Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a bunch of stuff, tried to remove, still something left...


  • This topic is locked This topic is locked
6 replies to this topic

#1 BCHurricane89

BCHurricane89

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 04 January 2016 - 10:05 PM

Hello, 

 

I was infected with a host of things such as malware, browser hijackers, redirects and toolbars (examples include: Sound+, AmazingTab, KNCTR, etc). I tried uninstalling these programs, but something would just keep reinstalling them. I booted into safe mode and was able to remove the programs. I ran malwarebytes and removed a few things it found as well. I rebooted into my normal mode and malwarebytes' free trial of active scanning kept popping up saying it was blocking a bunch of stuff. Something is still on my computer but I am unsure how to remove it.

 

Any help would be appreciated.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by LB (administrator) on LB-PC (04-01-2016 22:03:19)
Running from C:\Users\LB\Downloads
Loaded Profiles: LB (Available Profiles: LB)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe
(© 2015 Microsoft Corporation) C:\Users\LB\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Flux Software LLC) C:\Users\LB\AppData\Local\FluxSoftware\Flux\flux.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 7640 series\Bin\HPNetworkCommunicatorCom.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [379280 2015-04-16] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-225828076-4245953163-1930359861-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-225828076-4245953163-1930359861-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-225828076-4245953163-1930359861-1000\...\Run: [Google Update] => C:\Users\LB\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-225828076-4245953163-1930359861-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-225828076-4245953163-1930359861-1000\...\Run: [HP ENVY 7640 series (NET)] => C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-225828076-4245953163-1930359861-1000\...\Run: [BingSvc] => C:\Users\LB\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-225828076-4245953163-1930359861-1000\...\Run: [f.lux] => C:\Users\LB\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-225828076-4245953163-1930359861-1000\...\MountPoints2: {434731ae-22cb-11e2-a34b-005056c00008} - E:\MotoCastSetup.exe -a
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk [2014-05-14]
ShortcutTarget: HD Writer.lnk -> C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-04-12]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-04-12]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{E8D47939-B554-4C8E-AA5E-930D8096E320}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-04-12] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-27] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-04-12] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-27] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-04-12] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-04-12] (LastPass)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-05-05] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-06-14] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-03-11] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-04-12] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-06-14] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-27] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-04-12] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2014-07-11] ()
FF Plugin HKU\S-1-5-21-225828076-4245953163-1930359861-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\LB\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-225828076-4245953163-1930359861-1000: @talk.google.com/O1DPlugin -> C:\Users\LB\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-225828076-4245953163-1930359861-1000: @tools.google.com/Google Update;version=3 -> C:\Users\LB\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-225828076-4245953163-1930359861-1000: @tools.google.com/Google Update;version=9 -> C:\Users\LB\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\LB\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\LB\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-28]
CHR Extension: (OneTab) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-01-01]
CHR Extension: (Google Search) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (ICE Quick Stream) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2015-04-15]
CHR Extension: (Session Buddy) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-01-21]
CHR Extension: (Block site) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-11-17]
CHR Extension: (AdBlock) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (Pin It Button) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-12-30]
CHR Extension: (Anti-Porn Pro - The best Anti-Porn addon!) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbepadcdhpahlikldbochnhfleejiokp [2016-01-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-28]
CHR Extension: (Chrono Download Manager) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2015-12-24]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2015-12-24]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-12-28]
CHR Extension: (Google Hangouts) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\LB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-225828076-4245953163-1930359861-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-04-04] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-04-04] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-30] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-12] ()
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1071504 2015-04-16] (Cyber Power Systems, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AmazingTab; "C:\Program Files\amztab\amztab.exe" /s iid=9385331 did=Missing sid=325 ref= id=8d2d95d2a553c1c9850496a24f7dbad96ff2531778cd5e8cc92ecbacb52d48ad [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-23] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U4 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R2 SADP_NPF; C:\Windows\SysWOW64\drivers\sadp_npf64.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 ubloxusb; C:\Windows\System32\DRIVERS\ubloxusb.sys [95232 2011-11-30] (u-blox AG)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33496 2015-06-24] (VMware, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
