Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All Web Browsers (Chrome,Firefox,Explorer) are infected with redirecting links


  • This topic is locked This topic is locked
19 replies to this topic

#1 Durred

Durred

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 15 December 2015 - 11:46 PM

Hey, how's it going everybody?
 
Recently, all of my web browsers have been infected.  They all have redirecting green links and they are capable of installing miscellaneous and unwanted softwares.
 
Also, whenever I try to refresh/reboot/reinstall any of the browsers, the infection comes back and it keeps installing other miscellaneous and unwanted files such as "SearchProtect" or "GAMES4DESKTOPFREE" (something like that).
 
Anyways, I'll post the FRST.txt and Addition.txt logs down below.
 
Thank you for taking the time to assist me.
 
P.S.
This whole message (including postng the two logs) took almost 45 minutes due to the infection and pop-ups from my internet browsers

-Edit-
I had to reupload the FRST.txt and Addition.txt while being under attack by the virus.

Attached Files


Edited by Durred, 16 December 2015 - 01:45 AM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:24 AM

Posted 16 December 2015 - 10:32 AM

Hello 

Durred

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 

3.

Please run FRST again and post the new FRST.txt log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Durred

Durred
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 16 December 2015 - 03:52 PM

-Edit-
Accidentally double-posted.
Sorry for the inconvenience.

Attached Files


Edited by Durred, 16 December 2015 - 03:54 PM.


#4 Durred

Durred
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 16 December 2015 - 03:52 PM

# AdwCleaner v5.025 - Logfile created 16/12/2015 at 12:32:06
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Local]
# Operating system : Windows 7 Ultimate  (x64)
# Username : ShellShock - SHELLSHOCK-PC
# Running from : C:\Users\ShellShock\Desktop\adwcleaner_5.025.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : caMyciloP
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\ProgramData\camycilop
[#] Folder Deleted : C:\Windows\SysNative\Tasks\Seventh
[#] Folder Deleted : C:\Windows\SysNative\Tasks\Sixth
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\plan B\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\plan B\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\plan B\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\plan B\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\SHELLS~1\AppData\Local\Temp\task.vbs
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKCU\Software\powerpack
[-] Key Deleted : HKCU\Software\StormWatchApp
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\SpaceSoundPro
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\FFUPD
[-] Key Deleted : HKCU\Software\FunFeedr
[-] Key Deleted : HKCU\Software\Reg\Clean
[-] Key Deleted : HKCU\Software\SoftSuma
[-] Key Deleted : HKCU\Software\tstamptoken
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\{8CDB6E50-892E-4817-bFCB-251C1A6ECEA7}
[-] Key Deleted : HKCU\Software\{F249EA53-75E3-4E2F-bB61-BC1B28C23E43}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKU\.DEFAULT\Software\{F249EA53-75E3-4E2F-bB61-BC1B28C23E43}
[-] Key Deleted : HKU\S-1-5-19\Software\{F249EA53-75E3-4E2F-bB61-BC1B28C23E43}
[-] Key Deleted : HKU\S-1-5-20\Software\{F249EA53-75E3-4E2F-bB61-BC1B28C23E43}
[-] Key Deleted : HKU\S-1-5-21-2367937490-2620206961-1706274593-1000_Classes\Software\{8CDB6E50-892E-4817-bFCB-251C1A6ECEA7}
[-] Key Deleted : HKU\S-1-5-21-2367937490-2620206961-1706274593-1000_Classes\Software\{F249EA53-75E3-4E2F-bB61-BC1B28C23E43}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\plan B\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\plan B\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\plan B\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcgnigmofekcllgbiejhmigggmgehkip
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3706 bytes] ##########
 
 
 
Emsisoft Emergency Kit - Version 10.0
Last update: 12/16/2015 12:36:49 PM
User account: ShellShock-PC\ShellShock
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 12/16/2015 12:37:44 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2 detected: Application.Toolbar (A)
C:\Windows\TEMP\Smartbar detected: Application.Win32.WebToolbar (A)
C:\Users\ShellShock\AppData\Roaming\baidu detected: Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-2367937490-2620206961-1706274593-1000\SOFTWARE\SYSTWEAK detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK detected: Application.InstallAd (A)
C:\Program Files\Common Files\0i2uoepu\74f4f2nnej3yg.exe detected: Trojan.GenericKD.2831444 ( B)
C:\ProgramData\caMyciloP\Sankix.exe detected: Application.AdLink (A)
C:\ProgramData\Uoahammnuavpa\1.0.7.1\jaevahii.exe detected: Gen:Variant.Adware.Kazy.618604 ( B)
C:\ProgramData\Vaiafineco\Vilafan.exe detected: Application.AdLink (A)
C:\Users\plan B\AppData\Local\gmsd_us_005010177\upgmsd_us_005010177.exe detected: Gen:Variant.Adware.Eorezo.2 ( B)
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BPHWL3W\DGChecker[1].exe detected: Gen:Variant.Adware.Graftor.258423 ( B)
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BPHWL3W\FinalInstaller_dotnet4[1].exe detected: Gen:Variant.Adware.Zusy.146056 ( B)
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZA0CVL3\CaUz0U[1].exe detected: Trojan.GenericKD.2928864 ( B)
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZA0CVL3\SilentInstaller_dotnet4[1].exe detected: Gen:Variant.MSILPerseus.1128 ( B)
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZA0CVL3\SmartWebInstaller[1].exe detected: Adware.Generic.1244215 ( B)
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAD2MD7W\setup_362[1].exe detected: Gen:Variant.Adware.Graftor.226139 ( B)
C:\Users\plan B\AppData\Local\temp\avg7242.exe detected: Gen:Variant.MSILPerseus.1128 ( B)
C:\Users\plan B\AppData\Local\temp\nsc68FB.tmp detected: Trojan.GenericKD.2928864 ( B)
C:\Users\plan B\AppData\Local\temp\fsd1110.exe detected: Gen:Variant.Adware.Zusy.146056 ( B)
C:\Users\ShellShock\AppData\Local\Joymedia.exe detected: Gen:Variant.Kazy.718161 ( B)
C:\Users\ShellShock\AppData\Local\Temp\81450236331\1QVdFL1BTSQ==2.exe detected: Gen:Variant.Mikey.28783 ( B)
C:\Users\ShellShock\AppData\Local\Temp\amisetup4097__16782.exe detected: Trojan.GenericKD.2929222 ( B)
C:\Users\ShellShock\AppData\Local\Temp\amisetup3267__15940.exe detected: Trojan.GenericKD.2929222 ( B)
C:\Users\ShellShock\AppData\Local\Temp\amisetup7315__15940.exe detected: Trojan.GenericKD.2929222 ( B)
C:\Users\ShellShock\AppData\Local\Temp\avg584D.exe detected: Gen:Variant.MSILPerseus.1128 ( B)
C:\Users\ShellShock\AppData\Local\Temp\avg4193.exe detected: Gen:Variant.MSILPerseus.1128 ( B)
C:\Users\ShellShock\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\adv_35.exe detected: Application.Win32.InstallTool (A)
C:\Users\ShellShock\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\OfferInstaller.exe detected: Application.Generic.1532908 ( B)
C:\Users\ShellShock\AppData\Local\Temp\fsd3EA5.exe detected: Gen:Variant.Adware.Zusy.146056 ( B)
C:\Users\ShellShock\AppData\Local\Temp\fsdE6C7.exe detected: Gen:Variant.Adware.Zusy.146056 ( B)
C:\Users\ShellShock\AppData\Local\Temp\fsd879.exe detected: Gen:Variant.Adware.Zusy.146056 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsj34E5.tmp detected: Gen:Variant.Mikey.28783 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nspE353.tmp detected: Gen:Variant.Adware.Graftor.226139 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsdD8BE.tmp detected: Gen:Variant.Adware.Mikey.28454 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsn5DA6.tmp detected: Trojan.GenericKD.2928864 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nssC1B2.tmp detected: Gen:Variant.Adware.Graftor.258423 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nst3703.tmp detected: Gen:Variant.Adware.Graftor.226139 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nss807A.tmp detected: Gen:Variant.Adware.Mikey.28454 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nst9619.tmp detected: Trojan.GenericKD.2928864 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsmB749.tmp detected: Gen:Variant.Adware.Mikey.28454 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsw91E6.tmp\uph.dll detected: Application.Generic.1489480 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nswE2CE.tmp detected: Gen:Variant.Mikey.28503 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsw9731.exe detected: Gen:Variant.Kazy.626196 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsx44A.tmp detected: Gen:Variant.Adware.Graftor.226139 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsz3713.tmp detected: Trojan.GenericKD.2928864 ( B)
C:\Users\ShellShock\AppData\Local\Temp\U9Lyc\xrc.exe detected: Gen:Variant.Kazy.718161 ( B)
C:\Windows\SysWOW64\Dotederle.dll detected: Gen:Variant.Adware.PennyBee.8 ( B)
C:\Windows\SysWOW64\Uponrekof.dll detected: Gen:Variant.Adware.PennyBee.8 ( B)
C:\Windows\TEMP\tmp6FA4.tmp detected: Trojan.GenericKD.2831439 ( B)
C:\Windows\TEMP\30E0.tmp.exe detected: Gen:Variant.Adware.Graftor.186140 ( B)
 
Scanned 76262
Found 51
 
Scan end: 12/16/2015 12:44:33 PM
Scan time: 0:06:49
 
C:\Windows\TEMP\30E0.tmp.exe Quarantined Gen:Variant.Adware.Graftor.186140 ( B)
C:\Windows\TEMP\tmp6FA4.tmp Quarantined Trojan.GenericKD.2831439 ( B)
C:\Windows\SysWOW64\Uponrekof.dll Quarantined Gen:Variant.Adware.PennyBee.8 ( B)
C:\Windows\SysWOW64\Dotederle.dll Quarantined Gen:Variant.Adware.PennyBee.8 ( B)
C:\Users\ShellShock\AppData\Local\Temp\U9Lyc\xrc.exe Quarantined Gen:Variant.Kazy.718161 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsz3713.tmp Quarantined Trojan.GenericKD.2928864 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsx44A.tmp Quarantined Gen:Variant.Adware.Graftor.226139 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsw9731.exe Quarantined Gen:Variant.Kazy.626196 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nswE2CE.tmp Quarantined Gen:Variant.Mikey.28503 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsw91E6.tmp\uph.dll Quarantined Application.Generic.1489480 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsmB749.tmp Quarantined Gen:Variant.Adware.Mikey.28454 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nst9619.tmp Quarantined Trojan.GenericKD.2928864 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nss807A.tmp Quarantined Gen:Variant.Adware.Mikey.28454 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nst3703.tmp Quarantined Gen:Variant.Adware.Graftor.226139 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nssC1B2.tmp Quarantined Gen:Variant.Adware.Graftor.258423 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsn5DA6.tmp Quarantined Trojan.GenericKD.2928864 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsdD8BE.tmp Quarantined Gen:Variant.Adware.Mikey.28454 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nspE353.tmp Quarantined Gen:Variant.Adware.Graftor.226139 ( B)
C:\Users\ShellShock\AppData\Local\Temp\nsj34E5.tmp Quarantined Gen:Variant.Mikey.28783 ( B)
C:\Users\ShellShock\AppData\Local\Temp\fsd879.exe Quarantined Gen:Variant.Adware.Zusy.146056 ( B)
C:\Users\ShellShock\AppData\Local\Temp\fsdE6C7.exe Quarantined Gen:Variant.Adware.Zusy.146056 ( B)
C:\Users\ShellShock\AppData\Local\Temp\fsd3EA5.exe Quarantined Gen:Variant.Adware.Zusy.146056 ( B)
C:\Users\ShellShock\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\OfferInstaller.exe Quarantined Application.Generic.1532908 ( B)
C:\Users\ShellShock\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\adv_35.exe Quarantined Application.Win32.InstallTool (A)
C:\Users\ShellShock\AppData\Local\Temp\avg4193.exe Quarantined Gen:Variant.MSILPerseus.1128 ( B)
C:\Users\ShellShock\AppData\Local\Temp\avg584D.exe Quarantined Gen:Variant.MSILPerseus.1128 ( B)
C:\Users\ShellShock\AppData\Local\Temp\amisetup7315__15940.exe Quarantined Trojan.GenericKD.2929222 ( B)
C:\Users\ShellShock\AppData\Local\Temp\amisetup3267__15940.exe Quarantined Trojan.GenericKD.2929222 ( B)
C:\Users\ShellShock\AppData\Local\Temp\amisetup4097__16782.exe Quarantined Trojan.GenericKD.2929222 ( B)
C:\Users\ShellShock\AppData\Local\Temp\81450236331\1QVdFL1BTSQ==2.exe Quarantined Gen:Variant.Mikey.28783 ( B)
C:\Users\ShellShock\AppData\Local\Joymedia.exe Quarantined Gen:Variant.Kazy.718161 ( B)
C:\Users\plan B\AppData\Local\temp\fsd1110.exe Quarantined Gen:Variant.Adware.Zusy.146056 ( B)
C:\Users\plan B\AppData\Local\temp\nsc68FB.tmp Quarantined Trojan.GenericKD.2928864 ( B)
C:\Users\plan B\AppData\Local\temp\avg7242.exe Quarantined Gen:Variant.MSILPerseus.1128 ( B)
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAD2MD7W\setup_362[1].exe Quarantined Gen:Variant.Adware.Graftor.226139 ( B)
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZA0CVL3\SmartWebInstaller[1].exe Quarantined Adware.Generic.1244215 ( B)
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZA0CVL3\SilentInstaller_dotnet4[1].exe Quarantined Gen:Variant.MSILPerseus.1128 ( B)
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZA0CVL3\CaUz0U[1].exe Quarantined Trojan.GenericKD.2928864 ( B)
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BPHWL3W\FinalInstaller_dotnet4[1].exe Quarantined Gen:Variant.Adware.Zusy.146056 ( B)
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BPHWL3W\DGChecker[1].exe Quarantined Gen:Variant.Adware.Graftor.258423 ( B)
C:\Users\plan B\AppData\Local\gmsd_us_005010177\upgmsd_us_005010177.exe Quarantined Gen:Variant.Adware.Eorezo.2 ( B)
C:\ProgramData\Vaiafineco\Vilafan.exe Quarantined Application.AdLink (A)
C:\ProgramData\Uoahammnuavpa\1.0.7.1\jaevahii.exe Quarantined Gen:Variant.Adware.Kazy.618604 ( B)
C:\ProgramData\caMyciloP\Sankix.exe Quarantined Application.AdLink (A)
C:\Program Files\Common Files\0i2uoepu\74f4f2nnej3yg.exe Quarantined Trojan.GenericKD.2831444 ( B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-2367937490-2620206961-1706274593-1000\SOFTWARE\SYSTWEAK Quarantined Application.InstallAd (A)
C:\Users\ShellShock\AppData\Roaming\baidu Quarantined Application.AppInstall (A)
C:\Windows\TEMP\Smartbar Quarantined Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG2.ANIGIFPPG2 Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIGIFPPG.ANIGIFPPG Quarantined Application.Toolbar (A)
 
