Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus, including in safe mode


  • This topic is locked This topic is locked
3 replies to this topic

#1 gak55

gak55

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 11 March 2018 - 03:39 PM

I need some help, please. Apparently I have a redirect virus (Win7 64, Firefox and IE) that I cannot find. The redirects (affecting both Firefox and IE) never go anywhere, they just sit load, forever. I have used several virus checker/remover programs, including Malwearbytes, Spyhunter4, etc,, with no luck in finding anything. The redirect happens in safe mode also. As such, I can't get some antivirus programs to work as I cannot connect to a web page. Lastly, if this is important, I use my cell phone as the modem for internet connection (mobile hotspot). I have run anti-virus on my phone, just in case, but found nothing there either.

Here are my logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2018 01
Ran by Gary (administrator) on GARY-PC (11-03-2018 14:55:56)
Running from C:\Users\Gary\Desktop
Loaded Profiles: Gary (Available Profiles: Gary)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
() C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Beiley Software Inc.) C:\Users\Gary\Desktop\Programs\Remind-Me\RemindMe.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-24] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-949808287-3960830054-2456165413-1000\...\Run: [Google Update] => C:\Users\Gary\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-17] (Google Inc.)
HKU\S-1-5-21-949808287-3960830054-2456165413-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-949808287-3960830054-2456165413-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-05-23]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2017-08-05]
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2015-08-21]
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-02-24]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\stickies - Shortcut.lnk [2012-05-18]
ShortcutTarget: stickies - Shortcut.lnk -> C:\Users\Gary\Desktop\stickies\stickies.exe (No File)
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RemindMe.lnk [2012-05-21]
ShortcutTarget: RemindMe.lnk -> C:\Users\Gary\Desktop\Programs\Remind-Me\RemindMe.exe (Beiley Software Inc.)
Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2016-09-02]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{06073A56-41B4-4334-B318-7A7D0CC70BF4}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-949808287-3960830054-2456165413-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://provider.mhsindiana.com/sso/login?service=http%3A%2F%2Fprovider.mhsindiana.com%2Fcareconnect%2Fj_spring_cas_security_check
HKU\S-1-5-21-949808287-3960830054-2456165413-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-949808287-3960830054-2456165413-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://interchange.indianamedicaid.com/Administrative/logon.aspx
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-949808287-3960830054-2456165413-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-949808287-3960830054-2456165413-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://isearch.avg.com/search?cid={8F6AB1C5-39F8-4437-A817-FBD36BD7630E}&mid=c8e3da7b58b7451ba43c64a60d8fa2e6-34833a854af6dc3b1a2d189b54c0b11c4cdbcff7&lang=en&ds=hk011&pr=sa&d=2012-06-01 09:56:49&v=12.2.5.32&sap=dsp&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-04] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-949808287-3960830054-2456165413-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