U3 pxldapoc; \??\C:\Users\LB\AppData\Local\Temp\pxldapoc.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-04 22:03 - 2016-01-04 22:03 - 00030264 _____ C:\Users\LB\Downloads\FRST.txt
2016-01-04 21:52 - 2016-01-04 22:03 - 00000000 ____D C:\FRST
2016-01-04 21:50 - 2016-01-04 21:51 - 02370560 _____ (Farbar) C:\Users\LB\Downloads\FRST64.exe
2016-01-04 21:47 - 2016-01-04 21:47 - 00000000 ____D C:\AdwCleaner
2016-01-04 21:44 - 2016-01-04 21:44 - 00000000 ____D C:\Users\LB\Downloads\itisremover
2016-01-04 21:12 - 2016-01-04 21:12 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\LB\Downloads\tdsskiller.exe
2016-01-04 21:02 - 2016-01-04 21:02 - 00001413 _____ C:\Users\LB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-04 20:39 - 2016-01-04 21:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-04 20:39 - 2016-01-04 20:39 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-04 20:39 - 2016-01-04 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-04 20:39 - 2016-01-04 20:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-04 20:39 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-04 20:39 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-04 20:39 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-04 19:50 - 2016-01-04 19:50 - 00019848 ____H C:\Windows\Tasks\{7A0A7F47-0B7D-0504-0911-7E0C0F05117F}.job
2016-01-04 19:50 - 2016-01-04 19:50 - 00000000 ____D C:\ProgramData\c0069914-29b1-1
2016-01-04 19:47 - 2016-01-04 19:47 - 00020024 ____H C:\Windows\Tasks\{7F0F7E47-0C7A-0B09-0911-7F0E04791179}.job
2016-01-04 19:47 - 2016-01-04 19:47 - 00000000 ____D C:\ProgramData\91febc34-7a15-1
2016-01-04 19:41 - 2016-01-04 20:40 - 00423476 _____ C:\Windows\ntbtlog.txt
2016-01-04 19:20 - 2016-01-04 21:01 - 00000000 ____D C:\ProgramData\91febc34-6f41-1
2016-01-04 19:20 - 2016-01-04 21:01 - 00000000 ____D C:\ProgramData\91febc34-34a1-0
2016-01-04 19:20 - 2016-01-04 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-04 19:20 - 2016-01-04 19:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-04 19:19 - 2016-01-04 21:01 - 00000000 ____D C:\ProgramData\c0069914-5611-0
2016-01-04 19:19 - 2016-01-04 21:01 - 00000000 ____D C:\ProgramData\c0069914-4661-1
2016-01-04 19:19 - 2016-01-04 19:19 - 00023162 _____ C:\Windows\System32\Tasks\{7A0A7F47-0B7D-0504-0911-7E0C0F05117F}
2016-01-04 19:18 - 2016-01-04 21:00 - 00000336 ____H C:\Windows\Tasks\JSUOXVXJYWCGSPIM.job
2016-01-04 19:18 - 2016-01-04 21:00 - 00000324 _____ C:\Windows\Tasks\ZTIQCBB1.job
2016-01-04 19:18 - 2016-01-04 19:19 - 00001579 _____ C:\ProgramData\tempimage.bmp
2016-01-04 19:18 - 2016-01-04 19:18 - 00003364 _____ C:\Windows\System32\Tasks\JSUOXVXJYWCGSPIM
2016-01-04 19:18 - 2016-01-04 19:18 - 00002846 _____ C:\Windows\System32\Tasks\ZTIQCBB1
2016-01-04 19:18 - 2016-01-04 19:18 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2016-01-04 19:13 - 2016-01-04 19:13 - 00000000 ____D C:\Users\LB\AppData\Roaming\c
2016-01-04 19:06 - 2016-01-04 19:13 - 396470293 _____ C:\Users\LB\Downloads\Making.a.Murderer.S01E03.mp4
2016-01-04 19:05 - 2016-01-04 19:12 - 360882617 _____ C:\Users\LB\Downloads\Making.a.Murderer.S01E02.mp4
2016-01-03 18:07 - 2016-01-03 18:07 - 00000000 ____D C:\Users\LB\Downloads\20160103_1700_Treadmill
2015-12-31 23:43 - 2015-12-31 23:43 - 03132924 _____ ( ) C:\Users\LB\Downloads\Setup Project64 2.2.exe
2015-12-31 23:32 - 2015-12-31 23:33 - 02080797 _____ (Project64 ) C:\Users\LB\Downloads\setup Project64 1.6.exe
2015-12-29 11:54 - 2015-12-29 11:54 - 01488506 _____ C:\Users\LB\Downloads\bams-87-4-465.pdf
2015-12-28 16:05 - 2015-12-28 16:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2015-12-28 16:02 - 2014-09-15 13:08 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-12-28 13:52 - 2015-12-28 19:19 - 00000000 ____D C:\Users\LB\Downloads\FireTabletFiles
2015-12-28 13:48 - 2015-12-28 13:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-12-27 23:18 - 2015-12-27 23:28 - 00000000 ____D C:\Program Files (x86)\BUFKIT
2015-12-27 23:18 - 2015-12-27 23:18 - 00001011 _____ C:\Users\LB\Desktop\BUFKIT.LNK
2015-12-27 23:18 - 2015-12-27 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BUFKIT
2015-12-27 10:15 - 2015-12-27 10:15 - 11239093 _____ C:\Users\LB\Downloads\KFWS20151227_005354_V06.gz
2015-12-27 10:15 - 2015-12-27 10:15 - 11230137 _____ C:\Users\LB\Downloads\KFWS20151227_005910_V06.gz
2015-12-27 10:14 - 2015-12-27 10:15 - 11201814 _____ C:\Users\LB\Downloads\KFWS20151227_004836_V06.gz
2015-12-27 10:14 - 2015-12-27 10:14 - 11149193 _____ C:\Users\LB\Downloads\KFWS20151227_004320_V06.gz
2015-12-27 10:14 - 2015-12-27 10:14 - 11107745 _____ C:\Users\LB\Downloads\KFWS20151227_003804_V06.gz
2015-12-27 10:14 - 2015-12-27 10:14 - 11055477 _____ C:\Users\LB\Downloads\KFWS20151227_003248_V06.gz
2015-12-27 10:14 - 2015-12-27 10:14 - 10965021 _____ C:\Users\LB\Downloads\KFWS20151227_002732_V06.gz
2015-12-27 10:14 - 2015-12-27 10:14 - 10867626 _____ C:\Users\LB\Downloads\KFWS20151227_002216_V06.gz
2015-12-27 10:14 - 2015-12-27 10:14 - 10764051 _____ C:\Users\LB\Downloads\KFWS20151227_000110_V06.gz
2015-12-27 10:14 - 2015-12-27 10:14 - 10741266 _____ C:\Users\LB\Downloads\KFWS20151227_001659_V06.gz
2015-12-27 10:14 - 2015-12-27 10:14 - 10739734 _____ C:\Users\LB\Downloads\KFWS20151227_000626_V06.gz
2015-12-27 10:14 - 2015-12-27 10:14 - 10716454 _____ C:\Users\LB\Downloads\KFWS20151227_001143_V06.gz
2015-12-27 10:11 - 2015-12-27 10:21 - 00000492 _____ C:\Users\LB\.wct
2015-12-27 10:10 - 2015-12-27 10:11 - 00000000 ____D C:\Users\LB\.wct-cache
2015-12-27 10:10 - 2015-12-27 10:10 - 00002917 _____ C:\Users\LB\Desktop\NOAA Weather and Climate Toolkit.lnk
2015-12-27 10:10 - 2015-12-27 10:10 - 00000000 ____D C:\Users\LB\.swt
2015-12-26 20:33 - 2015-12-26 20:33 - 00000000 ____D C:\Users\LB\AppData\Roaming\GRLevelX
2015-12-24 07:42 - 2015-12-24 07:42 - 00001604 _____ C:\Users\Default\J7uIj1WN.N8OK
2015-12-24 07:42 - 2015-12-24 07:42 - 00000628 _____ C:\Users\LB\2FL3.TxV
2015-12-24 07:40 - 2015-12-24 07:40 - 00001396 _____ C:\ProgramData\kqf0y.PBBh
2015-12-21 19:43 - 2015-12-21 19:43 - 00060851 _____ C:\Users\LB\Desktop\sUAS Registration - Registration Certificate.pdf
2015-12-20 00:01 - 2015-12-20 00:01 - 00000000 ____D C:\Users\LB\AppData\Local\Microsoft_Corporation
2015-12-19 23:34 - 2015-12-19 23:34 - 00000000 ____D C:\Users\LB\Downloads\LB_Tor_Pics
2015-12-19 18:59 - 2015-12-21 20:48 - 00000000 ____D C:\Users\LB\Downloads\SIC.B72-SHULiBAN
2015-12-16 10:45 - 2015-12-16 10:45 - 00000000 ____D C:\Users\LB\AppData\Roaming\AVS4YOU