Quarantined 51
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-12-2015 03
Ran by ShellShock (administrator) on SHELLSHOCK-PC (16-12-2015 12:46:42)
Running from C:\Users\ShellShock\Desktop
Loaded Profiles: ShellShock (Available Profiles: ShellShock & plan B & Guest)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
() C:\Users\ShellShock\AppData\Local\Temp\U9Lycx\runner.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
() C:\Program Files\NicController\hotnic.exe
( ) C:\Windows\System32\lxdccoms.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
() C:\ProgramData\Vaiafineco\Vaiafineco.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\ProgramData\Vaiafineco\Vaiafineco.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\ProgramData\caMyciloP\caMyciloP.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [lxdcamon] => C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe [25256 2009-04-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [tslxll] => rundll32.exe "C:\Users\ShellShock\AppData\Local\tslxll.dll",tslxll <===== ATTENTION
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [Windi] => C:\ProgramData\DataFile\Downloads\Windi.exe [288256 2015-12-02] ()
HKU\S-1-5-18\...\Run: [] => 0
AppInit_DLLs: C:\ProgramData\caMyciloP\Bigdox.dll => C:\ProgramData\caMyciloP\Bigdox.dll [518656 2015-12-16] ()
AppInit_DLLs-x32: C:\ProgramData\caMyciloP\Zotlux.dll => C:\ProgramData\caMyciloP\Zotlux.dll [320512 2015-12-16] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:5050
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:5050
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:5050
ProxyEnable: [S-1-5-21-2367937490-2620206961-1706274593-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-2367937490-2620206961-1706274593-1000] => 127.0.0.1:5050
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{175692EC-66B0-4CD5-87E9-1154B063396A}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5R624ZjmFf9mhK5Ob4XC3GKuLcD8DbMOzhsGqFmy4oIVRtKplbq9S11ZL7Mqxa00w2t_lLmFA5DFgf9
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2367937490-2620206961-1706274593-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2367937490-2620206961-1706274593-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2367937490-2620206961-1706274593-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\ShellShock\AppData\Roaming\Mozilla\Firefox\Profiles\u9cqnxfp.default-1450236856198
FF NewTab: C:\ProgramData\caMyciloPs\ff.NT
FF DefaultSearchEngineuser_pref("browser.search.defaultenginename","Trovi");: user_pref("browser.search.defaultenginename","Trovi");
FF DefaultSearchEngineuser_pref("browser.search.defaultenginename.US","Trovi");: user_pref("browser.search.defaultenginename.US","Trovi");
FF SelectedSearchEngineuser_pref("browser.search.selectedEngine","Trovi");: user_pref("browser.search.selectedEngine","Trovi");
FF NetworkProxy: "autoconfig_url","http://127.0.0.1:5050/pac"
FF NetworkProxy: "type",2
FF Homepage: user_pref("network.proxy.no_proxies_on","");C:\ProgramData\caMyciloPs\ff.HP
FF NetworkProxy: "no_proxies_on","");user_pref("browser.startup.homepage", "C:\ProgramData\caMyciloPs\ff.HP"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-15] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF SearchPlugin: C:\Users\ShellShock\AppData\Roaming\Mozilla\Firefox\Profiles\u9cqnxfp.default-1450236856198\searchplugins\findit.xml [2015-12-16]
FF Extension: No Name - C:\Program Files\shopperz161220150435\Firefox\{7F0B7994-C238-478F-a155-45BF7E191396}.xpi [not found]
FF Extension: No Name - C:\Users\ShellShock\AppData\Roaming\Mozilla\Firefox\Profiles\u9cqnxfp.default-1450236856198\extensions\funfeedr.sgn@funfeedr.com.xpi [not found]
FF HKLM\...\Firefox\Extensions: [{7F0B7994-C238-478F-a155-45BF7E191396}] - C:\Program Files\shopperz161220150435\Firefox\{7F0B7994-C238-478F-a155-45BF7E191396}.xpi => not found
FF HKLM\...\Firefox\Extensions: [{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2}] - C:\Program Files\shopperz151220152114\Firefox\{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7F0B7994-C238-478F-a155-45BF7E191396}] - C:\Program Files\shopperz161220150435\Firefox\{7F0B7994-C238-478F-a155-45BF7E191396}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2}] - C:\Program Files\shopperz151220152114\Firefox\{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2}.xpi => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jxPWoFzlhW5nEfOFMg_hUzW1CkI6RgFqgcLQIYzFLeIhjYhDrMqlQNLUfNneBEMrTuls3qJDTmf_RK
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf0NjqIAq_u7mGIHOusD57tIZ5_7_DYYLEPps1BwgQvePwlCeFupWrsvy0q1dJer6-MlPXD7zn0soFD74n4Zn87tvo-g6wPEC89MIEq-rjmfZiMdnY69AaZnnZjdnXje4jbfX-IKBQGZFToUXDTyISnElu5rCMA,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-15]
CHR Extension: (Google Docs) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-15]
CHR Extension: (Google Drive) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-15]
CHR Extension: (YouTube) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-15]
CHR Extension: (Google Search) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-15]
CHR Extension: (Adobe Acrobat) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-12-15]
CHR Extension: (Google Sheets) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-15]
CHR Extension: (Gmail) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-15]
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-24] (ASUSTeK Computer Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
R2 caMyciloP; C:\ProgramData\\caMyciloP\\caMyciloP.exe [437248 2015-12-16] () [File not signed]
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [159872 2015-10-09] () <==== ATTENTION
R2 FinwarmSvc; C:\Users\ShellShock\AppData\Local\Temp\U9Lycx\runner.exe [45568 2015-12-15] () [File not signed]
R2 hotnic32; C:\Program Files\NicController\hotnic.exe [379904 2015-12-10] () [File not signed]
R3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S2 lxdcCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe [34224 2007-05-25] (Lexmark International, Inc.)
R2 lxdc_device; C:\Windows\system32\lxdccoms.exe [567216 2007-05-25] ( )
R2 lxdc_device; C:\Windows\SysWOW64\lxdccoms.exe [537520 2007-05-25] ( )
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [159872 2015-10-09] () <==== ATTENTION
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 Vaiafineco; C:\ProgramData\\Vaiafineco\\Vaiafineco.exe [431104 2015-12-15] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R4 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-06-22] (Emsisoft GmbH)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 WinRing0_1_2_0; C:\Users\ShellShock\Desktop\Real Temp\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S0 23959904; system32\drivers\64579807.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-16 12:46 - 2015-12-16 12:46 - 00024025 _____ C:\Users\ShellShock\Desktop\FRST.txt
2015-12-16 12:46 - 2015-12-16 12:46 - 00000000 ____D C:\Users\ShellShock\Desktop\FRST-OlderVersion
2015-12-16 12:45 - 2015-12-16 12:45 - 00022180 _____ C:\Users\ShellShock\Desktop\scan_151216-123744.txt
2015-12-16 12:34 - 2015-12-16 12:45 - 00000000 ____D C:\ProgramData\caMyciloP
2015-12-16 12:34 - 2015-12-16 12:37 - 00000000 ____D C:\EEK
2015-12-16 12:34 - 2015-12-16 12:34 - 00003785 _____ C:\Users\ShellShock\Desktop\AdwCleaner[C2].txt
2015-12-16 12:34 - 2015-12-16 12:34 - 00002381 _____ C:\Windows\SysWOW64\findit.xml
2015-12-16 12:34 - 2015-12-16 12:34 - 00000743 _____ C:\Users\ShellShock\Desktop\Start Emsisoft Emergency Kit.lnk
2015-12-16 12:34 - 2015-12-16 12:34 - 00000000 ____D C:\ProgramData\caMyciloPs
2015-12-16 12:21 - 2015-12-16 12:32 - 00000000 ____D C:\AdwCleaner
2015-12-16 12:21 - 2015-12-16 12:21 - 01740288 _____ C:\Users\ShellShock\Desktop\adwcleaner_5.025.exe
2015-12-15 23:03 - 2015-12-15 23:03 - 00057755 _____ C:\Users\Guest\Downloads\Addition.txt
2015-12-15 22:59 - 2015-12-15 22:59 - 00000000 ____D C:\Users\Guest\Tracing
2015-12-15 22:58 - 2015-12-16 02:27 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype
2015-12-15 22:42 - 2015-12-15 22:47 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Opera Software
2015-12-15 22:42 - 2015-12-15 22:42 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Opera Software
2015-12-15 22:41 - 2015-12-15 22:50 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-15 22:40 - 2015-12-16 12:45 - 00000000 ____D C:\Users\plan B\AppData\Local\gmsd_us_005010177
2015-12-15 22:39 - 2015-12-15 22:40 - 00003752 _____ C:\Windows\System32\Tasks\SecurityApps2
2015-12-15 22:39 - 2015-12-15 22:39 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Media Player
2015-12-15 22:39 - 2015-12-15 22:39 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Macromedia
2015-12-15 22:39 - 2015-12-15 22:39 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Adobe
2015-12-15 22:39 - 2015-12-15 22:39 - 00000000 ____D C:\Users\plan B\AppData\Local\SecurityApps
2015-12-15 22:38 - 2015-12-15 22:38 - 00113040 _____ C:\Users\plan B\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-15 22:38 - 2015-12-15 22:38 - 00000000 ____D C:\Windows\system32\hoe
2015-12-15 22:38 - 2015-12-15 22:38 - 00000000 ____D C:\Users\plan B\AppData\Roaming\TapgokUcijyc
2015-12-15 22:38 - 2015-12-15 22:38 - 00000000 ____D C:\Users\plan B\AppData\LocalLow\Company
2015-12-15 22:38 - 2015-12-15 22:38 - 00000000 ____D C:\Users\plan B\AppData\Local\Tempfolder
2015-12-15 22:37 - 2015-12-16 12:34 - 00001435 _____ C:\Users\plan B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-15 22:37 - 2015-12-16 12:18 - 00001413 _____ C:\Users\plan B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-12-15 22:37 - 2015-12-15 22:37 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Apple Computer
2015-12-15 22:37 - 2015-12-15 22:37 - 00000000 ____D C:\Users\plan B\AppData\Local\Google
2015-12-15 22:37 - 2015-12-15 22:37 - 00000000 ____D C:\Users\plan B\AppData\Local\Adobe
2015-12-15 22:36 - 2015-12-15 22:37 - 00000000 ____D C:\Users\plan B
2015-12-15 22:36 - 2015-12-15 22:36 - 00000484 __RSH C:\Users\plan B\ntuser.pol
2015-12-15 22:36 - 2015-12-15 22:36 - 00000020 ___SH C:\Users\plan B\ntuser.ini
2015-12-15 22:36 - 2015-12-15 22:36 - 00000000 _SHDL C:\Users\plan B\My Documents
2015-12-15 22:36 - 2015-12-15 22:36 - 00000000 _SHDL C:\Users\plan B\Documents\My Videos
2015-12-15 22:36 - 2015-12-15 22:36 - 00000000 _SHDL C:\Users\plan B\Documents\My Pictures
2015-12-15 22:36 - 2015-12-15 22:36 - 00000000 _SHDL C:\Users\plan B\Documents\My Music
2015-12-15 22:36 - 2015-08-19 17:57 - 00000000 ____D C:\Users\plan B\AppData\Roaming\HPActiveHealth
2015-12-15 22:36 - 2009-07-13 23:45 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Media Center Programs
2015-12-15 22:34 - 2015-12-15 22:34 - 00066665 _____ C:\Users\plan B\Desktop\FRST.txt
2015-12-15 22:34 - 2015-12-15 22:34 - 00057755 _____ C:\Users\plan B\Desktop\Addition.txt
2015-12-15 22:23 - 2015-12-15 22:27 - 00058288 _____ C:\Users\Guest\Desktop\Addition.txt
2015-12-15 21:51 - 2015-12-16 12:45 - 00000000 ____D C:\ProgramData\Vaiafineco
2015-12-15 21:51 - 2015-12-15 21:51 - 02356647 _____ () C:\Program Files\Common Files\wx2jxgyc.exe
2015-12-15 21:51 - 2015-12-15 21:51 - 00000000 ____D C:\ProgramData\Vaiafinecos
2015-12-15 21:48 - 2015-12-16 12:45 - 00000000 ____D C:\Program Files\Common Files\0i2uoepu
2015-12-15 21:48 - 2015-12-15 21:48 - 00003388 _____ C:\Windows\System32\Tasks\uvnqp1hd
2015-12-15 21:26 - 2015-12-16 12:46 - 00000468 _____ C:\Windows\Tasks\CIMT_S-1-5-21-2367937490-2620206961-1706274593-1000.job
2015-12-15 21:26 - 2015-12-15 21:31 - 00000502 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-2367937490-2620206961-1706274593-1000.job
2015-12-15 21:26 - 2015-12-15 21:26 - 00003592 _____ C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-2367937490-2620206961-1706274593-1000
2015-12-15 21:26 - 2015-12-15 21:26 - 00003480 _____ C:\Windows\System32\Tasks\CIMT_S-1-5-21-2367937490-2620206961-1706274593-1000
2015-12-15 21:26 - 2015-12-15 21:26 - 00001024 _____ C:\.rnd
2015-12-15 21:26 - 2015-12-15 21:26 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\ContentCleaner
2015-12-15 21:24 - 2015-12-15 21:24 - 00009216 _____ C:\Users\ShellShock\AppData\Local\tslxll.dll
2015-12-15 21:24 - 2015-12-15 21:24 - 00002560 _____ C:\Users\ShellShock\AppData\Local\uninstall.exe
2015-12-15 21:22 - 2015-12-15 22:48 - 00000000 ____D C:\ProgramData\DataFile
2015-12-15 21:22 - 2015-12-15 22:38 - 00004688 _____ C:\Windows\SysWOW64\Dotederle.ini
2015-12-15 21:22 - 2015-12-15 22:38 - 00002400 _____ C:\Windows\SysWOW64\DotederleOff.ini
2015-12-15 21:22 - 2015-12-15 22:38 - 00002400 _____ C:\Windows\system32\DotederleOff.ini
2015-12-15 21:22 - 2015-12-15 21:22 - 00003350 _____ C:\Windows\System32\Tasks\Cohgevom
2015-12-15 21:22 - 2015-12-15 21:22 - 00000000 ____D C:\Windows\system32\jafh
2015-12-15 21:22 - 2015-12-15 21:22 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\TapgokUcijyc
2015-12-15 21:22 - 2015-12-15 21:11 - 00375632 _____ C:\Windows\system32\Dotederle64.dll
2015-12-15 20:40 - 2015-12-16 12:46 - 02370048 _____ (Farbar) C:\Users\ShellShock\Desktop\FRST64.exe
2015-12-15 20:40 - 2015-12-15 22:27 - 00066826 _____ C:\Users\Guest\Desktop\FRST.txt
2015-12-15 20:27 - 2015-12-16 12:34 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-15 20:27 - 2015-12-16 12:33 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-15 20:27 - 2015-12-16 01:32 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-15 20:27 - 2015-12-15 20:27 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-15 20:27 - 2015-12-15 20:27 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-15 20:27 - 2015-12-15 20:27 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2015-12-15 20:27 - 2015-12-15 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-15 20:26 - 2015-12-15 20:27 - 00000000 ____D C:\Users\Guest\AppData\Local\Deployment
2015-12-15 20:26 - 2015-12-15 20:26 - 00000000 ____D C:\Users\Guest\AppData\Local\Apps\2.0
2015-12-15 20:21 - 2015-12-15 22:19 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-15 20:21 - 2015-12-15 20:21 - 00002810 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-15 20:21 - 2015-12-15 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-15 20:21 - 2015-12-15 20:21 - 00000000 ____D C:\Program Files\CCleaner
2015-12-15 20:19 - 2015-12-15 20:19 - 00243344 _____ C:\Users\ShellShock\Downloads\FireFox_Setup [1].exe
2015-12-15 20:13 - 2015-12-15 20:15 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Raptr
2015-12-15 20:13 - 2015-12-15 20:13 - 00000000 ____D C:\Users\Guest\AppData\Local\gmsd_us_005010177
2015-12-15 20:13 - 2015-12-15 20:13 - 00000000 ____D C:\Users\Guest\AppData\Local\AMD
2015-12-15 20:07 - 2015-12-15 20:07 - 00000000 ____D C:\ProgramData\0db8d284-5637-0
2015-12-15 20:07 - 2015-12-15 20:07 - 00000000 ____D C:\ProgramData\0db8d284-2903-1
2015-12-15 20:06 - 2015-12-15 20:06 - 00023082 _____ C:\Windows\System32\Tasks\{05097F47-0A0F-0E05-0911-7E0F0B0B110F}
2015-12-15 20:06 - 2015-12-15 20:06 - 00000000 ____D C:\ProgramData\5c40f7a4-7ad7-0
2015-12-15 20:06 - 2015-12-15 20:06 - 00000000 ____D C:\ProgramData\5c40f7a4-5f11-1
2015-12-15 20:05 - 2015-12-15 20:05 - 00000000 ____D C:\ProgramData\Uoahammnuavpa
2015-12-15 20:04 - 2015-12-16 12:26 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Common
2015-12-15 20:04 - 2015-12-15 21:23 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Tempfolder
2015-12-15 20:04 - 2015-12-15 20:15 - 00004688 _____ C:\Windows\SysWOW64\Uponrekof.ini
2015-12-15 20:04 - 2015-12-15 20:15 - 00002400 _____ C:\Windows\SysWOW64\UponrekofOff.ini
2015-12-15 20:04 - 2015-12-15 20:15 - 00002400 _____ C:\Windows\system32\UponrekofOff.ini
2015-12-15 20:04 - 2015-12-15 20:06 - 00003196 _____ C:\Windows\System32\Tasks\Seventh
2015-12-15 20:04 - 2015-12-15 20:06 - 00003188 _____ C:\Windows\System32\Tasks\Sixth
2015-12-15 20:04 - 2015-12-15 20:04 - 00003348 _____ C:\Windows\System32\Tasks\Gufdhyp
2015-12-15 20:04 - 2015-12-15 20:04 - 00000000 ____D C:\Windows\system32\uke
2015-12-15 20:04 - 2015-12-15 20:04 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\AkijOmycs
2015-12-15 20:04 - 2015-12-15 20:04 - 00000000 ____D C:\Users\ShellShock\AppData\LocalLow\Company
2015-12-15 20:04 - 2015-12-15 20:04 - 00000000 ____D C:\uninst
2015-12-15 20:04 - 2015-12-15 18:37 - 00375680 _____ C:\Windows\system32\Uponrekof64.dll
2015-12-15 19:59 - 2015-12-15 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player
2015-12-15 19:27 - 2015-12-15 22:28 - 00000000 ____D C:\Program Files\NicController
2015-12-15 19:27 - 2015-12-15 19:27 - 00000626 __RSH C:\ProgramData\ntuser.pol
2015-12-15 19:27 - 2015-12-15 19:27 - 00000187 _____ C:\Users\ShellShock\AppData\Local\Joymedia.exe.config
2015-12-15 19:27 - 2015-12-15 19:25 - 00000098 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-15 19:26 - 2015-12-15 19:36 - 00000000 ____D C:\Program Files (x86)\Best YouTube Downloader
2015-12-15 19:26 - 2015-12-15 19:26 - 00000484 __RSH C:\Users\ShellShock\ntuser.pol
2015-12-15 18:32 - 2015-12-15 19:17 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2015-12-15 18:32 - 2015-12-15 18:32 - 00000000 ____D C:\Users\ShellShock\Documents\WonderFox Soft
2015-12-15 18:32 - 2015-12-15 18:32 - 00000000 ____D C:\Program Files (x86)\WonderFox Soft
2015-12-15 15:08 - 2015-12-15 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-15 00:23 - 2015-12-15 00:23 - 00003452 _____ C:\Windows\System32\Tasks\{D5D96DC4-8F6E-4A92-84E5-DEC1C40E8AF1}
2015-12-15 00:23 - 2015-12-15 00:23 - 00001613 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-12-15 00:23 - 2015-12-15 00:23 - 00000000 ____D C:\Riot Games
2015-12-15 00:22 - 2015-12-15 00:23 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Riot Games
2015-12-12 14:13 - 2015-12-12 14:13 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Thinstall
2015-12-12 14:13 - 2015-12-12 14:13 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Thinstall
2015-12-11 13:59 - 2015-12-15 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-10 20:08 - 2015-12-10 20:08 - 00027345 _____ C:\Users\ShellShock\Desktop\Comcast Customer Central.pdf
2015-12-10 14:31 - 2015-12-10 14:31 - 00224337 _____ C:\Users\ShellShock\Desktop\VisitPaper.pdf
2015-12-09 23:28 - 2015-12-10 20:59 - 00016539 ____H C:\Users\ShellShock\Desktop\~WRL2191.tmp
2015-12-09 23:22 - 2015-12-10 00:26 - 42279034 _____ C:\Users\ShellShock\Desktop\TheVisit.pdf
2015-12-09 23:00 - 2015-12-09 23:00 - 00137648 _____ C:\Users\ShellShock\Desktop\Anthony_Is_a_Handmaid_2.docx.pdf
2015-12-07 11:06 - 2015-12-07 19:09 - 00000000 ____D C:\Users\ShellShock\Desktop\manual
2015-12-07 08:16 - 2015-12-07 08:16 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2015-12-07 08:16 - 2015-12-07 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2015-12-01 21:50 - 2015-12-01 21:50 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-01 21:50 - 2015-12-01 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-01 21:50 - 2015-12-01 21:50 - 00000000 ____D C:\Program Files\iTunes
2015-12-01 21:50 - 2015-12-01 21:50 - 00000000 ____D C:\Program Files\iPod
2015-12-01 21:50 - 2015-12-01 21:50 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-01 21:49 - 2015-12-01 21:49 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-12-01 21:49 - 2015-12-01 21:49 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-30 12:51 - 2015-11-30 12:51 - 00001807 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-11-30 12:51 - 2015-11-30 12:51 - 00001780 _____ C:\Users\Public\Desktop\Apps.lnk
2015-11-30 12:50 - 2015-11-30 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-11-30 12:50 - 2015-11-30 12:50 - 00000000 ____D C:\ProgramData\BlueStacks
2015-11-30 12:50 - 2015-11-30 12:50 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-11-30 12:50 - 2015-11-30 12:50 - 00000000 ____D C:\New folder
2015-11-30 12:49 - 2015-11-30 12:49 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Bluestacks
2015-11-30 00:16 - 2015-11-30 00:16 - 00327265 _____ C:\Users\ShellShock\Desktop\BIG ASS PAPER.pdf
2015-11-21 00:36 - 2015-11-21 00:36 - 00016168 _____ C:\Users\ShellShock\Desktop\My T-Mobile _ Billing _ Payment Confirmation.pdf
2015-11-19 16:31 - 2015-12-03 16:22 - 00000294 _____ C:\Users\ShellShock\Desktop\YOU THOUGHT.txt
2015-11-18 00:20 - 2015-11-18 00:20 - 10907328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 01229984 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00120656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-11-18 00:19 - 2015-11-18 00:19 - 10815664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-11-18 00:19 - 2015-11-18 00:19 - 09070320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-11-18 00:19 - 2015-11-18 00:19 - 09017808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-11-18 00:19 - 2015-11-18 00:19 - 08089248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-11-18 00:17 - 2015-11-18 00:17 - 00296648 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-11-18 00:13 - 2015-11-18 00:13 - 23960064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-11-18 00:08 - 2015-11-18 00:08 - 49984000 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-11-18 00:08 - 2015-11-18 00:08 - 00235008 _____ C:\Windows\system32\clinfo.exe
2015-11-18 00:02 - 2015-11-18 00:02 - 41510912 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-11-17 23:58 - 2015-11-17 23:58 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-17 23:57 - 2015-11-17 23:57 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-17 23:50 - 2015-11-17 23:50 - 27596288 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2015-11-17 23:49 - 2015-11-17 23:49 - 22348288 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2015-11-17 23:44 - 2015-11-17 23:44 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe
2015-11-17 23:44 - 2015-11-17 23:44 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe
2015-11-17 23:44 - 2015-11-17 23:44 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2015-11-17 23:44 - 2015-11-17 23:44 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2015-11-17 21:50 - 2015-11-17 21:50 - 00677888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2015-11-17 21:48 - 2015-11-17 21:48 - 00562688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2015-11-17 21:46 - 2015-11-17 21:46 - 06643200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-11-17 21:46 - 2015-11-17 21:46 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-11-17 21:46 - 2015-11-17 21:46 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-11-17 21:14 - 2015-11-17 21:14 - 05223936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-11-17 20:48 - 2015-11-17 20:48 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-11-17 20:48 - 2015-11-17 20:48 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-11-17 20:08 - 2015-11-17 20:08 - 00683960 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-11-17 20:08 - 2015-11-17 20:08 - 00683960 _____ C:\Windows\system32\atiapfxx.blb
2015-11-17 20:05 - 2015-11-17 20:05 - 31376896 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-11-17 19:43 - 2015-11-17 19:43 - 15711744 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-11-17 19:43 - 2015-11-17 19:43 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-11-17 19:43 - 2015-11-17 19:43 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-11-17 19:43 - 2015-11-17 19:43 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-11-17 19:43 - 2015-11-17 19:43 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-11-17 19:43 - 2015-11-17 19:43 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-11-17 19:40 - 2015-11-17 19:40 - 25840128 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-11-17 19:40 - 2015-11-17 19:40 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-11-17 19:40 - 2015-11-17 19:40 - 00865280 _____ (AMD) C:\Windows\system32\coinst_15.30.dll
2015-11-17 19:32 - 2015-11-17 19:32 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-11-17 19:32 - 2015-11-17 19:32 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-11-17 19:27 - 2015-11-17 19:27 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-11-17 19:26 - 2015-11-17 19:26 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-11-17 19:26 - 2015-11-17 19:26 - 00223744 _____ C:\Windows\system32\dgtrayicon.exe
2015-11-17 19:25 - 2015-11-17 19:25 - 00552448 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-11-17 19:25 - 2015-11-17 19:25 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll
2015-11-17 19:25 - 2015-11-17 19:25 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2015-11-17 19:25 - 2015-11-17 19:25 - 00162304 _____ C:\Windows\system32\atieah64.exe
2015-11-17 19:25 - 2015-11-17 19:25 - 00145408 _____ C:\Windows\SysWOW64\atieah32.exe
2015-11-17 19:25 - 2015-11-17 19:25 - 00031744 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-11-17 19:24 - 2015-11-17 19:24 - 00246272 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-11-17 19:24 - 2015-11-17 19:24 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2015-11-17 19:24 - 2015-11-17 19:24 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2015-11-17 19:24 - 2015-11-17 19:24 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2015-11-17 19:24 - 2015-11-17 19:24 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2015-11-17 19:22 - 2015-11-17 19:22 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-11-17 19:10 - 2015-11-17 19:10 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-11-17 18:54 - 2015-11-17 18:54 - 01272832 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-11-17 18:54 - 2015-11-17 18:54 - 00941568 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-11-17 18:54 - 2015-11-17 18:54 - 00941568 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2015-11-17 18:54 - 2015-11-17 18:54 - 00157696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-11-17 18:54 - 2015-11-17 18:54 - 00075776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-11-17 18:54 - 2015-11-17 18:54 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-11-17 18:54 - 2015-11-17 18:54 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-11-17 18:53 - 2015-11-17 18:53 - 00671232 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-11-17 18:53 - 2015-11-17 18:53 - 00142336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-11-17 18:45 - 2015-11-17 18:45 - 00195072 _____ C:\Windows\system32\hsa-thunk64.dll
2015-11-17 18:45 - 2015-11-17 18:45 - 00174592 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2015-11-17 18:43 - 2015-11-17 18:43 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-11-17 13:25 - 2015-11-17 13:25 - 00001071 _____ C:\Users\ShellShock\Desktop\Format Factory.lnk
2015-11-17 13:25 - 2015-11-17 13:25 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-11-17 13:25 - 2015-11-17 13:25 - 00000000 ____D C:\Program Files (x86)\FormatFactory
2015-11-17 12:32 - 2015-11-17 12:33 - 00000000 ____D C:\Users\ShellShock\Desktop\The Boy Next Door (2015) [1080p]
2015-11-17 01:09 - 2015-11-17 01:26 - 00000000 ____D C:\Users\ShellShock\Desktop\Singing Success 360™
2015-11-16 19:56 - 2015-11-16 20:09 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\WindSolutions
2015-11-16 19:56 - 2015-11-16 20:07 - 00000000 ____D C:\ProgramData\WindSolutions
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-16 12:46 - 2015-06-20 10:05 - 00000000 ____D C:\FRST
2015-12-16 12:40 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-16 12:40 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-16 12:35 - 2015-11-12 12:57 - 00004998 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ShellShock-PC-ShellShock ShellShock-PC
2015-12-16 12:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-16 12:34 - 2014-11-14 13:12 - 00001431 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-16 12:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-16 12:33 - 2015-06-26 21:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-16 12:32 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-16 12:18 - 2009-07-13 20:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-16 12:14 - 2009-07-13 21:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-15 22:59 - 2014-11-14 13:12 - 00000000 ____D C:\Users\Guest
2015-12-15 22:58 - 2015-08-02 21:53 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-15 22:58 - 2014-04-17 19:58 - 00000000 ____D C:\ProgramData\Skype
2015-12-15 22:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-15 22:50 - 2015-08-03 11:59 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Skype
2015-12-15 22:49 - 2014-03-13 21:56 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\uTorrent
2015-12-15 22:47 - 2014-03-13 20:58 - 00001413 _____ C:\Users\ShellShock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-12-15 22:34 - 2015-10-26 06:32 - 00000000 ____D C:\Users\ShellShock\Desktop\Flash S2
2015-12-15 22:19 - 2014-07-29 11:30 - 00000000 ____D C:\Users\ShellShock\Desktop\MPC classes so far
2015-12-15 22:15 - 2009-07-13 21:13 - 00877202 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-15 22:13 - 2015-08-19 21:47 - 00000000 ____D C:\Users\ShellShock\Desktop\hartnell is bleep gay
2015-12-15 21:04 - 2015-11-11 16:08 - 00000000 ____D C:\Users\ShellShock\Desktop\Arrow S4
2015-12-15 20:49 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-12-15 20:48 - 2014-03-13 21:00 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Google
2015-12-15 20:27 - 2014-03-13 21:00 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-15 20:26 - 2014-11-14 13:12 - 00113040 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-15 20:24 - 2015-11-09 15:53 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-12-15 20:13 - 2014-11-14 13:12 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2015-12-15 19:26 - 2014-03-13 20:58 - 00000000 ____D C:\Users\ShellShock
2015-12-15 19:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-12-15 17:47 - 2014-04-14 19:57 - 00000000 ____D C:\Users\ShellShock\Desktop\Simple pickup!
2015-12-15 15:29 - 2014-12-01 18:01 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Battle.net
2015-12-15 14:39 - 2014-12-01 18:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-12-15 13:47 - 2014-05-07 16:30 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
2015-12-15 03:16 - 2015-01-30 11:57 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\LolClient
2015-12-14 10:16 - 2014-12-01 18:01 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Battle.net
2015-12-14 10:16 - 2014-12-01 17:59 - 00000000 ____D C:\ProgramData\Battle.net
2015-12-14 09:20 - 2015-10-15 17:49 - 00000000 ____D C:\Users\ShellShock\Desktop\Charles Ticket
2015-12-11 13:59 - 2015-08-02 21:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-11 13:59 - 2015-07-04 01:16 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Skype
2015-12-11 11:17 - 2014-04-22 13:56 - 00000000 ____D C:\Windows\Minidump
2015-12-09 00:33 - 2015-06-26 21:24 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 00:33 - 2015-06-26 21:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 00:33 - 2015-06-26 21:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-07 15:30 - 2015-11-15 19:42 - 00000000 ____D C:\Users\ShellShock\Desktop\Fast and Furious 7 2015 1080p HDRip x264 AC3-JYK
2015-12-07 08:16 - 2015-11-10 13:30 - 00000000 ____D C:\Program Files (x86)\AMD
2015-12-07 08:16 - 2015-11-10 13:26 - 00000000 ____D C:\Program Files\AMD
2015-12-07 08:16 - 2015-11-05 02:41 - 00000000 ____D C:\Users\ShellShock\AppData\Local\AMD
2015-12-07 08:12 - 2014-03-13 21:14 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-07 08:11 - 2015-11-10 13:25 - 00000000 ____D C:\AMD
2015-12-05 16:25 - 2014-12-01 18:03 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-12-02 10:24 - 2014-11-24 18:10 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-12-01 21:50 - 2015-10-16 15:59 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-12-01 21:50 - 2015-10-16 15:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-01 21:49 - 2015-10-16 15:53 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-01 00:01 - 2015-03-20 20:54 - 00000660 _____ C:\Users\ShellShock\Desktop\mario.txt
2015-11-30 12:51 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-30 12:25 - 2015-11-12 13:00 - 00000000 ____D C:\Users\ShellShock\Desktop\The Pot Book
2015-11-28 15:08 - 2014-03-13 21:01 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2015-11-23 08:34 - 2015-06-27 11:33 - 00113040 _____ C:\Users\ShellShock\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-23 08:32 - 2015-06-29 13:59 - 00447440 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-20 16:26 - 2014-04-05 22:56 - 00000000 ____D C:\Users\ShellShock\Desktop\lpictures
2015-11-20 16:26 - 2014-03-13 21:15 - 00000000 ____D C:\Users\ShellShock\Desktop\pumpitup
2015-11-20 00:42 - 2014-07-16 11:03 - 00000000 ____D C:\Users\ShellShock\Documents\ihelper
2015-11-20 00:39 - 2014-03-13 21:58 - 00000000 ____D C:\Program Files (x86)\PPÖúÊÖ
2015-11-18 16:08 - 2015-09-08 22:39 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-18 16:08 - 2015-08-30 16:03 - 00000000 ____D C:\Users\ShellShock\.oracle_jre_usage
2015-11-18 00:20 - 2015-11-03 14:44 - 00152568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-11-18 00:20 - 2015-11-03 14:43 - 13189336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-11-18 00:20 - 2015-11-03 14:43 - 01496736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-11-17 15:56 - 2014-03-19 22:18 - 00000000 ____D C:\FFOutput
2015-11-17 01:40 - 2015-08-06 14:58 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-17 01:24 - 2015-10-09 23:05 - 00000000 ____D C:\Program Files (x86)\iExplorer
2015-11-17 01:23 - 2015-08-06 15:03 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
 