FireFox:
========
FF ProfilePath: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\2mdzpm9d.default [2018-03-11]
FF Homepage: Mozilla\Firefox\Profiles\2mdzpm9d.default -> hxxp://webmail.aol.com/43661/aol/en-us/Suite.aspx
FF Session Restore: Mozilla\Firefox\Profiles\2mdzpm9d.default -> is enabled.
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-05-23] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-30] [Legacy] [not signed]
FF HKU\S-1-5-21-949808287-3960830054-2456165413-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-13] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-949808287-3960830054-2456165413-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-949808287-3960830054-2456165413-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-17] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
StartMenuInternet: Google Chrome - C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [253568 2010-01-29] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [137344 2009-11-18] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [12600 2012-03-26] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-24] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-03-11] ()
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-11] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
R1 MpKsl619aba1d; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DF925FB-87BF-42B3-BC86-C9EED9D01BB7}\MpKsl619aba1d.sys [58120 2018-03-11] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0108.sys [28768 2017-02-22] (SoftEther Project at University of Tsukuba, Japan.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation)
R3 SEE; C:\Windows\System32\drivers\see.sys [50208 2017-02-24] (SoftEther Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-03-11] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-03-11] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-11 14:55 - 2018-03-11 14:56 - 000018285 _____ C:\Users\Gary\Desktop\FRST.txt
2018-03-11 14:55 - 2018-03-11 14:55 - 000000000 ____D C:\FRST
2018-03-11 14:55 - 2018-03-11 14:06 - 002402816 _____ (Farbar) C:\Users\Gary\Desktop\FRST64.exe
2018-03-11 13:22 - 2018-03-11 14:56 - 000018603 _____ C:\Windows\ZAM.krnl.trace
2018-03-11 13:22 - 2018-03-11 14:56 - 000018366 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-03-11 13:22 - 2018-03-11 13:22 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-03-11 13:22 - 2018-03-11 13:22 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-03-11 13:19 - 2018-03-11 13:20 - 000136802 _____ C:\TDSSKiller.2.8.16.0_11.03.2018_13.19.44_log.txt
2018-03-11 13:17 - 2018-03-11 13:30 - 000041324 _____ C:\Users\Gary\Desktop\MTB.txt
2018-03-11 13:14 - 2018-03-11 13:14 - 000000000 ____D C:\Users\Gary\AppData\Local\Zemana
2018-03-11 13:14 - 2018-03-11 13:14 - 000000000 ____D C:\AdwCleaner
2018-03-11 13:09 - 2018-03-11 13:10 - 000136802 _____ C:\TDSSKiller.2.8.16.0_11.03.2018_13.09.46_log.txt
2018-03-11 13:02 - 2018-03-11 13:03 - 000000000 ____D C:\Program Files\Enigma Software Group
2018-03-11 12:58 - 2018-03-11 12:58 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-03-11 12:57 - 2018-03-11 13:09 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-10 09:02 - 2018-03-11 13:21 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-10 09:02 - 2018-03-10 09:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-10 09:02 - 2018-01-18 09:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-10 09:01 - 2018-03-10 09:21 - 000000000 ____D C:\Users\Gary\Desktop\Virus
2018-03-10 09:01 - 2018-03-10 09:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-10 09:01 - 2018-03-10 09:01 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-09 15:30 - 2018-03-11 13:19 - 000188150 _____ C:\Windows\ntbtlog.txt
2018-03-09 15:26 - 2018-03-09 15:26 - 000068096 _____ C:\Users\random\AppData\Local\GDIPFONTCACHEV1.DAT
2018-03-09 15:26 - 2018-03-09 15:26 - 000001413 _____ C:\Users\random\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2018-03-09 15:26 - 2018-03-09 15:26 - 000000000 ____D C:\Users\random\AppData\Roaming\Logitech
