmloftis\Desktop\Dan Martel_How To Market Against Established Competitors _ Dan Martell.mp4
2016-11-21 23:35 - 2016-11-21 23:35 - 00934029 _____ C:\Users\jmloftis\Desktop\Tom Poland_Working_Summary_V7e.pdf
2016-11-21 23:29 - 2016-11-21 23:30 - 02486139 _____ C:\Users\jmloftis\Desktop\Tom Poland_Your Extraordinary Life Book.pdf
2016-11-21 17:23 - 2016-11-21 18:16 - 70812096 _____ C:\Users\jmloftis\Desktop\Tom Poland_1Day One of Five Day Leadsology® Boot Camp - November 2016.mp4
2016-11-21 02:45 - 2016-11-21 02:45 - 00001554 _____ C:\Users\jmloftis\Documents\cc_20161121_024459.reg
2016-11-21 02:28 - 2016-11-21 02:28 - 00000000 ____D C:\Users\jmloftis\AppData\Local\{738445D8-572C-2960-3AB4-0C881EDCF010}
2016-11-21 02:27 - 2016-11-21 12:56 - 00000000 ____D C:\Users\jmloftis\AppData\Local\chromium
2016-11-21 02:03 - 2016-12-17 01:13 - 00000000 ____D C:\Users\jmloftis\AppData\LocalLow\Mozilla
2016-11-21 01:48 - 2016-10-11 23:45 - 00077424 _____ (eagleGet) C:\windows\system32\Drivers\eagleGet.update
2016-11-21 01:00 - 2016-11-21 01:00 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Subhra Das Gupta
2016-11-20 23:53 - 2016-11-20 23:53 - 00000000 ____D C:\Users\jmloftis\Documents\Apowersoft
2016-11-20 23:53 - 2016-11-20 23:53 - 00000000 ____D C:\Users\jmloftis\AppData\Local\CEF
2016-11-20 16:39 - 2016-11-20 16:39 - 00439668 _____ C:\Users\jmloftis\Documents\Marlon Sanders_80 20 whirlwind.pdf
2016-11-20 16:25 - 2016-12-14 12:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-20 01:09 - 2016-11-20 01:09 - 04399738 _____ C:\Users\jmloftis\Documents\Jay Boyer_Anik Build a Powerful Email List.pdf
2016-11-19 14:40 - 2016-11-19 14:40 - 00231519 _____ C:\Users\jmloftis\Documents\Danny Inny_Blog Post Checklist.pdf
2016-11-19 01:18 - 2016-11-19 01:18 - 00035405 _____ C:\Users\jmloftis\Desktop\AWAI_Money Making Website.pdf
2016-11-19 01:07 - 2016-11-19 01:07 - 04118747 _____ C:\Users\jmloftis\Documents\IL_FYL+Information+Pack.pdf
2016-11-18 16:37 - 2016-11-18 16:37 - 00087704 _____ C:\Users\jmloftis\Documents\Case Study_Five Dollar Dinners-Recurring-Revenue.compressed.pdf
2016-11-17 20:39 - 2016-11-17 20:39 - 00323185 _____ C:\Users\jmloftis\Documents\Simpleology_60-Second-Success-Reconditioner.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-16 19:59 - 2009-07-14 12:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-16 19:59 - 2009-07-14 12:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-16 19:53 - 2009-07-14 13:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-16 19:53 - 2009-07-14 11:20 - 00000000 ____D C:\windows\inf
2016-12-16 19:51 - 2016-01-22 13:42 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-12-16 19:49 - 2016-07-21 17:57 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Skype
2016-12-16 19:48 - 2016-05-17 19:55 - 00000000 ___RD C:\Users\jmloftis\Dropbox
2016-12-16 19:47 - 2016-05-17 19:48 - 00000908 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-16 19:47 - 2016-02-24 00:28 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-16 19:47 - 2009-07-14 13:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-12-16 19:46 - 2016-01-14 23:26 - 00000000 __SHD C:\Users\jmloftis\IntelGraphicsProfiles
2016-12-16 19:45 - 2015-07-29 18:50 - 00000000 ____D C:\AdwCleaner
2016-12-16 16:34 - 2016-04-10 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-12-16 16:34 - 2016-04-10 15:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-12-16 16:30 - 2009-07-14 11:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2016-12-16 16:30 - 2009-07-14 11:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2016-12-16 01:26 - 2016-02-24 12:04 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Apowersoft
2016-12-15 16:43 - 2016-01-03 23:04 - 00000000 ____D C:\Users\jmloftis\Documents\SoftMaker
2016-12-14 16:46 - 2016-02-24 00:28 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-14 16:45 - 2016-05-17 19:48 - 00000912 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-14 14:11 - 2016-01-22 13:42 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-12-14 14:10 - 2013-10-16 07:39 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-12-14 14:10 - 2013-10-16 07:39 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-14 14:10 - 2013-10-16 07:39 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-12-14 14:10 - 2013-10-16 07:39 - 00000000 ____D C:\windows\system32\Macromed