==================== Files in the root of some directories =======
 
2015-12-15 21:51 - 2015-12-15 21:51 - 2356647 _____ () C:\Program Files\Common Files\wx2jxgyc.exe
2014-05-06 13:42 - 2014-05-06 13:42 - 0645678 _____ () C:\Users\ShellShock\AppData\Roaming\5xo8wn.jpg
2015-10-16 22:53 - 2015-11-05 04:27 - 0000132 _____ () C:\Users\ShellShock\AppData\Roaming\Adobe PNG Format CC Prefs
2015-07-06 01:25 - 2015-07-06 01:27 - 0003227 _____ () C:\Users\ShellShock\AppData\Roaming\glide_wrapper.zbag.ini
2015-01-16 02:15 - 2015-01-16 02:50 - 0103469 _____ () C:\Users\ShellShock\AppData\Roaming\net.telestream.wirecast.xml
2015-01-16 02:15 - 2015-01-16 02:15 - 0014120 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0005028 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_main.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0014543 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0014186 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0067454 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_AKAMAI_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0004755 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_BAMBUSER_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0004935 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_CHURCHSTREAMING_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003123 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_DACAST_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003213 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_HIGH_SCHOOL_CUBE_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0004356 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003439 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003825 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_main.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0005621 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0001451 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_SHOWCASTER_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0010088 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0004482 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_main.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0007122 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMING_MEDIA_HOSTING_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0010619 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0005241 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAM_SPOT_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0016966 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STRETCH_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0008986 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003302 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0008683 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_ZIXI_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:23 - 2015-01-16 02:37 - 0001001 _____ () C:\Users\ShellShock\AppData\Roaming\pc-capture-log.txt
2015-11-05 03:16 - 2015-11-05 03:16 - 225111747 _____ () C:\Users\ShellShock\AppData\Local\ACCCx3_3_0_151.zip.aamdownload
2015-11-05 03:16 - 2015-11-05 03:16 - 0002615 _____ () C:\Users\ShellShock\AppData\Local\ACCCx3_3_0_151.zip.aamdownload.aamd
2015-12-15 19:27 - 2015-12-15 19:27 - 0000187 _____ () C:\Users\ShellShock\AppData\Local\Joymedia.exe.config
2015-12-15 21:24 - 2015-12-15 21:24 - 0009216 _____ () C:\Users\ShellShock\AppData\Local\tslxll.dll
2015-12-15 21:24 - 2015-12-15 21:24 - 0002560 _____ () C:\Users\ShellShock\AppData\Local\uninstall.exe
2014-03-17 17:06 - 2015-08-19 18:01 - 0008064 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\plan B\AppData\Local\Temp\oprun15233.exe
C:\Users\plan B\AppData\Local\Temp\oprun5939.exe
C:\Users\plan B\AppData\Local\Temp\sqlite3.dll
C:\Users\ShellShock\AppData\Local\Temp\befacajhdg_P.exe
C:\Users\ShellShock\AppData\Local\Temp\chromeupdate.exe
C:\Users\ShellShock\AppData\Local\Temp\Edomite.dll
C:\Users\ShellShock\AppData\Local\Temp\fetcher.exe
C:\Users\ShellShock\AppData\Local\Temp\Lotdox.exe
C:\Users\ShellShock\AppData\Local\Temp\msconfig.exe
C:\Users\ShellShock\AppData\Local\Temp\nsw4452.exe
C:\Users\ShellShock\AppData\Local\Temp\oprun14770.exe
C:\Users\ShellShock\AppData\Local\Temp\oprun23773.exe
C:\Users\ShellShock\AppData\Local\Temp\oprun27900.exe
C:\Users\ShellShock\AppData\Local\Temp\oprun8585.exe
C:\Users\ShellShock\AppData\Local\Temp\setup.dll
C:\Users\ShellShock\AppData\Local\Temp\Setup__2140_il108.exe
C:\Users\ShellShock\AppData\Local\Temp\SpOrder.dll
C:\Users\ShellShock\AppData\Local\Temp\sqlite3.dll
C:\Users\ShellShock\AppData\Local\Temp\System.dll
C:\Users\ShellShock\AppData\Local\Temp\UninstallModule.exe
C:\Users\ShellShock\AppData\Local\Temp\Vivaron.exe
C:\Users\ShellShock\AppData\Local\Temp\Voltla.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-11 14:56
 
==================== End of FRST.txt ============================


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:24 AM

Posted 16 December 2015 - 04:24 PM

1.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]

 

2.

Please run FRST again and post the new FRST.txt log along with how the machine is running.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 Durred

Durred
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 16 December 2015 - 05:31 PM

Hello, fireman4it.
 
The system seems to be running the same.
 
