Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Malware/Spyware on my computer

This is a discussion on Malware/Spyware on my computer within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello Tech Support Forum, I had loaned my computer to my nephew yesterday...and it looks like he may have mistakenly


 
 
Thread Tools Search this Thread
Old 01-08-2017, 09:03 AM   #1
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello Tech Support Forum,

I had loaned my computer to my nephew yesterday...and it looks like he may have mistakenly clicked on a malware/spyware program which has changed my homepage to safefinder.com.

Below is the dds.txt results and the attach.txt is attached.

I hope that you can help me.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.111.2
Run by King at 11:51:41 on 2017-01-08
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.1033.18.7888.4834 [GMT -5:00]
.
AV: Kaspersky Total Security *Enabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Total Security *Enabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security *Enabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\DbxSvc.exe
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k apphost
C:\ProgramData\Logic Handler\set.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\EMSService.exe
C:\WINDOWS\SysWoW64\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\ProgramData\NetworkPacketManitor\Nettrans.exe
C:\WINDOWS\SysWoW64\NetUtils2016.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172\knsCFBC.tmp
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files (x86)\SecureW2\sw2_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
svchost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\smartscreen.exe
C:\PROGRA~2\MOZILL~1\firefox.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\EmsServiceHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HP\HPENVY~1\Bin\HPNETW~1.EXE
C:\Users\King\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\SecureW2\sw2_tray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRAM FILES (X86)\WESTERN DIGITAL\WD APP MANAGER\PLUGINS\WD BACKUP\App\WDBackupService.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Users\King\AppData\Roaming\DailyBee\DailyBee.exe
C:\Users\King\AppData\Roaming\DailyBee\DailyBee.exe
C:\Users\King\AppData\Roaming\DailyBee\DailyBee.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
\\?\C:\WINDOWS\system32\wbem\WMIADAP.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Users\King\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\Windows\System32\InstallAgent.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\InstallAgentUserBroker.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchp6luA0gExYRQXNhrNa4QWTjIFNtwhXL_QtINwm7jhJAlGDd04ewzpU9S-kYkr6yjD7qACxDA7jEkYGv6OBGGlGCm2uc
uSearch Bar = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYa-4MBDXuo7Px7wMdm7bLmOwBL3zTcQOgmS6YkaS2afMAu4FhDoKnSVW0ZnmEvfFJ5TBZf&q={searchTerms}
uSearch Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYa-4MBDXuo7Px7wMdm7bLmOwBL3zTcQOgmS6YkaS2afMAu4FhDoKnSVW0ZnmEvfFJ5TBZf&q={searchTerms}
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
BHO: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [HP ENVY 4520 series (NET)] "C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH5A92F0NG0660:NW" -scfn "HP ENVY 4520 series (NET)" -AutoStart 1
uRun: [OneDrive] "C:\Users\King\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [WDAppManager] C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [DailyBee] C:\Users\King\AppData\Roaming\DailyBee\DailyBee.exe su
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: HideFastUserSwitching = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{287b1ad6-97da-4607-a580-2abda2c5ac79} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{287b1ad6-97da-4607-a580-2abda2c5ac79}\84F4D454D203347363D223E243 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{287b1ad6-97da-4607-a580-2abda2c5ac79}\84F4D454D203347363D253 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{98bff00c-bb80-4b13-9b96-7b50f97f6435} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Kaspersky Protection: {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-BHO: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-TB: Kaspersky Protection Toolbar: {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [EmsService] EmsServiceHelper.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: HideFastUserSwitching = dword:1
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013\
FF - prefs.js: browser.startup.homepage - C:\\ProgramData\\Zaamlas\\ff.HP
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\King\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);C:\WINDOWS\System32\drivers\cm_km.sys [2016-6-10 238936]
R0 CmgPCS;Credant PCS;C:\WINDOWS\System32\drivers\CmgPCS.sys [2013-5-10 144168]
R0 CmgShieldCEF;CmgShieldCEF;C:\WINDOWS\System32\drivers\CMGShCEF.sys [2013-5-10 381224]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-11-9 48992]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\WINDOWS\System32\drivers\iusb3hcs.sys [2013-7-5 16152]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\WINDOWS\System32\drivers\klbackupdisk.sys [2016-6-7 63920]
R0 klupd_klif_arkmon;klupd_klif_arkmon;C:\WINDOWS\System32\drivers\klupd_klif_arkmon.sys [2016-12-8 218920]
R0 klupd_klif_klbg;klupd_klif_klbg;C:\WINDOWS\System32\drivers\klupd_klif_klbg.sys [2016-12-8 104720]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\System32\drivers\ApsHM64.sys [2011-12-29 25416]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-13 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-10-28 227328]
R1 eamonm;eamonm;C:\WINDOWS\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\WINDOWS\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\WINDOWS\System32\drivers\klbackupflt.sys [2016-6-14 86352]
R1 klhk;Kaspersky Lab service driver;C:\WINDOWS\System32\drivers\klhk.sys [2016-6-20 435032]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\WINDOWS\System32\drivers\klim6.sys [2016-6-20 57424]
R1 klpd;Kaspersky Lab format recognizer driver;C:\WINDOWS\System32\drivers\klpd.sys [2016-5-31 45488]
R1 klwfp;klwfp;C:\WINDOWS\System32\drivers\klwfp.sys [2016-6-18 85320]
R1 Klwtp;KLwtp - WFP callout traffic inspector;C:\WINDOWS\System32\drivers\klwtp.sys [2016-6-2 134880]
R1 kneps;kneps;C:\WINDOWS\System32\drivers\kneps.sys [2016-6-14 194480]
R1 NetUtils2016;NetUtils2016;C:\WINDOWS\System32\drivers\NetUtils2016.sys [2017-1-7 909944]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-9-22 83768]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [2016-6-28 241544]
R2 backlh;Background Logic Handler;C:\ProgramData\Logic Handler\set.exe [2017-1-7 3786752]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\WINDOWS\System32\BtwRSupportService.exe [2015-3-27 2251992]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_87960;CDPUserSvc_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DbxSvc;DbxSvc;C:\WINDOWS\System32\DbxSvc.exe [2016-12-21 42096]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 EMS;EMS;EMSService.exe --> EMSService.exe [?]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-12-20 26168]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-3 337888]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2016-9-7 21216]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-7-5 161560]
R2 kldisk;kldisk;C:\WINDOWS\System32\drivers\kldisk.sys [2016-5-31 78216]
R2 KSDE1.0.0;Kaspersky Secure Connection Service 1.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [2016-6-28 241544]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2013-7-5 58224]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-5-8 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-7-5 61296]
R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2013-7-5 179568]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-5-8 133992]
R2 Nettrans;Network Packet Manitor;C:\ProgramData\NetworkPacketManitor\Nettrans.exe [2017-1-7 43520]
R2 NetUtils2016srv;NetUtils2016srv;C:\WINDOWS\System32\NetUtils2016.exe --> C:\WINDOWS\System32\NetUtils2016.exe [?]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2016-3-3 71832]
R2 OneSyncSvc_87960;Sync Host_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 qevisufy;Space Subscript;C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172\knsCFBC.tmp [2017-1-8 404480]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2015-2-13 16216]
R2 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2015-4-1 157992]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 SW2SVC;SecureW2 Service;C:\Program Files (x86)\SecureW2\sw2_service.exe [2012-11-2 106920]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-4-21 259176]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-5-8 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-5-8 144960]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-7-5 363800]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-10-1 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2015-12-7 308088]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 5U877;5U877;C:\WINDOWS\System32\drivers\5U877.sys [2013-7-5 216704]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\drivers\bcbtums.sys [2015-3-27 173312]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-10-1 249856]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2013-7-5 331264]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-12-1 38896]
R3 klflt;Kaspersky Lab Kernel DLL;C:\WINDOWS\System32\drivers\klflt.sys [2016-8-10 191312]
R3 klids;klids;C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [2016-8-10 182360]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\WINDOWS\System32\drivers\klkbdflt.sys [2016-5-18 52136]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\System32\drivers\klmouflt.sys [2015-6-7 41656]
R3 kltap;Kaspersky Security Data Escort Adapter;C:\WINDOWS\System32\drivers\kltap.sys [2016-6-7 52152]
R3 klupd_klif_kimul;klupd_klif_kimul;C:\WINDOWS\System32\drivers\klupd_klif_kimul.sys [2016-12-15 85984]
R3 klupd_klif_klark;klupd_klif_klark;C:\WINDOWS\System32\drivers\klupd_klif_klark.sys [2016-12-8 245512]
R3 klupd_klif_mark;klupd_klif_mark;C:\WINDOWS\System32\drivers\klupd_klif_mark.sys [2016-12-8 164888]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2016-7-16 3343872]
R3 PimIndexMaintenanceSvc_87960;Contact Data_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 risdxc;risdxc;C:\WINDOWS\System32\drivers\risdxc64.sys [2013-7-5 106496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 Tvti2c;Lenovo SM bus driver;C:\WINDOWS\System32\drivers\tvti2c.sys [2012-2-7 40248]
R3 tvtvcamd;ThinkVantage Virtual Camera;C:\WINDOWS\System32\drivers\tvtvcamd.sys [2013-7-5 27432]
R3 UnistoreSvc_87960;User Data Storage_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_87960;User Data Access_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2016-7-16 24576]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
S0 klelam;klelam;C:\WINDOWS\System32\drivers\klelam.sys [2016-3-30 28792]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-27 143144]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [2013-10-20 31920]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-10-1 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 btwampfl;btwampfl;C:\WINDOWS\System32\drivers\btwampfl.sys [2015-3-27 188160]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-10-28 118272]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-27 143144]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-4-24 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-12-1 50160]
S3 klvssbrigde64;klvssbrigde64;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [2016-6-28 77328]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2015-12-10 272864]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-9-10 192216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-11 64352]
S3 MessagingService_87960;MessagingService_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-10-1 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-16 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-8-7 52912]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-4-24 165504]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-10-1 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 WD Backup Drive Helper;WD Backup Drive Helper;C:\Windows\SysWOW64\dllhost.exe [2016-7-16 19808]
S3 WD Backup Snapshot;WD Backup Snapshot;C:\Windows\SysWOW64\dllhost.exe [2016-7-16 19808]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\System32\drivers\wdcsam64.sys [2015-11-12 26880]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-10-1 719360]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_87960;Windows Push Notifications User Service_87960;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-12-9 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-13 43520]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2016-10-1 823136]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2017-01-07 23:36:53 -------- d-----w- C:\ProgramData\AppalmaaZ
2017-01-07 23:20:38 -------- d-----w- C:\Program Files (x86)\Common Files\Inlux
2017-01-07 23:20:34 -------- d-----w- C:\ProgramData\Logic Handler
2017-01-07 23:20:33 -------- d-----w- C:\ProgramData\Zaamlas
2017-01-07 23:20:29 -------- d-----w- C:\Users\King\AppData\Local\DailyBee
2017-01-07 23:20:25 1938538 ----a-w- C:\Users\King\AppData\Roaming\Fixcore.bin
2017-01-07 23:20:16 -------- d-----w- C:\ProgramData\Zaamla
2017-01-07 23:20:10 629760 ----a-w- C:\Users\King\AppData\Roaming\RedKayphase.exe
2017-01-07 23:20:05 -------- d-----w- C:\ProgramData\NetworkPacketManitor
2017-01-07 23:20:03 -------- d-----w- C:\Users\King\AppData\Roaming\DailyBee
2017-01-07 23:19:48 -------- d-----w- C:\Users\King\AppData\Roaming\HDWallPaper
2017-01-07 23:19:47 -------- d-----w- C:\WINDOWS\SysWow64\sstmp
2017-01-07 23:19:47 -------- d-----w- C:\WINDOWS\System32\sstmp
2017-01-07 23:19:46 909944 ----a-w- C:\WINDOWS\System32\drivers\NetUtils2016.sys
2017-01-07 23:19:46 625272 ----a-w- C:\WINDOWS\System32\NetUtils2016.dll
2017-01-07 23:19:46 470592 ----a-w- C:\WINDOWS\SysWow64\NetUtils2016.exe
2017-01-07 23:19:45 -------- d-----w- C:\Program Files (x86)\HDWallPaper
2017-01-07 23:19:32 -------- d-----w- C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172
2017-01-07 23:18:42 825536 ---h--w- C:\Program Files (x86)\Internet Explorer\i??pl?r?.b?t.exe
2017-01-07 23:15:19 -------- d-----w- C:\Users\King\AppData\Local\4kdownload.com
2017-01-06 02:41:30 -------- d---a-w- C:\Program Files (x86)\TumblRipper
2017-01-06 02:33:03 -------- d-----w- C:\Users\King\AppData\Local\jzab.de
2017-01-04 23:39:26 -------- d-----w- C:\Users\King\AppData\Local\IsolatedStorage
2017-01-04 23:37:44 -------- d-----w- C:\Users\King\AppData\Roaming\Intuit
2017-01-04 23:36:14 -------- d---a-w- C:\Program Files (x86)\Common Files\Intuit
2017-01-04 23:36:05 -------- d-----w- C:\Program Files (x86)\TurboTax
2017-01-04 23:35:54 -------- d-----w- C:\ProgramData\Intuit
2016-12-27 18:37:07 -------- d-----w- C:\Program Files (x86)\Dropbox
2016-12-27 18:23:52 -------- d-----w- C:\WINDOWS\Panther
2016-12-21 18:15:36 75888 ----a-w- C:\WINDOWS\System32\drivers\dbx-stable.sys
2016-12-21 18:15:36 75888 ----a-w- C:\WINDOWS\System32\drivers\dbx-dev.sys
2016-12-21 18:15:36 75888 ----a-w- C:\WINDOWS\System32\drivers\dbx-canary.sys
2016-12-21 18:15:36 42096 ----a-w- C:\WINDOWS\System32\DbxSvc.exe
2016-12-16 23:23:59 -------- d-----w- C:\Program Files (x86)\GUMCB42.tmp
2016-12-15 13:03:31 85984 ----a-w- C:\WINDOWS\System32\drivers\klupd_klif_kimul.sys
2016-12-15 03:19:48 872408 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2016-12-15 03:19:48 231880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2016-12-15 02:57:00 -------- d-----w- C:\Program Files\iPod
2016-12-15 02:56:59 -------- d---a-w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2016-12-11 23:56:25 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-12-11 23:56:25 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2016-12-10 01:52:21 180224 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2016-12-09 10:42:15 1637728 ----a-w- C:\WINDOWS\System32\appraiser.dll
2016-12-09 10:42:14 137568 ----a-w- C:\WINDOWS\System32\acmigration.dll
2016-12-09 10:34:34 894096 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-12-09 10:34:34 1051112 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-12-09 10:33:26 1354320 ----a-w- C:\WINDOWS\System32\winload.efi
2016-12-09 10:33:26 1173496 ----a-w- C:\WINDOWS\System32\winload.exe
2016-12-09 10:32:11 7816032 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-12-09 10:30:39 377184 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2016-12-09 10:29:23 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-09 10:28:24 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll
2016-12-09 10:27:38 172528 ----a-w- C:\WINDOWS\System32\sspicli.dll
2016-12-09 10:20:21 2677544 ----a-w- C:\WINDOWS\System32\d3d10warp.dll
2016-12-09 10:20:20 2189664 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-12-09 10:20:16 658784 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-12-09 10:20:13 402272 ----a-w- C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-12-09 10:20:12 1738560 ----a-w- C:\WINDOWS\System32\WindowsCodecs.dll
2016-12-09 10:19:35 1293152 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2016-12-09 10:19:21 168424 ----a-w- C:\WINDOWS\System32\bcrypt.dll
2016-12-09 10:18:47 624048 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-12-09 10:18:21 2913144 ----a-w- C:\WINDOWS\System32\combase.dll
2016-12-09 10:18:16 1100128 ----a-w- C:\WINDOWS\System32\hvix64.exe
2016-12-09 10:18:15 1267512 ----a-w- C:\WINDOWS\System32\WinTypes.dll
2016-12-09 10:18:14 811872 ----a-w- C:\WINDOWS\System32\hvloader.exe
2016-12-09 10:18:12 947552 ----a-w- C:\WINDOWS\System32\hvloader.efi
2016-12-09 10:18:09 989024 ----a-w- C:\WINDOWS\System32\hvax64.exe
2016-12-09 10:15:26 8168000 ----a-w- C:\WINDOWS\System32\Windows.Media.Protection.PlayReady.dll
2016-12-09 10:15:18 1988560 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2016-12-09 10:14:50 1274712 ----a-w- C:\WINDOWS\System32\ole32.dll
2016-12-09 10:14:33 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-12-09 10:11:15 2048496 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2016-12-09 10:10:58 1461200 ----a-w- C:\WINDOWS\System32\user32.dll
2016-12-09 10:10:40 1572768 ----a-w- C:\WINDOWS\System32\gdi32full.dll
2016-12-09 10:09:27 455520 ----a-w- C:\WINDOWS\System32\securekernel.exe
2016-12-09 10:01:59 2323728 ----a-w- C:\WINDOWS\SysWow64\d3d10warp.dll
2016-12-09 10:01:43 1503544 ----a-w- C:\WINDOWS\SysWow64\WindowsCodecs.dll
2016-12-09 10:01:08 861024 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2016-12-09 10:00:58 106896 ----a-w- C:\WINDOWS\SysWow64\bcrypt.dll
2016-12-09 09:59:25 846560 ----a-w- C:\WINDOWS\SysWow64\WinTypes.dll
2016-12-09 09:59:24 2166752 ----a-w- C:\WINDOWS\SysWow64\combase.dll
2016-12-09 09:57:01 1852720 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2016-12-09 09:57:00 6668040 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
2016-12-09 09:56:15 959112 ----a-w- C:\WINDOWS\SysWow64\ole32.dll
2016-12-09 09:52:21 1435896 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2016-12-09 09:52:21 1415752 ----a-w- C:\WINDOWS\SysWow64\gdi32full.dll
2016-12-09 09:51:08 117240 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2016-12-09 09:47:29 22563328 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-12-09 09:45:47 40448 ----a-w- C:\WINDOWS\System32\WordBreakers.dll
2016-12-09 09:45:43 206848 ----a-w- C:\WINDOWS\System32\win32k.sys
2016-12-09 09:42:29 227328 ----a-w- C:\WINDOWS\System32\cdd.dll
2016-12-09 09:41:22 380928 ----a-w- C:\WINDOWS\System32\wincorlib.dll
2016-12-09 09:41:06 32768 ----a-w- C:\WINDOWS\SysWow64\WordBreakers.dll
2016-12-09 09:40:38 147968 ----a-w- C:\WINDOWS\SysWow64\win32k.sys
2016-12-09 09:38:39 324608 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:37:29 261632 ----a-w- C:\WINDOWS\System32\indexeddbserver.dll
2016-12-09 09:37:10 411136 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
2016-12-09 09:37:01 49152 ----a-w- C:\WINDOWS\System32\Windows.UI.Shell.dll
2016-12-09 09:36:56 425984 ----a-w- C:\WINDOWS\System32\aadcloudap.dll
2016-12-09 09:36:32 410112 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2016-12-09 09:36:09 3059200 ----a-w- C:\WINDOWS\System32\msi.dll
2016-12-09 09:36:05 231936 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
2016-12-09 09:36:02 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-12-09 09:34:52 822784 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2016-12-09 09:34:31 288768 ----a-w- C:\WINDOWS\SysWow64\wincorlib.dll
2016-12-09 09:33:42 3777536 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2016-12-09 09:33:37 1589760 ----a-w- C:\WINDOWS\System32\msdtctm.dll
2016-12-09 09:32:18 635904 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2016-12-09 09:31:22 3689984 ----a-w- C:\WINDOWS\SysWow64\msi.dll
2016-12-09 09:31:20 198656 ----a-w- C:\WINDOWS\SysWow64\indexeddbserver.dll
2016-12-09 09:31:11 313856 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2016-12-09 09:30:32 19413504 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2016-12-09 09:30:31 4612608 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2016-12-09 09:29:51 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2016-12-09 09:28:55 1004544 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll
2016-12-09 09:28:12 3306496 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2016-12-09 09:27:55 5114368 ----a-w- C:\WINDOWS\System32\cdp.dll
2016-12-09 09:27:36 981504 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.OnlineId.dll
2016-12-09 09:26:32 8129536 ----a-w- C:\WINDOWS\System32\Chakra.dll
2016-12-09 09:26:01 1692672 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.onecore.dll
2016-12-09 09:25:28 376832 ----a-w- C:\WINDOWS\System32\CryptoWinRT.dll
2016-12-09 09:24:21 2275840 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-12-09 09:22:27 1490944 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2016-12-09 09:22:06 2820096 ----a-w- C:\WINDOWS\System32\InputService.dll
2016-12-09 09:22:02 2688512 ----a-w- C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-12-09 09:21:48 4746752 ----a-w- C:\WINDOWS\System32\jscript9.dll
2016-12-09 09:21:42 3616768 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2016-12-09 09:21:31 1512960 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2016-12-09 09:21:04 716800 ----a-w- C:\WINDOWS\System32\ShareHost.dll
2016-12-09 09:20:36 730624 ----a-w- C:\WINDOWS\System32\fveapi.dll
2016-12-09 09:20:35 3198464 ----a-w- C:\WINDOWS\SysWow64\cdp.dll
2016-12-09 09:20:33 6044160 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2016-12-09 09:20:32 172544 ----a-w- C:\WINDOWS\System32\DeviceEnroller.exe
2016-12-09 09:20:05 187392 ----a-w- C:\WINDOWS\System32\mdmregistration.dll
2016-12-09 09:19:46 433664 ----a-w- C:\WINDOWS\System32\TextInputFramework.dll
2016-12-09 09:19:45 1121280 ----a-w- C:\WINDOWS\System32\aadtb.dll
2016-12-09 09:19:43 261120 ----a-w- C:\WINDOWS\System32\Windows.UI.Core.TextInput.dll
2016-12-09 09:19:32 85504 ----a-w- C:\WINDOWS\System32\EditBufferTestHook.dll
2016-12-09 09:19:32 119296 ----a-w- C:\WINDOWS\System32\InputLocaleManager.dll
.
============= FINISH: 11:52:20.38 ===============
Attached Files
File Type: txt attach.txt (11.8 KB, 14 views)
hbkvcu is offline  
Sponsored Links
Advertisement
 