2018-03-09 15:26 - 2018-03-09 15:26 - 000000000 ____D C:\Users\random\AppData\Roaming\CyberLink
2018-03-09 15:26 - 2018-03-09 15:26 - 000000000 ____D C:\Users\random\AppData\Local\MediaServer
2018-03-09 15:26 - 2018-03-09 15:26 - 000000000 ____D C:\Users\random\AppData\Local\clear.fi
2018-03-09 15:26 - 2018-03-09 15:26 - 000000000 ____D C:\Users\random\AppData\Local\Acer
2018-03-09 15:25 - 2018-03-09 15:26 - 000001447 _____ C:\Users\random\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-03-09 15:25 - 2018-03-09 15:26 - 000000000 ____D C:\Users\random\AppData\Local\VirtualStore
2018-03-09 15:25 - 2018-03-09 15:25 - 000000020 ___SH C:\Users\random\ntuser.ini
2018-03-09 15:25 - 2018-03-09 15:25 - 000000000 ____D C:\Users\random
2018-03-09 15:25 - 2012-02-14 10:23 - 000000000 ____D C:\Users\random\AppData\Roaming\Macromedia
2018-03-09 15:25 - 2010-11-21 03:16 - 000000000 ____D C:\Users\random\AppData\Roaming\Media Center Programs
2018-03-09 14:01 - 2018-03-09 14:01 - 000000000 ____D C:\Users\Gary\Desktop\Old Firefox Data
2018-03-09 13:41 - 2018-03-09 13:41 - 000000000 ____D C:\ProgramData\AVG
2018-03-09 09:54 - 2018-03-09 10:45 - 000000000 ____D C:\Users\Gary\Desktop\Retirement
2018-02-12 09:27 - 2018-02-12 09:27 - 000001091 _____ C:\Windows\system32\Amazon.com Cooling Pillow Blue Gel Memory Foam Bed Pillows for Sleeping Cool Includes High Tech Hypoallergenic Heat Dispersing Fabric Cooling Pillow Protector Cover with Zipper and Unique Ergonomi.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-11 14:51 - 2017-02-22 10:11 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2018-03-11 13:29 - 2009-07-14 00:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-11 13:29 - 2009-07-14 00:45 - 000016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-11 13:27 - 2009-07-14 01:13 - 000785842 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-11 13:27 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-03-11 13:21 - 2012-05-18 15:59 - 000000000 ____D C:\Users\Gary\AppData\Roaming\stickies
2018-03-11 13:21 - 2012-05-18 10:05 - 000000000 ____D C:\ProgramData\clear.fi
2018-03-11 13:21 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-10 13:41 - 2012-06-12 12:39 - 000000000 ____D C:\Users\Gary\AppData\Roaming\vlc
2018-03-10 09:35 - 2012-06-01 09:57 - 000000000 ____D C:\Users\Gary\AppData\LocalLow\HPAppData
2018-03-09 14:57 - 2015-03-31 12:02 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-03-09 14:56 - 2017-08-19 21:10 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-03-09 14:27 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2018-03-09 14:21 - 2012-05-18 09:52 - 000000000 ____D C:\Users\Gary
2018-03-09 14:20 - 2012-05-21 15:33 - 000000000 ____D C:\Users\Gary\Desktop\Video
2018-03-09 14:20 - 2012-05-18 09:52 - 000000000 ____D C:\Users\Gary\AppData\Local\clear.fi
2018-03-09 14:20 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\registration
2018-03-07 15:59 - 2014-03-07 17:51 - 000000000 ____D C:\Users\Gary\Desktop\edit
2018-02-28 18:11 - 2017-09-02 12:05 - 000000000 ____D C:\Users\Gary\Desktop\Ghost Hunters - Season 1,2,3,4,5 + Ghost Hunters International
2018-02-28 14:08 - 2012-05-18 10:26 - 000002399 _____ C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-23 11:31 - 2012-05-22 09:34 - 000000000 ____D C:\Users\Gary\Desktop\Read
2018-02-21 14:53 - 2017-02-18 12:55 - 000000000 ____D C:\Users\Gary\Documents\My Kindle Content
2018-02-16 16:57 - 2012-05-18 10:40 - 000000000 ___RD C:\Users\Gary\Desktop\Office
2018-02-16 15:18 - 2017-12-27 10:00 - 000000000 ____D C:\Users\Gary\Desktop\2017 tax forms
2018-02-12 09:54 - 2009-07-14 01:08 - 000032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-10 11:20 - 2017-06-16 10:55 - 000000000 ____D C:\Users\Gary\Desktop\Pro Ca
2018-02-09 17:34 - 2014-10-21 17:03 - 000000000 ____D C:\Users\Gary\AppData\Roaming\.minecraft