2015-12-16 10:45 - 2015-12-16 10:45 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-12-16 10:44 - 2015-12-16 10:44 - 00000000 ____D C:\Users\LB\Downloads\sHaRewbb_avsvideo913port
2015-12-15 19:48 - 2015-12-15 19:48 - 00003316 _____ C:\Windows\System32\Tasks\msde.exe
2015-12-15 19:48 - 2015-12-15 19:48 - 00000000 ____D C:\Users\LB\AppData\Local\Hardc0re_Team
2015-12-15 19:47 - 2015-12-15 19:47 - 01466378 _____ (Microsoft Corporation) C:\Windows\system32\msde.exe
2015-12-12 23:44 - 2016-01-04 21:01 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-12-12 22:48 - 2015-12-21 20:48 - 00000000 ____D C:\Users\LB\Downloads\TR6.W72-SHULiBAN
2015-12-11 22:17 - 2015-12-11 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-10 11:06 - 2015-12-10 11:06 - 00201854 _____ C:\Users\LB\Downloads\nam4km.txt
2015-12-08 22:47 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 22:47 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 22:47 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 22:47 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 22:47 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 22:47 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 22:47 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 22:47 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 22:47 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 22:47 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 22:47 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 22:47 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 22:47 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 22:47 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 22:47 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 22:47 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 22:47 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 22:47 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 22:47 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 22:47 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 22:47 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 22:47 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 22:47 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 22:47 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 22:47 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 22:47 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 22:47 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 22:47 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 22:47 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 22:47 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 22:47 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 22:47 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 22:47 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 22:47 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 22:47 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 22:47 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 22:47 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 22:47 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 22:47 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 22:47 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 22:47 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 22:47 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 22:47 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 22:47 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 22:47 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 22:47 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 22:47 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 22:47 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 22:47 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 22:47 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 22:47 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 22:47 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 22:47 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 22:47 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 22:47 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 22:47 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 22:47 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 22:47 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 22:47 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 22:47 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 22:47 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 22:47 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 22:47 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 22:47 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 22:47 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 22:47 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 22:47 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 22:47 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 22:47 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 22:47 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 22:47 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 22:47 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 22:47 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 22:47 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 22:47 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 22:47 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 22:47 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 22:47 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 22:47 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 22:47 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 22:47 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 22:47 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 22:47 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 22:47 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 22:47 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 22:47 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 22:47 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 22:47 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 22:47 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 22:47 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 22:47 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 22:47 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 22:47 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 22:47 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 22:47 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 22:47 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 22:47 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-08 10:52 - 2016-01-04 10:07 - 00022471 _____ C:\Users\LB\Desktop\BP_Log.xlsx