Old 01-08-2017, 02:57 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please uninstall the following via Programs and Features(right-click the Windows "logo" button > Programs and Features) if it still exists:

SafeFinder<<Please read this

If SafeFinder successfully uninstalled, press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Program Files\common files\yni3d42a.0zn"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Please uninstall the following via Programs and Features(right-click the Windows "logo" button > Programs and Features) if it still exists:

AVG SafeGuard toolbar<<Please read this

Please delete the following Folders if they still exist:

C:\Program Files (x86)\AVG SafeGuard toolbar

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-08-2017, 06:55 PM   #3
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



When I tried to uninstall SafeFinder, it would not let me. Should I continue with the other steps?
hbkvcu is offline  
Sponsored Links
Advertisement
 
Old 01-08-2017, 07:02 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Thanks for letting me know. Yes, please proceed.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-09-2017, 08:26 AM   #5
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello,

After I ran ADW Cleaner...when I hit "clean", it gave me the message "PC ran into a problem and need to restart"....I tried it again after restart and it did the same thing.

I did run Farbar Recovery Scan Tool and the FRST.txt results are below...and the Addition.txt is attached:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by King (administrator) on KING-THINK (09-01-2017 11:03:51)
Running from C:\Users\King\Desktop
Loaded Profiles: King (Available Profiles: King)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
() C:\ProgramData\AppalmaaZ\AppalmaaZ.exe
() C:\Program Files\bea878d14047262f9bdcc91e0727ee4e\c17be048d759d83e7f657875f1b60e68.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CREDANT Technologies, Inc.) C:\Windows\System32\EmsService.exe
() C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172\kns1687.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\ProgramData\NetworkPacketManitor\Nettrans.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Windows\SysWOW64\NetUtils2016.exe
() C:\Program Files (x86)\Lenovo Registration\57aOPgt4ww6aG\2ueigXrw.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Search Module Ltd.) C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\Program Files (x86)\Prideful\tommorow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
(IHS7NVYLU) C:\Program Files (x86)\BestCleaner\SBB5R2.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(CREDANT Technologies, Inc.) C:\Windows\System32\EmsServiceHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files (x86)\Prideful\tommorow.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
() C:\Program Files (x86)\Samantha\tommorow.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe
() C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
() C:\Users\King\AppData\Local\Temp\{80a-16-e2-064e7-82199-37af-3b513}\k_&fU0vTSq.exe
() C:\Program Files\0Y9OAVB55A\0Y9OAVB55.exe
() C:\Program Files (x86)\BestCleaner\TSCF211PLH.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\5JQUFPXZFR\5JQUFPXZF.exe
() C:\Program Files (x86)\Prideful\tommorow.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [EmsService] => C:\WINDOWS\system32\EmsServiceHelper.exe [1451072 2013-05-10] (CREDANT Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [stogies] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
HKLM\...\Run: [stogiesstogies] => C:\Program Files (x86)\Samantha\tommorow.exe [10752 2017-01-08] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2016-09-13] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [211880 2012-11-02] (SecureW2 B.V.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-04-01] (Seagate Technology LLC)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [BestCleaner] => C:\Program Files (x86)\BestCleaner\BestCleaner.exe [180736 2016-09-16] () <===== ATTENTION
HKLM-x32\...\Run: [rerouted] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
HKLM-x32\...\Run: [reroutedrerouted] => C:\Program Files (x86)\Samantha\tommorow.exe [10752 2017-01-08] ()
HKLM-x32\...\Run: [AppTrailers] => C:\Users\King\AppData\Roaming\AppTrailers\AppTrailers.exe [47837272 2016-12-28] () <===== ATTENTION
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3386568 2016-12-05] (COMODO)
HKLM\...\RunOnce: [OMEWPRODUCT_EL2PZ] => C:\Program Files (x86)\BestCleaner\SBB5R2.exe [411648 2017-01-08] (IHS7NVYLU) <===== ATTENTION
HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] () <===== ATTENTION
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [Publisher] => C:\Users\King\AppData\Local\Temp\{80a-16-e2-064e7-82199-37af-3b513}\k_&fU0vTSq.exe [1099776 2017-01-08] () <===== ATTENTION
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [VBY84JDFWJ] => C:\Program Files\0Y9OAVB55A\0Y9OAVB55.exe [369664 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [DGR9J4Y45H] => C:\Program Files (x86)\BestCleaner\TSCF211PLH.exe [369664 2017-01-08] () <===== ATTENTION
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [58DX37UZJF] => C:\Program Files\5JQUFPXZFR\5JQUFPXZF.exe [369664 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [maitland] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [maitlandmaitland] => C:\Program Files (x86)\Samantha\tommorow.exe [10752 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [announce] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [announceannounce] => C:\Program Files (x86)\Samantha\tommorow.exe [10752 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [caches] => C:\Program Files (x86)\capitalizing\caches.exe [68881 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [baroda] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [NSAO428QTK] => C:\Program Files\EHELKXV8R8\R6K0SW19Q.exe [369664 2017-01-09] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\MountPoints2: {9ddcef6e-d95b-11e3-8414-b8763faecc37} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-18\...\Run: [asxcec] => rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\asxcec.dll",asxcec <===== ATTENTION
AppInit_DLLs: C:\ProgramData\AppalmaaZ\Lam-Core.dll => C:\ProgramData\AppalmaaZ\Lam-Core.dll [358912 2017-01-08] ()
AppInit_DLLs-x32: C:\ProgramData\AppalmaaZ\InKix.dll => C:\ProgramData\AppalmaaZ\InKix.dll [248320 2017-01-08] ()
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-09-10]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\notices.lnk [2017-01-08]
ShortcutTarget: notices.lnk -> C:\Program Files (x86)\Prideful\tommorow.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{287b1ad6-97da-4607-a580-2abda2c5ac79}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{98bff00c-bb80-4b13-9b96-7b50f97f6435}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131283689019203025&GUID=440DE059-7555-4ADA-B49D-1DF723670395
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYVBuQ5blXdCf7sip7grDpBPa02pNM8ihPss8zcSf-DDRGtaD1guzquZyt9mmW2PL_7JH0BFyU,&q={searchTerms}
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131283689019214843&GUID=440DE059-7555-4ADA-B49D-1DF723670395
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYVBuQ5blXdCf7sip7grDpBPa02pNM8ihPss8zcSf-DDRGtaD1guzquZyt9mmW2PL_7JH0BFyU,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYVBuQ5blXdCf7sip7grDpBPa02pNM8ihPss8zcSf-DDRGtaD1guzquZyt9mmW2PL_7JH0BFyU,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS556
SearchScopes: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYVBuQ5blXdCf7sip7grDpBPa02pNM8ihPss8zcSf-DDRGtaD1guzquZyt9mmW2PL_7JH0BFyU,&q={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 [2017-01-09]
FF NewTab: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 ->
FF Homepage: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
FF Keyword.URL: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
FF SearchPlugin: C:\Users\King\AppData\Roaming\Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013\searchplugins\smod.xml [2017-01-08]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2017-01-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2017-01-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\King\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-07-14] (Cisco WebEx LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\King\AppData\Local\Google\Chrome\User Data\Default [2017-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-03]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AppalmaaZ; C:\ProgramData\\AppalmaaZ\\AppalmaaZ.exe [629760 2017-01-08] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 bea878d14047262f9bdcc91e0727ee4e; C:\Program Files\bea878d14047262f9bdcc91e0727ee4e\c17be048d759d83e7f657875f1b60e68.exe [5677056 2017-01-05] () [File not signed] <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-27] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 EMS; C:\WINDOWS\system32\EMSService.exe [1947200 2013-05-10] (CREDANT Technologies, Inc.)
R2 hemifumu; C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172\kns1687.tmp [433664 2017-01-09] () [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118472 2016-12-05] (COMODO)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Nettrans; C:\ProgramData\NetworkPacketManitor\Nettrans.exe [43520 2017-01-08] () [File not signed]
R2 NetUtils2016srv; C:\WINDOWS\SysWOW64\NetUtils2016.exe [470592 2017-01-07] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ProntSpooler; C:\Program Files (x86)\Lenovo Registration\57aOPgt4ww6aG\2ueigXrw.exe [138752 2017-01-08] () [File not signed] <==== ATTENTION
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [3109888 2017-01-08] (Search Module Ltd.) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
R2 SW2SVC; C:\Program Files (x86)\SecureW2\sw2_service.exe [106920 2012-11-02] (SecureW2 B.V.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [259176 2016-10-03] (Synaptics Incorporated)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 1077e384334f86e0b0825501fc856a4c; C:\WINDOWS\system32\drivers\1077e384334f86e0b0825501fc856a4c.sys [95040 2017-01-05] (3BE4Z1) <==== ATTENTION
S3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R0 CmgPCS; C:\WINDOWS\System32\DRIVERS\CmgPCS.sys [144168 2013-05-10] (CREDANT Technologies, Inc.)
R0 CmgShieldCEF; C:\WINDOWS\System32\DRIVERS\CMGShCEF.sys [381224 2013-05-10] (CREDANT Technologies, Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c64x64.sys [468752 2014-06-27] (Intel Corporation)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R1 EpfwLWF; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [52960 2016-12-05] (COMODO)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-14] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-30] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [435032 2016-09-08] (AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2017-01-08] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-07] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-07] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-18] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [218920 2016-12-08] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [85984 2016-12-15] ()
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [245512 2016-12-08] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [104720 2016-12-08] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [164888 2016-12-08] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-07] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-15] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [909944 2017-01-07] () <==== ATTENTION
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52912 2015-08-07] (Synaptics Incorporated)
R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2017-01-08] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Tvti2c; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\WINDOWS\system32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 pirxtjhy; \??\C:\WINDOWS\system32\drivers\pirxtjhy.sys [X]
S1 sesesqst; \??\C:\WINDOWS\system32\drivers\sesesqst.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-09 11:03 - 2017-01-09 11:04 - 00041699 _____ C:\Users\King\Desktop\FRST.txt
2017-01-09 11:02 - 2017-01-09 11:03 - 00404244 _____ C:\WINDOWS\Minidump\010917-16375-01.dmp
2017-01-09 10:42 - 2017-01-09 11:02 - 985428876 _____ C:\WINDOWS\MEMORY.DMP
2017-01-09 10:42 - 2017-01-09 10:42 - 00390676 _____ C:\WINDOWS\Minidump\010917-18703-01.dmp
2017-01-09 10:39 - 2017-01-09 10:39 - 00000000 ____D C:\Program Files (x86)\COMODO
2017-01-09 10:39 - 2016-12-05 20:21 - 00307432 _____ (COMODO) C:\WINDOWS\system32\iseguard64.dll
2017-01-09 10:39 - 2016-12-05 20:21 - 00235696 _____ (COMODO) C:\WINDOWS\SysWOW64\iseguard32.dll
2017-01-09 10:39 - 2016-12-05 20:20 - 00052960 _____ (COMODO) C:\WINDOWS\system32\Drivers\isedrv.sys
2017-01-09 10:37 - 2017-01-09 10:56 - 00000000 ____D C:\Program Files\COMODO
2017-01-09 10:37 - 2017-01-09 10:39 - 00000000 ____D C:\ProgramData\COMODO
2017-01-09 10:37 - 2017-01-09 10:37 - 08784996 _____ C:\xpack0109_US.1483971716.exe
2017-01-09 10:36 - 2017-01-09 10:36 - 00000000 ____D C:\ProgramData\AppalmaaZs
2017-01-09 10:35 - 2017-01-09 11:03 - 02419200 _____ (Farbar) C:\Users\King\Desktop\FRST64.exe
2017-01-09 10:35 - 2017-01-09 11:01 - 00000000 ____D C:\AdwCleaner
2017-01-09 10:35 - 2017-01-09 10:35 - 03988944 _____ C:\Users\King\Desktop\AdwCleaner.exe
2017-01-09 10:34 - 2017-01-09 10:35 - 00000000 ____D C:\Program Files\EHELKXV8R8
2017-01-09 02:13 - 2017-01-09 10:39 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D22C05AF-AB4A-4F0A-A6E9-1D69915402C5}
2017-01-08 22:22 - 2017-01-09 10:59 - 00000000 ____D C:\Users\King\AppData\Local\AppTrailers
2017-01-08 22:21 - 2017-01-08 22:21 - 00003862 _____ C:\WINDOWS\System32\Tasks\k89601967
2017-01-08 22:21 - 2017-01-08 22:21 - 00003854 _____ C:\WINDOWS\System32\Tasks\89601967
2017-01-08 22:21 - 2017-01-08 22:21 - 00003854 _____ C:\WINDOWS\System32\Tasks\40306248
2017-01-08 22:21 - 2017-01-08 22:21 - 00003846 _____ C:\WINDOWS\System32\Tasks\57888333
2017-01-08 22:21 - 2017-01-08 22:21 - 00003724 _____ C:\WINDOWS\System32\Tasks\bak89601967k89601967
2017-01-08 22:21 - 2017-01-08 22:21 - 00003714 _____ C:\WINDOWS\System32\Tasks\ba8960196789601967
2017-01-08 22:21 - 2017-01-08 22:21 - 00003714 _____ C:\WINDOWS\System32\Tasks\ba4030624840306248
2017-01-08 22:21 - 2017-01-08 22:21 - 00003706 _____ C:\WINDOWS\System32\Tasks\ba5788833357888333
2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ___HD C:\Program Files (x86)\Samantha
2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ___HD C:\Program Files (x86)\Prideful
2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ___HD C:\Program Files (x86)\capitalizing
2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ____D C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers
2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ____D C:\Users\King\AppData\Roaming\AppTrailers
2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ____D C:\Program Files (x86)\mcclatchy
2017-01-08 22:20 - 2017-01-08 22:20 - 00000000 ____D C:\Users\King\AppData\Local\CrashRpt
2017-01-08 19:02 - 2017-01-08 19:02 - 00000000 ____D C:\Users\King\AppData\Local\ElevatedDiagnostics
2017-01-08 19:00 - 2017-01-08 19:00 - 00003718 _____ C:\WINDOWS\System32\Tasks\{E963B640-CB27-40CE-BF40-C1A7979D586B}