My web browser is still infected, but the virus is no longer installing random softwares.
 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
ShellShock :: SHELLSHOCK-PC [administrator]
 
12/16/2015 2:07:51 PM
mbar-log-2015-12-16 (14-07-51).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 434258
Time elapsed: 11 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 7
C:\Users\plan B\AppData\Local\temp\oprun15233.exe (Trojan.Agent) -> Delete on reboot. [79c45ce1abd17fb7f32f2f9fc3402dd3]
C:\Users\plan B\AppData\Local\temp\oprun5939.exe (Trojan.Agent) -> Delete on reboot. [6fceb588dba1be786db502ccc93af10f]
C:\Users\ShellShock\AppData\Local\Temp\oprun14770.exe (Trojan.Agent) -> Delete on reboot. [0637fc41d3a9162058caf9d525de5fa1]
C:\Users\ShellShock\AppData\Local\Temp\oprun23773.exe (Trojan.Agent) -> Delete on reboot. [2f0e5be287f5f640c959517d17ec0ff1]
C:\Users\ShellShock\AppData\Local\Temp\oprun27900.exe (Trojan.Agent) -> Delete on reboot. [35085ce1473540f60220b8165ca7f40c]
C:\Users\ShellShock\AppData\Local\Temp\oprun8585.exe (Trojan.Agent) -> Delete on reboot. [b984b687acd0ea4c4ad8ab235da617e9]
C:\Users\ShellShock\AppData\Local\Temp\msconfig.exe (Trojan.Ransom) -> Delete on reboot. [74c9ed508bf1152110fca0bd53b1738d]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-12-2015 03
Ran by ShellShock (administrator) on SHELLSHOCK-PC (16-12-2015 14:22:41)
Running from C:\Users\ShellShock\Desktop
Loaded Profiles: ShellShock (Available Profiles: ShellShock & plan B & Guest)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
() C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
() C:\ProgramData\caMyciloP\caMyciloP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\ProgramData\DataFile\Downloads\Windi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
() C:\Users\ShellShock\AppData\Local\Temp\U9Lycx\runner.exe
() C:\Program Files\NicController\hotnic.exe
( ) C:\Windows\System32\lxdccoms.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
() C:\ProgramData\Vaiafineco\Vaiafineco.exe
() C:\Program Files\NicController\bin\af8349de-593d-4a6a-99f8-4ac246b2cded\xtc.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [lxdcamon] => C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe [25256 2009-04-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [tslxll] => rundll32.exe "C:\Users\ShellShock\AppData\Local\tslxll.dll",tslxll <===== ATTENTION
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [Windi] => C:\ProgramData\DataFile\Downloads\Windi.exe [288256 2015-12-02] ()
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:5050
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:5050
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:5050
ProxyEnable: [S-1-5-21-2367937490-2620206961-1706274593-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-2367937490-2620206961-1706274593-1000] => 127.0.0.1:5050
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{175692EC-66B0-4CD5-87E9-1154B063396A}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5R624ZjmFf9mhK5Ob4XC3GKuLcD8DbMOzhsGqFmy4oIVRtKplbq9S11ZL7Mqxa00w2t_lLmFA5DFgf9
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2367937490-2620206961-1706274593-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2367937490-2620206961-1706274593-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2367937490-2620206961-1706274593-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\ShellShock\AppData\Roaming\Mozilla\Firefox\Profiles\u9cqnxfp.default-1450236856198
FF NewTab: C:\ProgramData\caMyciloPs\ff.NT
FF DefaultSearchEngineuser_pref("browser.search.defaultenginename","Trovi");: user_pref("browser.search.defaultenginename","Trovi");
FF DefaultSearchEngineuser_pref("browser.search.defaultenginename.US","Trovi");: user_pref("browser.search.defaultenginename.US","Trovi");
FF SelectedSearchEngineuser_pref("browser.search.selectedEngine","Trovi");: user_pref("browser.search.selectedEngine","Trovi");
FF NetworkProxy: "autoconfig_url","http://127.0.0.1:5050/pac"
FF NetworkProxy: "type",2
FF Homepage: user_pref("network.proxy.no_proxies_on","");C:\ProgramData\caMyciloPs\ff.HP
FF NetworkProxy: "no_proxies_on","");user_pref("browser.startup.homepage", "C:\ProgramData\caMyciloPs\ff.HP"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-15] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF SearchPlugin: C:\Users\ShellShock\AppData\Roaming\Mozilla\Firefox\Profiles\u9cqnxfp.default-1450236856198\searchplugins\findit.xml [2015-12-16]
FF Extension: No Name - C:\Program Files\shopperz161220150435\Firefox\{7F0B7994-C238-478F-a155-45BF7E191396}.xpi [not found]
FF Extension: No Name - C:\Users\ShellShock\AppData\Roaming\Mozilla\Firefox\Profiles\u9cqnxfp.default-1450236856198\extensions\funfeedr.sgn@funfeedr.com.xpi [not found]
FF HKLM\...\Firefox\Extensions: [{7F0B7994-C238-478F-a155-45BF7E191396}] - C:\Program Files\shopperz161220150435\Firefox\{7F0B7994-C238-478F-a155-45BF7E191396}.xpi => not found
FF HKLM\...\Firefox\Extensions: [{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2}] - C:\Program Files\shopperz151220152114\Firefox\{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7F0B7994-C238-478F-a155-45BF7E191396}] - C:\Program Files\shopperz161220150435\Firefox\{7F0B7994-C238-478F-a155-45BF7E191396}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2}] - C:\Program Files\shopperz151220152114\Firefox\{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2}.xpi => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jxPWoFzlhW5nEfOFMg_hUwYqJs61q0CIirxj6ytUYkZeF3_oiWxUtH_Rr8aTB21MkwSuxTV_F9B9If
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf0NjqIAq_u7mGIHOusD57tIZ5_7_DYYLEPps1BwgQvePwlCeFupWrsvy0q1dJer6-MlPXD7zn0soFD74n4Zn87tvo-g6wPEC89MIEq-rjmfZiMdnY69AaZnnZjdnXje4jbfX-IKBQGZFToUXDTyISnElu5rCMA,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-15]
CHR Extension: (Google Docs) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-15]
CHR Extension: (Google Drive) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-15]
CHR Extension: (YouTube) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-15]
CHR Extension: (Google Search) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-15]
CHR Extension: (Adobe Acrobat) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-12-15]
CHR Extension: (Google Sheets) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-15]
CHR Extension: (Gmail) - C:\Users\ShellShock\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-15]
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-24] (ASUSTeK Computer Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
R2 caMyciloP; C:\ProgramData\\caMyciloP\\caMyciloP.exe [437248 2015-12-16] () [File not signed]
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [159872 2015-10-09] () <==== ATTENTION
R2 FinwarmSvc; C:\Users\ShellShock\AppData\Local\Temp\U9Lycx\runner.exe [45568 2015-12-15] () [File not signed]
R2 hotnic32; C:\Program Files\NicController\hotnic.exe [379904 2015-12-10] () [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S2 lxdcCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe [34224 2007-05-25] (Lexmark International, Inc.)
R2 lxdc_device; C:\Windows\system32\lxdccoms.exe [567216 2007-05-25] ( )
R2 lxdc_device; C:\Windows\SysWOW64\lxdccoms.exe [537520 2007-05-25] ( )
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [159872 2015-10-09] () <==== ATTENTION
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 Vaiafineco; C:\ProgramData\\Vaiafineco\\Vaiafineco.exe [431104 2015-12-15] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 WinRing0_1_2_0; C:\Users\ShellShock\Desktop\Real Temp\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S0 23959904; system32\drivers\64579807.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-16 14:07 - 2015-12-16 14:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-16 14:07 - 2015-12-16 14:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-16 14:07 - 2015-12-16 14:07 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-16 14:07 - 2015-12-16 14:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-16 14:05 - 2015-12-16 14:20 - 00000000 ____D C:\Users\ShellShock\Desktop\mbar
2015-12-16 14:04 - 2015-12-16 14:04 - 16563352 _____ (Malwarebytes Corp.) C:\Users\ShellShock\Desktop\mbar-1.09.3.1001.exe
2015-12-16 14:02 - 2015-12-16 14:02 - 00000000 ____D C:\Users\ShellShock\Desktop\bleepingcomputerapps
2015-12-16 12:47 - 2015-12-16 12:47 - 00053763 _____ C:\Users\ShellShock\Desktop\Addition.txt
2015-12-16 12:46 - 2015-12-16 14:22 - 00023136 _____ C:\Users\ShellShock\Desktop\FRST.txt
2015-12-16 12:45 - 2015-12-16 12:45 - 00022180 _____ C:\Users\ShellShock\Desktop\scan_151216-123744.txt
2015-12-16 12:34 - 2015-12-16 14:23 - 00000000 ____D C:\ProgramData\caMyciloP
2015-12-16 12:34 - 2015-12-16 12:37 - 00000000 ____D C:\EEK
2015-12-16 12:34 - 2015-12-16 12:34 - 00003785 _____ C:\Users\ShellShock\Desktop\AdwCleaner[C2].txt
2015-12-16 12:34 - 2015-12-16 12:34 - 00002381 _____ C:\Windows\SysWOW64\findit.xml
2015-12-16 12:34 - 2015-12-16 12:34 - 00000743 _____ C:\Users\ShellShock\Desktop\Start Emsisoft Emergency Kit.lnk
2015-12-16 12:34 - 2015-12-16 12:34 - 00000000 ____D C:\ProgramData\caMyciloPs
2015-12-16 12:21 - 2015-12-16 12:32 - 00000000 ____D C:\AdwCleaner
2015-12-16 12:21 - 2015-12-16 12:21 - 01740288 _____ C:\Users\ShellShock\Desktop\adwcleaner_5.025.exe
2015-12-15 23:03 - 2015-12-15 23:03 - 00057755 _____ C:\Users\Guest\Downloads\Addition.txt
2015-12-15 22:59 - 2015-12-15 22:59 - 00000000 ____D C:\Users\Guest\Tracing
2015-12-15 22:58 - 2015-12-16 02:27 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype
2015-12-15 22:42 - 2015-12-15 22:47 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Opera Software
2015-12-15 22:42 - 2015-12-15 22:42 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Opera Software
2015-12-15 22:41 - 2015-12-15 22:50 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-15 22:40 - 2015-12-16 12:45 - 00000000 ____D C:\Users\plan B\AppData\Local\gmsd_us_005010177
2015-12-15 22:39 - 2015-12-15 22:40 - 00003752 _____ C:\Windows\System32\Tasks\SecurityApps2
2015-12-15 22:39 - 2015-12-15 22:39 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Media Player
2015-12-15 22:39 - 2015-12-15 22:39 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Macromedia
2015-12-15 22:39 - 2015-12-15 22:39 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Adobe
2015-12-15 22:39 - 2015-12-15 22:39 - 00000000 ____D C:\Users\plan B\AppData\Local\SecurityApps
2015-12-15 22:38 - 2015-12-15 22:38 - 00113040 _____ C:\Users\plan B\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-15 22:38 - 2015-12-15 22:38 - 00000000 ____D C:\Windows\system32\hoe
2015-12-15 22:38 - 2015-12-15 22:38 - 00000000 ____D C:\Users\plan B\AppData\Roaming\TapgokUcijyc
2015-12-15 22:38 - 2015-12-15 22:38 - 00000000 ____D C:\Users\plan B\AppData\LocalLow\Company
2015-12-15 22:38 - 2015-12-15 22:38 - 00000000 ____D C:\Users\plan B\AppData\Local\Tempfolder
2015-12-15 22:37 - 2015-12-16 12:34 - 00001435 _____ C:\Users\plan B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-15 22:37 - 2015-12-16 12:18 - 00001413 _____ C:\Users\plan B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-12-15 22:37 - 2015-12-15 22:37 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Apple Computer
2015-12-15 22:37 - 2015-12-15 22:37 - 00000000 ____D C:\Users\plan B\AppData\Local\Google
2015-12-15 22:37 - 2015-12-15 22:37 - 00000000 ____D C:\Users\plan B\AppData\Local\Adobe
2015-12-15 22:36 - 2015-12-15 22:37 - 00000000 ____D C:\Users\plan B
2015-12-15 22:36 - 2015-12-15 22:36 - 00000484 __RSH C:\Users\plan B\ntuser.pol
2015-12-15 22:36 - 2015-12-15 22:36 - 00000020 ___SH C:\Users\plan B\ntuser.ini
2015-12-15 22:36 - 2015-12-15 22:36 - 00000000 _SHDL C:\Users\plan B\My Documents
2015-12-15 22:36 - 2015-12-15 22:36 - 00000000 _SHDL C:\Users\plan B\Documents\My Videos
2015-12-15 22:36 - 2015-12-15 22:36 - 00000000 _SHDL C:\Users\plan B\Documents\My Pictures
2015-12-15 22:36 - 2015-12-15 22:36 - 00000000 _SHDL C:\Users\plan B\Documents\My Music
2015-12-15 22:36 - 2015-08-19 17:57 - 00000000 ____D C:\Users\plan B\AppData\Roaming\HPActiveHealth
2015-12-15 22:36 - 2009-07-13 23:45 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Media Center Programs
2015-12-15 22:34 - 2015-12-15 22:34 - 00066665 _____ C:\Users\plan B\Desktop\FRST.txt
2015-12-15 22:34 - 2015-12-15 22:34 - 00057755 _____ C:\Users\plan B\Desktop\Addition.txt
2015-12-15 22:23 - 2015-12-15 22:27 - 00058288 _____ C:\Users\Guest\Desktop\Addition.txt
2015-12-15 21:51 - 2015-12-16 14:23 - 00000000 ____D C:\ProgramData\Vaiafineco
2015-12-15 21:51 - 2015-12-15 21:51 - 02356647 _____ () C:\Program Files\Common Files\wx2jxgyc.exe
2015-12-15 21:51 - 2015-12-15 21:51 - 00000000 ____D C:\ProgramData\Vaiafinecos
2015-12-15 21:48 - 2015-12-16 12:45 - 00000000 ____D C:\Program Files\Common Files\0i2uoepu
2015-12-15 21:48 - 2015-12-15 21:48 - 00003388 _____ C:\Windows\System32\Tasks\uvnqp1hd
2015-12-15 21:26 - 2015-12-16 14:24 - 00000468 _____ C:\Windows\Tasks\CIMT_S-1-5-21-2367937490-2620206961-1706274593-1000.job
2015-12-15 21:26 - 2015-12-16 13:09 - 00001024 _____ C:\.rnd
2015-12-15 21:26 - 2015-12-15 21:31 - 00000502 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-2367937490-2620206961-1706274593-1000.job
2015-12-15 21:26 - 2015-12-15 21:26 - 00003592 _____ C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-2367937490-2620206961-1706274593-1000
2015-12-15 21:26 - 2015-12-15 21:26 - 00003480 _____ C:\Windows\System32\Tasks\CIMT_S-1-5-21-2367937490-2620206961-1706274593-1000
2015-12-15 21:26 - 2015-12-15 21:26 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\ContentCleaner
2015-12-15 21:24 - 2015-12-15 21:24 - 00009216 _____ C:\Users\ShellShock\AppData\Local\tslxll.dll
2015-12-15 21:24 - 2015-12-15 21:24 - 00002560 _____ C:\Users\ShellShock\AppData\Local\uninstall.exe
2015-12-15 21:22 - 2015-12-15 22:48 - 00000000 ____D C:\ProgramData\DataFile
2015-12-15 21:22 - 2015-12-15 22:38 - 00004688 _____ C:\Windows\SysWOW64\Dotederle.ini
2015-12-15 21:22 - 2015-12-15 22:38 - 00002400 _____ C:\Windows\SysWOW64\DotederleOff.ini
2015-12-15 21:22 - 2015-12-15 22:38 - 00002400 _____ C:\Windows\system32\DotederleOff.ini
2015-12-15 21:22 - 2015-12-15 21:22 - 00003350 _____ C:\Windows\System32\Tasks\Cohgevom
2015-12-15 21:22 - 2015-12-15 21:22 - 00000000 ____D C:\Windows\system32\jafh
2015-12-15 21:22 - 2015-12-15 21:22 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\TapgokUcijyc
2015-12-15 21:22 - 2015-12-15 21:11 - 00375632 _____ C:\Windows\system32\Dotederle64.dll
2015-12-15 20:40 - 2015-12-16 12:46 - 02370048 _____ (Farbar) C:\Users\ShellShock\Desktop\FRST64.exe
2015-12-15 20:40 - 2015-12-15 22:27 - 00066826 _____ C:\Users\Guest\Desktop\FRST.txt
2015-12-15 20:27 - 2015-12-16 14:22 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-15 20:27 - 2015-12-16 13:32 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-15 20:27 - 2015-12-16 12:34 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-15 20:27 - 2015-12-15 20:27 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-15 20:27 - 2015-12-15 20:27 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-15 20:27 - 2015-12-15 20:27 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2015-12-15 20:27 - 2015-12-15 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-15 20:26 - 2015-12-15 20:27 - 00000000 ____D C:\Users\Guest\AppData\Local\Deployment
2015-12-15 20:26 - 2015-12-15 20:26 - 00000000 ____D C:\Users\Guest\AppData\Local\Apps\2.0
2015-12-15 20:21 - 2015-12-15 22:19 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-15 20:21 - 2015-12-15 20:21 - 00002810 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-15 20:21 - 2015-12-15 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-15 20:21 - 2015-12-15 20:21 - 00000000 ____D C:\Program Files\CCleaner
2015-12-15 20:19 - 2015-12-15 20:19 - 00243344 _____ C:\Users\ShellShock\Downloads\FireFox_Setup [1].exe
2015-12-15 20:13 - 2015-12-15 20:15 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Raptr
2015-12-15 20:13 - 2015-12-15 20:13 - 00000000 ____D C:\Users\Guest\AppData\Local\gmsd_us_005010177
2015-12-15 20:13 - 2015-12-15 20:13 - 00000000 ____D C:\Users\Guest\AppData\Local\AMD
2015-12-15 20:07 - 2015-12-15 20:07 - 00000000 ____D C:\ProgramData\0db8d284-5637-0
2015-12-15 20:07 - 2015-12-15 20:07 - 00000000 ____D C:\ProgramData\0db8d284-2903-1
2015-12-15 20:06 - 2015-12-15 20:06 - 00023082 _____ C:\Windows\System32\Tasks\{05097F47-0A0F-0E05-0911-7E0F0B0B110F}
2015-12-15 20:06 - 2015-12-15 20:06 - 00000000 ____D C:\ProgramData\5c40f7a4-7ad7-0
2015-12-15 20:06 - 2015-12-15 20:06 - 00000000 ____D C:\ProgramData\5c40f7a4-5f11-1
2015-12-15 20:05 - 2015-12-15 20:05 - 00000000 ____D C:\ProgramData\Uoahammnuavpa
2015-12-15 20:04 - 2015-12-16 12:26 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Common
2015-12-15 20:04 - 2015-12-15 21:23 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Tempfolder
2015-12-15 20:04 - 2015-12-15 20:15 - 00004688 _____ C:\Windows\SysWOW64\Uponrekof.ini
2015-12-15 20:04 - 2015-12-15 20:15 - 00002400 _____ C:\Windows\SysWOW64\UponrekofOff.ini
2015-12-15 20:04 - 2015-12-15 20:15 - 00002400 _____ C:\Windows\system32\UponrekofOff.ini
2015-12-15 20:04 - 2015-12-15 20:06 - 00003196 _____ C:\Windows\System32\Tasks\Seventh
2015-12-15 20:04 - 2015-12-15 20:06 - 00003188 _____ C:\Windows\System32\Tasks\Sixth
2015-12-15 20:04 - 2015-12-15 20:04 - 00003348 _____ C:\Windows\System32\Tasks\Gufdhyp
2015-12-15 20:04 - 2015-12-15 20:04 - 00000000 ____D C:\Windows\system32\uke
2015-12-15 20:04 - 2015-12-15 20:04 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\AkijOmycs