==================== Files in the root of some directories =======

2017-09-19 08:36 - 2017-09-19 08:38 - 000000021 _____ () C:\Users\Gary\AppData\Roaming\splitterdirectorys.txt
2013-03-29 17:01 - 2014-06-16 10:08 - 000003584 _____ () C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-19 10:30 - 2016-05-02 08:25 - 000007596 _____ () C:\Users\Gary\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-09 01:51

==================== End of FRST.txt ============================

and:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01
Ran by Gary (11-03-2018 14:56:41)
Running from C:\Users\Gary\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-05-18 13:52:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-949808287-3960830054-2456165413-500 - Administrator - Disabled)
Gary (S-1-5-21-949808287-3960830054-2456165413-1000 - Administrator - Enabled) => C:\Users\Gary
Guest (S-1-5-21-949808287-3960830054-2456165413-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-949808287-3960830054-2456165413-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Out of date) {2C040BB5-2B06-7275-5A21-2B969A740B4B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
64 Bit HP CIO Components Installer (HKLM\...\{55D55008-E5F6-47D6-B16F-B2A40D4D145F}) (Version: 6.2.1 - Hewlett-Packard) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.181.34 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (HKLM-x32\...\WTA-88b3a091-21f3-4921-b861-0dcab7176efe) (Version: 2.2.0.98 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-949808287-3960830054-2456165413-1000\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{D9B8D7C4-BE13-5877-6999-B076956AA3F9}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
Bejeweled 2 Deluxe (HKLM-x32\...\WTA-8c6320e5-b3f9-4ba1-930a-9b0e2b6d7cf1) (Version: 2.2.0.95 - WildTangent) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Build-a-lot 4 - Power Source (HKLM-x32\...\WTA-cf1ef031-927a-43f0-a20c-a0d73dbd287d) (Version: 2.2.0.97 - WildTangent) Hidden
calibre (HKLM-x32\...\{31758AE2-D16E-4E1E-A448-945EF61B48A8}) (Version: 0.8.52 - Kovid Goyal)
Chronicles of Albian (HKLM-x32\...\WTA-b01f779d-b18d-46b5-823a-8b08ee032e21) (Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}) (Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\{E8E37C4F-DE01-4286-AFB6-9FBEC8265A1A}) (Version: 9.0.8031 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2212.35 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2212.35 - CyberLink Corp.)
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-a4d21338-bf5f-4229-bff6-44e4b258ca4b) (Version: 2.2.0.95 - WildTangent) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (HKLM-x32\...\{A835C187-691C-4827-BCEA-1611179C96B9}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dora's World Adventure (HKLM-x32\...\WTA-eee6e5ff-b312-452c-bb4f-3962e006e27b) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-949808287-3960830054-2456165413-1000\...\Dropbox) (Version: 1.6.15 - Dropbox, Inc.)
Easy GIF Animator 5.5 (HKLM-x32\...\Easy GIF Animator_is1) (Version: Easy GIF Animator 5.0 - Karlis Blumentals)
EPubsoft Adobe PDF ePub DRM Removal 7.9.3 (HKLM-x32\...\{D225FC13-8885-4B5A-B40C-23CE88830340}) (Version: 7.9.3 - EPUBSOFT)
F4400 (HKLM-x32\...\{08067AFD-4ECE-4454-80B4-31C859D4EDC1}) (Version: 140.0.696.000 - Hewlett-Packard) Hidden
Final Drive: Nitro (HKLM-x32\...\WTA-64c86e89-fd55-4885-a73b-b1035fda3e4e) (Version: 2.2.0.95 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2520 - HYBRIDWEB.de)
Free Audio Converter version 5.0.23.320 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.23.320 - DVDVideoSoft Ltd.)
Free Gif Maker (HKLM-x32\...\{484A3184-064D-4BC3-8406-57B6E5E8B980}) (Version: 1.0.0 - FreeGifMaker)
Free MP4 Splitter (HKLM-x32\...\{38ECB700-186E-4E87-996C-54290D4412BE}) (Version: 1.0.0 - Media Freeware)
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.40.5106 - Gretech Corporation)
Google Chrome (HKU\S-1-5-21-949808287-3960830054-2456165413-1000\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-3eb3e557-5736-43e6-af42-016c9bccacc4) (Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
honestech VHS to DVD 5.0 Deluxe (HKLM-x32\...\{44FF002B-5AB3-4447-8F98-614387B63EE6}) (Version: 5.0 - honestech)
honestech VHS to DVD 5.0 Deluxe (HKLM-x32\...\{8B542C2E-D2AC-4460-B9F2-BA5A907A544F}) (Version: 5.0 - honestech) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{A800FCC9-8E1E-4D84-9CED-47870701FDE1}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (HKLM-x32\...\{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}) (Version: 130.0.303.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-871b2b69-ccf8-466e-907d-2502732427f7) (Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Legacy 7.5 (HKLM-x32\...\Legacy 7.5) (Version: 7.5 - Millennia Corporation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version: - )