2017-01-08 19:00 - 2017-01-08 19:00 - 00000000 ____D C:\Program Files\D40I38O6T3
2017-01-08 13:25 - 2017-01-09 11:07 - 08784996 _____ C:\WINDOWS\SysWOW64\SendRequest Error
2017-01-08 12:21 - 2017-01-08 12:25 - 00000000 ____D C:\Program Files\5JQUFPXZFR
2017-01-08 12:20 - 2017-01-08 19:03 - 00003318 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2017-01-08 12:20 - 2017-01-08 12:24 - 00000000 ____D C:\Program Files (x86)\BestCleaner
2017-01-08 12:19 - 2017-01-09 11:03 - 00000000 ____D C:\Users\King\AppData\Local\app
2017-01-08 12:19 - 2017-01-08 20:33 - 00000000 ____D C:\Users\King\AppData\Local\BrowserAir
2017-01-08 12:17 - 2017-01-08 20:30 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-01-08 12:17 - 2017-01-08 20:30 - 00004400 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_33353839343531342d555b373434412d45325a5b6c
2017-01-08 12:17 - 2017-01-08 13:53 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-08 12:17 - 2017-01-08 12:17 - 00001150 _____ C:\Users\Public\Desktop\KNCTR.lnk
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\Users\King\AppData\Roaming\Itibiti
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\ProgramData\SearchModule
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\Program Files\bea878d14047262f9bdcc91e0727ee4e
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2017-01-08 12:16 - 2017-01-09 10:33 - 00000000 ____D C:\Program Files (x86)\ScreenShared
2017-01-08 12:16 - 2017-01-08 20:30 - 00439808 _____ C:\ProgramData\smp2.exe
2017-01-08 12:16 - 2017-01-08 20:30 - 00004242 _____ C:\WINDOWS\System32\Tasks\SMW_P
2017-01-08 12:16 - 2017-01-08 12:16 - 00001125 _____ C:\Users\King\Desktop\ScreenShared.lnk
2017-01-08 12:15 - 2017-01-08 12:20 - 00000000 ____D C:\Program Files\0Y9OAVB55A
2017-01-08 12:15 - 2017-01-08 12:19 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2017-01-08 12:15 - 2017-01-08 12:15 - 00000334 _____ C:\Users\King\Desktop\Booking.com.url
2017-01-08 12:15 - 2017-01-08 12:15 - 00000329 _____ C:\Users\King\Desktop\AliExpress.url
2017-01-08 12:08 - 2017-01-09 10:54 - 00001490 _____ C:\Users\King\Desktop\Google Chrome.lnk
2017-01-08 11:52 - 2017-01-08 11:52 - 00053188 _____ C:\Users\King\Desktop\dds.txt
2017-01-08 11:52 - 2017-01-08 11:52 - 00012072 _____ C:\Users\King\Desktop\attach.txt
2017-01-08 11:50 - 2017-01-08 11:51 - 00688992 ____R (Swearware) C:\Users\King\Downloads\dds.scr
2017-01-08 07:06 - 2017-01-08 07:06 - 00283136 _____ C:\WINDOWS\system32\bi3.exe
2017-01-08 06:09 - 2017-01-08 06:09 - 00010752 _____ C:\WINDOWS\styrofoam.exe
2017-01-08 06:09 - 2017-01-08 06:09 - 00010752 _____ C:\Users\King\AppData\Local\tommorow.exe
2017-01-07 18:36 - 2017-01-09 10:33 - 00000000 ____D C:\ProgramData\AppalmaaZ
2017-01-07 18:20 - 2017-01-08 21:56 - 00000000 ____D C:\Users\King\AppData\Local\DailyBee
2017-01-07 18:20 - 2017-01-08 12:09 - 00000000 ____D C:\ProgramData\Logic Handler
2017-01-07 18:20 - 2017-01-08 02:39 - 00000000 ____D C:\ProgramData\Zaamla
2017-01-07 18:20 - 2017-01-08 02:39 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
2017-01-07 18:20 - 2017-01-07 18:20 - 07316480 _____ C:\Users\King\AppData\Roaming\agent.dat
2017-01-07 18:20 - 2017-01-07 18:20 - 01938538 _____ C:\Users\King\AppData\Roaming\Fixcore.bin
2017-01-07 18:20 - 2017-01-07 18:20 - 01908050 _____ C:\Users\King\AppData\Roaming\RedKayphase.tst
2017-01-07 18:20 - 2017-01-07 18:20 - 00126464 _____ C:\Users\King\AppData\Roaming\noah.dat
2017-01-07 18:20 - 2017-01-07 18:20 - 00070704 _____ C:\Users\King\AppData\Roaming\Config.xml
2017-01-07 18:20 - 2017-01-07 18:20 - 00018432 _____ C:\Users\King\AppData\Roaming\Main.dat
2017-01-07 18:20 - 2017-01-07 18:20 - 00005568 _____ C:\Users\King\AppData\Roaming\md.xml
2017-01-07 18:20 - 2017-01-07 18:20 - 00000000 ____D C:\ProgramData\Zaamlas
2017-01-07 18:20 - 2017-01-07 18:19 - 00629760 _____ C:\Users\King\AppData\Roaming\RedKayphase.exe
2017-01-07 18:19 - 2017-01-09 11:03 - 00625272 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-01-07 18:19 - 2017-01-09 01:50 - 00000000 ____D C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172
2017-01-07 18:19 - 2017-01-07 18:19 - 00909944 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
2017-01-07 18:19 - 2017-01-07 18:19 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\King\Downloads\libeay32.dll
2017-01-07 18:19 - 2017-01-07 18:19 - 00470592 _____ C:\WINDOWS\SysWOW64\NetUtils2016.exe
2017-01-07 18:19 - 2017-01-07 18:19 - 00152576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\King\Downloads\ssleay32.dll
2017-01-07 18:19 - 2017-01-07 18:19 - 00140288 _____ C:\Users\King\AppData\Roaming\Installer.dat
2017-01-07 18:19 - 2017-01-07 18:19 - 00016224 _____ C:\Users\King\AppData\Roaming\InstallationConfiguration.xml
2017-01-07 18:19 - 2017-01-07 18:19 - 00000000 ____D C:\WINDOWS\SysWOW64\sstmp
2017-01-07 18:19 - 2017-01-07 18:19 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-07 18:19 - 2017-01-07 18:19 - 00000000 _____ C:\TOSTACK
2017-01-07 18:17 - 2017-01-09 10:55 - 00001081 _____ C:\Users\Public\Desktop\Download 4K Stogram 2.1...lnk
2017-01-07 18:16 - 2017-01-07 18:17 - 04586664 _____ (Software company) C:\Users\King\Downloads\4K Stogram 2.1.exe
2017-01-07 18:15 - 2017-01-07 18:15 - 00000000 ____D C:\Users\King\AppData\Local\4kdownload.com
2017-01-07 18:14 - 2017-01-07 18:14 - 23207288 _____ (Open Media LLC ) C:\Users\King\Downloads\4kstogram_2.2.exe
2017-01-05 21:41 - 2017-01-08 02:39 - 00000000 ____D C:\Program Files (x86)\TumblRipper
2017-01-05 21:41 - 2017-01-05 21:41 - 00911640 _____ (TumblRipper ) C:\Users\King\Downloads\TumblRipper (1).exe
2017-01-05 21:41 - 2017-01-05 21:41 - 00001219 ____N C:\Users\King\Desktop\TumblRipper.lnk
2017-01-05 21:40 - 2017-01-05 21:40 - 00021113 _____ C:\Users\King\Downloads\TumblRipper.zip
2017-01-05 21:37 - 2017-01-05 21:30 - 00238592 _____ (jzab.de) C:\Users\King\Desktop\TumblTwo.exe
2017-01-05 21:33 - 2017-01-08 02:39 - 00000000 ____D C:\Users\King\AppData\Local\jzab.de
2017-01-05 21:32 - 2017-01-05 21:32 - 00000000 ____D C:\Users\King\Desktop\Blog Folder
2017-01-05 21:31 - 2017-01-05 21:31 - 00000000 ____D C:\Users\King\Desktop\New folder (2)
2017-01-05 21:30 - 2017-01-05 21:30 - 00000000 ____D C:\Users\King\Downloads\Blogs
2017-01-05 21:29 - 2017-01-05 21:30 - 00238592 _____ (jzab.de) C:\Users\King\Downloads\TumblTwo.exe
2017-01-05 16:53 - 2017-01-05 16:53 - 02137268 _____ C:\WINDOWS\ac8c91e439245447efbef08c70bb65f1.exe
2017-01-05 16:49 - 2017-01-05 16:49 - 00095040 _____ (3BE4Z1) C:\WINDOWS\system32\Drivers\1077e384334f86e0b0825501fc856a4c.sys
2017-01-04 18:45 - 2017-01-04 18:45 - 00000000 ____D C:\Users\King\Documents\TurboTax
2017-01-04 18:39 - 2017-01-04 18:39 - 00000000 ____D C:\Users\King\AppData\Local\IsolatedStorage
2017-01-04 18:37 - 2017-01-04 18:45 - 00000000 ____D C:\Users\King\AppData\Roaming\Intuit
2017-01-04 18:36 - 2017-01-08 02:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016
2017-01-04 18:36 - 2017-01-04 18:37 - 00000319 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-01-04 18:36 - 2017-01-04 18:36 - 00002529 ____N C:\Users\Public\Desktop\TurboTax 2016.lnk
2017-01-04 18:36 - 2017-01-04 18:36 - 00000000 ____D C:\Program Files (x86)\TurboTax
2017-01-04 18:35 - 2017-01-04 18:36 - 00000000 ____D C:\ProgramData\Intuit
2017-01-04 18:31 - 2017-01-04 18:35 - 122027056 _____ C:\Users\King\Downloads\TT Deluxe 2016 - Kaff.exe
2016-12-28 23:14 - 2016-12-28 23:15 - 01168847 _____ C:\Users\King\Desktop\LYV_Revised Logo.png
2016-12-27 17:30 - 2016-12-27 17:34 - 238539718 _____ C:\Users\King\Downloads\su_top100_downloads.zip
2016-12-27 14:05 - 2016-10-24 09:51 - 00259048 ____N C:\Users\King\Desktop\576735790.jpg
2016-12-27 13:39 - 2017-01-09 10:58 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-12-27 13:39 - 2017-01-08 02:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-27 13:37 - 2017-01-07 18:21 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-27 13:37 - 2017-01-07 18:21 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-27 13:37 - 2016-12-27 13:42 - 00003986 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-12-27 13:37 - 2016-12-27 13:42 - 00003754 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-12-27 13:37 - 2016-12-27 13:39 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-27 13:36 - 2016-12-27 13:37 - 00688536 _____ (Dropbox, Inc.) C:\Users\King\Downloads\DropboxInstaller.exe
2016-12-27 13:23 - 2016-12-27 13:23 - 00000000 ____D C:\WINDOWS\Panther
2016-12-25 21:09 - 2016-12-25 21:13 - 385265431 _____ C:\Users\King\Desktop\The Invitation.mp4
2016-12-23 20:16 - 2016-12-25 02:09 - 00001889 _____ C:\WINDOWS\setupact.log
2016-12-23 20:16 - 2016-12-23 20:27 - 00000000 ____D C:\Users\King\Desktop\Tasha's Phone Files (as of 12-23-16)
2016-12-21 13:15 - 2016-12-21 13:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-12-21 13:15 - 2016-12-21 13:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-12-21 13:15 - 2016-12-21 13:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-12-21 13:15 - 2016-12-21 13:15 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-12-19 19:48 - 2016-12-19 19:48 - 00003278 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-16 18:23 - 2016-12-16 18:23 - 00000000 ____D C:\Program Files (x86)\GUMCB42.tmp
2016-12-15 08:03 - 2016-12-15 08:03 - 00085984 _____ C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2016-12-14 22:05 - 2016-12-09 05:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 22:05 - 2016-12-09 05:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 22:05 - 2016-12-09 05:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 22:05 - 2016-12-09 05:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 22:05 - 2016-12-09 05:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 22:05 - 2016-12-09 05:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 22:05 - 2016-12-09 05:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 22:05 - 2016-12-09 05:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 22:05 - 2016-12-09 05:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 22:05 - 2016-12-09 05:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 22:05 - 2016-12-09 05:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 22:05 - 2016-12-09 05:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 22:05 - 2016-12-09 05:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 22:05 - 2016-12-09 05:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 22:05 - 2016-12-09 05:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 22:05 - 2016-12-09 05:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 22:05 - 2016-12-09 05:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 22:05 - 2016-12-09 05:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 22:05 - 2016-12-09 05:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 22:05 - 2016-12-09 05:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 22:05 - 2016-12-09 05:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 22:05 - 2016-12-09 05:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 22:05 - 2016-12-09 05:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 22:05 - 2016-12-09 05:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 22:05 - 2016-12-09 05:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 22:05 - 2016-12-09 05:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 22:05 - 2016-12-09 05:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 22:05 - 2016-12-09 05:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 22:05 - 2016-12-09 05:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 22:05 - 2016-12-09 05:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 22:05 - 2016-12-09 05:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 22:05 - 2016-12-09 05:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 22:05 - 2016-12-09 05:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 22:05 - 2016-12-09 05:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 22:05 - 2016-12-09 05:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 22:05 - 2016-12-09 05:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 22:05 - 2016-12-09 05:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 22:05 - 2016-12-09 04:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 22:05 - 2016-12-09 04:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 22:05 - 2016-12-09 04:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 22:05 - 2016-12-09 04:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 22:05 - 2016-12-09 04:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 22:05 - 2016-12-09 04:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 22:05 - 2016-12-09 04:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 22:05 - 2016-12-09 04:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 22:05 - 2016-12-09 04:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 22:05 - 2016-12-09 04:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 22:05 - 2016-12-09 04:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 22:05 - 2016-12-09 04:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 22:05 - 2016-12-09 04:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 22:05 - 2016-12-09 04:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 22:05 - 2016-12-09 04:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 22:05 - 2016-12-09 04:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 22:05 - 2016-12-09 04:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 22:05 - 2016-12-09 04:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 22:05 - 2016-12-09 04:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 22:05 - 2016-12-09 04:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 22:05 - 2016-12-09 04:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 22:05 - 2016-12-09 04:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 22:05 - 2016-12-09 04:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 22:05 - 2016-12-09 04:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 22:05 - 2016-12-09 04:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 22:05 - 2016-12-09 04:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 22:05 - 2016-12-09 04:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 22:05 - 2016-12-09 04:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 22:05 - 2016-12-09 04:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 22:05 - 2016-12-09 04:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 22:05 - 2016-12-09 04:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 22:05 - 2016-12-09 04:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 22:05 - 2016-12-09 04:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 22:05 - 2016-12-09 04:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 22:05 - 2016-12-09 04:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 22:05 - 2016-12-09 04:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 22:05 - 2016-12-09 04:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 22:05 - 2016-12-09 04:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 22:05 - 2016-12-09 04:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 22:05 - 2016-12-09 04:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 22:05 - 2016-12-09 04:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 22:05 - 2016-12-09 04:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 22:05 - 2016-12-09 04:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 22:05 - 2016-12-09 04:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 22:05 - 