2016-12-14 02:58 - 2015-02-28 19:11 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Wise Disk Cleaner
2016-12-13 23:32 - 2016-01-07 15:50 - 00156303 _____ C:\Users\jmloftis\Documents\NPFC.tmd
2016-12-13 23:29 - 2016-01-07 15:50 - 00156227 _____ C:\Users\jmloftis\Documents\NPFC.bak
2016-12-13 17:29 - 2014-11-20 20:22 - 00000000 ____D C:\Users\jmloftis
2016-12-12 22:28 - 2016-02-03 13:27 - 00371455 _____ C:\Users\jmloftis\Documents\Dan Pena.tmd
2016-12-12 22:25 - 2016-02-03 13:27 - 00371455 _____ C:\Users\jmloftis\Documents\Dan Pena.bak
2016-12-12 20:16 - 2015-07-30 21:12 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-12-12 01:36 - 2015-07-29 21:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-11 22:42 - 2015-12-29 22:36 - 00122246 _____ C:\Users\jmloftis\Desktop\INFO after.txt
2016-12-11 20:24 - 2016-07-21 17:52 - 00000000 ____D C:\ProgramData\Skype
2016-12-11 20:23 - 2016-07-21 17:52 - 00000000 ____D C:\Program Files (x86)\Skype
2016-12-11 18:12 - 2016-01-13 16:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2016-12-11 17:36 - 2014-03-20 04:45 - 00000000 ____D C:\TOSHIBA
2016-12-11 16:06 - 2015-02-28 18:51 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-11 14:34 - 2015-02-28 18:52 - 00000000 ____D C:\ProgramData\IObit
2016-12-11 14:34 - 2015-02-28 18:51 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\IObit
2016-12-10 22:20 - 2009-07-14 11:20 - 00000000 ____D C:\windows\PLA
2016-12-10 21:38 - 2016-04-09 12:36 - 00000000 ____D C:\windows\Minidump
2016-12-10 21:35 - 2016-01-13 16:09 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-12-10 21:25 - 2013-10-16 07:35 - 00774404 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-12-10 13:45 - 2016-08-11 12:15 - 00000000 ____D C:\Users\jmloftis\AppData\Roaming\Wise Euask
2016-12-10 13:10 - 2009-07-14 13:08 - 00032618 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-12-10 01:56 - 2015-04-02 13:24 - 85483520 _____ C:\windows\system32\config\SOFTWARE.iodefrag.bak
2016-12-10 01:56 - 2015-04-02 13:24 - 00249856 _____ C:\windows\system32\config\DEFAULT.iodefrag.bak
2016-12-10 01:56 - 2015-04-02 13:24 - 00024576 _____ C:\windows\system32\config\SECURITY.iodefrag.bak
2016-12-10 01:56 - 2015-04-02 13:24 - 00024576 _____ C:\windows\system32\config\SAM.iodefrag.bak
2016-12-09 21:24 - 2016-01-07 09:03 - 00000000 ____D C:\Users\jmloftis\AppData\Local\Citrix
2016-12-05 00:14 - 2009-07-14 11:20 - 00000000 ____D C:\windows\system32\NDF
2016-12-03 23:13 - 2016-05-17 19:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-02 14:55 - 2015-12-31 14:47 - 55349248 _____ C:\windows\system32\config\COMPONENTS.iodefrag.bak
2016-12-02 14:44 - 2015-07-31 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-29 18:37 - 2014-03-13 16:18 - 03398392 _____ C:\Users\jmloftis\Desktop\_Small-Reports-Fortune-2-0.pdf
2016-11-29 18:36 - 2014-03-24 07:48 - 00281319 _____ C:\Users\jmloftis\Documents\bonus2-ideas.pdf
2016-11-29 18:36 - 2014-03-24 07:48 - 00281319 _____ C:\Users\jmloftis\Desktop\bonus2-ideas.pdf
2016-11-29 18:36 - 2014-03-13 16:29 - 00281054 _____ C:\Users\jmloftis\Documents\bonus4-improve.pdf
2016-11-29 18:36 - 2014-03-13 16:29 - 00281054 _____ C:\Users\jmloftis\Desktop\bonus4-improve.pdf
2016-11-29 18:36 - 2014-03-13 16:26 - 00297935 _____ C:\Users\jmloftis\Documents\bonus3-promotion.pdf
2016-11-29 18:36 - 2014-03-13 16:26 - 00297935 _____ C:\Users\jmloftis\Desktop\bonus3-promotion.pdf
2016-11-29 18:36 - 2014-03-13 16:21 - 00247061 _____ C:\Users\jmloftis\Documents\bonus1-checklist.pdf
2016-11-29 18:36 - 2014-03-13 16:21 - 00247061 _____ C:\Users\jmloftis\Desktop\bonus1-checklist.pdf
2016-11-29 18:36 - 2014-03-13 16:18 - 03398392 _____ C:\Users\jmloftis\Documents\_Small-Reports-Fortune-2-0.pdf
2016-11-29 12:40 - 2016-05-17 19:48 - 00003908 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 12:40 - 2016-05-17 19:48 - 00003656 _____ C:\windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-26 17:16 - 2014-03-20 04:03 - 00000000 ____D C:\Intel