2015-12-15 20:04 - 2015-12-15 20:04 - 00000000 ____D C:\Users\ShellShock\AppData\LocalLow\Company
2015-12-15 20:04 - 2015-12-15 20:04 - 00000000 ____D C:\uninst
2015-12-15 20:04 - 2015-12-15 18:37 - 00375680 _____ C:\Windows\system32\Uponrekof64.dll
2015-12-15 19:59 - 2015-12-15 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player
2015-12-15 19:27 - 2015-12-15 22:28 - 00000000 ____D C:\Program Files\NicController
2015-12-15 19:27 - 2015-12-15 19:27 - 00000626 __RSH C:\ProgramData\ntuser.pol
2015-12-15 19:27 - 2015-12-15 19:27 - 00000187 _____ C:\Users\ShellShock\AppData\Local\Joymedia.exe.config
2015-12-15 19:27 - 2015-12-15 19:25 - 00000098 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-15 19:26 - 2015-12-15 19:36 - 00000000 ____D C:\Program Files (x86)\Best YouTube Downloader
2015-12-15 19:26 - 2015-12-15 19:26 - 00000484 __RSH C:\Users\ShellShock\ntuser.pol
2015-12-15 18:32 - 2015-12-15 19:17 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2015-12-15 18:32 - 2015-12-15 18:32 - 00000000 ____D C:\Users\ShellShock\Documents\WonderFox Soft
2015-12-15 18:32 - 2015-12-15 18:32 - 00000000 ____D C:\Program Files (x86)\WonderFox Soft
2015-12-15 15:08 - 2015-12-15 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-15 00:23 - 2015-12-15 00:23 - 00003452 _____ C:\Windows\System32\Tasks\{D5D96DC4-8F6E-4A92-84E5-DEC1C40E8AF1}
2015-12-15 00:23 - 2015-12-15 00:23 - 00001613 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-12-15 00:23 - 2015-12-15 00:23 - 00000000 ____D C:\Riot Games
2015-12-15 00:22 - 2015-12-15 00:23 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Riot Games
2015-12-12 14:13 - 2015-12-12 14:13 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Thinstall
2015-12-12 14:13 - 2015-12-12 14:13 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Thinstall
2015-12-11 13:59 - 2015-12-15 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-10 20:08 - 2015-12-10 20:08 - 00027345 _____ C:\Users\ShellShock\Desktop\Comcast Customer Central.pdf
2015-12-10 14:31 - 2015-12-10 14:31 - 00224337 _____ C:\Users\ShellShock\Desktop\VisitPaper.pdf
2015-12-09 23:28 - 2015-12-10 20:59 - 00016539 ____H C:\Users\ShellShock\Desktop\~WRL2191.tmp
2015-12-09 23:22 - 2015-12-10 00:26 - 42279034 _____ C:\Users\ShellShock\Desktop\TheVisit.pdf
2015-12-09 23:00 - 2015-12-09 23:00 - 00137648 _____ C:\Users\ShellShock\Desktop\Anthony_Is_a_Handmaid_2.docx.pdf
2015-12-07 11:06 - 2015-12-07 19:09 - 00000000 ____D C:\Users\ShellShock\Desktop\manual
2015-12-07 08:16 - 2015-12-07 08:16 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2015-12-07 08:16 - 2015-12-07 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2015-12-01 21:50 - 2015-12-01 21:50 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-01 21:50 - 2015-12-01 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-01 21:50 - 2015-12-01 21:50 - 00000000 ____D C:\Program Files\iTunes
2015-12-01 21:50 - 2015-12-01 21:50 - 00000000 ____D C:\Program Files\iPod
2015-12-01 21:50 - 2015-12-01 21:50 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-01 21:49 - 2015-12-01 21:49 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-12-01 21:49 - 2015-12-01 21:49 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-30 12:51 - 2015-11-30 12:51 - 00001807 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-11-30 12:51 - 2015-11-30 12:51 - 00001780 _____ C:\Users\Public\Desktop\Apps.lnk
2015-11-30 12:50 - 2015-11-30 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-11-30 12:50 - 2015-11-30 12:50 - 00000000 ____D C:\ProgramData\BlueStacks
2015-11-30 12:50 - 2015-11-30 12:50 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-11-30 12:50 - 2015-11-30 12:50 - 00000000 ____D C:\New folder
2015-11-30 12:49 - 2015-11-30 12:49 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Bluestacks
2015-11-30 00:16 - 2015-11-30 00:16 - 00327265 _____ C:\Users\ShellShock\Desktop\BIG ASS PAPER.pdf
2015-11-21 00:36 - 2015-11-21 00:36 - 00016168 _____ C:\Users\ShellShock\Desktop\My T-Mobile _ Billing _ Payment Confirmation.pdf
2015-11-19 16:31 - 2015-12-03 16:22 - 00000294 _____ C:\Users\ShellShock\Desktop\YOU THOUGHT.txt
2015-11-18 00:20 - 2015-11-18 00:20 - 10907328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 01229984 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00120656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-11-18 00:20 - 2015-11-18 00:20 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-11-18 00:19 - 2015-11-18 00:19 - 10815664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-11-18 00:19 - 2015-11-18 00:19 - 09070320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-11-18 00:19 - 2015-11-18 00:19 - 09017808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-11-18 00:19 - 2015-11-18 00:19 - 08089248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-11-18 00:17 - 2015-11-18 00:17 - 00296648 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-11-18 00:13 - 2015-11-18 00:13 - 23960064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-11-18 00:08 - 2015-11-18 00:08 - 49984000 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-11-18 00:08 - 2015-11-18 00:08 - 00235008 _____ C:\Windows\system32\clinfo.exe
2015-11-18 00:02 - 2015-11-18 00:02 - 41510912 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-11-17 23:58 - 2015-11-17 23:58 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-11-17 23:57 - 2015-11-17 23:57 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-11-17 23:50 - 2015-11-17 23:50 - 27596288 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2015-11-17 23:49 - 2015-11-17 23:49 - 22348288 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2015-11-17 23:44 - 2015-11-17 23:44 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe
2015-11-17 23:44 - 2015-11-17 23:44 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe
2015-11-17 23:44 - 2015-11-17 23:44 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2015-11-17 23:44 - 2015-11-17 23:44 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2015-11-17 21:50 - 2015-11-17 21:50 - 00677888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2015-11-17 21:48 - 2015-11-17 21:48 - 00562688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2015-11-17 21:46 - 2015-11-17 21:46 - 06643200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-11-17 21:46 - 2015-11-17 21:46 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-11-17 21:46 - 2015-11-17 21:46 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-11-17 21:14 - 2015-11-17 21:14 - 05223936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-11-17 20:48 - 2015-11-17 20:48 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-11-17 20:48 - 2015-11-17 20:48 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-11-17 20:08 - 2015-11-17 20:08 - 00683960 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-11-17 20:08 - 2015-11-17 20:08 - 00683960 _____ C:\Windows\system32\atiapfxx.blb
2015-11-17 20:05 - 2015-11-17 20:05 - 31376896 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-11-17 19:43 - 2015-11-17 19:43 - 15711744 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-11-17 19:43 - 2015-11-17 19:43 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-11-17 19:43 - 2015-11-17 19:43 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-11-17 19:43 - 2015-11-17 19:43 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-11-17 19:43 - 2015-11-17 19:43 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-11-17 19:43 - 2015-11-17 19:43 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-11-17 19:40 - 2015-11-17 19:40 - 25840128 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-11-17 19:40 - 2015-11-17 19:40 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-11-17 19:40 - 2015-11-17 19:40 - 00865280 _____ (AMD) C:\Windows\system32\coinst_15.30.dll
2015-11-17 19:32 - 2015-11-17 19:32 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-11-17 19:32 - 2015-11-17 19:32 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-11-17 19:27 - 2015-11-17 19:27 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-11-17 19:26 - 2015-11-17 19:26 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-11-17 19:26 - 2015-11-17 19:26 - 00223744 _____ C:\Windows\system32\dgtrayicon.exe
2015-11-17 19:25 - 2015-11-17 19:25 - 00552448 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-11-17 19:25 - 2015-11-17 19:25 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll
2015-11-17 19:25 - 2015-11-17 19:25 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2015-11-17 19:25 - 2015-11-17 19:25 - 00162304 _____ C:\Windows\system32\atieah64.exe
2015-11-17 19:25 - 2015-11-17 19:25 - 00145408 _____ C:\Windows\SysWOW64\atieah32.exe
2015-11-17 19:25 - 2015-11-17 19:25 - 00031744 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-11-17 19:24 - 2015-11-17 19:24 - 00246272 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-11-17 19:24 - 2015-11-17 19:24 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2015-11-17 19:24 - 2015-11-17 19:24 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2015-11-17 19:24 - 2015-11-17 19:24 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2015-11-17 19:24 - 2015-11-17 19:24 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2015-11-17 19:22 - 2015-11-17 19:22 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-11-17 19:10 - 2015-11-17 19:10 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-11-17 18:54 - 2015-11-17 18:54 - 01272832 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-11-17 18:54 - 2015-11-17 18:54 - 00941568 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-11-17 18:54 - 2015-11-17 18:54 - 00941568 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2015-11-17 18:54 - 2015-11-17 18:54 - 00157696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-11-17 18:54 - 2015-11-17 18:54 - 00075776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-11-17 18:54 - 2015-11-17 18:54 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-11-17 18:54 - 2015-11-17 18:54 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-11-17 18:53 - 2015-11-17 18:53 - 00671232 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-11-17 18:53 - 2015-11-17 18:53 - 00142336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-11-17 18:45 - 2015-11-17 18:45 - 00195072 _____ C:\Windows\system32\hsa-thunk64.dll
2015-11-17 18:45 - 2015-11-17 18:45 - 00174592 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2015-11-17 18:43 - 2015-11-17 18:43 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-11-17 13:25 - 2015-11-17 13:25 - 00001071 _____ C:\Users\ShellShock\Desktop\Format Factory.lnk
2015-11-17 13:25 - 2015-11-17 13:25 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-11-17 13:25 - 2015-11-17 13:25 - 00000000 ____D C:\Program Files (x86)\FormatFactory
2015-11-17 12:32 - 2015-11-17 12:33 - 00000000 ____D C:\Users\ShellShock\Desktop\The Boy Next Door (2015) [1080p]
2015-11-17 01:09 - 2015-11-17 01:26 - 00000000 ____D C:\Users\ShellShock\Desktop\Singing Success 360™
2015-11-16 19:56 - 2015-11-16 20:09 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\WindSolutions
2015-11-16 19:56 - 2015-11-16 20:07 - 00000000 ____D C:\ProgramData\WindSolutions
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-16 14:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-16 14:22 - 2015-06-20 10:05 - 00000000 ____D C:\FRST
2015-12-16 14:21 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-16 14:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2015-12-16 14:14 - 2015-08-03 11:59 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Skype
2015-12-16 13:33 - 2015-06-26 21:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-16 13:04 - 2015-11-12 12:57 - 00004996 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ShellShock-PC-ShellShock ShellShock-PC
2015-12-16 12:40 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-16 12:40 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-16 12:34 - 2014-11-14 13:12 - 00001431 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-16 12:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-16 12:18 - 2009-07-13 20:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-16 12:14 - 2009-07-13 21:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-15 22:59 - 2014-11-14 13:12 - 00000000 ____D C:\Users\Guest
2015-12-15 22:58 - 2015-08-02 21:53 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-15 22:58 - 2014-04-17 19:58 - 00000000 ____D C:\ProgramData\Skype
2015-12-15 22:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-15 22:49 - 2014-03-13 21:56 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\uTorrent
2015-12-15 22:47 - 2014-03-13 20:58 - 00001413 _____ C:\Users\ShellShock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-12-15 22:34 - 2015-10-26 06:32 - 00000000 ____D C:\Users\ShellShock\Desktop\Flash S2
2015-12-15 22:19 - 2014-07-29 11:30 - 00000000 ____D C:\Users\ShellShock\Desktop\MPC classes so far
2015-12-15 22:15 - 2009-07-13 21:13 - 00877202 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-15 22:13 - 2015-08-19 21:47 - 00000000 ____D C:\Users\ShellShock\Desktop\hartnell is bleep gay
2015-12-15 21:04 - 2015-11-11 16:08 - 00000000 ____D C:\Users\ShellShock\Desktop\Arrow S4
2015-12-15 20:49 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-12-15 20:48 - 2014-03-13 21:00 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Google
2015-12-15 20:27 - 2014-03-13 21:00 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-15 20:26 - 2014-11-14 13:12 - 00113040 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-15 20:24 - 2015-11-09 15:53 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-12-15 20:13 - 2014-11-14 13:12 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2015-12-15 19:26 - 2014-03-13 20:58 - 00000000 ____D C:\Users\ShellShock
2015-12-15 19:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-12-15 17:47 - 2014-04-14 19:57 - 00000000 ____D C:\Users\ShellShock\Desktop\Simple pickup!
2015-12-15 15:29 - 2014-12-01 18:01 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Battle.net
2015-12-15 14:39 - 2014-12-01 18:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-12-15 13:47 - 2014-05-07 16:30 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
2015-12-15 03:16 - 2015-01-30 11:57 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\LolClient
2015-12-14 10:16 - 2014-12-01 18:01 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Battle.net
2015-12-14 10:16 - 2014-12-01 17:59 - 00000000 ____D C:\ProgramData\Battle.net
2015-12-14 09:20 - 2015-10-15 17:49 - 00000000 ____D C:\Users\ShellShock\Desktop\Charles Ticket
2015-12-11 13:59 - 2015-08-02 21:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-11 13:59 - 2015-07-04 01:16 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Skype
2015-12-11 11:17 - 2014-04-22 13:56 - 00000000 ____D C:\Windows\Minidump
2015-12-09 00:33 - 2015-06-26 21:24 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 00:33 - 2015-06-26 21:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 00:33 - 2015-06-26 21:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-07 15:30 - 2015-11-15 19:42 - 00000000 ____D C:\Users\ShellShock\Desktop\Fast and Furious 7 2015 1080p HDRip x264 AC3-JYK
2015-12-07 08:16 - 2015-11-10 13:30 - 00000000 ____D C:\Program Files (x86)\AMD
2015-12-07 08:16 - 2015-11-10 13:26 - 00000000 ____D C:\Program Files\AMD
2015-12-07 08:16 - 2015-11-05 02:41 - 00000000 ____D C:\Users\ShellShock\AppData\Local\AMD
2015-12-07 08:12 - 2014-03-13 21:14 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-07 08:11 - 2015-11-10 13:25 - 00000000 ____D C:\AMD
2015-12-05 16:25 - 2014-12-01 18:03 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-12-02 10:24 - 2014-11-24 18:10 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-12-01 21:50 - 2015-10-16 15:59 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-12-01 21:50 - 2015-10-16 15:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-01 21:49 - 2015-10-16 15:53 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-01 00:01 - 2015-03-20 20:54 - 00000660 _____ C:\Users\ShellShock\Desktop\mario.txt
2015-11-30 12:51 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-30 12:25 - 2015-11-12 13:00 - 00000000 ____D C:\Users\ShellShock\Desktop\The Pot Book
2015-11-28 15:08 - 2014-03-13 21:01 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2015-11-23 08:34 - 2015-06-27 11:33 - 00113040 _____ C:\Users\ShellShock\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-23 08:32 - 2015-06-29 13:59 - 00447440 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-20 16:26 - 2014-04-05 22:56 - 00000000 ____D C:\Users\ShellShock\Desktop\lpictures
2015-11-20 16:26 - 2014-03-13 21:15 - 00000000 ____D C:\Users\ShellShock\Desktop\pumpitup
2015-11-20 00:42 - 2014-07-16 11:03 - 00000000 ____D C:\Users\ShellShock\Documents\ihelper
2015-11-20 00:39 - 2014-03-13 21:58 - 00000000 ____D C:\Program Files (x86)\PPÖúÊÖ
2015-11-18 16:08 - 2015-09-08 22:39 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-18 16:08 - 2015-08-30 16:03 - 00000000 ____D C:\Users\ShellShock\.oracle_jre_usage
2015-11-18 00:20 - 2015-11-03 14:44 - 00152568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-11-18 00:20 - 2015-11-03 14:43 - 13189336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-11-18 00:20 - 2015-11-03 14:43 - 01496736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-11-17 15:56 - 2014-03-19 22:18 - 00000000 ____D C:\FFOutput
2015-11-17 01:40 - 2015-08-06 14:58 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-17 01:24 - 2015-10-09 23:05 - 00000000 ____D C:\Program Files (x86)\iExplorer
2015-11-17 01:23 - 2015-08-06 15:03 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
 