2016-12-09 04:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 22:05 - 2016-12-09 04:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 22:05 - 2016-12-09 04:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 22:05 - 2016-12-09 04:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 22:05 - 2016-12-09 04:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 22:05 - 2016-12-09 04:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 22:05 - 2016-12-09 04:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 22:05 - 2016-12-09 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 22:05 - 2016-12-09 04:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 22:05 - 2016-12-09 04:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 22:05 - 2016-12-09 04:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 22:05 - 2016-12-09 04:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 22:05 - 2016-12-09 04:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 22:05 - 2016-12-09 04:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 22:05 - 2016-12-09 04:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 22:05 - 2016-12-09 04:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 22:05 - 2016-12-09 04:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 22:05 - 2016-12-09 04:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 22:05 - 2016-12-09 04:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 22:05 - 2016-12-09 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 22:05 - 2016-12-09 04:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 22:05 - 2016-12-09 04:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 22:05 - 2016-12-09 04:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 22:05 - 2016-12-09 04:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 22:05 - 2016-12-09 04:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 22:05 - 2016-12-09 04:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 22:05 - 2016-12-09 04:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 22:05 - 2016-12-09 04:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 22:05 - 2016-12-09 04:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 22:05 - 2016-12-09 04:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 22:05 - 2016-12-09 04:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 22:05 - 2016-12-09 03:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 22:05 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 22:05 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 22:05 - 2016-09-15 11:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-14 21:58 - 2017-01-08 02:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-12-14 21:57 - 2017-01-08 02:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-14 21:57 - 2016-12-14 21:57 - 00001833 ____N C:\Users\Public\Desktop\iTunes.lnk
2016-12-14 21:57 - 2016-12-14 21:57 - 00000000 ____D C:\Program Files\iPod
2016-12-14 21:56 - 2016-12-14 21:57 - 00000000 ____D C:\Program Files\iTunes
2016-12-10 15:54 - 2016-12-11 02:58 - 00002457 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-12-10 15:54 - 2016-12-10 15:54 - 00002135 ____N C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-12-10 12:15 - 2016-12-10 12:15 - 00031214 _____ C:\Users\King\Desktop\Sermon 2015 07-12.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-09 11:10 - 2016-11-19 03:11 - 00000000 ____D C:\Users\King\AppData\LocalLow\Mozilla
2017-01-09 11:06 - 2016-08-10 17:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-01-09 11:05 - 2014-05-02 15:47 - 00000000 ___RD C:\Users\King\Dropbox
2017-01-09 11:04 - 2016-09-13 02:30 - 19120128 ____S C:\WINDOWS\system32\config\SYSTEM.CB1
2017-01-09 11:03 - 2016-09-12 20:08 - 00000000 ____D C:\FRST
2017-01-09 11:03 - 2016-05-31 06:49 - 00000000 __SHD C:\Users\King\IntelGraphicsProfiles
2017-01-09 11:02 - 2016-09-14 01:04 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-09 11:02 - 2016-09-13 02:28 - 19120128 ____S C:\WINDOWS\system32\config\SYSTEM.CB2
2017-01-09 11:02 - 2016-09-13 02:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-09 11:02 - 2016-09-13 02:19 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-09 10:56 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-09 10:56 - 2016-05-28 21:29 - 00000160 _____ C:\WINDOWS\wininit.ini
2017-01-09 10:55 - 2016-06-29 01:14 - 00001627 _____ C:\Users\King\Desktop\CopyTrans Control Center.lnk
2017-01-09 10:51 - 2016-09-13 02:20 - 00896170 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-09 10:43 - 2016-09-13 02:28 - 19120128 ____S C:\WINDOWS\system32\config\SYSTEM.CB3
2017-01-09 02:14 - 2013-10-02 00:34 - 00000000 ____D C:\Users\King\AppData\LocalLow\VeriSign
2017-01-08 21:49 - 2016-09-13 02:20 - 00000000 ____D C:\Users\King
2017-01-08 12:24 - 2013-07-05 19:35 - 00000000 ____D C:\Program Files (x86)\Lenovo Registration
2017-01-08 12:12 - 2016-09-22 18:44 - 00002045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-08 11:45 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-08 02:39 - 2016-11-17 20:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-08 02:39 - 2016-11-03 18:16 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-08 02:39 - 2016-09-10 02:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-08 02:39 - 2016-08-10 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-01-08 02:39 - 2016-08-10 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2017-01-08 02:39 - 2016-07-02 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2017-01-08 02:39 - 2016-06-29 01:14 - 00000000 ____D C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2017-01-08 02:39 - 2015-10-03 16:26 - 00000000 ____D C:\Users\King\Desktop\Computer Desktop Folder
2017-01-08 02:39 - 2015-06-11 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage
2017-01-08 02:39 - 2015-04-01 18:15 - 00000000 ____D C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InViewer
2017-01-08 02:39 - 2015-03-12 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2017-01-08 02:39 - 2014-10-18 21:01 - 00000000 ____D C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Appnimi
2017-01-08 02:39 - 2014-10-18 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-08 02:39 - 2014-02-22 17:17 - 00000000 ____D C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2017-01-08 02:39 - 2014-02-08 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-08 02:39 - 2014-02-08 17:00 - 00000000 ____D C:\ProgramData\HP
2017-01-08 02:39 - 2013-11-08 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerZip 6.5
2017-01-08 02:39 - 2013-11-05 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-08 02:39 - 2013-10-30 10:02 - 00000000 ____D C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
2017-01-08 02:39 - 2013-10-11 18:58 - 00000000 ____D C:\Users\King\AppData\Roaming\vlc
2017-01-08 02:39 - 2013-10-11 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-01-08 02:39 - 2013-10-11 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-01-08 02:39 - 2013-07-05 19:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-01-08 02:39 - 2013-07-05 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-01-08 02:39 - 2013-07-05 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
2017-01-08 02:39 - 2013-07-05 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel DVD MovieFactory Lenovo Edition
2017-01-08 02:39 - 2013-07-05 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2017-01-08 02:39 - 2013-07-05 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel
2017-01-08 02:39 - 2013-07-05 19:27 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2017-01-08 02:39 - 2013-07-05 19:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-01-08 02:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\registration
2017-01-07 18:24 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-07 18:21 - 2016-09-13 02:18 - 00327968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-07 18:18 - 2016-09-22 18:44 - 00002027 ____R C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2017-01-06 13:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-05 13:06 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-01 21:03 - 2016-12-09 19:11 - 00000000 ____D C:\Users\King\Desktop\New Folder
2017-01-01 20:57 - 2016-02-28 02:47 - 00000000 ____D C:\Users\King\Desktop\New folder (9)
2017-01-01 20:40 - 2013-10-02 00:31 - 00083448 _____ C:\Users\King\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-28 18:07 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-12-27 13:39 - 2015-06-19 16:11 - 00000000 ____D C:\Users\King\AppData\Local\Dropbox
2016-12-27 13:39 - 2014-05-02 15:47 - 00001310 ____N C:\Users\King\Desktop\Dropbox.lnk
2016-12-27 13:39 - 2014-05-02 15:46 - 00000000 ____D C:\Users\King\AppData\Roaming\Dropbox
2016-12-19 20:21 - 2016-09-13 02:20 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{b794f0c9-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000001.regtrans-ms
2016-12-19 20:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-19 19:48 - 2016-05-31 06:52 - 00002412 ____N C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-19 19:48 - 2016-05-31 06:52 - 00000000 ___RD C:\Users\King\OneDrive
2016-12-16 23:23 - 2016-09-13 02:27 - 00003446 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d1ab19d340ffd5
2016-12-16 23:23 - 2016-09-13 02:27 - 00003322 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d1ab19d322f014
2016-12-15 23:13 - 2016-09-13 02:18 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{b794f0cf-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 23:13 - 2016-09-13 02:18 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{b794f0cf-4b5d-11e6-80e4-e41d2d719790}.TM.blf
2016-12-15 23:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-15 23:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-15 23:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-15 23:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-15 23:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-15 23:13 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-15 23:12 - 2016-07-16 06:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-15 21:02 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-15 20:57 - 2013-10-23 17:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-15 20:55 - 2013-10-23 17:24 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-15 20:13 - 2016-06-07 16:31 - 00000000 ___RD C:\Users\King\iCloudDrive
2016-12-15 20:13 - 2013-10-03 18:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-15 20:13 - 2013-10-03 17:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-15 20:12 - 2016-09-13 02:20 - 00524288 ___SH C:\Users\King\NTUSER.DAT{af4ce2fd-798a-11e6-89f2-ca5611b9cd57}.TMContainer00000000000000000002.regtrans-ms
2016-12-15 20:12 - 2016-09-13 02:20 - 00065536 ___SH C:\Users\King\NTUSER.DAT{af4ce2fd-798a-11e6-89f2-ca5611b9cd57}.TM.blf
2016-12-15 20:12 - 2016-09-13 02:20 - 00000000 ____D C:\Users\King\AppData\Local\Microsoft
2016-12-14 22:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-14 22:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-14 21:57 - 2014-03-14 14:58 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-11 18:56 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 18:56 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 02:36 - 2016-09-13 17:12 - 00000174 ___SH C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-11 02:36 - 2016-02-13 08:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-11 02:36 - 2013-10-02 00:37 - 00000402 ___SH C:\Users\King\Documents\desktop.ini
2016-12-11 02:36 - 2013-10-02 00:37 - 00000282 ___SH C:\Users\King\Downloads\desktop.ini
2016-12-11 02:36 - 2013-10-02 00:37 - 00000282 ___SH C:\Users\King\Desktop\desktop.ini
2016-12-11 02:36 - 2013-10-02 00:37 - 00000174 ___SH C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-11 02:36 - 2013-10-02 00:37 - 00000000 ___RD C:\Users\King\Searches
2016-12-11 02:36 - 2013-10-02 00:37 - 00000000 ___RD C:\Users\King\Contacts
2016-12-11 02:36 - 2013-10-02 00:37 - 00000000 ___RD C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-11 02:36 - 2013-10-02 00:31 - 00000000 ___RD C:\Users\King\Videos
2016-12-11 02:36 - 2013-10-02 00:31 - 00000000 ___RD C:\Users\King\Saved Games
2016-12-11 02:36 - 2013-10-02 00:31 - 00000000 ___RD C:\Users\King\Music
2016-12-11 02:36 - 2013-10-02 00:31 - 00000000 ___RD C:\Users\King\Links
2016-12-11 02:36 - 2013-10-02 00:31 - 00000000 ___RD C:\Users\King\Favorites
2016-12-10 17:40 - 2016-07-16 01:04 - 00016384 _____ C:\Users\Default\ntuser.dat
2016-12-10 17:38 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-10 17:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-10 17:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-10 17:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-10 17:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-10 17:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2016-12-10 17:38 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-10 17:38 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-10 17:38 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-10 17:38 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-10 17:38 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-10 17:38 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-10 17:38 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-10 15:55 - 2014-09-13 14:48 - 00000000 ____D C:\Users\King\AppData\Local\Adobe
2016-12-10 15:54 - 2016-09-13 02:27 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-12-10 15:54 - 2013-07-05 19:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-10 15:53 - 2013-07-05 19:28 - 00000000 ____D C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2017-01-07 18:20 - 2017-01-07 18:20 - 7316480 _____ () C:\Users\King\AppData\Roaming\agent.dat
2017-01-08 12:15 - 2017-01-08 12:15 - 0023622 _____ () C:\Users\King\AppData\Roaming\aliexpress.ico
2017-01-08 12:15 - 2017-01-08 12:15 - 0099678 _____ () C:\Users\King\AppData\Roaming\booking.ico
2017-01-07 18:20 - 2017-01-07 18:20 - 0070704 _____ () C:\Users\King\AppData\Roaming\Config.xml
2017-01-07 18:20 - 2017-01-07 18:20 - 1938538 _____ () C:\Users\King\AppData\Roaming\Fixcore.bin
2017-01-07 18:19 - 2017-01-07 18:19 - 0016224 _____ () C:\Users\King\AppData\Roaming\InstallationConfiguration.xml
2017-01-07 18:19 - 2017-01-07 18:19 - 0140288 _____ () C:\Users\King\AppData\Roaming\Installer.dat
2017-01-07 18:20 - 2017-01-07 18:20 - 0018432 _____ () C:\Users\King\AppData\Roaming\Main.dat
2017-01-07 18:20 - 2017-01-07 18:20 - 0005568 _____ () C:\Users\King\AppData\Roaming\md.xml
2017-01-07 18:20 - 2017-01-07 18:20 - 0126464 _____ () C:\Users\King\AppData\Roaming\noah.dat
2017-01-07 18:20 - 2017-01-07 18:19 - 0629760 _____ () C:\Users\King\AppData\Roaming\RedKayphase.exe
2017-01-07 18:20 - 2017-01-07 18:20 - 1908050 _____ () C:\Users\King\AppData\Roaming\RedKayphase.tst
2017-01-07 18:20 - 2017-01-07 18:20 - 0032038 _____ () C:\Users\King\AppData\Roaming\uninstall_temp.ico
2015-07-30 18:30 - 2015-07-30 18:30 - 0003584 _____ () C:\Users\King\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-08 06:09 - 2017-01-08 06:09 - 0010752 _____ () C:\Users\King\AppData\Local\tommorow.exe
2016-01-24 13:25 - 2016-01-24 13:25 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-08 17:00 - 2014-02-08 17:09 - 0001672 _____ () C:\ProgramData\hpzinstall.log
2017-01-04 18:36 - 2017-01-04 18:37 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-01-08 12:16 - 2017-01-08 20:30 - 0439808 _____ () C:\ProgramData\smp2.exe