==================== Files in the root of some directories =======

2015-07-27 18:36 - 2015-07-29 15:17 - 0000102 _____ () C:\Users\jmloftis\AppData\Roaming\WB.CFG
2016-09-05 15:57 - 2016-09-05 15:57 - 0000003 _____ () C:\Users\jmloftis\AppData\Local\updater.log
2016-09-05 15:58 - 2016-09-05 23:52 - 0000424 _____ () C:\Users\jmloftis\AppData\Local\UserProducts.xml
2016-07-29 14:22 - 2016-07-29 14:22 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{2C7171BA-49A8-4ABA-8DE4-6D2061768634}
2016-09-18 16:26 - 2016-09-18 16:27 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{730CEA39-206A-4BC6-9B44-851720AACA71}
2016-03-16 14:16 - 2016-03-16 14:17 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{8D6FC585-049C-4C5D-8BC2-0F6DB25C9ABF}
2016-07-07 16:06 - 2016-07-07 16:06 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{B60A03D4-8345-4CE8-A5CE-4AE36E34075B}
2016-09-17 12:23 - 2016-09-17 12:23 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{C3367165-3704-4A8A-9CB2-F9652A1C90EC}
2016-09-17 12:23 - 2016-09-17 12:23 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{EF044512-92EC-464F-A97E-F8B41640E3B9}
2016-09-18 16:27 - 2016-09-18 16:27 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{F96ED809-0330-4E8B-96F6-088089C3A76A}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-16 20:28

==================== End of FRST.txt ============================



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:55 AM

Posted 16 December 2016 - 01:23 PM

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and paste the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 ExpatJim

ExpatJim
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 17 December 2016 - 02:44 AM

Hi fireman4it,

 

I can report that I downloaded Malwarebytes to my desktop and it clearly updated before I ran the scan. I also made sure a thorough "Threat Scan" (complete scan) was selected, as I had also done about one week ago when I used the same version [2.2.1.1043] after downloading it from FileHippo to complete that scan then.

Today, when I followed your instructions and completed the scan, no threat was found, so there was nothing for which to Quarantine or Apply Actions, and thus no prompt to restart my computer.

 

There was an option to save the Scan Result so I clicked that option at the end of the exercise. paste below, at bottom.

 

I have always turned to Malwarebytes (like I did a week ago) but for this particular infection Adwcleaner and Malwarebytes-anti-malware are not detecting anything (this time or last week) when I apply them. Actually, they are always some of the first tools I turned to before reporting to get Bleeping Computer's help. .

 

But as reported in my original message, after using Adwcleaner and Malwarebytes-anti-malware, the Kaspersky Virus Removal Tool (KVRT.exe) did find many trojans. I posted the log => See my original message. Thereafter, I had decided to remove all recent program files (like all iObit software which had recently updated) and I then ran downladed Avast Free Antivirus scan which detected 63+ LNK:Starter-A [Trj] and PDF:UrlMal-Inf [Trj] type infections (note: some of those files vanished).

 

Based on your original message, I no longer run scans in Avast, but I just tried to see if I could export the log files from the Avast scans I had performed, so I could show you those Avast results (i.e., txt file), but the tool does not offer a file log report that can be exported as a file.