==================== Files in the root of some directories =======
 
2015-12-15 21:51 - 2015-12-15 21:51 - 2356647 _____ () C:\Program Files\Common Files\wx2jxgyc.exe
2014-05-06 13:42 - 2014-05-06 13:42 - 0645678 _____ () C:\Users\ShellShock\AppData\Roaming\5xo8wn.jpg
2015-10-16 22:53 - 2015-11-05 04:27 - 0000132 _____ () C:\Users\ShellShock\AppData\Roaming\Adobe PNG Format CC Prefs
2015-07-06 01:25 - 2015-07-06 01:27 - 0003227 _____ () C:\Users\ShellShock\AppData\Roaming\glide_wrapper.zbag.ini
2015-01-16 02:15 - 2015-01-16 02:50 - 0103469 _____ () C:\Users\ShellShock\AppData\Roaming\net.telestream.wirecast.xml
2015-01-16 02:15 - 2015-01-16 02:15 - 0014120 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0005028 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_main.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0014543 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0014186 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0067454 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_AKAMAI_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0004755 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_BAMBUSER_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0004935 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_CHURCHSTREAMING_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003123 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_DACAST_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003213 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_HIGH_SCHOOL_CUBE_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0004356 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003439 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003825 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_main.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0005621 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0001451 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_SHOWCASTER_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0010088 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0004482 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_main.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0007122 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMING_MEDIA_HOSTING_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0010619 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0005241 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAM_SPOT_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0016966 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STRETCH_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0008986 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003302 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0008683 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_ZIXI_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:23 - 2015-01-16 02:37 - 0001001 _____ () C:\Users\ShellShock\AppData\Roaming\pc-capture-log.txt
2015-11-05 03:16 - 2015-11-05 03:16 - 225111747 _____ () C:\Users\ShellShock\AppData\Local\ACCCx3_3_0_151.zip.aamdownload
2015-11-05 03:16 - 2015-11-05 03:16 - 0002615 _____ () C:\Users\ShellShock\AppData\Local\ACCCx3_3_0_151.zip.aamdownload.aamd
2015-12-15 19:27 - 2015-12-15 19:27 - 0000187 _____ () C:\Users\ShellShock\AppData\Local\Joymedia.exe.config
2015-12-15 21:24 - 2015-12-15 21:24 - 0009216 _____ () C:\Users\ShellShock\AppData\Local\tslxll.dll
2015-12-15 21:24 - 2015-12-15 21:24 - 0002560 _____ () C:\Users\ShellShock\AppData\Local\uninstall.exe
2014-03-17 17:06 - 2015-08-19 18:01 - 0008064 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\plan B\AppData\Local\Temp\sqlite3.dll
C:\Users\ShellShock\AppData\Local\Temp\befacajhdg_P.exe
C:\Users\ShellShock\AppData\Local\Temp\chromeupdate.exe
C:\Users\ShellShock\AppData\Local\Temp\Edomite.dll
C:\Users\ShellShock\AppData\Local\Temp\fetcher.exe
C:\Users\ShellShock\AppData\Local\Temp\Lotdox.exe
C:\Users\ShellShock\AppData\Local\Temp\nsw4452.exe
C:\Users\ShellShock\AppData\Local\Temp\setup.dll
C:\Users\ShellShock\AppData\Local\Temp\Setup__2140_il108.exe
C:\Users\ShellShock\AppData\Local\Temp\SpOrder.dll
C:\Users\ShellShock\AppData\Local\Temp\sqlite3.dll
C:\Users\ShellShock\AppData\Local\Temp\System.dll
C:\Users\ShellShock\AppData\Local\Temp\UninstallModule.exe
C:\Users\ShellShock\AppData\Local\Temp\Vivaron.exe
C:\Users\ShellShock\AppData\Local\Temp\Voltla.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-11 14:56
 
==================== End of FRST.txt ============================

 

Attached Files



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:24 AM

Posted 18 December 2015 - 12:13 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   7.74KB   7 downloads

 

 

How is the machine running after this fix?

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 Durred

Durred
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 18 December 2015 - 05:39 PM

I am currently using Internet Explorer now because my Chrome browser won't open bleepingcomputers.com. On Chrome browser has a message that says, "This webpage is not available" then underneath it says, "ERR_CONNECTION_REFUSED."

 

Here is the Fixlog.txt that I got after following your instructions.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:16-12-2015 03
Ran by ShellShock (2015-12-18 14:02:29) Run:5
Running from C:\Users\ShellShock\Desktop
Loaded Profiles: ShellShock (Available Profiles: ShellShock & plan B & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [tslxll] => rundll32.exe "C:\Users\ShellShock\AppData\Local\tslxll.dll",tslxll <===== ATTENTION
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [Windi] => C:\ProgramData\DataFile\Downloads\Windi.exe [288256 2015-12-02] ()
HKU\S-1-5-18\...\Run: [] => 0
AppInit_DLLs: C:\ProgramData\caMyciloP\Bigdox.dll => C:\ProgramData\caMyciloP\Bigdox.dll [518656 2015-12-16] ()
AppInit_DLLs-x32: C:\ProgramData\caMyciloP\Zotlux.dll => C:\ProgramData\caMyciloP\Zotlux.dll [320512 2015-12-16] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:5050
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:5050
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:5050
ProxyEnable: [S-1-5-21-2367937490-2620206961-1706274593-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-2367937490-2620206961-1706274593-1000] => 127.0.0.1:5050
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5R624ZjmFf9mhK5Ob4XC3GKuLcD8DbMOzhsGqFmy4oIVRtKplbq9S11ZL7Mqxa00w2t_lLmFA5DFgf9
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2367937490-2620206961-1706274593-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2367937490-2620206961-1706274593-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNf02kLCqe19CEfCev5td0-zoWtT57183yNwx8UM4HF6bf8DqFlIDRHexog5fYBNuw_1doL4RUepd3m5jq_TosW-RevYbgIfd2g_cl7SDJBmYIWLidCVpOJ2-YWnQs2mrRAbKKNKsaaYsZBiiE8ms0Z3fw4GoL&q={searchTerms}
FF NewTab: C:\ProgramData\caMyciloPs\ff.NT
FF DefaultSearchEngineuser_pref("browser.search.defaultenginename","Trovi");: user_pref("browser.search.defaultenginename","Trovi");
FF DefaultSearchEngineuser_pref("browser.search.defaultenginename.US","Trovi");: user_pref("browser.search.defaultenginename.US","Trovi");
FF SelectedSearchEngineuser_pref("browser.search.selectedEngine","Trovi");: user_pref("browser.search.selectedEngine","Trovi");
FF NetworkProxy: "autoconfig_url","http://127.0.0.1:5050/pac"
FF NetworkProxy: "type",2
FF Homepage: user_pref("network.proxy.no_proxies_on","");C:\ProgramData\caMyciloPs\ff.HP
FF NetworkProxy: "no_proxies_on","");user_pref("browser.startup.homepage", "C:\ProgramData\caMyciloPs\ff.HP"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF HKLM\...\Firefox\Extensions: [{7F0B7994-C238-478F-a155-45BF7E191396}] - C:\Program Files\shopperz161220150435\Firefox\{7F0B7994-C238-478F-a155-45BF7E191396}.xpi => not found
FF HKLM\...\Firefox\Extensions: [{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2}] - C:\Program Files\shopperz151220152114\Firefox\{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{7F0B7994-C238-478F-a155-45BF7E191396}] - C:\Program Files\shopperz161220150435\Firefox\{7F0B7994-C238-478F-a155-45BF7E191396}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2}] - C:\Program Files\shopperz151220152114\Firefox\{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2}.xpi => not found
FF SearchPlugin: C:\Users\ShellShock\AppData\Roaming\Mozilla\Firefox\Profiles\u9cqnxfp.default-1450236856198\searchplugins\findit.xml [2015-12-16]
FF Extension: No Name - C:\Program Files\shopperz161220150435\Firefox\{7F0B7994-C238-478F-a155-45BF7E191396}.xpi [not found]
FF Extension: No Name - C:\Users\ShellShock\AppData\Roaming\Mozilla\Firefox\Profiles\u9cqnxfp.default-1450236856198\extensions\funfeedr.sgn@funfeedr.com.xpi [not found]
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [159872 2015-10-09] () <==== ATTENTION
R2 FinwarmSvc; C:\Users\ShellShock\AppData\Local\Temp\U9Lycx\runner.exe [45568 2015-12-15] () [File not signed]
R2 hotnic32; C:\Program Files\NicController\hotnic.exe [379904 2015-12-10] () [File not signed]
R2 caMyciloP; C:\ProgramData\\caMyciloP\\caMyciloP.exe [437248 2015-12-16] () [File not signed]
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [159872 2015-10-09] () <==== ATTENTION
R2 Vaiafineco; C:\ProgramData\\Vaiafineco\\Vaiafineco.exe [431104 2015-12-15] () [File not signed]
S0 23959904; system32\drivers\64579807.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
C:\Users\plan B\AppData\Local\Temp\oprun15233.exe
C:\Users\plan B\AppData\Local\Temp\oprun5939.exe
C:\Users\plan B\AppData\Local\Temp\sqlite3.dll
C:\Users\ShellShock\AppData\Local\Temp\befacajhdg_P.exe
C:\Users\ShellShock\AppData\Local\Temp\chromeupdate.exe
C:\Users\ShellShock\AppData\Local\Temp\Edomite.dll
C:\Users\ShellShock\AppData\Local\Temp\fetcher.exe
C:\Users\ShellShock\AppData\Local\Temp\Lotdox.exe
C:\Users\ShellShock\AppData\Local\Temp\msconfig.exe
C:\Users\ShellShock\AppData\Local\Temp\nsw4452.exe
C:\Users\ShellShock\AppData\Local\Temp\oprun14770.exe
C:\Users\ShellShock\AppData\Local\Temp\oprun23773.exe
C:\Users\ShellShock\AppData\Local\Temp\oprun27900.exe
C:\Users\ShellShock\AppData\Local\Temp\oprun8585.exe
C:\Users\ShellShock\AppData\Local\Temp\setup.dll
C:\Users\ShellShock\AppData\Local\Temp\Setup__2140_il108.exe
C:\Users\ShellShock\AppData\Local\Temp\SpOrder.dll
C:\Users\ShellShock\AppData\Local\Temp\sqlite3.dll
C:\Users\ShellShock\AppData\Local\Temp\System.dll
C:\Users\ShellShock\AppData\Local\Temp\UninstallModule.exe
C:\Users\ShellShock\AppData\Local\Temp\Vivaron.exe
C:\Users\ShellShock\AppData\Local\Temp\Voltla.exe
*****************

HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tslxll => value not found.
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windi => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
"C:\ProgramData\caMyciloP\Bigdox.dll" => Value data not found.
"C:\ProgramData\caMyciloP\Zotlux.dll" => Value data not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch => key not found.
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => key not found.
HKCR\CLSID\{ielnksrch} => key not found.
Firefox "newtab" removed successfully
Firefox DefaultSearchEngineuser_pref("browser.search.defaultenginename","Trovi"); removed successfully
Firefox DefaultSearchEngineuser_pref("browser.search.defaultenginename.US","Trovi"); removed successfully
Firefox SelectedSearchEngineuser_pref("browser.search.selectedEngine","Trovi"); removed successfully
FF NetworkProxy: "autoconfig_url","http://127.0.0.1:5050/pac" => not found
FF NetworkProxy: "type",2 => not found
FF Homepage: user_pref("network.proxy.no_proxies_on","");C:\ProgramData\caMyciloPs\ff.HP => not found
FF NetworkProxy: "no_proxies_on","");user_pref("browser.startup.homepage", "C:\ProgramData\caMyciloPs\ff.HP" => not found
HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer => key not found.
"C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll" => not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{7F0B7994-C238-478F-a155-45BF7E191396} => value not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2} => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7F0B7994-C238-478F-a155-45BF7E191396} => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{B0884D17-A98E-46F7-8537-2DD6ADA6ABB2} => value not found.
"C:\Users\ShellShock\AppData\Roaming\Mozilla\Firefox\Profiles\u9cqnxfp.default-1450236856198\searchplugins\findit.xml" => not found.
C:\Program Files\shopperz161220150435\Firefox\{7F0B7994-C238-478F-a155-45BF7E191396}.xpi => not found.
C:\Users\ShellShock\AppData\Roaming\Mozilla\Firefox\Profiles\u9cqnxfp.default-1450236856198\extensions\funfeedr.sgn@funfeedr.com.xpi => not found.
Diagnostics => service not found.
FinwarmSvc => service not found.
hotnic32 => service not found.
caMyciloP => service not found.
Proxy => service not found.
Vaiafineco => service not found.
23959904 => service not found.
catchme => service not found.
VBoxNetFlt => service not found.
X6va015 => service not found.
"C:\Users\plan B\AppData\Local\Temp\oprun15233.exe" => not found.
"C:\Users\plan B\AppData\Local\Temp\oprun5939.exe" => not found.
"C:\Users\plan B\AppData\Local\Temp\sqlite3.dll" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\befacajhdg_P.exe" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\chromeupdate.exe" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\Edomite.dll" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\fetcher.exe" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\Lotdox.exe" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\msconfig.exe" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\nsw4452.exe" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\oprun14770.exe" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\oprun23773.exe" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\oprun27900.exe" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\oprun8585.exe" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\setup.dll" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\Setup__2140_il108.exe" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\SpOrder.dll" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\sqlite3.dll" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\System.dll" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\UninstallModule.exe" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\Vivaron.exe" => not found.
"C:\Users\ShellShock\AppData\Local\Temp\Voltla.exe" => not found.

==== End of Fixlog 14:02:29 ====



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:24 AM

Posted 20 December 2015 - 05:09 PM

1.

We need uninstall and reinstall Google chrome. It may ask you to save certain personal settings.while uninstalling.  Please select not to save those.

 

2.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

 

Please let me know how the machine is running


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 Durred

Durred
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 21 December 2015 - 06:23 AM

Hey, FireMan!  The system is running well.  No pop-ups and the web browser is not installing random softwares.

 

C:\Users\All Users\caMyciloP\caMyciloP.exe a variant of Win32/Toolbar.Linkury.AK potentially unwanted application 
C:\Users\All Users\Vaiafineco\Vaiafineco.exe a variant of Win32/Toolbar.Linkury.AK potentially unwanted application 
C:\AdwCleaner\Quarantine\C\Program Files\shopperz151220152114\Dyokmea.dll.vir a variant of Win32/Toolbar.Perion.Z potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\2039C5E0-1450236405-11DD-8509-AC220B525249\hnsc8346.tmp.vir a variant of Win32/Adware.ConvertAd.ABZ application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\2039C5E0-1450236405-11DD-8509-AC220B525249\jnsh6BED.tmp.vir a variant of Win32/Adware.ConvertAd.ABN application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\2039C5E0-1450236405-11DD-8509-AC220B525249\knsc5146.tmpfs.vir a variant of Win32/Adware.ConvertAd.ACX application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\2039C5E0-1450236405-11DD-8509-AC220B525249\rnsc6564.exe.vir a variant of Win32/Adware.ConvertAd.PU application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\2039C5E0-1450236405-11DD-8509-AC220B525249\vnsb2CCF.tmp.vir multiple threats cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Monitoring\cinm-host.exe.vir a variant of Win32/Compete.D potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe.vir a variant of Win32/Compete.C potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Monitoring\uninstall.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.309\goopdate.dll.vir a variant of Win32/Compete.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.309\psmachine.dll.vir a variant of Win32/Compete.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.309\psuser.dll.vir a variant of Win32/Compete.A potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}\0.0.0.0\ciie-3.2.0-12456.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0\cimt-3.2.1-1131.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\Download\{C7B061F6-380E-4545-86E3-400E3156FD28}\0.0.0.0\ciff-3.2.0-12229.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\Install\{A0080727-1105-449C-9E22-212F3568B432}\ciie-3.2.0-12456.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\Install\{A92986ED-5434-49FD-806C-628F6007402A}\cimt-3.2.1-1131.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\Install\{BEA9D169-E5CB-4D01-B359-8315F2F567BA}\ciff-3.2.0-12229.exe.vir a variant of Win32/Compete.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\ApplicationHosting\ApplicationHosting.exe.vir a variant of Win32/Toolbar.Linkury.AJ potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\camycilop\caMyciloP.exe.vir a variant of Win32/Toolbar.Linkury.AK potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\camycilop\Zonelight.exe.vir a variant of Win32/Toolbar.Linkury.AF potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\NSISHelper.dll.vir a variant of Win32/Adware.CouponMarvel.Q application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\LolliScan\NSISHelper.dll.vir a variant of Win32/Adware.CouponMarvel.Q application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\plan B\AppData\Local\SmartWeb\SmartWebApp.exe.vir a variant of Win32/PriceGong.C potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\plan B\AppData\Local\SmartWeb\SmartWebHelper.exe.vir Win32/PriceGong.C potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\plan B\AppData\Local\SmartWeb\swhk.dll.vir a variant of Win32/PriceGong.C potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\plan B\AppData\Local\SmartWeb\__u.exe.vir a variant of Win32/PriceGong.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ShellShock\AppData\Local\SmartWeb\__u.exe.vir a variant of Win32/PriceGong.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\ShellShock\AppData\Local\Temp\task.vbs.vir VBS/TrojanDownloader.Agent.NSW trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\ShellShock\AppData\Roaming\Seventh\Seventh.exe.vir a variant of Win32/Adware.Snoozer.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\ShellShock\AppData\Roaming\Sixth\Sixth.exe.vir multiple threats cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\SysNative\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Guest\AppData\Local\Temp\bitool.dll.xBAD Win32/Somoto.T potentially unwanted application cleaned by deleting - quarantined
C:\Program Files\NicController\hotnic.exe a variant of MSIL/Amonetize.AA potentially unwanted application cleaned by deleting - quarantined
C:\Program Files\NicController\bin\af8349de-593d-4a6a-99f8-4ac246b2cded\xtc.exe a variant of MSIL/Toolbar.Linkury.AF potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\Best YouTube Downloader\IEEF\74peN47FXpKy.exe a variant of Win32/Toolbar.Neobar.AJ potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\Best YouTube Downloader\IEEF\tByRpVyMj5CU.dll a variant of Win32/Toolbar.Neobar.AJ potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Content Cleaner\node\service.exe a variant of Win32/UnlimitedDownloads.F potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Content Cleaner\node\sys.node a variant of Win32/UnlimitedDownloads.I potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe a variant of Win32/UnlimitedDownloads.F potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Diagnostics\node\sys.node a variant of Win32/UnlimitedDownloads.I potentially unwanted application cleaned by deleting - quarantined
C:\ProgramData\caMyciloP\caMyciloP.exe a variant of Win32/Toolbar.Linkury.AK potentially unwanted application cleaned by deleting - quarantined
C:\ProgramData\Vaiafineco\Vaiafineco.exe a variant of Win32/Toolbar.Linkury.AK potentially unwanted application cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\temp\nsbF85F.tmp a variant of Win32/Adware.ConvertAd.ADP.gen application cleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\temp\nsw3DEE.tmp a variant of Win32/Adware.ConvertAd.ADP.gen application cleaned by deleting - quarantined
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BPHWL3W\setup_gmsd_us[1].exe a variant of Win32/Adware.EoRezo.BD application cleaned by deleting - quarantined
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BPHWL3W\VuuPC_VO2_8907[1].exe Win32/InstallMonetizer.BJ potentially unwanted application deleted - quarantined
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPRHFXJ3\orion[1].exe a variant of Win32/Adware.PennyBee.AG application cleaned by deleting - quarantined
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPRHFXJ3\sprz[1].exe a variant of Win32/TrojanDropper.Addrop.R trojan cleaned by deleting - quarantined
C:\Users\plan B\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZA0CVL3\installer[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\plan B\AppData\Local\temp\nsi9FA8.tmp Win32/InstallMonetizer.BJ potentially unwanted application deleted - quarantined
C:\Users\plan B\AppData\Local\temp\nsm2808.tmp a variant of Win32/TrojanDropper.Addrop.R trojan cleaned by deleting - quarantined
C:\Users\plan B\AppData\Local\temp\nsm96F6.tmp a variant of Win32/Adware.ConvertAd.ADP.gen application cleaned by deleting - quarantined
C:\Users\plan B\AppData\Local\temp\nsr511A.tmp a variant of Win32/Adware.ConvertAd.ADP.gen application cleaned by deleting - quarantined
C:\Users\plan B\AppData\Local\temp\nswC8DB.tmp a variant of Win32/Adware.ConvertAd.ADW application cleaned by deleting - quarantined
C:\Users\plan B\AppData\Local\temp\nsxA49B.tmp a variant of Win32/Adware.EoRezo.BD application cleaned by deleting - quarantined
C:\Users\plan B\AppData\Local\temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_125.exe a variant of Win32/Adware.CouponMarvel.Q.gen application cleaned by deleting - quarantined
C:\Users\ShellShock\AppData\Local\tslxll.dll a variant of Win32/TrojanProxy.Agent.NZR trojan cleaned by deleting - quarantined
C:\Users\ShellShock\AppData\Roaming\uTorrent\updates\3.4.0_30660.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\ShellShock\Downloads\pp.exe a variant of Win32/Ruanmei.A potentially unwanted application deleted - quarantined
 

Attached Files



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:24 AM

Posted 21 December 2015 - 09:15 AM

1.

Lets have one more FRST log. Please run FRST and post the FRST.txt.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Durred

Durred
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 22 December 2015 - 03:08 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by ShellShock (administrator) on SHELLSHOCK-PC (22-12-2015 00:07:03)
Running from C:\Users\ShellShock\Desktop
Loaded Profiles: ShellShock (Available Profiles: ShellShock & plan B & Guest)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
( ) C:\Windows\System32\lxdccoms.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(uWebb Software) C:\Users\ShellShock\Desktop\Real Temp\RealTemp.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [lxdcamon] => C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe [25256 2009-04-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
AppInit_DLLs: C:\ProgramData\Vaiafineco\OpenDubdax.dll => C:\ProgramData\Vaiafineco\OpenDubdax.dll [518656 2015-12-15] ()
AppInit_DLLs-x32: C:\ProgramData\Vaiafineco\Y-tech.dll => C:\ProgramData\Vaiafineco\Y-tech.dll [320512 2015-12-15] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2367937490-2620206961-1706274593-1000] => 127.0.0.1:5050
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{175692EC-66B0-4CD5-87E9-1154B063396A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2367937490-2620206961-1706274593-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ShellShock\AppData\Roaming\Mozilla\Firefox\Profiles\u9cqnxfp.default-1450236856198
FF NewTab: C:\\ProgramData\\caMyciloPs\\ff.NT
FF DefaultSearchEngine.US: Trovi
FF SelectedSearchEngine: Trovi
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-08] [not signed]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-24] (ASUSTeK Computer Inc.)
R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
R3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
S2 lxdcCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe [34224 2007-05-25] (Lexmark International, Inc.)
R2 lxdc_device; C:\Windows\system32\lxdccoms.exe [567216 2007-05-25] ( )
R2 lxdc_device; C:\Windows\SysWOW64\lxdccoms.exe [537520 2007-05-25] ( )
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 WinRing0_1_2_0; C:\Users\ShellShock\Desktop\Real Temp\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-21 16:22 - 2015-12-21 16:22 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-21 16:22 - 2015-12-21 16:22 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-21 16:22 - 2015-12-21 16:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-21 14:35 - 2015-12-21 14:35 - 00000000 ____D C:\Users\ShellShock\Desktop\FRST-OlderVersion
2015-12-21 02:09 - 2015-12-21 02:09 - 00021220 _____ C:\Users\ShellShock\Desktop\ESETlog.txt
2015-12-21 00:54 - 2015-12-21 00:54 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-20 12:59 - 2015-12-20 12:59 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-20 12:59 - 2015-12-20 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-20 12:59 - 2015-12-20 12:59 - 00000000 ____D C:\Program Files\iTunes
2015-12-20 12:59 - 2015-12-20 12:59 - 00000000 ____D C:\Program Files\iPod
2015-12-20 12:59 - 2015-12-20 12:59 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-18 14:04 - 2015-12-18 14:04 - 00000123 _____ C:\Users\ShellShock\Desktop\My Form.txt
2015-12-18 14:00 - 2015-12-18 14:00 - 00000000 ____D C:\Users\ShellShock\Desktop\FIXLIST
2015-12-18 13:05 - 2015-12-18 13:05 - 00000000 ____D C:\Users\plan B\AppData\Local\ElevatedDiagnostics
2015-12-18 13:01 - 2015-12-18 13:01 - 00015222 _____ C:\Users\plan B\Desktop\Fixlog.txt
2015-12-18 13:00 - 2015-12-18 13:00 - 00000242 _____ C:\Users\plan B\Desktop\Search.txt
2015-12-18 12:57 - 2015-12-18 12:59 - 00000244 _____ C:\Users\plan B\Downloads\Search.txt
2015-12-18 12:57 - 2015-12-18 12:57 - 02370048 _____ (Farbar) C:\Users\plan B\Desktop\FRST64.exe
2015-12-18 12:38 - 2015-12-18 14:02 - 00014752 _____ C:\Users\ShellShock\Desktop\Fixlog.txt
2015-12-18 12:36 - 2015-12-21 14:37 - 00000243 _____ C:\Users\ShellShock\Desktop\Search.txt
2015-12-16 21:34 - 2015-12-16 21:34 - 00000000 ____D C:\Users\plan B\Tracing
2015-12-16 21:33 - 2015-12-16 21:34 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Skype
2015-12-16 21:31 - 2015-12-16 21:31 - 00000000 ____D C:\Users\plan B\Documents\Heroes of Newerth
2015-12-16 19:06 - 2015-12-16 19:06 - 00000188 _____ C:\Windows\SysWOW64\ConnectLog.txt
2015-12-16 17:10 - 2015-12-16 17:19 - 00000000 ____D C:\Users\ShellShock\Desktop\Inside Out (2015) [1080p]
2015-12-16 14:07 - 2015-12-17 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-16 14:07 - 2015-12-16 14:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-16 14:07 - 2015-12-16 14:07 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-16 14:07 - 2015-12-16 14:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-16 14:05 - 2015-12-16 14:20 - 00000000 ____D C:\Users\ShellShock\Desktop\mbar
2015-12-16 14:04 - 2015-12-16 14:04 - 16563352 _____ (Malwarebytes Corp.) C:\Users\ShellShock\Desktop\mbar-1.09.3.1001.exe
2015-12-16 14:02 - 2015-12-16 14:02 - 00000000 ____D C:\Users\ShellShock\Desktop\bleepingcomputerapps
2015-12-16 12:47 - 2015-12-16 12:47 - 00053763 _____ C:\Users\ShellShock\Desktop\Addition.txt
2015-12-16 12:46 - 2015-12-22 00:07 - 00014507 _____ C:\Users\ShellShock\Desktop\FRST.txt
2015-12-16 12:45 - 2015-12-16 12:45 - 00022180 _____ C:\Users\ShellShock\Desktop\scan_151216-123744.txt
2015-12-16 12:34 - 2015-12-21 01:41 - 00000000 ____D C:\ProgramData\caMyciloP
2015-12-16 12:34 - 2015-12-16 12:37 - 00000000 ____D C:\EEK
2015-12-16 12:34 - 2015-12-16 12:34 - 00003785 _____ C:\Users\ShellShock\Desktop\AdwCleaner[C2].txt
2015-12-16 12:34 - 2015-12-16 12:34 - 00002381 _____ C:\Windows\SysWOW64\findit.xml
2015-12-16 12:34 - 2015-12-16 12:34 - 00000743 _____ C:\Users\ShellShock\Desktop\Start Emsisoft Emergency Kit.lnk
2015-12-16 12:34 - 2015-12-16 12:34 - 00000000 ____D C:\ProgramData\caMyciloPs
2015-12-16 12:21 - 2015-12-16 12:32 - 00000000 ____D C:\AdwCleaner
2015-12-16 12:21 - 2015-12-16 12:21 - 01740288 _____ C:\Users\ShellShock\Desktop\adwcleaner_5.025.exe
2015-12-15 23:03 - 2015-12-15 23:03 - 00057755 _____ C:\Users\Guest\Downloads\Addition.txt
2015-12-15 22:59 - 2015-12-15 22:59 - 00000000 ____D C:\Users\Guest\Tracing
2015-12-15 22:58 - 2015-12-16 02:27 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype
2015-12-15 22:42 - 2015-12-15 22:47 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Opera Software
2015-12-15 22:42 - 2015-12-15 22:42 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Opera Software
2015-12-15 22:41 - 2015-12-15 22:50 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-15 22:40 - 2015-12-16 12:45 - 00000000 ____D C:\Users\plan B\AppData\Local\gmsd_us_005010177
2015-12-15 22:39 - 2015-12-15 22:40 - 00003752 _____ C:\Windows\System32\Tasks\SecurityApps2
2015-12-15 22:39 - 2015-12-15 22:39 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Media Player
2015-12-15 22:39 - 2015-12-15 22:39 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Macromedia
2015-12-15 22:39 - 2015-12-15 22:39 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Adobe
2015-12-15 22:39 - 2015-12-15 22:39 - 00000000 ____D C:\Users\plan B\AppData\Local\SecurityApps
2015-12-15 22:38 - 2015-12-15 22:38 - 00113040 _____ C:\Users\plan B\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-15 22:38 - 2015-12-15 22:38 - 00000000 ____D C:\Windows\system32\hoe
2015-12-15 22:38 - 2015-12-15 22:38 - 00000000 ____D C:\Users\plan B\AppData\Roaming\TapgokUcijyc
2015-12-15 22:38 - 2015-12-15 22:38 - 00000000 ____D C:\Users\plan B\AppData\LocalLow\Company
2015-12-15 22:38 - 2015-12-15 22:38 - 00000000 ____D C:\Users\plan B\AppData\Local\Tempfolder
2015-12-15 22:37 - 2015-12-18 13:15 - 00001447 _____ C:\Users\plan B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-15 22:37 - 2015-12-16 12:18 - 00001413 _____ C:\Users\plan B\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-12-15 22:37 - 2015-12-15 22:37 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Apple Computer
2015-12-15 22:37 - 2015-12-15 22:37 - 00000000 ____D C:\Users\plan B\AppData\Local\Adobe
2015-12-15 22:36 - 2015-12-18 12:52 - 00000008 __RSH C:\Users\plan B\ntuser.pol
2015-12-15 22:36 - 2015-12-18 12:52 - 00000000 ____D C:\Users\plan B
2015-12-15 22:36 - 2015-12-15 22:36 - 00000020 ___SH C:\Users\plan B\ntuser.ini
2015-12-15 22:36 - 2015-12-15 22:36 - 00000000 _SHDL C:\Users\plan B\My Documents
2015-12-15 22:36 - 2015-12-15 22:36 - 00000000 _SHDL C:\Users\plan B\Documents\My Videos
2015-12-15 22:36 - 2015-12-15 22:36 - 00000000 _SHDL C:\Users\plan B\Documents\My Pictures
2015-12-15 22:36 - 2015-12-15 22:36 - 00000000 _SHDL C:\Users\plan B\Documents\My Music
2015-12-15 22:36 - 2015-08-19 17:57 - 00000000 ____D C:\Users\plan B\AppData\Roaming\HPActiveHealth
2015-12-15 22:36 - 2009-07-13 23:45 - 00000000 ____D C:\Users\plan B\AppData\Roaming\Media Center Programs
2015-12-15 22:34 - 2015-12-15 22:34 - 00066665 _____ C:\Users\plan B\Desktop\FRST.txt
2015-12-15 22:34 - 2015-12-15 22:34 - 00057755 _____ C:\Users\plan B\Desktop\Addition.txt
2015-12-15 22:23 - 2015-12-15 22:27 - 00058288 _____ C:\Users\Guest\Desktop\Addition.txt
2015-12-15 21:51 - 2015-12-21 01:41 - 00000000 ____D C:\ProgramData\Vaiafineco
2015-12-15 21:51 - 2015-12-15 21:51 - 02356647 _____ () C:\Program Files\Common Files\wx2jxgyc.exe
2015-12-15 21:51 - 2015-12-15 21:51 - 00000000 ____D C:\ProgramData\Vaiafinecos
2015-12-15 21:48 - 2015-12-16 12:45 - 00000000 ____D C:\Program Files\Common Files\0i2uoepu
2015-12-15 21:48 - 2015-12-15 21:48 - 00003388 _____ C:\Windows\System32\Tasks\uvnqp1hd
2015-12-15 21:26 - 2015-12-22 00:07 - 00000468 _____ C:\Windows\Tasks\CIMT_S-1-5-21-2367937490-2620206961-1706274593-1000.job
2015-12-15 21:26 - 2015-12-21 21:31 - 00000502 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-2367937490-2620206961-1706274593-1000.job
2015-12-15 21:26 - 2015-12-17 19:35 - 00001024 _____ C:\.rnd
2015-12-15 21:26 - 2015-12-15 21:26 - 00003592 _____ C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-2367937490-2620206961-1706274593-1000
2015-12-15 21:26 - 2015-12-15 21:26 - 00003480 _____ C:\Windows\System32\Tasks\CIMT_S-1-5-21-2367937490-2620206961-1706274593-1000
2015-12-15 21:26 - 2015-12-15 21:26 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\ContentCleaner
2015-12-15 21:24 - 2015-12-15 21:24 - 00002560 _____ C:\Users\ShellShock\AppData\Local\uninstall.exe
2015-12-15 21:22 - 2015-12-15 22:48 - 00000000 ____D C:\ProgramData\DataFile
2015-12-15 21:22 - 2015-12-15 22:38 - 00004688 _____ C:\Windows\SysWOW64\Dotederle.ini
2015-12-15 21:22 - 2015-12-15 22:38 - 00002400 _____ C:\Windows\SysWOW64\DotederleOff.ini
2015-12-15 21:22 - 2015-12-15 22:38 - 00002400 _____ C:\Windows\system32\DotederleOff.ini
2015-12-15 21:22 - 2015-12-15 21:22 - 00003350 _____ C:\Windows\System32\Tasks\Cohgevom
2015-12-15 21:22 - 2015-12-15 21:22 - 00000000 ____D C:\Windows\system32\jafh
2015-12-15 21:22 - 2015-12-15 21:22 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\TapgokUcijyc
2015-12-15 21:22 - 2015-12-15 21:11 - 00375632 _____ C:\Windows\system32\Dotederle64.dll
2015-12-15 20:40 - 2015-12-21 14:35 - 02370560 _____ (Farbar) C:\Users\ShellShock\Desktop\FRST64.exe
2015-12-15 20:40 - 2015-12-15 22:27 - 00066826 _____ C:\Users\Guest\Desktop\FRST.txt
2015-12-15 20:27 - 2015-12-15 20:27 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2015-12-15 20:26 - 2015-12-15 20:27 - 00000000 ____D C:\Users\Guest\AppData\Local\Deployment
2015-12-15 20:26 - 2015-12-15 20:26 - 00000000 ____D C:\Users\Guest\AppData\Local\Apps\2.0
2015-12-15 20:21 - 2015-12-15 22:19 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-15 20:21 - 2015-12-15 20:21 - 00002810 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-15 20:21 - 2015-12-15 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-15 20:21 - 2015-12-15 20:21 - 00000000 ____D C:\Program Files\CCleaner
2015-12-15 20:19 - 2015-12-15 20:19 - 00243344 _____ C:\Users\ShellShock\Downloads\FireFox_Setup [1].exe
2015-12-15 20:13 - 2015-12-15 20:15 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Raptr
2015-12-15 20:13 - 2015-12-15 20:13 - 00000000 ____D C:\Users\Guest\AppData\Local\gmsd_us_005010177
2015-12-15 20:13 - 2015-12-15 20:13 - 00000000 ____D C:\Users\Guest\AppData\Local\AMD
2015-12-15 20:07 - 2015-12-15 20:07 - 00000000 ____D C:\ProgramData\0db8d284-5637-0
2015-12-15 20:07 - 2015-12-15 20:07 - 00000000 ____D C:\ProgramData\0db8d284-2903-1
2015-12-15 20:06 - 2015-12-15 20:06 - 00023082 _____ C:\Windows\System32\Tasks\{05097F47-0A0F-0E05-0911-7E0F0B0B110F}
2015-12-15 20:06 - 2015-12-15 20:06 - 00000000 ____D C:\ProgramData\5c40f7a4-7ad7-0
2015-12-15 20:06 - 2015-12-15 20:06 - 00000000 ____D C:\ProgramData\5c40f7a4-5f11-1
2015-12-15 20:05 - 2015-12-15 20:05 - 00000000 ____D C:\ProgramData\Uoahammnuavpa
2015-12-15 20:04 - 2015-12-16 12:26 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Common
2015-12-15 20:04 - 2015-12-15 21:23 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Tempfolder
2015-12-15 20:04 - 2015-12-15 20:15 - 00004688 _____ C:\Windows\SysWOW64\Uponrekof.ini
2015-12-15 20:04 - 2015-12-15 20:15 - 00002400 _____ C:\Windows\SysWOW64\UponrekofOff.ini
2015-12-15 20:04 - 2015-12-15 20:15 - 00002400 _____ C:\Windows\system32\UponrekofOff.ini
2015-12-15 20:04 - 2015-12-15 20:06 - 00003196 _____ C:\Windows\System32\Tasks\Seventh
2015-12-15 20:04 - 2015-12-15 20:06 - 00003188 _____ C:\Windows\System32\Tasks\Sixth
2015-12-15 20:04 - 2015-12-15 20:04 - 00003348 _____ C:\Windows\System32\Tasks\Gufdhyp
2015-12-15 20:04 - 2015-12-15 20:04 - 00000000 ____D C:\Windows\system32\uke
2015-12-15 20:04 - 2015-12-15 20:04 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\AkijOmycs
2015-12-15 20:04 - 2015-12-15 20:04 - 00000000 ____D C:\Users\ShellShock\AppData\LocalLow\Company
2015-12-15 20:04 - 2015-12-15 20:04 - 00000000 ____D C:\uninst
2015-12-15 20:04 - 2015-12-15 18:37 - 00375680 _____ C:\Windows\system32\Uponrekof64.dll
2015-12-15 19:59 - 2015-12-15 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Media Player
2015-12-15 19:27 - 2015-12-21 01:41 - 00000000 ____D C:\Program Files\NicController
2015-12-15 19:27 - 2015-12-18 12:40 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-12-15 19:27 - 2015-12-15 19:27 - 00000187 _____ C:\Users\ShellShock\AppData\Local\Joymedia.exe.config
2015-12-15 19:27 - 2015-12-15 19:25 - 00000098 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-15 19:26 - 2015-12-18 12:40 - 00000008 __RSH C:\Users\ShellShock\ntuser.pol
2015-12-15 19:26 - 2015-12-15 19:36 - 00000000 ____D C:\Program Files (x86)\Best YouTube Downloader
2015-12-15 18:32 - 2015-12-15 19:17 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2015-12-15 18:32 - 2015-12-15 18:32 - 00000000 ____D C:\Users\ShellShock\Documents\WonderFox Soft
2015-12-15 18:32 - 2015-12-15 18:32 - 00000000 ____D C:\Program Files (x86)\WonderFox Soft
2015-12-15 15:08 - 2015-12-21 16:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-15 00:23 - 2015-12-15 00:23 - 00003452 _____ C:\Windows\System32\Tasks\{D5D96DC4-8F6E-4A92-84E5-DEC1C40E8AF1}
2015-12-15 00:23 - 2015-12-15 00:23 - 00001613 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-12-15 00:23 - 2015-12-15 00:23 - 00000000 ____D C:\Riot Games
2015-12-15 00:22 - 2015-12-15 00:23 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Riot Games
2015-12-12 14:13 - 2015-12-12 14:13 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Thinstall
2015-12-12 14:13 - 2015-12-12 14:13 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Thinstall
2015-12-11 13:59 - 2015-12-16 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-10 20:08 - 2015-12-10 20:08 - 00027345 _____ C:\Users\ShellShock\Desktop\Comcast Customer Central.pdf
2015-12-10 14:31 - 2015-12-10 14:31 - 00224337 _____ C:\Users\ShellShock\Desktop\VisitPaper.pdf
2015-12-09 23:28 - 2015-12-10 20:59 - 00016539 ____H C:\Users\ShellShock\Desktop\~WRL2191.tmp
2015-12-09 23:22 - 2015-12-10 00:26 - 42279034 _____ C:\Users\ShellShock\Desktop\TheVisit.pdf
2015-12-09 23:00 - 2015-12-09 23:00 - 00137648 _____ C:\Users\ShellShock\Desktop\Anthony_Is_a_Handmaid_2.docx.pdf
2015-12-07 11:06 - 2015-12-07 19:09 - 00000000 ____D C:\Users\ShellShock\Desktop\manual
2015-12-07 08:16 - 2015-12-07 08:16 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2015-12-07 08:16 - 2015-12-07 08:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2015-12-01 21:49 - 2015-12-01 21:49 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-12-01 21:49 - 2015-12-01 21:49 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-30 12:51 - 2015-11-30 12:51 - 00001807 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-11-30 12:51 - 2015-11-30 12:51 - 00001780 _____ C:\Users\Public\Desktop\Apps.lnk
2015-11-30 12:50 - 2015-11-30 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-11-30 12:50 - 2015-11-30 12:50 - 00000000 ____D C:\ProgramData\BlueStacks
2015-11-30 12:50 - 2015-11-30 12:50 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-11-30 12:50 - 2015-11-30 12:50 - 00000000 ____D C:\New folder
2015-11-30 12:49 - 2015-11-30 12:49 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Bluestacks
2015-11-30 00:16 - 2015-11-30 00:16 - 00327265 _____ C:\Users\ShellShock\Desktop\BIG ASS PAPER.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-22 00:07 - 2015-06-20 10:05 - 00000000 ____D C:\FRST
2015-12-21 23:33 - 2015-06-26 21:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-21 20:12 - 2014-12-01 18:01 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Battle.net
2015-12-21 19:55 - 2014-12-01 18:01 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-12-21 15:49 - 2015-08-03 11:59 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Skype
2015-12-21 14:43 - 2015-11-12 12:57 - 00004998 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ShellShock-PC-ShellShock ShellShock-PC
2015-12-21 14:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-21 14:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-21 12:02 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-21 12:02 - 2009-07-13 20:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-21 11:53 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-21 00:54 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-20 12:59 - 2015-10-16 15:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-19 22:14 - 2014-04-17 19:58 - 00000000 ____D C:\ProgramData\Skype
2015-12-18 13:23 - 2014-05-07 16:30 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
2015-12-18 13:18 - 2014-10-14 15:55 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Deployment
2015-12-18 13:17 - 2014-10-14 15:55 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Apps\2.0
2015-12-18 13:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-18 12:40 - 2014-03-13 20:58 - 00000000 ____D C:\Users\ShellShock
2015-12-18 12:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-12-17 01:19 - 2014-09-12 20:13 - 00196144 ____H C:\Windows\SysWOW64\mlfcache.dat
2015-12-16 21:35 - 2014-03-13 21:56 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\uTorrent
2015-12-16 21:35 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-12-16 21:33 - 2015-08-02 21:53 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-16 21:19 - 2009-07-13 21:13 - 00877202 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-16 18:54 - 2014-12-01 18:03 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-12-16 15:24 - 2009-07-13 20:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-16 14:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Branding
2015-12-16 12:34 - 2014-11-14 13:12 - 00001431 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-16 12:14 - 2009-07-13 21:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-15 22:59 - 2014-11-14 13:12 - 00000000 ____D C:\Users\Guest
2015-12-15 22:47 - 2014-03-13 20:58 - 00001413 _____ C:\Users\ShellShock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-12-15 22:34 - 2015-10-26 06:32 - 00000000 ____D C:\Users\ShellShock\Desktop\Flash S2
2015-12-15 22:19 - 2014-07-29 11:30 - 00000000 ____D C:\Users\ShellShock\Desktop\MPC classes so far
2015-12-15 22:13 - 2015-08-19 21:47 - 00000000 ____D C:\Users\ShellShock\Desktop\hartnell is bleep gay
2015-12-15 21:04 - 2015-11-11 16:08 - 00000000 ____D C:\Users\ShellShock\Desktop\Arrow S4
2015-12-15 20:26 - 2014-11-14 13:12 - 00113040 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-15 20:24 - 2015-11-09 15:53 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-12-15 20:13 - 2014-11-14 13:12 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer
2015-12-15 17:47 - 2014-04-14 19:57 - 00000000 ____D C:\Users\ShellShock\Desktop\Simple pickup!
2015-12-15 03:16 - 2015-01-30 11:57 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\LolClient
2015-12-14 10:16 - 2014-12-01 18:01 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\Battle.net
2015-12-14 10:16 - 2014-12-01 17:59 - 00000000 ____D C:\ProgramData\Battle.net
2015-12-14 09:20 - 2015-10-15 17:49 - 00000000 ____D C:\Users\ShellShock\Desktop\Charles Ticket
2015-12-11 13:59 - 2015-08-02 21:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-11 13:59 - 2015-07-04 01:16 - 00000000 ____D C:\Users\ShellShock\AppData\Local\Skype
2015-12-11 11:17 - 2014-04-22 13:56 - 00000000 ____D C:\Windows\Minidump
2015-12-09 00:33 - 2015-06-26 21:24 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 00:33 - 2015-06-26 21:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 00:33 - 2015-06-26 21:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-07 15:30 - 2015-11-15 19:42 - 00000000 ____D C:\Users\ShellShock\Desktop\Fast and Furious 7 2015 1080p HDRip x264 AC3-JYK
2015-12-07 08:16 - 2015-11-10 13:30 - 00000000 ____D C:\Program Files (x86)\AMD
2015-12-07 08:16 - 2015-11-10 13:26 - 00000000 ____D C:\Program Files\AMD
2015-12-07 08:16 - 2015-11-05 02:41 - 00000000 ____D C:\Users\ShellShock\AppData\Local\AMD
2015-12-07 08:12 - 2014-03-13 21:14 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-07 08:11 - 2015-11-10 13:25 - 00000000 ____D C:\AMD
2015-12-03 16:22 - 2015-11-19 16:31 - 00000294 _____ C:\Users\ShellShock\Desktop\YOU THOUGHT.txt
2015-12-02 10:24 - 2014-11-24 18:10 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-12-01 21:50 - 2015-10-16 15:59 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-12-01 21:49 - 2015-10-16 15:53 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-12-01 00:01 - 2015-03-20 20:54 - 00000660 _____ C:\Users\ShellShock\Desktop\mario.txt
2015-11-30 12:51 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-30 12:25 - 2015-11-12 13:00 - 00000000 ____D C:\Users\ShellShock\Desktop\The Pot Book
2015-11-28 15:08 - 2014-03-13 21:01 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2015-11-23 08:34 - 2015-06-27 11:33 - 00113040 _____ C:\Users\ShellShock\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-23 08:32 - 2015-06-29 13:59 - 00447440 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2015-12-15 21:51 - 2015-12-15 21:51 - 2356647 _____ () C:\Program Files\Common Files\wx2jxgyc.exe
2014-05-06 13:42 - 2014-05-06 13:42 - 0645678 _____ () C:\Users\ShellShock\AppData\Roaming\5xo8wn.jpg
2015-10-16 22:53 - 2015-11-05 04:27 - 0000132 _____ () C:\Users\ShellShock\AppData\Roaming\Adobe PNG Format CC Prefs
2015-07-06 01:25 - 2015-07-06 01:27 - 0003227 _____ () C:\Users\ShellShock\AppData\Roaming\glide_wrapper.zbag.ini
2015-01-16 02:15 - 2015-01-16 02:50 - 0103469 _____ () C:\Users\ShellShock\AppData\Roaming\net.telestream.wirecast.xml
2015-01-16 02:15 - 2015-01-16 02:15 - 0014120 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0005028 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_main.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0014543 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0014186 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0067454 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_AKAMAI_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0004755 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_BAMBUSER_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0004935 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_CHURCHSTREAMING_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003123 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_DACAST_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003213 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_HIGH_SCHOOL_CUBE_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0004356 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003439 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003825 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFIALITE_ID_brandingimage_main.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0005621 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_NETBRIEFINGS_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0001451 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_SHOWCASTER_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0010088 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0004482 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFIALITE_ID_brandingimage_main.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0007122 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMING_MEDIA_HOSTING_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0010619 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0005241 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAM_SPOT_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0016966 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_STRETCH_INTERNET_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0008986 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0003302 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFIALITE_ID_brandingimage_destination.png
2015-01-16 02:15 - 2015-01-16 02:15 - 0008683 _____ () C:\Users\ShellShock\AppData\Roaming\net_telestream_wirecast_partner_NO_ZIXI_AFFILIATE_ID_brandingimage_destination.png
2015-01-16 02:23 - 2015-01-16 02:37 - 0001001 _____ () C:\Users\ShellShock\AppData\Roaming\pc-capture-log.txt
2015-11-05 03:16 - 2015-11-05 03:16 - 225111747 _____ () C:\Users\ShellShock\AppData\Local\ACCCx3_3_0_151.zip.aamdownload
2015-11-05 03:16 - 2015-11-05 03:16 - 0002615 _____ () C:\Users\ShellShock\AppData\Local\ACCCx3_3_0_151.zip.aamdownload.aamd
2015-12-15 19:27 - 2015-12-15 19:27 - 0000187 _____ () C:\Users\ShellShock\AppData\Local\Joymedia.exe.config
2015-12-15 21:24 - 2015-12-15 21:24 - 0002560 _____ () C:\Users\ShellShock\AppData\Local\uninstall.exe
2014-03-17 17:06 - 2015-08-19 18:01 - 0008064 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\ShellShock\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-21 00:14