2015-12-07 20:57 - 2015-12-07 20:57 - 00004450 _____ C:\Users\LB\Downloads\export-20151207-205340_default.csv
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-04 22:01 - 2009-07-13 23:45 - 00016656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-04 22:01 - 2009-07-13 23:45 - 00016656 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-04 21:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-04 21:54 - 2012-10-12 13:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-04 21:45 - 2015-08-30 14:40 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-04 21:24 - 2013-11-23 00:04 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-225828076-4245953163-1930359861-1000UA.job
2016-01-04 21:13 - 2015-11-05 18:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-04 21:03 - 2015-08-30 14:42 - 00000000 ___RD C:\Users\LB\Dropbox
2016-01-04 21:03 - 2015-08-30 14:40 - 00000000 ____D C:\Users\LB\AppData\Local\Dropbox
2016-01-04 21:03 - 2013-01-12 16:38 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-04 21:02 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-01-04 21:02 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-04 21:00 - 2015-08-30 14:40 - 00000896 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-04 21:00 - 2015-05-12 13:25 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2016-01-04 21:00 - 2013-01-27 00:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-04 21:00 - 2012-10-12 13:44 - 00000000 ____D C:\ProgramData\VMware
2016-01-04 21:00 - 2012-10-12 13:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-04 21:00 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-04 20:29 - 2012-10-06 11:58 - 00000000 ____D C:\Windows\Panther
2016-01-04 19:52 - 2013-01-19 17:05 - 00000000 ____D C:\Fraps
2016-01-04 19:40 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-01-04 19:36 - 2014-04-04 13:02 - 00061256 _____ C:\Windows\system32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000005-00211102}.rfx
2016-01-04 19:36 - 2014-04-04 13:02 - 00061256 _____ C:\Windows\system32\BMXState-{00000004-00000000-00000000-00001102-00000005-00211102}.rfx
2016-01-04 19:36 - 2014-04-04 13:02 - 00000788 _____ C:\Windows\system32\DVCState-{00000004-00000000-00000000-00001102-00000005-00211102}.rfx
2016-01-04 19:35 - 2013-09-14 20:37 - 00074577 _____ C:\Users\LB\Desktop\winscp421.ini
2016-01-04 19:35 - 2013-09-03 06:46 - 00000600 _____ C:\Users\LB\AppData\Roaming\winscp.rnd
2016-01-04 18:44 - 2012-12-12 19:28 - 00000000 ____D C:\Users\LB\AppData\Roaming\vlc
2016-01-04 13:42 - 2014-01-01 23:55 - 00000000 ____D C:\ProgramData\TEMP
2016-01-04 08:39 - 2014-01-01 23:56 - 00000000 ____D C:\Users\LB\AppData\Local\GR2Analyst_2
2016-01-04 02:00 - 2014-08-25 01:00 - 00000000 ____D C:\Users\LB\AppData\Local\Adobe
2016-01-04 01:24 - 2013-11-23 00:04 - 00000844 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-225828076-4245953163-1930359861-1000Core.job
2016-01-03 01:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-02 19:54 - 2013-04-29 21:17 - 00000000 ____D C:\Users\LB\AppData\Roaming\TeamViewer
2015-12-28 23:13 - 2015-11-05 18:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-28 23:13 - 2013-03-22 14:21 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-28 23:13 - 2013-03-22 14:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-28 21:17 - 2012-10-12 14:09 - 00000000 ____D C:\Users\LB\AppData\Local\VMware
2015-12-28 18:06 - 2012-10-12 14:09 - 00000000 ____D C:\Users\LB\AppData\Roaming\VMware
2015-12-28 10:16 - 2014-07-06 20:33 - 00000132 _____ C:\Users\LB\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-12-28 00:02 - 2012-10-28 23:54 - 00000000 ____D C:\Users\LB\AppData\Roaming\Bufkit
2015-12-27 23:18 - 2012-10-28 23:53 - 00249856 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2015-12-27 23:18 - 2012-10-28 23:53 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2015-12-27 17:26 - 2012-10-12 13:42 - 00124424 _____ C:\Users\LB\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-27 10:11 - 2012-10-06 08:03 - 00000000 ____D C:\Users\LB
2015-12-26 22:10 - 2014-04-25 12:53 - 00000000 ____D C:\Users\LB\AppData\Local\GRLevel3_2
2015-12-26 11:39 - 2009-07-14 00:13 - 00782982 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-26 09:53 - 2015-06-08 18:20 - 00000000 ____D C:\Users\LB\.sharppy
2015-12-24 11:59 - 2014-07-20 20:32 - 00000000 ____D C:\Users\LB\Downloads\WxImages
2015-12-24 07:56 - 2015-03-05 19:55 - 00000000 ____D C:\Users\LB\Anaconda
2015-12-24 07:42 - 2015-11-21 22:54 - 00000000 ____D C:\ProgramData\PicBlock
2015-12-24 07:42 - 2015-04-17 13:58 - 00000000 ____D C:\Users\LB\.qgis2
2015-12-24 07:42 - 2013-01-12 16:53 - 00000000 ____D C:\ProgramData\Xfire
2015-12-24 07:41 - 2013-01-27 00:48 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-24 05:40 - 2014-06-25 07:50 - 00000000 ____D C:\SBS-resources
2015-12-24 05:40 - 2014-06-20 13:34 - 00000000 ____D C:\Cumulus
2015-12-23 17:35 - 2015-04-17 13:58 - 00000000 ____D C:\Users\LB\.matplotlib
2015-12-19 23:42 - 2015-11-25 21:30 - 00000000 ____D C:\Users\LB\AppData\Local\Windows Live
2015-12-19 23:38 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-16 22:56 - 2015-11-25 23:48 - 00000000 ____D C:\Users\LB\AppData\Roaming\avidemux
2015-12-15 22:24 - 2013-03-22 14:19 - 00000000 ____D C:\Users\LB\AppData\Roaming\Mozilla
2015-12-15 19:48 - 2013-09-05 18:03 - 00000000 ____D C:\Users\LB\AppData\Roaming\WinRAR
2015-12-15 19:42 - 2013-09-05 18:02 - 00000000 ____D C:\Program Files\WinRAR
2015-12-15 16:34 - 2015-11-01 11:47 - 00000000 ____D C:\Users\LB\Desktop\LB 101515
2015-12-14 19:33 - 2014-06-25 07:50 - 00000000 ____D C:\Users\LB\AppData\Local\Downloaded Installations
2015-12-12 13:23 - 2014-05-20 15:37 - 00000000 ____D C:\Users\LB\Downloads\WY
2015-12-11 22:17 - 2015-08-30 14:40 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-11 13:58 - 2015-09-25 13:11 - 05922421 _____ C:\Users\LB\Desktop\fbpagebanner.psd
2015-12-09 04:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-09 03:24 - 2009-07-13 23:45 - 05087640 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 03:06 - 2015-08-15 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-09 03:06 - 2015-08-15 19:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-08 23:25 - 2015-05-05 12:53 - 00000000 ____D C:\Users\LB\AppData\Roaming\.purple
2015-12-05 03:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
 