Files to move or delete:
====================
C:\Program Files (x86)\BestCleaner\BestCleaner.exe
C:\Users\King\AppData\Roaming\AppTrailers\AppTrailers.exe
C:\Program Files (x86)\BestCleaner\SBB5R2.exe
C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
C:\Users\King\AppData\Local\Temp\{80a-16-e2-064e7-82199-37af-3b513}\k_&fU0vTSq.exe
C:\Program Files (x86)\BestCleaner\TSCF211PLH.exe
C:\ProgramData\smp2.exe


Some files in TEMP:
====================
C:\Users\King\AppData\Local\Temp\AF0E.tmp.exe
C:\Users\King\AppData\Local\Temp\C0K88MF1NG.exe
C:\Users\King\AppData\Local\Temp\E138.tmp.exe
C:\Users\King\AppData\Local\Temp\installer1.exe
C:\Users\King\AppData\Local\Temp\sdfE00C.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-06 18:48

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (75.0 KB, 21 views)
hbkvcu is offline  
Old 01-09-2017, 08:45 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, hbkvcu. You're machine is a mess.

Quote:
I had loaned my computer to my nephew yesterday
If that's true, I suggest you tell him he's never touching your machine again.

------------------------------------------------------

Uninstall all these via Programs and Features. They are all bad:

Quote:
AppTrailers - AppTrailers for Desktop
BestCleaner version 1.0
CleanBrowser
Itibiti RTC
KNCTR
REOptimizer
Search module
Social2Search
Let me know if any didn't uninstall properly.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-10-2017, 06:51 AM   #7
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello Chemist,

I was able to uninstall everything...except for REOptimizer...which I did not see when I went to the uninstall a program....

I know...I screwed up...LOL !! But I REALLY appreciate your help through this !!
hbkvcu is offline  
Old 01-10-2017, 07:49 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, hbkvcu.

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Program Files (x86)\Samantha\tommorow.exe

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
  • Please repeat for the following file:

    C:\Program Files\5JQUFPXZFR\5JQUFPXZF.exe
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-11-2017, 03:20 PM   #9
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



When I click the VirusTotal link, it brings up this page (screen print attached)...
Attached Thumbnails
Click image for larger version

Name:	Screen.jpg
Views:	59
Size:	139.1 KB
ID:	299417  
hbkvcu is offline  
Old 01-11-2017, 07:39 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, hbkvcu. Try VirusTotal using Edge or Chrome.

Or, try virusscan.jotti.org or VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 39 AntiVirus Engines!

Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-12-2017, 03:40 PM   #11
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello Chemist,

Here are the links:

https://virusscan.jotti.org/en-US/fi...job/z4iryz5o6h

https://virusscan.jotti.org/en-US/fi...job/fa9zjqk04u

Look forward to hearing from you !!

Thanks !!
hbkvcu is offline  
Old 01-14-2017, 06:40 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, hbkvcu. Sorry for the late reply. I've been under the weather.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...-up-your-files