==================== End of FRST.txt ============================

Attached Files

  • Attached File  FRST.txt   42.54KB   1 downloads


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:24 AM

Posted 23 December 2015 - 10:01 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   1.83KB   3 downloads


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Durred

Durred
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 AM

Posted 23 December 2015 - 10:50 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by ShellShock (2015-12-23 19:45:38) Run:6
Running from C:\Users\ShellShock\Desktop
Loaded Profiles: ShellShock (Available Profiles: ShellShock & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
AppInit_DLLs: C:\ProgramData\Vaiafineco\OpenDubdax.dll => C:\ProgramData\Vaiafineco\OpenDubdax.dll [518656 2015-12-15] ()
AppInit_DLLs-x32: C:\ProgramData\Vaiafineco\Y-tech.dll => C:\ProgramData\Vaiafineco\Y-tech.dll [320512 2015-12-15] ()
ProxyServer: [S-1-5-21-2367937490-2620206961-1706274593-1000] => 127.0.0.1:5050
FF DefaultSearchEngine.US: Trovi
FF SelectedSearchEngine: Trovi
C:\ProgramData\caMyciloPs
2015-12-15 22:38 - 2015-12-15 22:38 - 00000000 ____D C:\Users\plan B\AppData\Roaming\TapgokUcijyc
2015-12-15 21:51 - 2015-12-21 01:41 - 00000000 ____D C:\ProgramData\Vaiafineco
2015-12-15 21:48 - 2015-12-16 12:45 - 00000000 ____D C:\Program Files\Common Files\0i2uoepu
2015-12-15 21:48 - 2015-12-15 21:48 - 00003388 _____ C:\Windows\System32\Tasks\uvnqp1hd
2015-12-15 21:22 - 2015-12-15 21:22 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\TapgokUcijyc
2015-12-15 21:22 - 2015-12-15 22:38 - 00004688 _____ C:\Windows\SysWOW64\Dotederle.ini
2015-12-15 21:22 - 2015-12-15 22:38 - 00002400 _____ C:\Windows\SysWOW64\DotederleOff.ini
2015-12-15 21:22 - 2015-12-15 22:38 - 00002400 _____ C:\Windows\system32\DotederleOff.ini
2015-12-15 21:22 - 2015-12-15 21:11 - 00375632 _____ C:\Windows\system32\Dotederle64.dll
2015-12-15 21:22 - 2015-12-15 22:48 - 00000000 ____D C:\ProgramData\DataFile
2015-12-15 20:04 - 2015-12-15 20:15 - 00004688 _____ C:\Windows\SysWOW64\Uponrekof.ini
2015-12-15 20:04 - 2015-12-15 20:15 - 00002400 _____ C:\Windows\SysWOW64\UponrekofOff.ini
2015-12-15 20:04 - 2015-12-15 20:15 - 00002400 _____ C:\Windows\system32\UponrekofOff.ini
2015-12-15 20:04 - 2015-12-15 20:04 - 00000000 ____D C:\Users\ShellShock\AppData\Roaming\AkijOmycs
2015-12-15 20:04 - 2015-12-15 20:04 - 00003348 _____ C:\Windows\System32\Tasks\Gufdhyp
2015-12-15 20:04 - 2015-12-15 18:37 - 00375680 _____ C:\Windows\system32\Uponrekof64.dll
EmptyTemp:

*****************

"C:\ProgramData\Vaiafineco\OpenDubdax.dll" => Value data removed successfully.
"C:\ProgramData\Vaiafineco\Y-tech.dll" => Value data removed successfully.
HKU\S-1-5-21-2367937490-2620206961-1706274593-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
Firefox DefaultSearchEngine.US removed successfully
FF SelectedSearchEngine: Trovi => not found
C:\ProgramData\caMyciloPs => moved successfully
"C:\Users\plan B\AppData\Roaming\TapgokUcijyc" => not found.
C:\ProgramData\Vaiafineco => moved successfully
C:\Program Files\Common Files\0i2uoepu => moved successfully
C:\Windows\System32\Tasks\uvnqp1hd => moved successfully
C:\Users\ShellShock\AppData\Roaming\TapgokUcijyc => moved successfully
C:\Windows\SysWOW64\Dotederle.ini => moved successfully
C:\Windows\SysWOW64\DotederleOff.ini => moved successfully
C:\Windows\system32\DotederleOff.ini => moved successfully
C:\Windows\system32\Dotederle64.dll => moved successfully
C:\ProgramData\DataFile => moved successfully
C:\Windows\SysWOW64\Uponrekof.ini => moved successfully
C:\Windows\SysWOW64\UponrekofOff.ini => moved successfully
C:\Windows\system32\UponrekofOff.ini => moved successfully
C:\Users\ShellShock\AppData\Roaming\AkijOmycs => moved successfully
C:\Windows\System32\Tasks\Gufdhyp => moved successfully
C:\Windows\system32\Uponrekof64.dll => moved successfully
EmptyTemp: => 42.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:45:45 ====

Attached Files


Edited by Durred, 23 December 2015 - 10:51 PM.


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:24 AM

Posted 26 December 2015 - 11:17 AM

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users