==================== Files in the root of some directories =======
 
2015-04-12 18:38 - 2015-04-12 18:38 - 14283832 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-07-06 20:33 - 2015-12-28 10:16 - 0000132 _____ () C:\Users\LB\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-09-03 06:46 - 2016-01-04 19:35 - 0000600 _____ () C:\Users\LB\AppData\Roaming\winscp.rnd
2014-04-11 19:13 - 2014-04-11 22:06 - 1065984 _____ () C:\Users\LB\AppData\Local\file__0.localstorage
2015-04-07 09:11 - 2015-04-07 09:11 - 0000600 _____ () C:\Users\LB\AppData\Local\PUTTY.RND
2012-10-15 23:30 - 2012-10-15 23:30 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-10-12 13:28 - 2012-10-12 13:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-12-24 07:40 - 2015-12-24 07:40 - 0001396 _____ () C:\ProgramData\kqf0y.PBBh
2016-01-04 19:18 - 2016-01-04 19:19 - 0001579 _____ () C:\ProgramData\tempimage.bmp
 
Files to move or delete:
====================
C:\Windows\Tasks\{7A0A7F47-0B7D-0504-0911-7E0C0F05117F}.job
C:\Windows\Tasks\{7F0F7E47-0C7A-0B09-0911-7F0E04791179}.job
 
 
Some files in TEMP:
====================
C:\Users\LB\AppData\Local\Temp\amzngtb.exe
C:\Users\LB\AppData\Local\Temp\E9BAY2NHM.exe
C:\Users\LB\AppData\Local\Temp\sqlite3.dll
C:\Users\LB\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-20 00:24
 
==================== End of FRST.txt ============================

Attached Files


Edited by BCHurricane89, 04 January 2016 - 10:10 PM.


BC AdBot (Login to Remove)

 


#2 BCHurricane89

BCHurricane89
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 04 January 2016 - 10:10 PM

Delete this post...added the addition.txt to the first post.


Edited by BCHurricane89, 04 January 2016 - 10:11 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:30 AM

Posted 05 January 2016 - 11:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-225828076-4245953163-1930359861-1000\...\Run: [AdobeBridge] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
S2 AmazingTab; "C:\Program Files\amztab\amztab.exe" /s iid=9385331 did=Missing sid=325 ref= id=8d2d95d2a553c1c9850496a24f7dbad96ff2531778cd5e8cc92ecbacb52d48ad [X]
U3 pxldapoc; \??\C:\Users\LB\AppData\Local\Temp\pxldapoc.sys [X]
Task: {1FB59A19-5BBF-4B0D-8369-8B0D57D121ED} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {33AC2F11-8AD2-42B5-B724-3CBD61294D4C} - \One System Care Monitor -> No File <==== ATTENTION
Task: {4327BC42-5975-4F7C-9AA1-62A45D571972} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION
Task: {4C8D1AB8-1E06-4EA9-A42C-EDF3F7B92965} - \SwiftSearch Auto Updater 1.10.0.29 Pending Update -> No File <==== ATTENTION
Task: {516A2470-42B7-4494-BDA1-11BA5B4CD0E9} - \System Healer Task -> No File <==== ATTENTION
Task: {55180385-FF5C-4125-9911-E2AF9B86C397} - \One System Care Task -> No File <==== ATTENTION
Task: {594D98F8-C18F-429A-9F65-919A293D8849} - \SushiLeads -> No File <==== ATTENTION
Task: {5A0769BE-D178-4EE8-A81A-041038134890} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {621240BB-13C3-47C6-8318-BBB9D7B5EF41} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {65B120E9-F5A7-4C77-8CAF-7B1318F2B063} - System32\Tasks\ZTIQCBB1 => C:\ProgramData\LolliScan\LolliScan.exe <==== ATTENTION
Task: {6F659232-B153-4EE1-BC87-696A1EDEAE7B} - System32\Tasks\JSUOXVXJYWCGSPIM => C:\ProgramData\Service7609\Service7609.exe <==== ATTENTION
Task: {74B087A5-83A5-4CFA-9923-869C18DCB93E} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {8C2A61B1-E85B-4B65-98D8-84A92CEDF69E} - \WebDnsio2 -> No File <==== ATTENTION
Task: {A12BB5C2-CEC5-4C9F-8DB6-2D6E2CD20E1E} - \WebDnsio2-daily -> No File <==== ATTENTION
Task: {AE0CE6E2-FB7F-4189-A523-01D1CD552B63} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-08-15] ()
Task: {B1641282-4F6F-4049-9E4C-9C4F6A1C8769} - \bvxvaxxvyd -> No File <==== ATTENTION
Task: {E228A00A-8D08-4B4E-B898-90F5A3428815} - \One System CarePeriod -> No File <==== ATTENTION
Task: {E980414B-F162-4A9D-BED7-37009D3E3A89} - \System HealerPeriod -> No File <==== ATTENTION
Task: {ED221532-EBB2-4ADC-A748-AE3976E09B73} - \SwiftSearch Auto Updater 1.10.0.29 Core -> No File <==== ATTENTION
Task: {F801ACDA-06AF-4C1B-851A-A8DFFBCAAC1F} - \System HealerStartUp -> No File <==== ATTENTION
Task: {FC7FE753-7914-48DF-AAB6-763B81C4CFD9} - \One System Care Run Delay -> No File <==== ATTENTION
Task: C:\Windows\Tasks\JSUOXVXJYWCGSPIM.job => C:\ProgramData\Service7609\Service7609.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZTIQCBB1.job => C:\ProgramData\LolliScan\LolliScan.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:1866F3B5
AlternateDataStreams: C:\ProgramData\TEMP:E18B7D31
AlternateDataStreams: C:\Users\LB\AppData\Local\Temporary Internet Files:LSTjLsiphK7uLfdRbs3Ik
AlternateDataStreams: C:\Users\LB\AppData\Local\TxpDIGoLuABGE:019kYhJQgJgA5CMQ2PjeS5
C:\ProgramData\LolliScan
C:\ProgramData\Service7609
C:\Windows\AutoKMS
C:\Program Files (x86)\Itibiti Soft Phone


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Copy the text IN THE CODE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}]
Restart the when completed.

You can delete the fixme.reg file when done.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Please post the logs and let me know of any remaining issues.

Edited by nasdaq, 05 January 2016 - 11:28 AM.


#4 BCHurricane89

BCHurricane89
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 05 January 2016 - 03:41 PM

Ok, all done, here is my fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by LB (2016-01-05 14:55:44) Run:1
Running from C:\Users\LB\Downloads
Loaded Profiles: LB (Available Profiles: LB)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-225828076-4245953163-1930359861-1000\...\Run: [AdobeBridge] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
S2 AmazingTab; "C:\Program Files\amztab\amztab.exe" /s iid=9385331 did=Missing sid=325 ref= id=8d2d95d2a553c1c9850496a24f7dbad96ff2531778cd5e8cc92ecbacb52d48ad [X]
U3 pxldapoc; \??\C:\Users\LB\AppData\Local\Temp\pxldapoc.sys [X]
Task: {1FB59A19-5BBF-4B0D-8369-8B0D57D121ED} - \SystemHealer Monitor -> No File <==== ATTENTION
Task: {33AC2F11-8AD2-42B5-B724-3CBD61294D4C} - \One System Care Monitor -> No File <==== ATTENTION
Task: {4327BC42-5975-4F7C-9AA1-62A45D571972} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION
Task: {4C8D1AB8-1E06-4EA9-A42C-EDF3F7B92965} - \SwiftSearch Auto Updater 1.10.0.29 Pending Update -> No File <==== ATTENTION
Task: {516A2470-42B7-4494-BDA1-11BA5B4CD0E9} - \System Healer Task -> No File <==== ATTENTION
Task: {55180385-FF5C-4125-9911-E2AF9B86C397} - \One System Care Task -> No File <==== ATTENTION
Task: {594D98F8-C18F-429A-9F65-919A293D8849} - \SushiLeads -> No File <==== ATTENTION
Task: {5A0769BE-D178-4EE8-A81A-041038134890} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {621240BB-13C3-47C6-8318-BBB9D7B5EF41} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {65B120E9-F5A7-4C77-8CAF-7B1318F2B063} - System32\Tasks\ZTIQCBB1 => C:\ProgramData\LolliScan\LolliScan.exe <==== ATTENTION
Task: {6F659232-B153-4EE1-BC87-696A1EDEAE7B} - System32\Tasks\JSUOXVXJYWCGSPIM => C:\ProgramData\Service7609\Service7609.exe <==== ATTENTION
Task: {74B087A5-83A5-4CFA-9923-869C18DCB93E} - \SystemHealer Run Delay -> No File <==== ATTENTION
Task: {8C2A61B1-E85B-4B65-98D8-84A92CEDF69E} - \WebDnsio2 -> No File <==== ATTENTION
Task: {A12BB5C2-CEC5-4C9F-8DB6-2D6E2CD20E1E} - \WebDnsio2-daily -> No File <==== ATTENTION
Task: {AE0CE6E2-FB7F-4189-A523-01D1CD552B63} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-08-15] ()
Task: {B1641282-4F6F-4049-9E4C-9C4F6A1C8769} - \bvxvaxxvyd -> No File <==== ATTENTION
Task: {E228A00A-8D08-4B4E-B898-90F5A3428815} - \One System CarePeriod -> No File <==== ATTENTION
Task: {E980414B-F162-4A9D-BED7-37009D3E3A89} - \System HealerPeriod -> No File <==== ATTENTION
Task: {ED221532-EBB2-4ADC-A748-AE3976E09B73} - \SwiftSearch Auto Updater 1.10.0.29 Core -> No File <==== ATTENTION
Task: {F801ACDA-06AF-4C1B-851A-A8DFFBCAAC1F} - \System HealerStartUp -> No File <==== ATTENTION
Task: {FC7FE753-7914-48DF-AAB6-763B81C4CFD9} - \One System Care Run Delay -> No File <==== ATTENTION
Task: C:\Windows\Tasks\JSUOXVXJYWCGSPIM.job => C:\ProgramData\Service7609\Service7609.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZTIQCBB1.job => C:\ProgramData\LolliScan\LolliScan.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:1866F3B5
AlternateDataStreams: C:\ProgramData\TEMP:E18B7D31
AlternateDataStreams: C:\Users\LB\AppData\Local\Temporary Internet Files:LSTjLsiphK7uLfdRbs3Ik
AlternateDataStreams: C:\Users\LB\AppData\Local\TxpDIGoLuABGE:019kYhJQgJgA5CMQ2PjeS5
C:\ProgramData\LolliScan
C:\ProgramData\Service7609
C:\Windows\AutoKMS
C:\Program Files (x86)\Itibiti Soft Phone
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-225828076-4245953163-1930359861-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
AmazingTab => service removed successfully
pxldapoc => service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1FB59A19-5BBF-4B0D-8369-8B0D57D121ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FB59A19-5BBF-4B0D-8369-8B0D57D121ED}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{33AC2F11-8AD2-42B5-B724-3CBD61294D4C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33AC2F11-8AD2-42B5-B724-3CBD61294D4C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4327BC42-5975-4F7C-9AA1-62A45D571972}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4327BC42-5975-4F7C-9AA1-62A45D571972}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC SpeedUp Service Deactivator => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C8D1AB8-1E06-4EA9-A42C-EDF3F7B92965}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C8D1AB8-1E06-4EA9-A42C-EDF3F7B92965}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.29 Pending Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{516A2470-42B7-4494-BDA1-11BA5B4CD0E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{516A2470-42B7-4494-BDA1-11BA5B4CD0E9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55180385-FF5C-4125-9911-E2AF9B86C397}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55180385-FF5C-4125-9911-E2AF9B86C397}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Task => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{594D98F8-C18F-429A-9F65-919A293D8849}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{594D98F8-C18F-429A-9F65-919A293D8849}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A0769BE-D178-4EE8-A81A-041038134890}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A0769BE-D178-4EE8-A81A-041038134890}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Core => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{621240BB-13C3-47C6-8318-BBB9D7B5EF41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{621240BB-13C3-47C6-8318-BBB9D7B5EF41}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Pending Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{65B120E9-F5A7-4C77-8CAF-7B1318F2B063}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65B120E9-F5A7-4C77-8CAF-7B1318F2B063}" => key removed successfully
C:\Windows\System32\Tasks\ZTIQCBB1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZTIQCBB1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F659232-B153-4EE1-BC87-696A1EDEAE7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F659232-B153-4EE1-BC87-696A1EDEAE7B}" => key removed successfully
C:\Windows\System32\Tasks\JSUOXVXJYWCGSPIM => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JSUOXVXJYWCGSPIM" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74B087A5-83A5-4CFA-9923-869C18DCB93E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74B087A5-83A5-4CFA-9923-869C18DCB93E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C2A61B1-E85B-4B65-98D8-84A92CEDF69E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C2A61B1-E85B-4B65-98D8-84A92CEDF69E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebDnsio2 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A12BB5C2-CEC5-4C9F-8DB6-2D6E2CD20E1E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A12BB5C2-CEC5-4C9F-8DB6-2D6E2CD20E1E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebDnsio2-daily => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE0CE6E2-FB7F-4189-A523-01D1CD552B63} => key not found. 
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1641282-4F6F-4049-9E4C-9C4F6A1C8769}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1641282-4F6F-4049-9E4C-9C4F6A1C8769}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvaxxvyd => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E228A00A-8D08-4B4E-B898-90F5A3428815}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E228A00A-8D08-4B4E-B898-90F5A3428815}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E980414B-F162-4A9D-BED7-37009D3E3A89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E980414B-F162-4A9D-BED7-37009D3E3A89}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerPeriod => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ED221532-EBB2-4ADC-A748-AE3976E09B73}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED221532-EBB2-4ADC-A748-AE3976E09B73}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.29 Core => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F801ACDA-06AF-4C1B-851A-A8DFFBCAAC1F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F801ACDA-06AF-4C1B-851A-A8DFFBCAAC1F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerStartUp => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC7FE753-7914-48DF-AAB6-763B81C4CFD9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC7FE753-7914-48DF-AAB6-763B81C4CFD9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay => key not found. 
C:\Windows\Tasks\JSUOXVXJYWCGSPIM.job => moved successfully
C:\Windows\Tasks\ZTIQCBB1.job => moved successfully
C:\ProgramData\TEMP => ":1866F3B5" ADS removed successfully.
C:\ProgramData\TEMP => ":E18B7D31" ADS removed successfully.
"C:\Users\LB\AppData\Local\Temporary Internet Files" => ":LSTjLsiphK7uLfdRbs3Ik" ADS not found.
C:\Users\LB\AppData\Local\TxpDIGoLuABGE => ":019kYhJQgJgA5CMQ2PjeS5" ADS removed successfully.
"C:\ProgramData\LolliScan" => not found.
"C:\ProgramData\Service7609" => not found.
C:\Windows\AutoKMS => moved successfully
"C:\Program Files (x86)\Itibiti Soft Phone" => not found.
EmptyTemp: => 998.9 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 14:56:07 ====
 
Things seem to be good so far.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:30 AM

Posted 06 January 2016 - 08:45 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 BCHurricane89

BCHurricane89
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 06 January 2016 - 07:46 PM

Great, Thank You for your help! It's much appreciated!



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:30 AM

Posted 07 January 2016 - 08:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users