 

RECENT SCAN FOLLOWS:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/17/2016
Scan Time: 1:50 PM
Logfile: MWB result.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.12.17.01
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: jmloftis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 287271
Time Elapsed: 18 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Thanks,



#10 ExpatJim

ExpatJim
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 20 December 2016 - 02:27 AM

Hi fireman4it,

 

I still have virus problems so I use safe mode + network + private browsing to reach this forum.

 

Please see my last post [ Posted 17 December 2016 - 03:44 PM ] and let me know the next steps.

 

Thank you,



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:55 AM

Posted 20 December 2016 - 08:19 AM

1.
ZN3USrZ.png Emsisoft Emergency Kit
  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.
2.
Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", click the "Report" button to show the log, and then close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log
      • >>For XP users, you must first show hidden files/folders, then the log location is here: C:\Documents and Settings\All Users\Application data\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 ExpatJim

ExpatJim
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 21 December 2016 - 08:59 AM

Hi fireman4it,

 

I believe you are proceeding in a methodical manner, unlike the way I previously tried softwares like Malwarebytes, AdwCleaner, RogueKiller, Hitman Pro, etc. So I appreciate the professional diagnosis.

 

I tried Emsisoft Emergency Kit as prescribed. I made sure it fully updated. I detected nothing as follows:

 

Emsisoft Emergency Kit - Version 12.0
Scan log

Date    Scan Method    Objects Scanned    Objects Detected    Duration    Type    Computer Name    
12/21/2016 8:34:50 PM    Malware    74942    0    0:07:51    Manual scan    JMLOFTIS-PC    

 

I then tried RogueKiller, which I've used before. I got a result which is pasted at the bottom of this message. But please read my message before reviewing that.
 

PLEASE READ THE FOLLOWING PARAGRAGH AS IT SUMMARIZES SOME KEY POINTS:

 

I am glad to proceed methodically, step by step! I know it is not easy for you to remember details of every case, so just a reminder -> before we got started: 2 softwares had detected infections, one was Kaspersky Virus Removal Tool (KVRT.exe) which had detected many HEUR:Trojan.WinLNK.Agent.gen infections... and the other was Avast Free Anti-virus which had detected more than sixty LNK:Starter-A [Trj] and PDF:UrlMal-Inf [Trj] infections. So finally we need to reconfirm those being cleaned. I never used them since starting with you. Also, per my original message, we will need to clean/fix "Ink shortcuts" that completely infected and hijacked two external drives that I sometimes plug-in and use for backing up personal files [1. external ADATA HDD. 2. external Maxtor HDD]. They were completely infected with"Ink shotcuts" - right clicking "properties" for every file, all show the following base: "C:\windows\system32\cmd.exe /c start Drive.bat &"... I have not reconnected those external HDDs after I knew the problem.

 

BELOW IS THE ROGUEKILLER SCAN REPORT:

 

RogueKiller V12.8.6.0 (x64) [Dec 19 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : jmloftis [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/21/2016 20:52:33 (Duration : 00:12:48)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-96689548-2535591333-3550804405-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BAC71DA9-5720-41A2-84FF-39D36C4648ED} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\jmloftis\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {548C98F5-8F19-4C65-A141-16B1543999C6} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\jmloftis\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BAC71DA9-5720-41A2-84FF-39D36C4648ED} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\jmloftis\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {548C98F5-8F19-4C65-A141-16B1543999C6} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\jmloftis\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe|Name=Apowersoft Online Launcher| [x] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 SCSI Disk Device +++++
--- User ---
[MBR] 6df1d1f0ac638252ffc5e859b9f7dcb9
[BSP] 0ceb8c629b7cdcbb89ca15af3f3eb381 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 703831 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1444519936 | Size: 10072 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

Thank you,



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 AM

Posted 28 December 2016 - 07:25 PM

Greetings ExpatJim,

We apologize for the extended delay. I will be assisting with your Topic and would ask for your brief patience while I come up to speed.

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:55 AM

Posted 28 December 2016 - 10:09 PM

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
C:\Users\jmloftis\AppData\Roaming\wrvib
2016-11-26 17:16 - 2016-12-11 17:36 - 00000000 _RSHD C:\Skypee
2016-11-26 17:15 - 2016-12-16 16:30 - 00000000 _RSHD C:\Google
2016-11-21 02:28 - 2016-11-21 02:28 - 00000000 ____D C:\Users\jmloftis\AppData\Local\{738445D8-572C-2960-3AB4-0C881EDCF010}
2016-07-29 14:22 - 2016-07-29 14:22 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{2C7171BA-49A8-4ABA-8DE4-6D2061768634}
2016-09-18 16:26 - 2016-09-18 16:27 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{730CEA39-206A-4BC6-9B44-851720AACA71}
2016-03-16 14:16 - 2016-03-16 14:17 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{8D6FC585-049C-4C5D-8BC2-0F6DB25C9ABF}
2016-07-07 16:06 - 2016-07-07 16:06 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{B60A03D4-8345-4CE8-A5CE-4AE36E34075B}
2016-09-17 12:23 - 2016-09-17 12:23 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{C3367165-3704-4A8A-9CB2-F9652A1C90EC}
2016-09-17 12:23 - 2016-09-17 12:23 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{EF044512-92EC-464F-A97E-F8B41640E3B9}
2016-09-18 16:27 - 2016-09-18 16:27 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{F96ED809-0330-4E8B-96F6-088089C3A76A}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17175808.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9680941D6.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\08909918.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17175808.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\9680941D6.sys => ""="Driver"
folder: C:\Users\jmloftis\AppData\Local\IIIQF
emptytemp:
hosts:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 ExpatJim

ExpatJim
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 29 December 2016 - 04:23 AM

Hi Oh My!,

 

I thank you for helping me to move on from where fireman4it left off 1 week ago (Dec 20th).

 

I followed your instructions and also made sure the previous FRST related file logs were not in the same location as FRST64.exe.

 

At the end of this message I have pasted the content of the Fixlog.txt that was generated. But before skipping ahead to that log, please read the following summary I prepared about important events and observations that have transpired, so you don't miss anything important.

 

At the beginning I had noticed a "cmd.exe" file had been manipulated just before shutting down my laptop Dec 9th.

 

After that I started noticing when I clicked on Firefox browser links I would get redirected to advert pages

 

Upon pc start up I also started getting an "AutoIt Error: Line 0 (File "C:\Google\googleupdate.a3x): Error opening the file"

 

I had run HijackThis and noticed many (file missing) entries and at least two suspicious keys, which follow:

O4 - HKCU\..\Run: [AntiWormUpdate] C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x

O4 - HKCU\..\Run: [AntiUsbWorm] C:\windows\system32\cmd.exe /c start C:\Google\AutoIt3.exe /AutoIt3ExecuteScript C:\Google\googleupdate.a3x & exit

 

AWDCleaner and Malwarebytes Anti-Malware never detected anything before I asked for Bleeping Computer’s help, or thereafter, when fireman4it had me run AWDCleaner and Malwarebytes Anti-Malware later.

 

Before I got started with Bleeping Computer two anti-virus/malware softwares had detected infections:

 

1. Kaspersky Virus Removal Tool (KVRT.exe) had detected many HEUR:Trojan.WinLNK.Agent.gen infections (please see that I posted the KVRT virus scan log in my Dec 13th message).

 

2. Avast Free Anti-virus had detected more than sixty LNK:Starter-A [Trj] and PDF:UrlMal-Inf [Trj] infections. So finally we need to reconfirm those being cleaned. I never used those softwares since starting with Bleeping Computer.

 

Also, per my inital Dec 13th message, we will finally need to clean/fix "Ink shortcuts" that completely infected and hijacked two external drives that I sometimes plug-in and use for backing up personal files:

1. external ADATA HDD.

2. external Maxtor HDD].

They were completely infected with "Ink shotcuts" - right clicking "properties" for every file, all show the following base: "C:\windows\system32\cmd.exe /c start Drive.bat &"... I stopped connecting the external HDDs once I researched Google and realized what was going on. I believe a final HDD cleanup must occur after my laptop is free of all infections.

 

Early on I started noticing a few files on my laptop begin to vanish (evaporated and not in the recycle bin). Example, the original FRST.txt file vanished and I had to do that a second time. Also, Firefox and (I also tried) Avast... browsers... got blocked upon trying to reach my specific bleeping computer forum thread (extended URL) link. Copy/pasting or clicking theose links triggered a reset every time (I did not see a browser add-on problem). I had noticed the worm/virus/malware attacks some files on my pc, like the heur.txt file I had recently made, possibly the virus goes after targeting and destroying file names of related file names of content like HEUR.txt or resetting a browser for anything with text words related to a virus, like the URL extension beginning with “HEUR” in th forum thread.

 

Since early-on and currently, I only reach this forum URL via safe mode + network and private Firefox browser selection. Also you should know that any program like FRST64.exe (Farbar) will not operate unless I open in safe mode (Malwarebytes ADWCleaner, and all others). If I try normal mode browsing is extremely - extremely slow... and I fear more files will go missing. In Safe mode files seem not to vanish and I still can browse the internet fairly normal and reach this forum thread.

 

I believe you reviewd as per fireman4it's last instruction that Emsisoft detected nothing, but Roguekiller got a result which I had pasted for fireman4it to review.

 

Ok, that was a brief about some key points covering what transpired.

 

BELOW IS THE FIXLOG YOU REQUESTED:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by jmloftis (29-12-2016 16:42:54) Run:2
Running from C:\Users\jmloftis\Desktop
Loaded Profiles: jmloftis (Available Profiles: jmloftis)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Users\jmloftis\AppData\Roaming\wrvib
2016-11-26 17:16 - 2016-12-11 17:36 - 00000000 _RSHD C:\Skypee
2016-11-26 17:15 - 2016-12-16 16:30 - 00000000 _RSHD C:\Google
2016-11-21 02:28 - 2016-11-21 02:28 - 00000000 ____D C:\Users\jmloftis\AppData\Local\{738445D8-572C-2960-3AB4-0C881EDCF010}
2016-07-29 14:22 - 2016-07-29 14:22 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{2C7171BA-49A8-4ABA-8DE4-6D2061768634}
2016-09-18 16:26 - 2016-09-18 16:27 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{730CEA39-206A-4BC6-9B44-851720AACA71}
2016-03-16 14:16 - 2016-03-16 14:17 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{8D6FC585-049C-4C5D-8BC2-0F6DB25C9ABF}
2016-07-07 16:06 - 2016-07-07 16:06 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{B60A03D4-8345-4CE8-A5CE-4AE36E34075B}
2016-09-17 12:23 - 2016-09-17 12:23 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{C3367165-3704-4A8A-9CB2-F9652A1C90EC}
2016-09-17 12:23 - 2016-09-17 12:23 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{EF044512-92EC-464F-A97E-F8B41640E3B9}
2016-09-18 16:27 - 2016-09-18 16:27 - 0000000 _____ () C:\Users\jmloftis\AppData\Local\{F96ED809-0330-4E8B-96F6-088089C3A76A}
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17175808.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\9680941D6.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\08909918.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17175808.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\9680941D6.sys => ""="Driver"
folder: C:\Users\jmloftis\AppData\Local\IIIQF
emptytemp:
hosts:
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
C:\Users\jmloftis\AppData\Roaming\wrvib => moved successfully
C:\Skypee => moved successfully
C:\Google => moved successfully
C:\Users\jmloftis\AppData\Local\{738445D8-572C-2960-3AB4-0C881EDCF010} => moved successfully
C:\Users\jmloftis\AppData\Local\{2C7171BA-49A8-4ABA-8DE4-6D2061768634} => moved successfully
C:\Users\jmloftis\AppData\Local\{730CEA39-206A-4BC6-9B44-851720AACA71} => moved successfully
C:\Users\jmloftis\AppData\Local\{8D6FC585-049C-4C5D-8BC2-0F6DB25C9ABF} => moved successfully
C:\Users\jmloftis\AppData\Local\{B60A03D4-8345-4CE8-A5CE-4AE36E34075B} => moved successfully
C:\Users\jmloftis\AppData\Local\{C3367165-3704-4A8A-9CB2-F9652A1C90EC} => moved successfully
C:\Users\jmloftis\AppData\Local\{EF044512-92EC-464F-A97E-F8B41640E3B9} => moved successfully
C:\Users\jmloftis\AppData\Local\{F96ED809-0330-4E8B-96F6-088089C3A76A} => moved successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\17175808.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\9680941D6.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\08909918.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\17175808.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\9680941D6.sys" => key removed successfully

========================= folder: C:\Users\jmloftis\AppData\Local\IIIQF ========================

2016-12-10 19:24 - 2016-12-10 20:17 - 0174080 _____ (Igor Pavlov) C:\Users\jmloftis\AppData\Local\IIIQF\7z.dll

====== End of Folder: ======

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19948872 B
Java, Flash, Steam htmlcache => 3180 B
Windows/system/drivers => 84465246 B
Edge => 0 B
Chrome => 47193128 B
Firefox => 408381979 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 642558250 B
systemprofile32 => 344989 B
LocalService => 0 B
NetworkService => 0 B
jmloftis => 128341154 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:43:15 ====

 

Thanks & regards,






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users