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {0AA4E4FE-5692-4AEC-A0F5-4E72E98AA7CD} - System32\Tasks\SMW_UpdateTask_Time_33353839343531342d555b373434412d45325a5b6c => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
    Task: {4739BAD9-FEEC-4C5D-9822-48C75732F246} - System32\Tasks\57888333 => C:\Users\King\AppData\Local\tommorow.exe [2017-01-08] () <==== ATTENTION
    Task: {6468BF0C-3E48-4DC1-97B4-7237B5BCB01C} - System32\Tasks\ba5788833357888333 => C:\Users\King\AppData\Local\tommorow.exe [2017-01-08] ()
    Task: {6D394A2C-D0F5-4C37-811A-101F7DC587C4} - System32\Tasks\89601967 => C:\Program Files (x86)\Samantha\tommorow.exe [2017-01-08] () <==== ATTENTION
    Task: {9AD8BA7C-25C7-4883-B401-E4649B0B59DD} - System32\Tasks\IBUpd2 => C:\Users\King\AppData\Local\BrowserAir\48.0.0.0\updater.exe <==== ATTENTION
    Task: {9DA0E1B2-4717-4A1E-806E-30B7D884012C} - System32\Tasks\40306248 => C:\Program Files (x86)\Prideful\tommorow.exe [2017-01-08] () <==== ATTENTION
    Task: {B382E54B-1539-4E96-814B-7CC70F2D3271} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-01-08] () <==== ATTENTION
    Task: {BBADF765-8E47-4B84-982F-9FD947B7154A} - System32\Tasks\ba8960196789601967 => C:\Program Files (x86)\Samantha\tommorow.exe [2017-01-08] ()
    Task: {D4007FFC-7A80-44FD-94AB-7296278AB271} - System32\Tasks\Weekly scan Wednesday 7pm => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
    Task: {D84BFB48-6E4B-48CC-A5DA-6534DB116B8D} - System32\Tasks\ba4030624840306248 => C:\Program Files (x86)\Prideful\tommorow.exe [2017-01-08] ()
    ShortcutWithArgument: C:\Users\King\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
    ShortcutWithArgument: C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
    ShortcutWithArgument: C:\Users\King\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
    ShortcutWithArgument: C:\Users\King\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () -> %SNF%
    () C:\ProgramData\AppalmaaZ\AppalmaaZ.exe
    () C:\Program Files\bea878d14047262f9bdcc91e0727ee4e\c17be048d759d83e7f657875f1b60e68.exe
    () C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172\kns1687.tmp
    (Search Module Ltd.) C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
    () C:\Program Files (x86)\Prideful\tommorow.exe
    (IHS7NVYLU) C:\Program Files (x86)\BestCleaner\SBB5R2.exe
    () C:\Program Files (x86)\Prideful\tommorow.exe
    () C:\Program Files (x86)\Samantha\tommorow.exe
    () C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    () C:\Users\King\AppData\Local\Temp\{80a-16-e2-064e7-82199-37af-3b513}\k_&fU0vTSq.exe
    () C:\Program Files\0Y9OAVB55A\0Y9OAVB55.exe
    () C:\Program Files (x86)\BestCleaner\TSCF211PLH.exe
    () C:\Program Files\5JQUFPXZFR\5JQUFPXZF.exe
    () C:\Program Files (x86)\Prideful\tommorow.exe
    HKLM\...\Run: [stogies] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
    HKLM\...\Run: [stogiesstogies] => C:\Program Files (x86)\Samantha\tommorow.exe [10752 2017-01-08] ()
    HKLM-x32\...\Run: [BestCleaner] => C:\Program Files (x86)\BestCleaner\BestCleaner.exe [180736 2016-09-16] () <===== ATTENTION
    HKLM-x32\...\Run: [rerouted] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
    HKLM-x32\...\Run: [reroutedrerouted] => C:\Program Files (x86)\Samantha\tommorow.exe [10752 2017-01-08] ()
    HKLM-x32\...\Run: [AppTrailers] => C:\Users\King\AppData\Roaming\AppTrailers\AppTrailers.exe [47837272 2016-12-28] () <===== ATTENTION
    HKLM\...\RunOnce: [OMEWPRODUCT_EL2PZ] => C:\Program Files (x86)\BestCleaner\SBB5R2.exe [411648 2017-01-08] (IHS7NVYLU) <===== ATTENTION
    HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] () <===== ATTENTION
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [Publisher] => C:\Users\King\AppData\Local\Temp\{80a-16-e2-064e7-82199-37af-3b513}\k_&fU0vTSq.exe [1099776 2017-01-08] () <===== ATTENTION
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [VBY84JDFWJ] => C:\Program Files\0Y9OAVB55A\0Y9OAVB55.exe [369664 2017-01-08] ()
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [DGR9J4Y45H] => C:\Program Files (x86)\BestCleaner\TSCF211PLH.exe [369664 2017-01-08] () <===== ATTENTION
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [58DX37UZJF] => C:\Program Files\5JQUFPXZFR\5JQUFPXZF.exe [369664 2017-01-08] ()
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [maitland] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [maitlandmaitland] => C:\Program Files (x86)\Samantha\tommorow.exe [10752 2017-01-08] ()
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [announce] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [announceannounce] => C:\Program Files (x86)\Samantha\tommorow.exe [10752 2017-01-08] ()
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [caches] => C:\Program Files (x86)\capitalizing\caches.exe [68881 2017-01-08] ()
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [baroda] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [NSAO428QTK] => C:\Program Files\EHELKXV8R8\R6K0SW19Q.exe [369664 2017-01-09] ()
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\MountPoints2: {9ddcef6e-d95b-11e3-8414-b8763faecc37} - "D:\VZW_Software_upgrade_assistant.exe"
    HKU\S-1-5-18\...\Run: [asxcec] => rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\asxcec.dll",asxcec <===== ATTENTION
    AppInit_DLLs: C:\ProgramData\AppalmaaZ\Lam-Core.dll => C:\ProgramData\AppalmaaZ\Lam-Core.dll [358912 2017-01-08] ()
    AppInit_DLLs-x32: C:\ProgramData\AppalmaaZ\InKix.dll => C:\ProgramData\AppalmaaZ\InKix.dll [248320 2017-01-08] ()
    Startup: C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\notices.lnk [2017-01-08]
    ShortcutTarget: notices.lnk -> C:\Program Files (x86)\Prideful\tommorow.exe ()
    HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYVBuQ5blXdCf7sip7grDpBPa02pNM8ihPss8zcSf-DDRGtaD1guzquZyt9mmW2PL_7JH0BFyU,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYVBuQ5blXdCf7sip7grDpBPa02pNM8ihPss8zcSf-DDRGtaD1guzquZyt9mmW2PL_7JH0BFyU,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYVBuQ5blXdCf7sip7grDpBPa02pNM8ihPss8zcSf-DDRGtaD1guzquZyt9mmW2PL_7JH0BFyU,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYVBuQ5blXdCf7sip7grDpBPa02pNM8ihPss8zcSf-DDRGtaD1guzquZyt9mmW2PL_7JH0BFyU,&q={searchTerms}
    BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
    BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
    FF NewTab: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 ->
    FF Homepage: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
    FF Keyword.URL: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
    CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,&vp=ch&prd=set_ch
    CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,&vp=ch&prd=set_ch"
    CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
    CHR DefaultSearchKeyword: Default -> www-searching.com
    CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
    CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
    R2 bea878d14047262f9bdcc91e0727ee4e; C:\Program Files\bea878d14047262f9bdcc91e0727ee4e\c17be048d759d83e7f657875f1b60e68.exe [5677056 2017-01-05] () [File not signed] <==== ATTENTION
    R2 ProntSpooler; C:\Program Files (x86)\Lenovo Registration\57aOPgt4ww6aG\2ueigXrw.exe [138752 2017-01-08] () [File not signed] <==== ATTENTION
    R1 1077e384334f86e0b0825501fc856a4c; C:\WINDOWS\system32\drivers\1077e384334f86e0b0825501fc856a4c.sys [95040 2017-01-05] (3BE4Z1) <==== ATTENTION
    R1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [909944 2017-01-07] () <==== ATTENTION
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S1 pirxtjhy; \??\C:\WINDOWS\system32\drivers\pirxtjhy.sys [X]
    S1 sesesqst; \??\C:\WINDOWS\system32\drivers\sesesqst.sys [X]
    2017-01-09 10:37 - 2017-01-09 10:37 - 08784996 _____ C:\xpack0109_US.1483971716.exe
    2017-01-09 10:36 - 2017-01-09 10:36 - 00000000 ____D C:\ProgramData\AppalmaaZs
    2017-01-08 22:21 - 2017-01-08 22:21 - 00003862 _____ C:\WINDOWS\System32\Tasks\k89601967
    2017-01-08 22:21 - 2017-01-08 22:21 - 00003854 _____ C:\WINDOWS\System32\Tasks\89601967
    2017-01-08 22:21 - 2017-01-08 22:21 - 00003854 _____ C:\WINDOWS\System32\Tasks\40306248
    2017-01-08 22:21 - 2017-01-08 22:21 - 00003846 _____ C:\WINDOWS\System32\Tasks\57888333
    2017-01-08 22:21 - 2017-01-08 22:21 - 00003724 _____ C:\WINDOWS\System32\Tasks\bak89601967k89601967
    2017-01-08 22:21 - 2017-01-08 22:21 - 00003714 _____ C:\WINDOWS\System32\Tasks\ba8960196789601967
    2017-01-08 22:21 - 2017-01-08 22:21 - 00003714 _____ C:\WINDOWS\System32\Tasks\ba4030624840306248
    2017-01-08 22:21 - 2017-01-08 22:21 - 00003706 _____ C:\WINDOWS\System32\Tasks\ba5788833357888333
    2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ___HD C:\Program Files (x86)\Samantha
    2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ___HD C:\Program Files (x86)\Prideful
    2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ___HD C:\Program Files (x86)\capitalizing
    2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ____D C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers
    2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ____D C:\Users\King\AppData\Roaming\AppTrailers
    2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ____D C:\Program Files (x86)\mcclatchy
    2017-01-08 19:02 - 2017-01-08 19:02 - 00000000 ____D C:\Users\King\AppData\Local\ElevatedDiagnostics
    2017-01-08 19:00 - 2017-01-08 19:00 - 00003718 _____ C:\WINDOWS\System32\Tasks\{E963B640-CB27-40CE-BF40-C1A7979D586B}
    2017-01-08 19:00 - 2017-01-08 19:00 - 00000000 ____D C:\Program Files\D40I38O6T3
    2017-01-08 13:25 - 2017-01-09 11:07 - 08784996 _____ C:\WINDOWS\SysWOW64\SendRequest Error
    2017-01-08 12:21 - 2017-01-08 12:25 - 00000000 ____D C:\Program Files\5JQUFPXZFR
    2017-01-08 12:20 - 2017-01-08 19:03 - 00003318 _____ C:\WINDOWS\System32\Tasks\IBUpd2
    2017-01-08 12:20 - 2017-01-08 12:24 - 00000000 ____D C:\Program Files (x86)\BestCleaner
    2017-01-08 12:19 - 2017-01-09 11:03 - 00000000 ____D C:\Users\King\AppData\Local\app
    2017-01-08 12:19 - 2017-01-08 20:33 - 00000000 ____D C:\Users\King\AppData\Local\BrowserAir
    2017-01-08 12:17 - 2017-01-08 20:30 - 00187904 _____ C:\WINDOWS\rsrcs.dll
    2017-01-08 12:17 - 2017-01-08 20:30 - 00004400 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_33353839343531342d555b373434412d45325a5b6c
    2017-01-08 12:17 - 2017-01-08 13:53 - 00000000 ____D C:\WINDOWS\system32\SSL
    2017-01-08 12:17 - 2017-01-08 12:17 - 00001150 _____ C:\Users\Public\Desktop\KNCTR.lnk
    2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\Users\King\AppData\Roaming\Itibiti
    2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\ProgramData\SearchModule
    2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
    2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
    2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\Program Files\Common Files\Noobzo
    2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\Program Files\bea878d14047262f9bdcc91e0727ee4e
    2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
    2017-01-08 12:16 - 2017-01-09 10:33 - 00000000 ____D C:\Program Files (x86)\ScreenShared
    2017-01-08 12:16 - 2017-01-08 20:30 - 00439808 _____ C:\ProgramData\smp2.exe
    2017-01-08 12:16 - 2017-01-08 20:30 - 00004242 _____ C:\WINDOWS\System32\Tasks\SMW_P
    2017-01-08 12:16 - 2017-01-08 12:16 - 00001125 _____ C:\Users\King\Desktop\ScreenShared.lnk
    2017-01-08 12:15 - 2017-01-08 12:20 - 00000000 ____D C:\Program Files\0Y9OAVB55A
    2017-01-08 12:15 - 2017-01-08 12:19 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
    2017-01-08 12:15 - 2017-01-08 12:15 - 00000334 _____ C:\Users\King\Desktop\Booking.com.url
    2017-01-08 12:15 - 2017-01-08 12:15 - 00000329 _____ C:\Users\King\Desktop\AliExpress.url
    2017-01-08 07:06 - 2017-01-08 07:06 - 00283136 _____ C:\WINDOWS\system32\bi3.exe
    2017-01-08 06:09 - 2017-01-08 06:09 - 00010752 _____ C:\WINDOWS\styrofoam.exe
    2017-01-08 06:09 - 2017-01-08 06:09 - 00010752 _____ C:\Users\King\AppData\Local\tommorow.exe
    2017-01-07 18:36 - 2017-01-09 10:33 - 00000000 ____D C:\ProgramData\AppalmaaZ
    2017-01-07 18:20 - 2017-01-08 21:56 - 00000000 ____D C:\Users\King\AppData\Local\DailyBee
    2017-01-07 18:20 - 2017-01-08 12:09 - 00000000 ____D C:\ProgramData\Logic Handler
    2017-01-07 18:20 - 2017-01-08 02:39 - 00000000 ____D C:\ProgramData\Zaamla
    2017-01-07 18:20 - 2017-01-08 02:39 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
    2017-01-07 18:20 - 2017-01-07 18:20 - 07316480 _____ C:\Users\King\AppData\Roaming\agent.dat
    2017-01-07 18:20 - 2017-01-07 18:20 - 01938538 _____ C:\Users\King\AppData\Roaming\Fixcore.bin
    2017-01-07 18:20 - 2017-01-07 18:20 - 01908050 _____ C:\Users\King\AppData\Roaming\RedKayphase.tst
    2017-01-07 18:20 - 2017-01-07 18:20 - 00126464 _____ C:\Users\King\AppData\Roaming\noah.dat
    2017-01-07 18:20 - 2017-01-07 18:20 - 00070704 _____ C:\Users\King\AppData\Roaming\Config.xml
    2017-01-07 18:20 - 2017-01-07 18:20 - 00018432 _____ C:\Users\King\AppData\Roaming\Main.dat
    2017-01-07 18:20 - 2017-01-07 18:20 - 00005568 _____ C:\Users\King\AppData\Roaming\md.xml
    2017-01-07 18:20 - 2017-01-07 18:20 - 00000000 ____D C:\ProgramData\Zaamlas
    2017-01-07 18:20 - 2017-01-07 18:19 - 00629760 _____ C:\Users\King\AppData\Roaming\RedKayphase.exe
    2017-01-07 18:19 - 2017-01-09 11:03 - 00625272 _____ C:\WINDOWS\system32\NetUtils2016.dll
    2017-01-07 18:19 - 2017-01-09 01:50 - 00000000 ____D C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172
    2017-01-07 18:19 - 2017-01-07 18:19 - 00909944 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
    2017-01-07 18:19 - 2017-01-07 18:19 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\King\Downloads\libeay32.dll
    2017-01-07 18:19 - 2017-01-07 18:19 - 00470592 _____ C:\WINDOWS\SysWOW64\NetUtils2016.exe
    2017-01-07 18:19 - 2017-01-07 18:19 - 00152576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\King\Downloads\ssleay32.dll
    2017-01-07 18:19 - 2017-01-07 18:19 - 00140288 _____ C:\Users\King\AppData\Roaming\Installer.dat
    2017-01-07 18:19 - 2017-01-07 18:19 - 00016224 _____ C:\Users\King\AppData\Roaming\InstallationConfiguration.xml
    2017-01-07 18:19 - 2017-01-07 18:19 - 00000000 ____D C:\WINDOWS\SysWOW64\sstmp
    2017-01-07 18:19 - 2017-01-07 18:19 - 00000000 ____D C:\WINDOWS\system32\sstmp
    2017-01-07 18:19 - 2017-01-07 18:19 - 00000000 _____ C:\TOSTACK
    2017-01-07 18:17 - 2017-01-09 10:55 - 00001081 _____ C:\Users\Public\Desktop\Download 4K Stogram 2.1...lnk
    2017-01-07 18:16 - 2017-01-07 18:17 - 04586664 _____ (Software company) C:\Users\King\Downloads\4K Stogram 2.1.exe
    2017-01-07 18:15 - 2017-01-07 18:15 - 00000000 ____D C:\Users\King\AppData\Local\4kdownload.com
    2017-01-07 18:14 - 2017-01-07 18:14 - 23207288 _____ (Open Media LLC ) C:\Users\King\Downloads\4kstogram_2.2.exe
    C:\Program Files (x86)\BestCleaner
    C:\Program Files (x86)\Itibiti Soft Phone
    C:\Users\King\AppData\Local\Temp\{80a-16-e2-064e7-82199-37af-3b513}\k_&fU0vTSq.exe
    C:\Program Files\common files\yni3d42a.0zn
    HOSTS:
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-15-2017, 07:41 PM   #13
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello Chemist,

Hope you're feeling better !!