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1031 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}) (Version: 17.0.18.2200 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-502cffac-4783-44d5-b24e-4a37e176400a) (Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (HKLM\...\{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}) (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (HKLM-x32\...\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}) (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
NetWorx 5.2.6 (HKLM\...\NetWorx_is1) (Version: - Softperfect Research)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Penguins! (HKLM-x32\...\WTA-c7ca15d4-ea04-434c-8f3f-e1551ad8e3ea) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-7727b8d1-cb97-4a79-b626-27557b4b2f81) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-4ae3f49b-d977-4afe-9cd3-30ee6ba52944) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-c86b86af-d878-4b3a-a431-66b858031e88) (Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
RAIDXpert (HKLM-x32\...\{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.3.1540.3 - AMD) Hidden
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.3.1540.3 - AMD)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Savings Bond Wizard (HKLM-x32\...\Savings Bond Wizard) (Version: - )
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
SILKYPIX Developer Studio 4.0 for CASIO (HKLM-x32\...\{4FE03800-A756-4A13-B8AF-B9F1B7DCC0FF}) (Version: 4 - Ichikawa Soft Laboratory) Hidden
SILKYPIX Developer Studio 4.0 for CASIO (HKLM-x32\...\InstallShield_{4FE03800-A756-4A13-B8AF-B9F1B7DCC0FF}) (Version: 4 - Ichikawa Soft Laboratory)
SketchUp 8 (HKLM-x32\...\{779D8CA1-03DD-4AD4-B21F-3E20BFE7BEDE}) (Version: 3.0.15158 - Trimble Navigation Limited)
Skype 5.3 (HKLM-x32\...\{5335DADB-34BA-4AE8-A519-648D78498846}) (Version: 5.3.116 - Skype Technologies S.A.)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
SolutionCenter (HKLM-x32\...\{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Torchlight (HKLM-x32\...\WTA-f15b6443-6a5d-435b-a8f9-5b8e0a9b5124) (Version: 2.2.0.97 - WildTangent) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
USB2.0 VIDBOX NW03 (HKLM-x32\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 3.0.2 - honestech)
Version 5.0.6 (HKLM-x32\...\HCFA Form Manager 5_is1) (Version: - )
Virtual Villagers 5 - New Believers (HKLM-x32\...\WTA-a3d7cde4-5d32-41d5-b798-de37b1e8c45a) (Version: 2.2.0.97 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
XML Copy Editor version 1.2.1.3 (HKLM\...\XML Copy Editor_is1) (Version: 1.2.1.3 - Zane U. Ji)
Zuma's Revenge (HKLM-x32\...\WTA-d026a866-bb5b-4e33-9c1a-9151f3aa109c) (Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-949808287-3960830054-2456165413-1000\...\ChromeHTML: -> C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-03-26] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-03-26] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers3: [MWLIVShellExt] -> {B1B294FE-EC1E-4fef-AF68-D34CE3E38157} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\MWLIVShellExt.dll [2011-06-21] (Egis Technology Inc. )
ContextMenuHandlers3: [ShredderContextMenu] -> {521065F1-DE6C-4E46-BBCB-89B0D0BE860D} => C:\Program Files (x86)\EgisTec Shredder\x64\ShredderContextMenu.dll [2011-03-29] (Egis Technology Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2012-03-26] (Microsoft Corporation)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-06-30] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-949808287-3960830054-2456165413-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-949808287-3960830054-2456165413-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-949808287-3960830054-2456165413-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [2012-11-13] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07B3C28A-30F5-46FA-A97A-470FD190E4B7} - System32\Tasks\{9249070A-BB44-488C-96C8-648E54BD8BD1} => C:\Users\Gary\AppData\Local\Amazon\Kindle\application\Kindle.exe [2017-03-21] (Amazon.com)
Task: {08C44A75-6CED-4CC3-8E04-01003B379907} - System32\Tasks\{EDCA810B-7285-4910-9594-37C956C908B7} => C:\Users\Gary\AppData\Local\Amazon\Kindle\application\Kindle.exe [2017-03-21] (Amazon.com)
Task: {0ECF9815-5106-46E9-ACF1-2AD1A4CEDDCD} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {19592444-793D-450C-8F2B-C3F98F2F1B6E} - System32\Tasks\{C309BA6F-8C72-48DE-B827-455D0738D595} => J:\Micrografx\Windows Draw\draw.exe
Task: {20C92FFC-F077-4BA0-A7DC-2EBC4F3F87D7} - System32\Tasks\{52510B86-CB10-4353-8391-DE1CBFBA5547} => C:\Users\Gary\Desktop\KindleForPC-installer-1.19.46095(1).exe
Task: {263277E9-780A-4E84-881E-95ABD849DECD} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {2DDBEFE1-AE3C-4621-B13E-99BF353C8D0A} - System32\Tasks\{CCA4F6CD-C218-41EC-9B4F-BAF859F0B18A} => C:\Users\Gary\Desktop\KindleForPC-installer-1.19.46095(1).exe
Task: {304CC7C6-19CA-41F3-AAC4-AD09659AB85F} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-12] (CyberLink Corp.)
Task: {3AB979C0-281F-4B75-8F63-06CBDD4A3D0F} - System32\Tasks\{57624BF9-B591-4EC1-A51E-0923E11A3F02} => C:\Users\Gary\Desktop\KindleForPC-installer-1.19.46095(1).exe
Task: {45EE229F-CB10-4F92-A736-24B8B04D16CD} - System32\Tasks\{1CCE1428-5300-4AF0-9C7A-A2F15B791DAB} => C:\Windows\system32\pcalua.exe -a C:\Users\Gary\Desktop\converter.exe -d C:\Users\Gary\Desktop
Task: {4AE40637-B06B-49CC-887B-66F54739F3A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {4C926C08-9B60-4CE7-8037-3DA97720E11F} - System32\Tasks\{8FB2F3A4-643D-4392-9EDE-AD67020F9FB2} => J:\Program Files\Micrografx\Windows Draw\draw.exe
Task: {515532A4-3866-4734-8DDB-BC92BD01D123} - System32\Tasks\{52FBEA15-E0F5-497D-8DB8-BAB5DDCFD75E} => C:\Users\Gary\Desktop\KindleForPC-installer-1.19.46095(1).exe
Task: {53C4D61F-0ECB-4164-B427-0C9520494F25} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-949808287-3960830054-2456165413-1000Core => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5480A17D-D8B0-4B58-921E-FF56A0C0F320} - System32\Tasks\{6712B11C-086C-45F5-AD47-62E9E928BABD} => C:\Users\Gary\Desktop\KindleForPC-installer-1.19.46095(1).exe
Task: {55E4C9B0-D03E-4AD4-944C-BE75DC3F6693} - System32\Tasks\{5A8B3661-C60D-430E-9F1E-BCCA5E59AFB3} => C:\Users\Gary\Desktop\KindleForPC-installer-1.19.46095(1).exe
Task: {67D0AF64-D5DE-4196-B759-F476F411C87C} - System32\Tasks\{5050E8F9-9627-4FDA-AC45-4BFA3321A9D4} => J:\Program Files\Micrografx\Windows Draw\draw.exe
Task: {7962771E-E4BD-4840-9FB9-4A941B16CB2D} - System32\Tasks\{FC359C74-22C8-498D-A6CE-CB9F2D4F289B} => C:\Users\Gary\Desktop\KindleForPC-installer-1.19.46095(1).exe
Task: {7A8B34EF-4B61-4982-B948-374B01712E0A} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe
Task: {81BD2AB9-E91F-468E-A5C9-0210489604FA} - System32\Tasks\{91BD0DCD-0BC2-4285-864D-451747873812} => C:\Users\Gary\Desktop\KindleForPC-installer-1.19.46095(1).exe
Task: {9AFA21EF-3DEA-472C-9D60-0626106A5F8E} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {B142B535-E8D8-4FD8-AD73-3AC7634EF767} - System32\Tasks\{DAC1793A-F085-4379-86DA-1BDDDC9AE092} => C:\Users\Gary\Desktop\KindleForPC-installer-1.19.46095(1).exe
Task: {B79D2DCF-9DC5-448D-872B-A3FE72F4EF8B} - System32\Tasks\{6110915E-9E64-4BDF-B9DE-A5A881A6D1CE} => C:\Users\Gary\Desktop\KindleForPC-installer-1.19.46095(1).exe
Task: {BBA651DE-4389-4B43-93BC-5B8F3CD32135} - System32\Tasks\{65A78111-CF04-46AD-8187-27B28AE36930} => C:\Users\Gary\Desktop\KindleForPC-installer-1.19.46095(1).exe
Task: {BE830BEF-C505-48D4-BF66-C65A218FBB4E} - System32\Tasks\{E5FBE811-10F9-41FF-84B3-08D5C718F469} => C:\Users\Gary\Desktop\KindleForPC-installer-1.19.46095(1).exe
Task: {C2AE2B13-02AB-4BD2-A01C-C976F6D568E5} - System32\Tasks\{4256758F-9D7B-4376-ABC9-976C5A3AA1B5} => C:\Users\Gary\Desktop\KindleForPC-installer-1.19.46095(1).exe
Task: {CA195E8C-DD88-4C7B-9C0D-FE4B8195D4E3} - System32\Tasks\{DE2E16AA-39C2-439E-A5FB-42115DAE2776} => C:\Users\Gary\AppData\Local\Amazon\Kindle\application\Kindle.exe [2017-03-21] (Amazon.com)
Task: {CC274750-2AF0-4688-8BFA-524C354BBCD0} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-12] (Acer Incorporated)
Task: {DB730E2C-5098-40AD-B848-5A8B2B444AB0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {EE68A962-65DD-4B5D-8ADB-4F90CDB6AC36} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-949808287-3960830054-2456165413-1000UA => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F7CEA5AD-30B0-4ED7-91E7-45016026368E} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe
Task: {F8B8AA16-AFF6-495F-AAB8-0E302B92EA6A} - System32\Tasks\{E9B4542B-9D7D-4C8E-9005-3151EAE7582B} => C:\Users\Gary\AppData\Local\Amazon\Kindle\application\Kindle.exe [2017-03-21] (Amazon.com)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-02-22 08:50 - 2013-10-23 15:24 - 000087600 _____ () C:\Windows\System32\cpwmon64.dll
2013-01-31 10:27 - 2011-07-28 18:06 - 000297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2018-03-10 09:02 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-01-31 10:27 - 2011-07-28 17:06 - 008247264 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
1997-07-11 00:00 - 1997-07-11 00:00 - 000051984 _____ () C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
2011-06-30 04:14 - 2011-06-30 04:14 - 000243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 14:17 - 2011-03-22 14:17 - 000016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-01-31 10:27 - 2011-07-27 12:53 - 000360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 040622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2012-02-14 10:19 - 2011-10-12 06:22 - 000370984 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2013-01-31 10:27 - 2009-08-28 17:50 - 000282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
1997-07-11 00:00 - 1997-07-11 00:00 - 003782416 _____ () C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-949808287-3960830054-2456165413-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD_RAIDXpert => 2
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: Fitbit Connect => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: WSWNA1100 => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D428928D-4443-4CDB-971B-869AACF1A0BF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{565B406E-E125-4085-BFDF-96315A135126}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A7DD687E-BC33-4DA6-A55A-1E2A84109759}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{29702C1A-B98B-4C74-AB8E-51C6E201F05F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A0860F8B-F6A1-4140-8AC7-60BE0C7EAF27}] => (Allow) LPort=2869
FirewallRules: [{5775AA85-7FC2-435C-87C7-DE1AB1E37848}] => (Allow) LPort=1900
FirewallRules: [{D2F56A7D-0BA0-4525-94C7-1B372E460CB6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{56A28D6D-352E-4F61-B19D-0BC0C90ED34B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9F5B051A-AFA1-4F44-BB7C-C72A66E28934}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{DB1EF531-6D3F-4465-B43A-547CAFC7B8A9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{612CD4EF-03E5-4AC8-A3C4-634397EFCBFD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{010167FD-8C6D-41F0-9112-E2E4B473C632}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{A0501DBD-B367-4A8C-AF36-7BF7E8B9D770}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{F68EDCFB-14AC-4919-A1A5-52D30CE2A452}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{D4631912-CE3C-47F0-A0C4-6440B7DCA576}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{F588282E-37B2-4D36-A721-E06E64DEB1DD}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{9EBD10E9-B5C3-4C86-A098-1557520065F0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{821276F1-36DC-404D-8DE5-20BFF32D8D13}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{914A0CBB-B88A-4F7D-A9BD-CC7C34D84A4B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{0F30BB2B-EAFC-4EFA-8B8D-DCEB8F7F119C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{17EFF04B-D36D-4627-A208-326CFC65BC12}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{793FA981-F0B5-4FAF-A20B-5E64DA83265B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{81ECA70B-E290-4AF2-899C-35AADF0F8C58}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0737E1DE-0D69-4CD6-B810-1374B64B11EA}] => (Allow) C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FC742F9C-E3CA-427D-BBB7-B6FE4E65770D}] => (Allow) C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6C6F0D70-E3F1-414C-B439-2CEDE68CE402}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{3A6C9F30-4336-4592-A7A5-548886DB67B9}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{341B921E-F65D-47C2-8EAC-AAF6C3C5D259}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{6BE3E761-9DB0-4186-9742-848036D315E1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{014A7D9B-96E1-44E7-99A5-ED5D3BC3E0EA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B1C4929E-0C57-499B-84C8-E96355AE90C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{2B2C4AD1-476E-435C-92F4-83CC9315AA41}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{E4CA4196-6296-4120-9F44-D69B2DB5B015}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{393B8721-896B-4702-8E47-3015EA24D18E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{653142C3-9D21-464A-9CAB-A3884CC83ED7}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{3237AD4A-6BC6-4568-AF68-A4DE67045E63}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{73DA2A48-165B-445B-9217-8E33F3CD6DCE}C:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{FD81D07F-ECCD-4E33-8CC6-4796E28C3E07}C:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{E76FD34A-0A08-42D8-890A-D60DBACF909E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B34A33C7-93BF-4A46-8DD9-6758F1F3564D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8CEE340A-5ED9-47CF-A7FE-A067A4A60532}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{A6DEA0E3-FB0F-449D-AE26-D692798C13FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{83EBF9A5-04F9-4171-95D6-C352EE92CAF2}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{D9CC6A3B-46A6-4A37-B887-D3E13CFEB8D4}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{913C408D-B2E9-436D-86A0-7BEBE5A2150A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4462D3B4-53AD-4FD5-B251-DE09D164E99F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C2D9137C-C482-4B29-A08D-2C7E26F07B8B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5B9409E1-BD81-4B22-B531-311BA03D329D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2979316F-1231-47E3-BFDA-6669F4B06414}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BF3FB0F9-2032-417E-BC93-C62631885D25}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{82688941-6825-4AE4-BA14-977DFA803810}J:\program files\stickies\stickies.exe] => (Allow) J:\program files\stickies\stickies.exe
FirewallRules: [UDP Query User{591E3930-4489-41FF-8600-EE7A602479C1}J:\program files\stickies\stickies.exe] => (Allow) J:\program files\stickies\stickies.exe
FirewallRules: [{4D8EFEB2-D749-48E3-82AC-DEFB880A21AC}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{C163E0B2-73B0-488D-97EA-8B38BD501593}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{CCF33B15-420B-4128-8067-FD71CA48A399}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{48FD15F4-712E-4E71-9D99-6DAE48111CB5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{33CA518C-0631-4A76-A25B-02DD62E77D55}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{76BD205B-BC68-4D7D-8F8E-F525A1B47AE7}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe

==================== Restore Points =========================

27-01-2018 01:00:03 Scheduled Checkpoint
29-01-2018 09:58:58 Windows Update
05-02-2018 09:17:01 Windows Update
09-02-2018 09:27:45 Windows Update
12-02-2018 10:07:07 Windows Update
23-02-2018 19:06:14 Scheduled Checkpoint
03-03-2018 14:02:16 Scheduled Checkpoint
09-03-2018 14:16:16 Restore Operation

==================== Faulty Device Manager Devices =============

Name: MpKsl2886e796
Description: MpKsl2886e796
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl2886e796
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2018 01:28:53 PM) (Source: MsiInstaller) (EventID: 11706) (User: Gary-PC)
Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder. The Windows Installer cannot continue.

Error: (03/11/2018 01:23:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/11/2018 01:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hitmanpro_x64.exe, version: 3.8.0.292, time stamp: 0x5a5c6021
Faulting module name: hitmanpro_x64.exe, version: 3.8.0.292, time stamp: 0x5a5c6021
Exception code: 0xc0000005
Fault offset: 0x00000000002c7b85
Faulting process id: 0x39c
Faulting application start time: 0x01d3b95a074471a3
Faulting application path: C:\Users\Gary\Desktop\hitmanpro_x64.exe
Faulting module path: C:\Users\Gary\Desktop\hitmanpro_x64.exe
Report Id: 016e11d5-254f-11e8-bde9-00acf704d30f

Error: (03/11/2018 12:57:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/10/2018 10:23:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/10/2018 10:08:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/10/2018 09:27:25 AM) (Source: MsiInstaller) (EventID: 11706) (User: Gary-PC)
Description: Product: Shredder -- Error 1706.No valid source could be found for product Shredder. The Windows Installer cannot continue.

Error: (03/10/2018 09:18:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/11/2018 02:56:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (03/11/2018 02:56:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (03/11/2018 01:31:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.261.1088.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.14500.5&avdelta=1.261.1088.0&asdelta=1.261.1088.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature Type: AntiSpyware

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.14500.5

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Error: (03/11/2018 01:31:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.261.1088.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.14500.5&avdelta=1.261.1088.0&asdelta=1.261.1088.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.14500.5

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Error: (03/11/2018 01:31:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.261.1088.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.14500.5&avdelta=1.261.1088.0&asdelta=1.261.1088.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature Type: AntiSpyware

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.14500.5

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Error: (03/11/2018 01:31:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.261.1088.0

Update Source: Microsoft Malware Protection Center

Update Stage: Search

Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.14500.5&avdelta=1.261.1088.0&asdelta=1.261.1088.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version:

Previous Engine Version: 1.1.14500.5

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Error: (03/11/2018 01:31:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.261.1088.0

Update Source: Microsoft Update Server

Update Stage: Search

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.14500.5

Error code: 0x8024402c

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (03/11/2018 01:30:55 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.


==================== Memory info ===========================

Processor: AMD A6-3620 APU with Radeon™ HD Graphics
Percentage of memory in use: 46%
Total physical RAM: 3475.7 MB
Available physical RAM: 1863.13 MB
Total Virtual: 6949.61 MB
Available Virtual: 5129.66 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.66 GB) (Free:122.07 GB) NTFS
Drive j: () (Removable) (Total:249.99 GB) (Free:249.99 GB) exFAT
Drive l: (USB30FD) (Removable) (Total:28.87 GB) (Free:28.72 GB) NTFS

\\?\Volume{b08f743e-5713-11e1-900d-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{b08f743d-5713-11e1-900d-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:17 GB) (Free:5.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7B4D19A1)
Partition 1: (Not Active) - (Size=17 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Protective MBR) (Size: 250 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 7 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: FA20A903)
Partition 1: (Not Active) - (Size=28.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

I'd greatly appreciate some help with this... thanks!

Gary


Edited by hamluis, 11 March 2018 - 04:09 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:59 AM

Posted 12 March 2018 - 08:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\stickies - Shortcut.lnk [2012-05-18]
ShortcutTarget: stickies - Shortcut.lnk -> C:\Users\Gary\Desktop\stickies\stickies.exe (No File)
SearchScopes: HKU\S-1-5-21-949808287-3960830054-2456165413-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://isearch.avg.com/search?cid={8F6AB1C5-39F8-4437-A817-FBD36BD7630E}&mid=c8e3da7b58b7451ba43c64a60d8fa2e6-34833a854af6dc3b1a2d189b54c0b11c4cdbcff7&lang=en&ds=hk011&pr=sa&d=2012-06-01 09:56:49&v=12.2.5.32&sap=dsp&q={searchTerms}
Toolbar: HKU\S-1-5-21-949808287-3960830054-2456165413-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\stickies

CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-949808287-3960830054-2456165413-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

====

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)

===

Please let me know what problem persists with this computer.

Edited by nasdaq, 12 March 2018 - 01:24 PM.


#3 gak55

gak55
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 12 March 2018 - 10:04 AM

Thanks nasdaq, the thing is, I found the problem (it was with my phone hotspot) and have since corrected it. As such, do I still need to do what you suggested above?

Thanks again -

Gary

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:59 AM

Posted 12 March 2018 - 01:26 PM

Hi,
I Edited my fixlist what this will do is just a cleanup of the empty keys.

It your can if you want to do it.

I do suggest you update Java and delete the old versions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users