Below is the Fixlist.txt results:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by King (15-01-2017 22:20:25) Run:1
Running from C:\Users\King\Desktop
Loaded Profiles: King (Available Profiles: King)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {0AA4E4FE-5692-4AEC-A0F5-4E72E98AA7CD} - System32\Tasks\SMW_UpdateTask_Time_33353839343531342d555b373434412d45325a5b6c => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {4739BAD9-FEEC-4C5D-9822-48C75732F246} - System32\Tasks\57888333 => C:\Users\King\AppData\Local\tommorow.exe [2017-01-08] () <==== ATTENTION
Task: {6468BF0C-3E48-4DC1-97B4-7237B5BCB01C} - System32\Tasks\ba5788833357888333 => C:\Users\King\AppData\Local\tommorow.exe [2017-01-08] ()
Task: {6D394A2C-D0F5-4C37-811A-101F7DC587C4} - System32\Tasks\89601967 => C:\Program Files (x86)\Samantha\tommorow.exe [2017-01-08] () <==== ATTENTION
Task: {9AD8BA7C-25C7-4883-B401-E4649B0B59DD} - System32\Tasks\IBUpd2 => C:\Users\King\AppData\Local\BrowserAir\48.0.0.0\updater.exe <==== ATTENTION
Task: {9DA0E1B2-4717-4A1E-806E-30B7D884012C} - System32\Tasks\40306248 => C:\Program Files (x86)\Prideful\tommorow.exe [2017-01-08] () <==== ATTENTION
Task: {B382E54B-1539-4E96-814B-7CC70F2D3271} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-01-08] () <==== ATTENTION
Task: {BBADF765-8E47-4B84-982F-9FD947B7154A} - System32\Tasks\ba8960196789601967 => C:\Program Files (x86)\Samantha\tommorow.exe [2017-01-08] ()
Task: {D4007FFC-7A80-44FD-94AB-7296278AB271} - System32\Tasks\Weekly scan Wednesday 7pm => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
Task: {D84BFB48-6E4B-48CC-A5DA-6534DB116B8D} - System32\Tasks\ba4030624840306248 => C:\Program Files (x86)\Prideful\tommorow.exe [2017-01-08] ()
ShortcutWithArgument: C:\Users\King\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
ShortcutWithArgument: C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
ShortcutWithArgument: C:\Users\King\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
ShortcutWithArgument: C:\Users\King\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () -> %SNF%
() C:\ProgramData\AppalmaaZ\AppalmaaZ.exe
() C:\Program Files\bea878d14047262f9bdcc91e0727ee4e\c17be048d759d83e7f657875f1b60e68.exe
() C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172\kns1687.tmp
(Search Module Ltd.) C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
() C:\Program Files (x86)\Prideful\tommorow.exe
(IHS7NVYLU) C:\Program Files (x86)\BestCleaner\SBB5R2.exe
() C:\Program Files (x86)\Prideful\tommorow.exe
() C:\Program Files (x86)\Samantha\tommorow.exe
() C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
() C:\Users\King\AppData\Local\Temp\{80a-16-e2-064e7-82199-37af-3b513}\k_&fU0vTSq.exe
() C:\Program Files\0Y9OAVB55A\0Y9OAVB55.exe
() C:\Program Files (x86)\BestCleaner\TSCF211PLH.exe
() C:\Program Files\5JQUFPXZFR\5JQUFPXZF.exe
() C:\Program Files (x86)\Prideful\tommorow.exe
HKLM\...\Run: [stogies] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
HKLM\...\Run: [stogiesstogies] => C:\Program Files (x86)\Samantha\tommorow.exe [10752 2017-01-08] ()
HKLM-x32\...\Run: [BestCleaner] => C:\Program Files (x86)\BestCleaner\BestCleaner.exe [180736 2016-09-16] () <===== ATTENTION
HKLM-x32\...\Run: [rerouted] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
HKLM-x32\...\Run: [reroutedrerouted] => C:\Program Files (x86)\Samantha\tommorow.exe [10752 2017-01-08] ()
HKLM-x32\...\Run: [AppTrailers] => C:\Users\King\AppData\Roaming\AppTrailers\AppTrailers.exe [47837272 2016-12-28] () <===== ATTENTION
HKLM\...\RunOnce: [OMEWPRODUCT_EL2PZ] => C:\Program Files (x86)\BestCleaner\SBB5R2.exe [411648 2017-01-08] (IHS7NVYLU) <===== ATTENTION
HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] () <===== ATTENTION
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [Publisher] => C:\Users\King\AppData\Local\Temp\{80a-16-e2-064e7-82199-37af-3b513}\k_&fU0vTSq.exe [1099776 2017-01-08] () <===== ATTENTION
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [VBY84JDFWJ] => C:\Program Files\0Y9OAVB55A\0Y9OAVB55.exe [369664 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [DGR9J4Y45H] => C:\Program Files (x86)\BestCleaner\TSCF211PLH.exe [369664 2017-01-08] () <===== ATTENTION
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [58DX37UZJF] => C:\Program Files\5JQUFPXZFR\5JQUFPXZF.exe [369664 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [maitland] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [maitlandmaitland] => C:\Program Files (x86)\Samantha\tommorow.exe [10752 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [announce] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [announceannounce] => C:\Program Files (x86)\Samantha\tommorow.exe [10752 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [caches] => C:\Program Files (x86)\capitalizing\caches.exe [68881 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [baroda] => C:\Program Files (x86)\Prideful\tommorow.exe [10752 2017-01-08] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\Run: [NSAO428QTK] => C:\Program Files\EHELKXV8R8\R6K0SW19Q.exe [369664 2017-01-09] ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\...\MountPoints2: {9ddcef6e-d95b-11e3-8414-b8763faecc37} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-18\...\Run: [asxcec] => rundll32.exe "C:\WINDOWS\system32\config\systemprofile\AppData\Local\asxcec.dll",asxcec <===== ATTENTION
AppInit_DLLs: C:\ProgramData\AppalmaaZ\Lam-Core.dll => C:\ProgramData\AppalmaaZ\Lam-Core.dll [358912 2017-01-08] ()
AppInit_DLLs-x32: C:\ProgramData\AppalmaaZ\InKix.dll => C:\ProgramData\AppalmaaZ\InKix.dll [248320 2017-01-08] ()
Startup: C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\notices.lnk [2017-01-08]
ShortcutTarget: notices.lnk -> C:\Program Files (x86)\Prideful\tommorow.exe ()
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYVBuQ5blXdCf7sip7grDpBPa02pNM8ihPss8zcSf-DDRGtaD1guzquZyt9mmW2PL_7JH0BFyU,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYVBuQ5blXdCf7sip7grDpBPa02pNM8ihPss8zcSf-DDRGtaD1guzquZyt9mmW2PL_7JH0BFyU,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYVBuQ5blXdCf7sip7grDpBPa02pNM8ihPss8zcSf-DDRGtaD1guzquZyt9mmW2PL_7JH0BFyU,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2970618455-2416495435-628044530-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYi3tu3Ogeh5wq8PGBP668Kb01qmK68B0H3e4uN278ch3MwXhoIgdAtlk_77PcQMchpKttnTSluHTGxiwYTcSBNYVBuQ5blXdCf7sip7grDpBPa02pNM8ihPss8zcSf-DDRGtaD1guzquZyt9mmW2PL_7JH0BFyU,&q={searchTerms}
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
FF NewTab: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 ->
FF Homepage: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
FF Keyword.URL: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
R2 bea878d14047262f9bdcc91e0727ee4e; C:\Program Files\bea878d14047262f9bdcc91e0727ee4e\c17be048d759d83e7f657875f1b60e68.exe [5677056 2017-01-05] () [File not signed] <==== ATTENTION
R2 ProntSpooler; C:\Program Files (x86)\Lenovo Registration\57aOPgt4ww6aG\2ueigXrw.exe [138752 2017-01-08] () [File not signed] <==== ATTENTION
R1 1077e384334f86e0b0825501fc856a4c; C:\WINDOWS\system32\drivers\1077e384334f86e0b0825501fc856a4c.sys [95040 2017-01-05] (3BE4Z1) <==== ATTENTION
R1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [909944 2017-01-07] () <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 pirxtjhy; \??\C:\WINDOWS\system32\drivers\pirxtjhy.sys [X]
S1 sesesqst; \??\C:\WINDOWS\system32\drivers\sesesqst.sys [X]
2017-01-09 10:37 - 2017-01-09 10:37 - 08784996 _____ C:\xpack0109_US.1483971716.exe
2017-01-09 10:36 - 2017-01-09 10:36 - 00000000 ____D C:\ProgramData\AppalmaaZs
2017-01-08 22:21 - 2017-01-08 22:21 - 00003862 _____ C:\WINDOWS\System32\Tasks\k89601967
2017-01-08 22:21 - 2017-01-08 22:21 - 00003854 _____ C:\WINDOWS\System32\Tasks\89601967
2017-01-08 22:21 - 2017-01-08 22:21 - 00003854 _____ C:\WINDOWS\System32\Tasks\40306248
2017-01-08 22:21 - 2017-01-08 22:21 - 00003846 _____ C:\WINDOWS\System32\Tasks\57888333
2017-01-08 22:21 - 2017-01-08 22:21 - 00003724 _____ C:\WINDOWS\System32\Tasks\bak89601967k89601967
2017-01-08 22:21 - 2017-01-08 22:21 - 00003714 _____ C:\WINDOWS\System32\Tasks\ba8960196789601967
2017-01-08 22:21 - 2017-01-08 22:21 - 00003714 _____ C:\WINDOWS\System32\Tasks\ba4030624840306248
2017-01-08 22:21 - 2017-01-08 22:21 - 00003706 _____ C:\WINDOWS\System32\Tasks\ba5788833357888333
2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ___HD C:\Program Files (x86)\Samantha
2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ___HD C:\Program Files (x86)\Prideful
2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ___HD C:\Program Files (x86)\capitalizing
2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ____D C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers
2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ____D C:\Users\King\AppData\Roaming\AppTrailers
2017-01-08 22:21 - 2017-01-08 22:21 - 00000000 ____D C:\Program Files (x86)\mcclatchy
2017-01-08 19:02 - 2017-01-08 19:02 - 00000000 ____D C:\Users\King\AppData\Local\ElevatedDiagnostics
2017-01-08 19:00 - 2017-01-08 19:00 - 00003718 _____ C:\WINDOWS\System32\Tasks\{E963B640-CB27-40CE-BF40-C1A7979D586B}
2017-01-08 19:00 - 2017-01-08 19:00 - 00000000 ____D C:\Program Files\D40I38O6T3
2017-01-08 13:25 - 2017-01-09 11:07 - 08784996 _____ C:\WINDOWS\SysWOW64\SendRequest Error
2017-01-08 12:21 - 2017-01-08 12:25 - 00000000 ____D C:\Program Files\5JQUFPXZFR
2017-01-08 12:20 - 2017-01-08 19:03 - 00003318 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2017-01-08 12:20 - 2017-01-08 12:24 - 00000000 ____D C:\Program Files (x86)\BestCleaner
2017-01-08 12:19 - 2017-01-09 11:03 - 00000000 ____D C:\Users\King\AppData\Local\app
2017-01-08 12:19 - 2017-01-08 20:33 - 00000000 ____D C:\Users\King\AppData\Local\BrowserAir
2017-01-08 12:17 - 2017-01-08 20:30 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-01-08 12:17 - 2017-01-08 20:30 - 00004400 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_33353839343531342d555b373434412d45325a5b6c
2017-01-08 12:17 - 2017-01-08 13:53 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-08 12:17 - 2017-01-08 12:17 - 00001150 _____ C:\Users\Public\Desktop\KNCTR.lnk
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\Users\King\AppData\Roaming\Itibiti
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\ProgramData\SearchModule
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\Program Files\bea878d14047262f9bdcc91e0727ee4e
2017-01-08 12:17 - 2017-01-08 12:17 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2017-01-08 12:16 - 2017-01-09 10:33 - 00000000 ____D C:\Program Files (x86)\ScreenShared
2017-01-08 12:16 - 2017-01-08 20:30 - 00439808 _____ C:\ProgramData\smp2.exe
2017-01-08 12:16 - 2017-01-08 20:30 - 00004242 _____ C:\WINDOWS\System32\Tasks\SMW_P
2017-01-08 12:16 - 2017-01-08 12:16 - 00001125 _____ C:\Users\King\Desktop\ScreenShared.lnk
2017-01-08 12:15 - 2017-01-08 12:20 - 00000000 ____D C:\Program Files\0Y9OAVB55A
2017-01-08 12:15 - 2017-01-08 12:19 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2017-01-08 12:15 - 2017-01-08 12:15 - 00000334 _____ C:\Users\King\Desktop\Booking.com.url
2017-01-08 12:15 - 2017-01-08 12:15 - 00000329 _____ C:\Users\King\Desktop\AliExpress.url
2017-01-08 07:06 - 2017-01-08 07:06 - 00283136 _____ C:\WINDOWS\system32\bi3.exe
2017-01-08 06:09 - 2017-01-08 06:09 - 00010752 _____ C:\WINDOWS\styrofoam.exe
2017-01-08 06:09 - 2017-01-08 06:09 - 00010752 _____ C:\Users\King\AppData\Local\tommorow.exe
2017-01-07 18:36 - 2017-01-09 10:33 - 00000000 ____D C:\ProgramData\AppalmaaZ
2017-01-07 18:20 - 2017-01-08 21:56 - 00000000 ____D C:\Users\King\AppData\Local\DailyBee
2017-01-07 18:20 - 2017-01-08 12:09 - 00000000 ____D C:\ProgramData\Logic Handler
2017-01-07 18:20 - 2017-01-08 02:39 - 00000000 ____D C:\ProgramData\Zaamla
2017-01-07 18:20 - 2017-01-08 02:39 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
2017-01-07 18:20 - 2017-01-07 18:20 - 07316480 _____ C:\Users\King\AppData\Roaming\agent.dat
2017-01-07 18:20 - 2017-01-07 18:20 - 01938538 _____ C:\Users\King\AppData\Roaming\Fixcore.bin
2017-01-07 18:20 - 2017-01-07 18:20 - 01908050 _____ C:\Users\King\AppData\Roaming\RedKayphase.tst
2017-01-07 18:20 - 2017-01-07 18:20 - 00126464 _____ C:\Users\King\AppData\Roaming\noah.dat
2017-01-07 18:20 - 2017-01-07 18:20 - 00070704 _____ C:\Users\King\AppData\Roaming\Config.xml
2017-01-07 18:20 - 2017-01-07 18:20 - 00018432 _____ C:\Users\King\AppData\Roaming\Main.dat
2017-01-07 18:20 - 2017-01-07 18:20 - 00005568 _____ C:\Users\King\AppData\Roaming\md.xml
2017-01-07 18:20 - 2017-01-07 18:20 - 00000000 ____D C:\ProgramData\Zaamlas
2017-01-07 18:20 - 2017-01-07 18:19 - 00629760 _____ C:\Users\King\AppData\Roaming\RedKayphase.exe
2017-01-07 18:19 - 2017-01-09 11:03 - 00625272 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-01-07 18:19 - 2017-01-09 01:50 - 00000000 ____D C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172
2017-01-07 18:19 - 2017-01-07 18:19 - 00909944 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
2017-01-07 18:19 - 2017-01-07 18:19 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\King\Downloads\libeay32.dll
2017-01-07 18:19 - 2017-01-07 18:19 - 00470592 _____ C:\WINDOWS\SysWOW64\NetUtils2016.exe
2017-01-07 18:19 - 2017-01-07 18:19 - 00152576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\King\Downloads\ssleay32.dll
2017-01-07 18:19 - 2017-01-07 18:19 - 00140288 _____ C:\Users\King\AppData\Roaming\Installer.dat
2017-01-07 18:19 - 2017-01-07 18:19 - 00016224 _____ C:\Users\King\AppData\Roaming\InstallationConfiguration.xml
2017-01-07 18:19 - 2017-01-07 18:19 - 00000000 ____D C:\WINDOWS\SysWOW64\sstmp
2017-01-07 18:19 - 2017-01-07 18:19 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-07 18:19 - 2017-01-07 18:19 - 00000000 _____ C:\TOSTACK
2017-01-07 18:17 - 2017-01-09 10:55 - 00001081 _____ C:\Users\Public\Desktop\Download 4K Stogram 2.1...lnk
2017-01-07 18:16 - 2017-01-07 18:17 - 04586664 _____ (Software company) C:\Users\King\Downloads\4K Stogram 2.1.exe
2017-01-07 18:15 - 2017-01-07 18:15 - 00000000 ____D C:\Users\King\AppData\Local\4kdownload.com
2017-01-07 18:14 - 2017-01-07 18:14 - 23207288 _____ (Open Media LLC ) C:\Users\King\Downloads\4kstogram_2.2.exe
C:\Program Files (x86)\BestCleaner
C:\Program Files (x86)\Itibiti Soft Phone
C:\Users\King\AppData\Local\Temp\{80a-16-e2-064e7-82199-37af-3b513}\k_&fU0vTSq.exe
C:\Program Files\common files\yni3d42a.0zn
HOSTS:
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AA4E4FE-5692-4AEC-A0F5-4E72E98AA7CD} => key not found.
C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_33353839343531342d555b373434412d45325a5b6c => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_33353839343531342d555b373434412d45325a5b6c => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4739BAD9-FEEC-4C5D-9822-48C75732F246} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4739BAD9-FEEC-4C5D-9822-48C75732F246} => key removed successfully
C:\WINDOWS\System32\Tasks\57888333 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\57888333 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6468BF0C-3E48-4DC1-97B4-7237B5BCB01C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6468BF0C-3E48-4DC1-97B4-7237B5BCB01C} => key removed successfully
C:\WINDOWS\System32\Tasks\ba5788833357888333 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ba5788833357888333 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D394A2C-D0F5-4C37-811A-101F7DC587C4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D394A2C-D0F5-4C37-811A-101F7DC587C4} => key removed successfully
C:\WINDOWS\System32\Tasks\89601967 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\89601967 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AD8BA7C-25C7-4883-B401-E4649B0B59DD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AD8BA7C-25C7-4883-B401-E4649B0B59DD} => key removed successfully
C:\WINDOWS\System32\Tasks\IBUpd2 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd2 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9DA0E1B2-4717-4A1E-806E-30B7D884012C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DA0E1B2-4717-4A1E-806E-30B7D884012C} => key removed successfully
C:\WINDOWS\System32\Tasks\40306248 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\40306248 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B382E54B-1539-4E96-814B-7CC70F2D3271} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B382E54B-1539-4E96-814B-7CC70F2D3271} => key removed successfully
C:\WINDOWS\System32\Tasks\SMW_P => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_P => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBADF765-8E47-4B84-982F-9FD947B7154A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBADF765-8E47-4B84-982F-9FD947B7154A} => key removed successfully
C:\WINDOWS\System32\Tasks\ba8960196789601967 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ba8960196789601967 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4007FFC-7A80-44FD-94AB-7296278AB271} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4007FFC-7A80-44FD-94AB-7296278AB271} => key removed successfully
C:\WINDOWS\System32\Tasks\Weekly scan Wednesday 7pm => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Weekly scan Wednesday 7pm => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D84BFB48-6E4B-48CC-A5DA-6534DB116B8D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D84BFB48-6E4B-48CC-A5DA-6534DB116B8D} => key removed successfully
C:\WINDOWS\System32\Tasks\ba4030624840306248 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ba4030624840306248 => key removed successfully
C:\Users\King\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\King\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\King\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
[2804] C:\ProgramData\AppalmaaZ\AppalmaaZ.exe => process closed successfully.
C:\Program Files\bea878d14047262f9bdcc91e0727ee4e\c17be048d759d83e7f657875f1b60e68.exe => No running process found
C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172\kns1687.tmp => No running process found
C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe => No running process found
[9924] C:\Program Files (x86)\Prideful\tommorow.exe => process closed successfully.
C:\Program Files (x86)\BestCleaner\SBB5R2.exe => No running process found
C:\Program Files (x86)\Prideful\tommorow.exe => Could not close process
[8472] C:\Program Files (x86)\Samantha\tommorow.exe => process closed successfully.
C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe => No running process found
[12004] C:\Users\King\AppData\Local\Temp\{80a-16-e2-064e7-82199-37af-3b513}\k_&fU0vTSq.exe => process closed successfully.
[12212] C:\Program Files\0Y9OAVB55A\0Y9OAVB55.exe => process closed successfully.
C:\Program Files (x86)\BestCleaner\TSCF211PLH.exe => No running process found
[11384] C:\Program Files\5JQUFPXZFR\5JQUFPXZF.exe => process closed successfully.
[10212] C:\Program Files (x86)\Prideful\tommorow.exe => process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\stogies => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\stogiesstogies => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BestCleaner => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\rerouted => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\reroutedrerouted => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AppTrailers => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMEWPRODUCT_EL2PZ => value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Publisher => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Windows\CurrentVersion\Run\\VBY84JDFWJ => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DGR9J4Y45H => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Windows\CurrentVersion\Run\\58DX37UZJF => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Windows\CurrentVersion\Run\\maitland => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Windows\CurrentVersion\Run\\maitlandmaitland => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Windows\CurrentVersion\Run\\announce => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Windows\CurrentVersion\Run\\announceannounce => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Windows\CurrentVersion\Run\\caches => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Windows\CurrentVersion\Run\\baroda => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NSAO428QTK => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ddcef6e-d95b-11e3-8414-b8763faecc37} => key removed successfully
HKCR\CLSID\{9ddcef6e-d95b-11e3-8414-b8763faecc37} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\asxcec => value removed successfully
"C:\ProgramData\AppalmaaZ\Lam-Core.dll" => Value data removed successfully.
"C:\ProgramData\AppalmaaZ\InKix.dll" => Value data removed successfully.
C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\notices.lnk => moved successfully
C:\Program Files (x86)\Prideful\tommorow.exe => moved successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2970618455-2416495435-628044530-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key removed successfully
HKCR\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key removed successfully
HKCR\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key not found.
Firefox "newtab" removed successfully
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 -> => not found
Firefox "homepage" removed successfully
FF Keyword.URL: Mozilla\Firefox\Profiles\poyyzgho.default-1474588217013 -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=h18ztrmbl10au,57c6391b-33fb-4cc2-b521-208c8d89c9b8, => not found
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib => key removed successfully
bea878d14047262f9bdcc91e0727ee4e => service not found.
ProntSpooler => Unable to stop service.
HKLM\System\CurrentControlSet\Services\ProntSpooler => key removed successfully
ProntSpooler => service removed successfully
1077e384334f86e0b0825501fc856a4c => service not found.
NetUtils2016 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\NetUtils2016 => key removed successfully
NetUtils2016 => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\pirxtjhy => key removed successfully
pirxtjhy => service removed successfully
HKLM\System\CurrentControlSet\Services\sesesqst => key removed successfully
sesesqst => service removed successfully
C:\xpack0109_US.1483971716.exe => moved successfully
C:\ProgramData\AppalmaaZs => moved successfully
C:\WINDOWS\System32\Tasks\k89601967 => moved successfully
"C:\WINDOWS\System32\Tasks\89601967" => not found.
"C:\WINDOWS\System32\Tasks\40306248" => not found.
"C:\WINDOWS\System32\Tasks\57888333" => not found.
C:\WINDOWS\System32\Tasks\bak89601967k89601967 => moved successfully
"C:\WINDOWS\System32\Tasks\ba8960196789601967" => not found.
"C:\WINDOWS\System32\Tasks\ba4030624840306248" => not found.
"C:\WINDOWS\System32\Tasks\ba5788833357888333" => not found.
C:\Program Files (x86)\Samantha => moved successfully
C:\Program Files (x86)\Prideful => moved successfully

"C:\Program Files (x86)\capitalizing" folder move:

Could not move "C:\Program Files (x86)\capitalizing" => Scheduled to move on reboot.

"C:\Users\King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers" => not found.
"C:\Users\King\AppData\Roaming\AppTrailers" => not found.

"C:\Program Files (x86)\mcclatchy" folder move:

Could not move "C:\Program Files (x86)\mcclatchy" => Scheduled to move on reboot.

C:\Users\King\AppData\Local\ElevatedDiagnostics => moved successfully
C:\WINDOWS\System32\Tasks\{E963B640-CB27-40CE-BF40-C1A7979D586B} => moved successfully
C:\Program Files\D40I38O6T3 => moved successfully
C:\WINDOWS\SysWOW64\SendRequest Error => moved successfully
C:\Program Files\5JQUFPXZFR => moved successfully
"C:\WINDOWS\System32\Tasks\IBUpd2" => not found.
C:\Program Files (x86)\BestCleaner => moved successfully
C:\Users\King\AppData\Local\app => moved successfully
C:\Users\King\AppData\Local\BrowserAir => moved successfully
C:\WINDOWS\rsrcs.dll => moved successfully
"C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_33353839343531342d555b373434412d45325a5b6c" => not found.
C:\WINDOWS\system32\SSL => moved successfully
"C:\Users\Public\Desktop\KNCTR.lnk" => not found.
"C:\Users\King\AppData\Roaming\Itibiti" => not found.
C:\ProgramData\SearchModule => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR" => not found.
C:\Program Files\Common Files\Noobzo => moved successfully
"C:\Program Files\bea878d14047262f9bdcc91e0727ee4e" => not found.
"C:\Program Files (x86)\Itibiti Soft Phone" => not found.
C:\Program Files (x86)\ScreenShared => moved successfully
C:\ProgramData\smp2.exe => moved successfully
"C:\WINDOWS\System32\Tasks\SMW_P" => not found.
C:\Users\King\Desktop\ScreenShared.lnk => moved successfully
C:\Program Files\0Y9OAVB55A => moved successfully
C:\Program Files (x86)\CleanBrowser => moved successfully
C:\Users\King\Desktop\Booking.com.url => moved successfully
C:\Users\King\Desktop\AliExpress.url => moved successfully
C:\WINDOWS\system32\bi3.exe => moved successfully
C:\WINDOWS\styrofoam.exe => moved successfully
C:\Users\King\AppData\Local\tommorow.exe => moved successfully
C:\ProgramData\AppalmaaZ => moved successfully
C:\Users\King\AppData\Local\DailyBee => moved successfully
C:\ProgramData\Logic Handler => moved successfully
C:\ProgramData\Zaamla => moved successfully
C:\ProgramData\NetworkPacketManitor => moved successfully
C:\Users\King\AppData\Roaming\agent.dat => moved successfully
C:\Users\King\AppData\Roaming\Fixcore.bin => moved successfully
C:\Users\King\AppData\Roaming\RedKayphase.tst => moved successfully
C:\Users\King\AppData\Roaming\noah.dat => moved successfully
C:\Users\King\AppData\Roaming\Config.xml => moved successfully
C:\Users\King\AppData\Roaming\Main.dat => moved successfully
C:\Users\King\AppData\Roaming\md.xml => moved successfully
C:\ProgramData\Zaamlas => moved successfully
C:\Users\King\AppData\Roaming\RedKayphase.exe => moved successfully
C:\WINDOWS\system32\NetUtils2016.dll => moved successfully
C:\Program Files (x86)\4baf5696-ef63-4372-a50c-30bd8cd532291483831172 => moved successfully
C:\WINDOWS\system32\Drivers\NetUtils2016.sys => moved successfully
C:\Users\King\Downloads\libeay32.dll => moved successfully
C:\WINDOWS\SysWOW64\NetUtils2016.exe => moved successfully
C:\Users\King\Downloads\ssleay32.dll => moved successfully
C:\Users\King\AppData\Roaming\Installer.dat => moved successfully
C:\Users\King\AppData\Roaming\InstallationConfiguration.xml => moved successfully
C:\WINDOWS\SysWOW64\sstmp => moved successfully
C:\WINDOWS\system32\sstmp => moved successfully
C:\TOSTACK => moved successfully
C:\Users\Public\Desktop\Download 4K Stogram 2.1...lnk => moved successfully
C:\Users\King\Downloads\4K Stogram 2.1.exe => moved successfully
C:\Users\King\AppData\Local\4kdownload.com => moved successfully
C:\Users\King\Downloads\4kstogram_2.2.exe => moved successfully
"C:\Program Files (x86)\BestCleaner" => not found.
"C:\Program Files (x86)\Itibiti Soft Phone" => not found.
C:\Users\King\AppData\Local\Temp\{80a-16-e2-064e7-82199-37af-3b513}\k_&fU0vTSq.exe => moved successfully
"C:\Program Files\common files\yni3d42a.0zn" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 63676 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38324838 B
Java, Flash, Steam htmlcache => 3746 B
Windows/system/drivers => 215376794 B
Edge => 161756669 B
Chrome => 12967296 B
Firefox => 318926550 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 54056 B
NetworkService => 30324 B
King => 3719753651 B

RecycleBin => 142958441 B
EmptyTemp: => 4.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-01-2017 22:35:23)

C:\Program Files (x86)\capitalizing => Is moved successfully
C:\Program Files (x86)\mcclatchy => Is moved successfully

==== End of Fixlog 22:35:23 ====
hbkvcu is offline  
Old 01-15-2017, 11:19 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, hbkvcu. Yes I'm feeling much better, thanks. How is the machine behaving?

We'll take care of SafeFinder and REOptimizer later.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-16-2017, 04:47 PM   #15
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello Chemist,

When I tried to post the results, it gave me this:

"The text that you have entered is too long (182692 characters). Please shorten it to 100000 characters long."

I am attaching both as Notepad (if that's ok)...

Thanks !!
Attached Files
File Type: txt ESET Scanner Results.txt (11.5 KB, 6 views)
File Type: txt Malwarebytes Scan.txt (178.3 KB, 12 views)
hbkvcu is offline  
Old 01-16-2017, 07:29 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, hbkvcu. You're very welcome. How is the machine behaving?

Most of the ESET finds have already been quarantined by FRST, and will get deleted later.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Program Files\EHELKXV8R8\R6K0SW19Q.exe"
"C:\Program Files\JYU42MU5XN\JYU42MU5X.exe"
"C:\Program Files\T1O9MYZ815\T1O9MYZ81.exe"
"C:\Program Files\VAAWKC13I1\VAAWKC13I.exe"
"C:\Users\King\AppData\Local\blom.exe"
"C:\Users\King\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\83Y46IEX\index[1].htm"
"C:\Users\King\AppData\LocalLow\Sun\Java\jre1.7.0_65\java_sp.dll"
"C:\Users\King\Downloads\avc-free.exe"
"C:\Users\King\Downloads\FreeYouTubeDownload (1).exe"
"C:\Users\King\Downloads\FreeYouTubeDownload (10).exe"
"C:\Users\King\Downloads\FreeYouTubeDownload (11).exe"
"C:\Users\King\Downloads\FreeYouTubeDownload (2).exe"
"C:\Users\King\Downloads\FreeYouTubeDownload (3).exe"
"C:\Users\King\Downloads\FreeYouTubeDownload (4).exe"
"C:\Users\King\Downloads\FreeYouTubeDownload (5).exe"
"C:\Users\King\Downloads\FreeYouTubeDownload (6).exe"
"C:\Users\King\Downloads\FreeYouTubeDownload (7).exe"
"C:\Users\King\Downloads\FreeYouTubeDownload (8).exe"
"C:\Users\King\Downloads\FreeYouTubeDownload (9).exe"
"C:\Users\King\Downloads\FreeYouTubeDownload.exe"
"C:\Windows\ac8c91e439245447efbef08c70bb65f1.exe"
"C:\Windows\harbour.exe"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\asxcec.dll"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

"C:\Program Files (x86)\0914A881-1461007099-11CB-8588-C08BBDD41045"
"C:\Program Files (x86)\gallois"
"C:\Program Files (x86)\Givan"
"C:\Program Files (x86)\It"

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :folderfind
    REOptimizer
    SafeFinder
    :regfind
    REOptimizer
    SafeFinder
    {1F26741D-74E5-4E75-AAB4-393D34132273}
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-16-2017, 11:40 PM   #17
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello Chemist,

Here you go:

C:\Program Files\JYU42MU5XN\JYU42MU5X.exe
C:\Program Files\T1O9MYZ815\T1O9MYZ81.exe
C:\Program Files (x86)\gallois
C:\Program Files (x86)\Givan
C:\Program Files (x86)\It


SystemLook 30.07.11 by jpshortstuff
Log created at 02:09 on 17/01/2017 by King
Administrator - Elevation successful

========== folderfind ==========

Searching for "REOptimizer"
No folders found.

Searching for "SafeFinder"
No folders found.

========== regfind ==========

Searching for "REOptimizer"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer]
"DisplayName"="REOptimizer"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer]
"DisplayName"="REOptimizer"

Searching for "SafeFinder"
No data found.

Searching for "{1F26741D-74E5-4E75-AAB4-393D34132273}"
No data found.

-= EOF =-
hbkvcu is offline  
Old 01-17-2017, 05:37 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, hbkvcu. You're very welcome. How is the machine behaving?

REOptimizer should be gone after this fix.
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    C:\Program Files\JYU42MU5XN
    C:\Program Files\T1O9MYZ815
    C:\Program Files (x86)\gallois
    C:\Program Files (x86)\Givan
    C:\Program Files (x86)\It
    Reg: reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer" /f
    Reg: reg delete "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer" /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-18-2017, 03:22 PM   #19
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello Chemist,

After the last step, I have not seen any pop up windows...Thank goodness !!

My homepage is different...but I assume that can be fixed after I get the green light from you...

Per your request...here is the fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by King (18-01-2017 1815) Run:2
Running from C:\Users\King\Desktop
Loaded Profiles: King (Available Profiles: King)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
C:\Program Files\JYU42MU5XN
C:\Program Files\T1O9MYZ815
C:\Program Files (x86)\gallois
C:\Program Files (x86)\Givan
C:\Program Files (x86)\It
Reg: reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer" /f
Reg: reg delete "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer" /f
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\Program Files\JYU42MU5XN => moved successfully
C:\Program Files\T1O9MYZ815 => moved successfully

"C:\Program Files (x86)\gallois" folder move:

Could not move "C:\Program Files (x86)\gallois" => Scheduled to move on reboot.

C:\Program Files (x86)\Givan => moved successfully
C:\Program Files (x86)\It => moved successfully

========= reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Uninstall\REOptimizer" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21543434 B
Java, Flash, Steam htmlcache => 3656 B
Windows/system/drivers => 51614802 B
Edge => 1541833 B
Chrome => 0 B
Firefox => 21735221 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 6562 B
NetworkService => 1284 B
King => 2188883 B

RecycleBin => 0 B
EmptyTemp: => 94.1 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-01-2017 18:11:20)

C:\Program Files (x86)\gallois => Is moved successfully

==== End of Fixlog 18:11:20 ====
hbkvcu is offline  
Old 01-18-2017, 08:06 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, hbkvcu. Glad to hear it. Sure, go ahead and change it.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

https://www.bleepingcomputer.com/anno...dom-of-speech/

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to Bench Test, Build, and Troubleshoot Your Computer
How to Bench Test, Build, and Troubleshoot Your Computer The following is an in-depth guide detailing the process that clearly outlines the process of bench testing building, and troubleshooting your computer. All three sections of this guide will take a considerable amount of time to complete....
Masterchiefxx17 Building 0 11-13-2014 10:58 AM
Windows Update acting weird!
I don't think this is a problem, more of a curiosity, hence posting here. If it turns out that it is a problem, I'll get someone to move it to the appropriate forum. Got a notification earlier that new updates are available. As you will see from the pics, "4 important updates available" but only...
Deejay100six Offline 13 04-09-2014 08:19 AM
Power Supply Information and Selection
:smile: CHOOSING AND UNDERSTANDING A POWER SUPPLY UNIT The power supply unit in today’s modern computer assumes a role probably more critical than any other single component in your system even when compared to the CPU and motherboard. Therefore, there are multiple factors that must...
Tumbleweed36 RAM and Power Supply Support 0 07-09-2006 03:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:30 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts