Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware on Chrome


  • This topic is locked This topic is locked
19 replies to this topic

#1 S52

S52

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 22 June 2015 - 04:55 AM

Recently have had an issue with chrome with adware popping up on pages, no antivirus is picking it up either :( 

Before it was a problem that could be solved by deleting an extension in chrome that would reinstall itself randomly however this is no longer the case

 

Any ideas?

Attached Files



BC AdBot (Login to Remove)

 


#2 S52

S52
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 22 June 2015 - 04:57 AM

Should also mention it goes under the name AdAlert on Chrome but doesnt show on searches anywhere on my computer



#3 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:37 AM

Posted 22 June 2015 - 06:37 AM

Hello S52 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 

 


Edited by satchfan, 22 June 2015 - 06:40 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 S52

S52
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 22 June 2015 - 07:12 AM

Here are the attached files 

 

Situation seems to be better although originally was worse but after deleting an extension in chrome back to normal

Attached Files


Edited by S52, 22 June 2015 - 07:26 AM.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:37 AM

Posted 22 June 2015 - 09:35 AM

Thanks for the logs. In future please copy/paste them into the post, NOT attach them.

 

In the AdwCleaner instructions I asked you to select Clean when it was finished but you missed that. Please run it again and when the scan has finishe, select Clean and send the new report.

 

After you've done that:

 

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply with the AdwCleaner log.

 

Thanks

 

Satchfan.


 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 S52

S52
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 23 June 2015 - 02:46 AM

Sorry attached the wrong log Here it is below from the Adwcleaner and under that the RK log 

 

 

 

# AdwCleaner v4.207 - Logfile created 22/06/2015 at 21:56:27
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Very Baked PC - STEFANSPC
# Running from : C:\Users\Very Baked PC\Downloads\adwcleaner_4.207.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\relaydouble
Folder Deleted : C:\Program Files (x86)\PrICeMMinuss
File Deleted : C:\Program Files (x86)\prefs.js
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\7a599947-7843-8776-151e-bc1a72ad63cc
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9A44AB5B-B488-42A3-8D2B-7A0DA772F3A4}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v36.0.1 (x86 en-US)
 
[4czwnjw7.default\prefs.js] - Line Deleted : user_pref("extensions.IDCby2VUlompTpGj.scode", "(function(){try{if(window.location.href.indexOf(\"qdCGqjYFrjs6rjn8qjaFrHg4pa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
[4czwnjw7.default\prefs.js] - Line Deleted : user_pref("extensions.yvycHjAvbV3ifYnk.scode", "(function(){try{if(window.location.href.indexOf(\"qdCGqjYFrjs6rjn8qjaFrHg4pa\")>-1){return;}}catch(e){}try{var d=[[\"cryptogmail.com\",\"bancdebinary.co[...]
 
-\\ Google Chrome v43.0.2357.124
 
[C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP3DB3C15D-27ED-4CA6-B3AF-0ACBAAA111DA&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [2083 bytes] - [22/06/2015 21:55:54]
AdwCleaner[S0].txt - [2048 bytes] - [22/06/2015 21:56:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2107  bytes] ##########
 
 
 
------------------------------------------------------------------
Rogue Killer Log
 
 
RogueKiller V10.8.6.0 [Jun 22 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Very Baked PC [Administrator]
Started from : C:\Users\Very Baked PC\Downloads\RogueKiller.exe
Mode : Scan -- Date : 06/23/2015  17:59:00
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 61.9.133.193 61.9.134.49 [AUSTRALIA (AU)][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 61.9.133.193 61.9.134.49 [AUSTRALIA (AU)][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A97AA181-039F-4F97-9535-1270B62B0B21} | DhcpNameServer : 61.9.133.193 61.9.134.49 [AUSTRALIA (AU)][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A97AA181-039F-4F97-9535-1270B62B0B21} | DhcpNameServer : 61.9.133.193 61.9.134.49 [AUSTRALIA (AU)][-]  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4035149138-1050940097-2916109951-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4035149138-1050940097-2916109951-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 1 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Addr(Hook.IEAT|VT.Unknown)] (chrome.exe) ADVAPI32.dll - RegQueryValueExW : C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdateHelper.dll @ 0x643e70f0
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA WDC WD1002FAEX-0 SCSI Disk Device +++++
--- User ---
[MBR] 50175058ae5aa16df977dbe2c4eff4cb
[BSP] eb3ecd9e284bf6c1385cf46e7244436e : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ATA Samsung SSD 850 SCSI Disk Device +++++
--- User ---
[MBR] 85e04687c763b5d3f314b2dee420ee4a
[BSP] 47a09e95233bad6a812d22bf66917678 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 

Edited by S52, 23 June 2015 - 03:17 AM.


#7 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:37 AM

Posted 23 June 2015 - 03:45 AM

Nothing showing there, (as long as you are in Australia).

Let’s have a different look.

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

Please let me know what the current situation is.

Thanks

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 S52

S52
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 23 June 2015 - 04:06 AM

 Nothing more new inparticular

 

PrIcEmInUs was also something that came up often that was another adware that would come up

 

After the last few tools and the restart nothing has come back up though in terms of extensions or ads on sites

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Very Baked PC on Tue 23/06/2015 at 18:47:32.30.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Very Baked PC\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
23/06/2015 6:48:08 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\IBA Optout deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\Tunngle deleted successfully
C:\Users\Very Baked PC\AppData\Local\MigWiz deleted successfully
C:\Users\Very Baked PC\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\VERYBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\4czwnjw7.default
 
user.js not found
---- Lines extensions.IDCby2VUlompTpGj removed from prefs.js ----
user_pref("extensions.IDCby2VUlompTpGj.epoch", "1433831706");
---- Lines extensions.yvycHjAvbV3ifYnk removed from prefs.js ----
user_pref("extensions.yvycHjAvbV3ifYnk.epoch", "1433831706");
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20152306_0657_.backup
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\IBA Optout not found
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\REN322.tmp deleted
"C:\Users\Very Baked PC\AppData\Roaming\Tunngle\Local.key" deleted
"C:\Users\Very Baked PC\AppData\Roaming\Tunngle\Local.pub" deleted
"C:\Users\Very Baked PC\AppData\Roaming\Tunngle" deleted
"C:\Users\VERYBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\4czwnjw7.default\jetpack" deleted
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\VERYBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\4czwnjw7.default
- Reddit Enhancement Suite - %ProfilePath%\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}


#9 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:37 AM

Posted 23 June 2015 - 04:54 AM

Could you please post the complete result as that shouldn't be all there was.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 S52

S52
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 23 June 2015 - 05:02 AM

Sorry thought i had
 
 
 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Very Baked PC on Tue 23/06/2015 at 18:47:32.30.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Very Baked PC\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
23/06/2015 6:48:08 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\IBA Optout deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\Tunngle deleted successfully
C:\Users\Very Baked PC\AppData\Local\MigWiz deleted successfully
C:\Users\Very Baked PC\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\VERYBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\4czwnjw7.default
 
user.js not found
---- Lines extensions.IDCby2VUlompTpGj removed from prefs.js ----
user_pref("extensions.IDCby2VUlompTpGj.epoch", "1433831706");
---- Lines extensions.yvycHjAvbV3ifYnk removed from prefs.js ----
user_pref("extensions.yvycHjAvbV3ifYnk.epoch", "1433831706");
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20152306_0657_.backup
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\IBA Optout not found
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\REN322.tmp deleted
"C:\Users\Very Baked PC\AppData\Roaming\Tunngle\Local.key" deleted
"C:\Users\Very Baked PC\AppData\Roaming\Tunngle\Local.pub" deleted
"C:\Users\Very Baked PC\AppData\Roaming\Tunngle" deleted
"C:\Users\VERYBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\4czwnjw7.default\jetpack" deleted
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\VERYBA~1\AppData\Roaming\Mozilla\Firefox\Profiles\4czwnjw7.default
- Reddit Enhancement Suite - %ProfilePath%\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Very Baked PC\AppData\Roaming\Mozilla\Firefox\Profiles\4czwnjw7.default
77887617FA24E755A5A431E3E28E25E1 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll - Shockwave for Director / Shockwave for Director
 
 
==== Chromium Look ======================
 
Google Chrome Version: 43.0.2357.130
 
 
AdBlock - Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Reddit Enhancement Suite - Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb
StayFocusd - Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji
Chrome Hotword Shared Module - Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Quick Note - Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok
 
==== Chromium Startpages ======================
 
C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
p.html","content/release_notes/shortcuts.html","content/salesforce/promo.html","content/share_tools/email_sharing.html","content/share_tools/share_tools.html","content/sim_search_results.html","content/tooltips/screenshot_toast.html","content/tooltips/tooltip.html","content/tooltips/tooltip2.html","content/HtmlSerializer.js","content/frame.js","options.html","skitch/sounds/snap.wav","content/fle/fle.html","content/fle/flemarkup.css","content/fle/flemarkup.html","fonts/GothamSSm-Medium.otf","fonts/GothamSSm-Bold.otf","logs.html"]},"path":"pioclpoplcdbaefihamjohnefbikjilc\\6.4_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"soumprou.52@gmail.com","username":"soumprou.52@gmail.com"}},"homepage":"http://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP3DB3C15D-27ED-4CA6-B3AF-0ACBAAA111DA&SSPV=","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"76DEF330449E76BCA73F0C63AE0C2F3E627A0B2C946C6E072B2E31BEA56217A0"},"default_search_provider":{"keyword":"903FAB26A50B1B06CB46746140459E013D205BB12842107DCDF162A12B8968F2","name":"99CC1D8E6E961B3B5D17FE91E47943CE05C8CC64EEBC1CA40D5C10EB45EEA26E","search_url":"A4B8F278CDFDC01D2BA0986B11AA1F057E67A329BE595B7C22F4A41BADB28D05"},"default_search_provider_data":{"template_url_data":"FFDA7FF56AAB919B21645BAF819003D8E1E1E90740055548CBCCC426003BEF86"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"43A84F3A83859FAD7785876B5E64C668D9FDC60C175493581D6046939283DC35","bepbmhgboaologfdajaanbcjmnhjmhfn":"4CC6F78D9CF3A8EF2A96D44B4CB93B2EBF9BA3EE013E38CA8A3EA764B0D641BF","dfiolepojknoifmfmaooacpopandonoc":"1100C990D6DB5609E16630E2728D7945AAE545920B6E44A535C862B49CECB224","eemcgdkfndhakfknompkggombfjjjeno":"59B29BADE6BF8BF4B35F91A2661B39155C132877F1B3C318999B421AD5A0F92D","ennkphjdgehloodpbhlhldgbnhmacadg":"B1D37B8A7C9EBC4837603D5E1AE84FA72BBF0259ABFF2AE8CDB55B07FF99D48F","gcbommkclmclpchllfjekcdonpmejbdp":"0B8A9ABB7259B7AA8002F9AAC2C1E2460A9DD0E9AF729DB08BD4E172D192A579","gfdkimpbcpahaombhbimeihdjnejgicl":"C13113B876901512C47EBFC5537A828396394C8132C7D37BC2482899B8A84835","gighmmpiobklfepjocnamgkkbiglidom":"73921666954C8392D009AA3B9CDECC17185D60BF99C5F107F6A080B104646032","hajpfkonhgegaacdagamcamlniekfefp":"6536670977CE2735A9782CA7D1D886326F054AB0A1B193A7B416C7F192D32FEE","kbmfpngjjgdllneeigpgjifpgocmfgmb":"D1CEA66D0816D3103CB2C842E079BBCA71D44A3F6D864132D081D2ABC5198756","kmendfapggjehodndflmmgagdbamhnfd":"87A9211065D880D0C34389365A8C970B680969839D0F9B07A486225C1E257B75","laankejkbhbdhmipfmgcngdelahlfoji":"D5A8C9DFB0C758A520FF8F081A4601B7A57739987D206752916F9A92216354FE","lccekmodgklaepjeofjdjpbminllajkg":"02F8103CCC9CB41787FB0D402A1E296C03CE9D04314D0679EF6E6FB316A06599","lojpenhmoajbiciapkjkiekmobleogjc":"78355295C3CB9C1894C05F011CE030D55AFAB313E782D427D924A01072220D86","mfehgcgbbipciphmccgaenjidiccnmng":"FB13F587CE79E05F9C0DD06D2A96968314105BA4BFC573050B44CCAFE1C25C90","mfffpogegjflfpflabcdkioaeobkgjik":"D467121F5153E33A9BF0504BDB95DF4184FC4BC8A870E437FB6F87FCF2985FE7","mgndgikekgjfcpckkfioiadnlibdjbkf":"23280A280F98E7AA05223D768FB9EE868D155BA5EE7C474A508A99FF0DEC639D","mhjfbmdgcfjbbpaeojofohoefgiehjai":"7790EE2BBE26EEE24060036609E80D103F07E5541D9C7C72681FE0E6A22C2247","mijlebbfndhelmdpmllgcfadlkankhok":"154D496B712F03452D7FA2DA045487C418D0B28649FABE19515E8DE5DAAA3C34","mjafmkicbmhcbapadecadciafbkecofl":"FC229C32E19D6FB99B5C734A566FCFACC3817CCF2E79E90F5DC9B236BAC7C024","mmebmmnpohfhoknnlpohjaembcipocaa":"5B4FC73E5571CAF22BD48E8788E52F532E78EB6A73766C65EC24A3B853311E13","nbpagnldghgfoolbancepceaanlmhfmd":"C7CFE160F8C0430F3134B65BF71B086A7DA4AC95F7426B7B02FC129AD2877D3D","neajdppkdcdipfabeoofebfddakdcjhd":"79E59AC243847A6CEF859D6C76885958EA750DB044FBFCB86503D5278FFAC4A5","nkeimhogjdpnpccoofpliimaahmaaome":"6C20C452A66B45F46F7CE8E35D7F14A5E7C7BF57A7B00AB2D17CD874A99EEDDF","nmmhkkegccagdldgiimedpiccmgmieda":"DCDC209AB0ABD844C0BF49C0537DB4D6E4FCA7640BA6F2A04DBBF9570B4B928B","opjonmehjfmkejjifhhknofdnacklmjk":"0AA0811A4AB11B137DAFB92610F483280A986AC32494F39421726C2E25DDF3AD","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"B2AC156B350CAFCA91122670C5D279C1F1904C310F0CEED6B7F096F5C7683330","pbnmelddedlommnmllmfhoephaidddmk":"91C55532FBF6CDD4169B39011B21A78278C54B3865CB7E699EDA16EA36C36D6A","pioclpoplcdbaefihamjohnefbikjilc":"541E23F83DFBF6A62D59669F3C974ACFDA7A3209618FFF5FE10BCE254D057A07"}},"google":{"services":{"last_username":"1520FDFE2ACE4B209CC700623CF967C98EAFCA0AA53A61C29718EC24C6CD7187","username":"32160DF2F4141DE045ADE7982835C12C5256F95E2DB2C32A08D4B1FD937ECC6A"}},"homepage":"2EAD2D60322CBAA26CC3D51C1854016544353ABEC129A65C0B51BF4B340DCEE3","homepage_is_newtabpage":"ABF2B1F7C4E884D26DC80F9EE85FFA0D77003B9F10BEEFE860FC7BEEA790AAB7","pinned_tabs":"9B93B42C74C505B52EB9170183E77F0DADF659BCF2C18CA42C14975A9AE9FA90","prefs":{"preference_reset_time":"3CBBCCFF07750DE1B128B457D10AFA10FD7E79954644CC6FDF93BF25BCE6C06B"},"profile":{"reset_prompt_memento":"5F57A4210DA3925414E1B40BD9977309168BF73B049377489D63E474312F4311"},"safebrowsing":{"incidents_sent":"EE1F4FC5FAA510F3F1AA5561A8F5F9C26877606FF17BB3978BD4637CE428E4CD"},"search_provider_overrides":"B47234B7C78AEE469E1BF0BC29C1599B70C3992AC82D8CF18E72676055CC3054","session":{"restore_on_startup":"D81E8174BA4E180641D9DEAD2528C7A9C3129A66BB59E77A6BFBB5EEB18DB19C","startup_urls":"9770E51A8340449C25EB2BB4AF98FB30EC9F494AC3FCA4FCF383BF413DC3262F"},"software_reporter":{"prompt_reason":"597D904E8EEE8EAF30C33C694D482BE1BA834E6F06DC58B5F383F9C9A3476232","prompt_seed":"692E56D8FA471596B14E771FFEC6F7E8DC55A92FC7082E5EB0B5064A1E56B6CF","prompt_version":"860E50D1A3B61BC6632D3046FF16E23A9F0BB05108D5742E1BFDFD2725293A67"},"sync":{"remaining_rollback_tries":"8A63EA9585B60457FEF7E35830E66347EAE8A8120BE5220543B81C7B660D1B59"}},"super_mac":"75BD889D0ADF04EA5822487FE2E70E9238ABE8306BE4A765CCDF7D3DB345F953"},"session":{"restore_on_startup":5,"startup_urls":["http://www.google.com/"]},"sync":{"remaining_rollback_tries":0}}
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Very Baked PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Very Baked PC\AppData\Local\Mozilla\Firefox\Profiles\4czwnjw7.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=36 folders=36 31237810 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Very Baked PC\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\VERYBA~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Tue 23/06/2015 at 19:01:57.31 ======================


#11 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:37 AM

Posted 23 June 2015 - 05:21 AM

Please run Zoek again.

  • copy/paste the script inside the codebox below into the input field of Zoek:
    
    createsrpoint;
    chrdefaults;
    
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

Please also run FRST again and post that new log as well.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 S52

S52
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 23 June 2015 - 05:32 AM

I assume this Zoek line reset chrome settings? None the less the logs are below
 
 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Very Baked PC on Tue 23/06/2015 at 20:29:23.54.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Very Baked PC\Downloads\zoek.exe [Scan current user] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2015-06-23-090157.log 13419 bytes
 
==== System Restore Info ======================
 
23/06/2015 8:29:41 PM Zoek.exe System Restore Point Created Successfully.
 
==== Reset Google Chrome ======================
 
C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=36 folders=36 31237810 bytes)
 
==== EOF on Tue 23/06/2015 at 20:29:52.30 ======================
 
 
 
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
FRST Log below 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Very Baked PC (administrator) on STEFANSPC on 23-06-2015 20:31:17
Running from C:\Users\Very Baked PC\Downloads
Loaded Profiles: Very Baked PC (Available Profiles: Very Baked PC)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Flux Software LLC) C:\Users\Very Baked PC\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe
(Dropbox, Inc.) C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(ASUS) C:\Program Files (x86)\ASUS\PCE-AC68 WLAN Card Utilities\WlanMgr.exe
(TeamSpeak Systems GmbH) C:\Users\Very Baked PC\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Users\Very Baked PC\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
() C:\Users\Very Baked PC\Downloads\zoek.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-13] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-02-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4035149138-1050940097-2916109951-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-09] (Piriform Ltd)
HKU\S-1-5-21-4035149138-1050940097-2916109951-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-4035149138-1050940097-2916109951-1000\...\Run: [Dropbox Update] => C:\Users\Very Baked PC\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-4035149138-1050940097-2916109951-1000\...\Run: [f.lux] => C:\Users\Very Baked PC\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-4035149138-1050940097-2916109951-1000\...\Run: [NvLedServiceHost] => C:\Program Files (x86)\NVIDIA Corporation\LED Visualizer\NvLedServiceHost.exe [87368 2015-06-04] ()
HKU\S-1-5-21-4035149138-1050940097-2916109951-1000\...\MountPoints2: {57970519-c5f9-11e4-980f-50e549c216cc} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-4035149138-1050940097-2916109951-1000\...\MountPoints2: {6a9dd6d2-c5e1-11e4-92a5-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-4035149138-1050940097-2916109951-1000\...\MountPoints2: {89ae5866-d02c-11e4-b636-50e549c216cc} - F:\Autorun.exe
Startup: C:\Users\Very Baked PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Very Baked PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-03-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Very Baked PC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4035149138-1050940097-2916109951-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4035149138-1050940097-2916109951-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4035149138-1050940097-2916109951-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-06-02] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 61.9.133.193 61.9.134.49
 
FireFox:
========
FF ProfilePath: C:\Users\Very Baked PC\AppData\Roaming\Mozilla\Firefox\Profiles\4czwnjw7.default
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-14] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-28] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-14] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4035149138-1050940097-2916109951-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-04-04] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Extension: Reddit Enhancement Suite - C:\Users\Very Baked PC\AppData\Roaming\Mozilla\Firefox\Profiles\4czwnjw7.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2015-04-21]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-23]
CHR Extension: (Google Docs) - C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-23]
CHR Extension: (Google Drive) - C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-23]
CHR Extension: (YouTube) - C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-23]
CHR Extension: (Google Search) - C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-23]
CHR Extension: (Google Sheets) - C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-23]
CHR Extension: (Google Wallet) - C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-08]
CHR Extension: (Gmail) - C:\Users\Very Baked PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-02-15] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-04] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-04] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1931632 2015-04-15] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-03-12] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-03-09] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-03-22] (DT Soft Ltd)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-23] ()
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S1 mfnzfapa; \??\C:\Windows\system32\drivers\mfnzfapa.sys [X]
S1 pujarbqd; \??\C:\Windows\system32\drivers\pujarbqd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-23 20:29 - 2015-06-23 20:29 - 00000566 _____ C:\runcheck.txt
2015-06-23 20:29 - 2015-06-23 19:01 - 00013419 _____ C:\zoek-results2015-06-23-090157.log
2015-06-23 19:02 - 2015-06-23 19:02 - 00000000 ____D C:\Users\Very Baked PC\AppData\Local\VirtualStore
2015-06-23 18:48 - 2015-06-23 20:29 - 00001188 _____ C:\zoek-results.log
2015-06-23 18:47 - 2015-06-23 18:57 - 00000000 ____D C:\zoek_backup
2015-06-23 18:47 - 2015-06-23 18:47 - 01308672 _____ C:\Users\Very Baked PC\Downloads\zoek.exe
2015-06-23 18:11 - 2015-06-23 19:01 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-23 18:11 - 2015-06-17 16:48 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-06-23 18:11 - 2015-06-17 16:48 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-06-23 18:11 - 2015-06-17 16:48 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-06-23 18:11 - 2015-06-17 16:48 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-06-23 18:11 - 2015-06-17 16:48 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-06-23 18:11 - 2015-06-17 16:48 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-06-23 18:11 - 2015-06-17 16:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-23 18:11 - 2015-06-03 00:11 - 04421614 _____ C:\Windows\system32\nvcoproc.bin
2015-06-23 18:10 - 2015-06-17 19:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 12855416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-23 18:10 - 2015-06-17 19:10 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-06-23 18:10 - 2015-06-17 19:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-06-23 18:10 - 2015-06-17 19:10 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-23 17:54 - 2015-05-19 13:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-23 17:54 - 2015-05-19 13:14 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-23 17:44 - 2015-06-23 17:44 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-23 17:43 - 2015-06-23 18:47 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-23 17:43 - 2015-06-23 17:43 - 17679608 _____ C:\Users\Very Baked PC\Downloads\RogueKiller.exe
2015-06-22 22:04 - 2015-06-23 20:31 - 00027340 _____ C:\Users\Very Baked PC\Downloads\FRST.txt
2015-06-22 22:04 - 2015-06-22 22:06 - 00057488 _____ C:\Users\Very Baked PC\Downloads\Addition.txt
2015-06-22 22:03 - 2015-06-23 20:31 - 00000000 ____D C:\FRST
2015-06-22 22:03 - 2015-06-22 22:03 - 02109952 _____ (Farbar) C:\Users\Very Baked PC\Downloads\FRST64.exe
2015-06-22 22:02 - 2015-06-22 22:13 - 00000024 _____ C:\Users\Very Baked PC\AppData\Roaming\appdataFr25.bin
2015-06-22 22:01 - 2015-06-22 22:01 - 00001908 _____ C:\Users\Very Baked PC\Downloads\JRT.txt
2015-06-22 21:59 - 2015-06-22 21:59 - 02950454 _____ (Thisisu) C:\Users\Very Baked PC\Downloads\JRT.exe
2015-06-22 21:59 - 2015-06-22 21:59 - 00000207 _____ C:\Windows\tweaking.com-regbackup-STEFANSPC-Windows-7-Professional-(64-bit).dat
2015-06-22 21:59 - 2015-06-22 21:59 - 00000000 ____D C:\RegBackup
2015-06-22 21:55 - 2015-06-23 17:38 - 00000000 ____D C:\AdwCleaner
2015-06-22 21:55 - 2015-06-22 21:55 - 02244096 _____ C:\Users\Very Baked PC\Downloads\adwcleaner_4.207.exe
2015-06-22 19:34 - 2015-06-22 19:35 - 00688992 ____R (Swearware) C:\Users\Very Baked PC\Downloads\dds (3).com
2015-06-21 17:57 - 2015-06-21 17:57 - 00002117 _____ C:\Users\Very Baked PC\Desktop\Microsoft Security Essentials.lnk
2015-06-21 17:57 - 2015-06-21 17:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-21 17:57 - 2015-06-21 17:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-21 17:28 - 2015-06-23 19:01 - 00118322 _____ C:\Windows\PFRO.log
2015-06-21 17:15 - 2015-06-23 20:22 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-21 17:15 - 2015-06-21 17:15 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-21 17:15 - 2015-06-21 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-21 17:15 - 2015-06-21 17:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-21 17:15 - 2015-06-21 17:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-21 17:15 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-21 17:15 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-21 17:15 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-21 17:14 - 2015-06-21 17:14 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Very Baked PC\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-21 16:58 - 2015-06-21 16:58 - 00597304 _____ C:\Users\Very Baked PC\Downloads\flux-setup.exe
2015-06-21 16:58 - 2015-06-21 16:58 - 00000000 ____D C:\Users\Very Baked PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-06-21 16:58 - 2015-06-21 16:58 - 00000000 ____D C:\Users\Very Baked PC\AppData\Local\FluxSoftware
2015-06-20 17:16 - 2015-06-21 18:25 - 00000000 ____D C:\Users\Very Baked PC\AppData\Roaming\Bioshock
2015-06-20 17:16 - 2015-06-20 17:24 - 00000000 ____D C:\Users\Very Baked PC\Documents\Bioshock
2015-06-20 17:15 - 2015-06-20 17:15 - 00187961 _____ C:\Windows\DirectX.log
2015-06-17 19:33 - 2015-06-23 19:39 - 00000950 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4035149138-1050940097-2916109951-1000UA.job
2015-06-17 19:33 - 2015-06-23 19:38 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4035149138-1050940097-2916109951-1000Core.job
2015-06-17 19:33 - 2015-06-17 19:33 - 00003936 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4035149138-1050940097-2916109951-1000UA
2015-06-17 19:33 - 2015-06-17 19:33 - 00003540 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4035149138-1050940097-2916109951-1000Core
2015-06-17 19:33 - 2015-06-17 19:33 - 00000000 ____D C:\Users\Very Baked PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-17 19:33 - 2015-06-17 19:33 - 00000000 ____D C:\Users\Very Baked PC\AppData\Local\Dropbox
2015-06-17 19:33 - 2015-06-17 19:33 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-16 18:20 - 2015-06-16 18:20 - 00002525 _____ C:\Users\Very Baked PC\Desktop\Evernote.lnk
2015-06-14 12:46 - 2015-06-14 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-06-11 18:06 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-06-11 17:34 - 2015-06-11 18:06 - 00000000 ____D C:\Users\Very Baked PC\AppData\Roaming\QuickScan
2015-06-11 17:34 - 2015-06-11 17:34 - 10447328 _____ C:\Users\Very Baked PC\Downloads\Antivirus_Free_Edition_x64.exe
2015-06-11 17:34 - 2015-06-11 17:34 - 00162208 _____ C:\Users\Very Baked PC\Downloads\Antivirus_Free_Edition.exe
2015-06-10 15:32 - 2015-06-02 05:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 15:32 - 2015-06-02 04:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 15:32 - 2015-05-28 00:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 15:32 - 2015-05-28 00:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 15:32 - 2015-05-26 04:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 15:32 - 2015-05-26 04:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 15:32 - 2015-05-26 04:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 15:32 - 2015-05-26 04:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 15:32 - 2015-05-26 04:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 15:32 - 2015-05-26 04:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 15:32 - 2015-05-26 04:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 15:32 - 2015-05-26 04:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 15:32 - 2015-05-26 04:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 15:32 - 2015-05-26 04:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 15:32 - 2015-05-26 04:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 15:32 - 2015-05-26 04:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 15:32 - 2015-05-26 04:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 15:32 - 2015-05-26 04:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 15:32 - 2015-05-26 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 15:32 - 2015-05-26 04:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 15:32 - 2015-05-26 04:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 15:32 - 2015-05-26 04:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 15:32 - 2015-05-26 04:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 15:32 - 2015-05-26 04:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 04:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 15:32 - 2015-05-26 04:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 15:32 - 2015-05-26 04:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 15:32 - 2015-05-26 04:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 15:32 - 2015-05-26 04:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 15:32 - 2015-05-26 04:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 15:32 - 2015-05-26 04:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 15:32 - 2015-05-26 04:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 15:32 - 2015-05-26 04:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 15:32 - 2015-05-26 04:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 15:32 - 2015-05-26 04:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 15:32 - 2015-05-26 04:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 15:32 - 2015-05-26 04:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 15:32 - 2015-05-26 04:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 15:32 - 2015-05-26 04:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 15:32 - 2015-05-26 04:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 15:32 - 2015-05-26 04:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 15:32 - 2015-05-26 04:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 15:32 - 2015-05-26 04:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 15:32 - 2015-05-26 04:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 15:32 - 2015-05-26 04:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 15:32 - 2015-05-26 04:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 15:32 - 2015-05-26 04:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 15:32 - 2015-05-26 03:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 15:32 - 2015-05-26 03:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 15:32 - 2015-05-26 03:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 15:32 - 2015-05-26 03:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 15:32 - 2015-05-26 03:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 15:32 - 2015-05-26 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 03:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 15:32 - 2015-05-26 03:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 15:32 - 2015-05-26 02:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 15:32 - 2015-05-26 02:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 15:32 - 2015-05-26 02:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 15:32 - 2015-05-26 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 15:32 - 2015-05-23 13:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 15:32 - 2015-05-23 13:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 15:32 - 2015-05-23 13:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 15:32 - 2015-05-23 13:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 15:32 - 2015-05-23 13:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 15:32 - 2015-05-23 13:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 15:32 - 2015-05-23 13:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 15:32 - 2015-05-23 13:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 15:32 - 2015-05-23 13:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 15:32 - 2015-05-23 13:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 15:32 - 2015-05-23 13:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 15:32 - 2015-05-23 13:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 15:32 - 2015-05-23 13:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 15:32 - 2015-05-23 12:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 15:32 - 2015-05-23 12:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 15:32 - 2015-05-23 12:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 15:32 - 2015-05-23 12:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 15:32 - 2015-05-23 12:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 15:32 - 2015-05-23 12:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 15:32 - 2015-05-23 12:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 15:32 - 2015-05-23 12:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 15:32 - 2015-05-23 12:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 15:32 - 2015-05-23 12:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 15:32 - 2015-05-23 12:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 15:32 - 2015-05-23 12:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 15:32 - 2015-05-23 12:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 15:32 - 2015-05-23 05:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 15:32 - 2015-05-23 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 15:32 - 2015-05-23 05:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 15:32 - 2015-05-23 05:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 15:32 - 2015-05-23 05:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 15:32 - 2015-05-23 05:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 15:32 - 2015-05-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 15:32 - 2015-05-23 04:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 15:32 - 2015-05-23 04:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 15:32 - 2015-05-23 04:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 15:32 - 2015-05-23 04:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 15:32 - 2015-05-23 04:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 15:32 - 2015-05-23 04:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 15:32 - 2015-05-23 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 15:32 - 2015-05-23 04:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 15:32 - 2015-05-23 04:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 15:32 - 2015-05-23 04:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 15:32 - 2015-05-23 04:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 15:32 - 2015-05-23 04:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 15:32 - 2015-05-23 04:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 15:32 - 2015-05-23 04:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 15:32 - 2015-05-23 04:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 15:32 - 2015-05-23 04:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 15:32 - 2015-05-23 04:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 15:32 - 2015-05-23 04:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 15:32 - 2015-05-23 04:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 15:32 - 2015-05-23 04:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 15:32 - 2015-05-23 04:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 15:32 - 2015-05-23 04:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 15:32 - 2015-05-23 04:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 15:32 - 2015-05-23 04:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 15:32 - 2015-05-23 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 15:32 - 2015-05-23 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 15:32 - 2015-05-23 03:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 15:32 - 2015-05-23 03:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 15:32 - 2015-05-23 03:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 15:32 - 2015-05-23 03:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 15:32 - 2015-05-21 23:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 15:32 - 2015-04-30 04:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 15:32 - 2015-04-30 04:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 15:32 - 2015-04-30 04:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 15:32 - 2015-04-30 04:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 15:32 - 2015-04-30 04:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 15:32 - 2015-04-30 04:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 15:32 - 2015-04-30 04:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 15:32 - 2015-04-30 04:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 15:32 - 2015-04-30 04:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 15:32 - 2015-04-30 04:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 15:32 - 2015-04-25 04:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 15:32 - 2015-04-25 03:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 15:32 - 2015-04-11 13:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-08 16:46 - 2015-06-23 19:01 - 00005042 _____ C:\Windows\setupact.log
2015-06-08 16:46 - 2015-06-08 16:46 - 00000000 _____ C:\Windows\setuperr.log
2015-06-08 15:33 - 2015-06-08 15:34 - 06549184 _____ (Piriform Ltd) C:\Users\Very Baked PC\Downloads\ccsetup506.exe
2015-06-07 15:44 - 2015-06-10 20:14 - 00000000 ____D C:\Users\Very Baked PC\Documents\The Witcher 3
2015-06-07 15:38 - 2015-06-07 15:40 - 318801672 _____ ( ) C:\Users\Very Baked PC\Downloads\witcher3_patch_1.01.exe
2015-06-07 15:34 - 2015-06-07 15:34 - 00001955 _____ C:\Users\Public\Desktop\The Witcher® 3 - Wild Hunt.lnk
2015-06-04 17:35 - 2015-06-04 17:35 - 00000000 ____D C:\Users\Very Baked PC\Documents\EA Games
2015-06-02 20:50 - 2015-06-02 20:51 - 00032923 _____ C:\Users\Very Baked PC\Downloads\Lobster.zip
2015-06-01 21:05 - 2015-06-01 21:05 - 00000000 ____D C:\Users\Very Baked PC\AppData\Roaming\SEGA
2015-06-01 21:00 - 2015-06-01 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2015-06-01 19:13 - 2015-06-01 19:14 - 14243008 _____ (Microsoft Corporation) C:\Users\Very Baked PC\Downloads\mseinstall.exe
2015-06-01 19:10 - 2015-06-01 19:10 - 00000000 ____D C:\Users\Very Baked PC\Downloads\Kaspersky_pure_3.0
2015-06-01 18:56 - 2015-06-01 18:56 - 00000000 ___SD C:\Users\Very Baked PC\Documents\Passwords Database
2015-06-01 18:25 - 2015-06-01 19:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-01 18:08 - 2015-06-01 18:08 - 00000000 ____D C:\Users\Very Baked PC\AppData\Local\GWX
2015-06-01 18:06 - 2015-06-01 18:06 - 00314700 _____ C:\Users\Very Baked PC\Documents\ts3_clientui-win64-1407159763-2015-06-01 18_06_56.204421.dmp
2015-06-01 17:52 - 2015-06-23 17:54 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-05-30 16:44 - 2015-05-30 16:44 - 00000000 ____D C:\Users\Very Baked PC\Documents\TrialsFusion
2015-05-28 21:33 - 2015-05-28 21:33 - 00000923 _____ C:\Users\Very Baked PC\Desktop\Logitech Gaming Software 8.58.lnk
2015-05-28 21:28 - 2015-05-28 21:28 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-05-28 21:28 - 2015-05-28 21:28 - 00000000 ____D C:\Users\Very Baked PC\AppData\Local\Logitech
2015-05-28 21:28 - 2015-05-28 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-05-28 21:28 - 2015-05-28 21:28 - 00000000 ____D C:\ProgramData\LogiShrd
2015-05-28 21:28 - 2015-05-28 21:28 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2015-05-28 21:27 - 2015-05-28 21:27 - 74818632 _____ (Logitech Inc.) C:\Users\Very Baked PC\Downloads\LGS_8.58.183_x64_Logitech.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-23 20:21 - 2015-04-15 21:24 - 00000000 ____D C:\Users\Very Baked PC\AppData\Roaming\TS3Client
2015-06-23 20:09 - 2015-03-09 11:34 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-23 20:05 - 2011-01-06 23:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-23 19:10 - 2009-07-14 14:45 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-23 19:10 - 2009-07-14 14:45 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-23 19:07 - 2009-07-14 15:13 - 00788414 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-23 19:05 - 2011-01-06 23:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-23 19:05 - 2011-01-06 23:37 - 01318614 _____ C:\Windows\WindowsUpdate.log
2015-06-23 19:02 - 2015-03-22 10:55 - 00000000 ____D C:\Users\Very Baked PC\AppData\Local\Adobe
2015-06-23 19:02 - 2015-03-09 16:15 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-06-23 19:02 - 2015-03-09 11:46 - 00000000 ___RD C:\Users\Very Baked PC\Dropbox
2015-06-23 19:02 - 2015-03-09 11:36 - 00000000 ____D C:\Users\Very Baked PC\AppData\Roaming\Dropbox
2015-06-23 19:01 - 2011-01-06 23:54 - 00002259 _____ C:\Users\Very Baked PC\Desktop\Google Chrome.lnk
2015-06-23 19:01 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-23 18:12 - 2015-04-15 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-23 18:12 - 2015-03-18 17:36 - 00000000 ____D C:\Users\Very Baked PC\AppData\Local\Nvidia Corporation
2015-06-23 18:12 - 2015-03-08 19:16 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-23 18:11 - 2015-03-08 19:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-23 18:11 - 2015-03-08 19:14 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-23 18:11 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\Help
2015-06-23 17:55 - 2015-04-15 20:54 - 00001381 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-23 17:42 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-22 22:24 - 2015-03-09 11:38 - 00000000 ____D C:\Program Files\Bonjour
2015-06-22 22:24 - 2015-03-09 11:38 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-06-21 17:57 - 2015-03-08 19:22 - 00001945 _____ C:\Windows\epplauncher.mif
2015-06-21 17:28 - 2009-07-14 15:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-06-18 22:16 - 2015-03-09 12:24 - 00000000 ____D C:\Users\Very Baked PC\AppData\Roaming\Skype
2015-06-18 21:40 - 2015-03-09 11:35 - 00000000 ____D C:\ProgramData\Skype
2015-06-11 22:32 - 2015-03-09 16:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-11 22:32 - 2015-03-09 16:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 20:58 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2015-06-11 17:25 - 2009-07-14 14:45 - 05106792 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 17:24 - 2015-03-08 19:57 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 17:24 - 2015-03-08 19:57 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 17:24 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 22:11 - 2009-07-14 12:34 - 00000478 _____ C:\Windows\win.ini
2015-06-10 22:06 - 2015-03-08 19:29 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 22:02 - 2015-03-08 19:29 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 15:52 - 2015-03-09 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-08 17:31 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-06-08 15:37 - 2015-03-09 11:57 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-08 15:37 - 2015-03-09 11:57 - 00000000 ____D C:\Program Files\CCleaner
2015-06-08 15:37 - 2015-03-09 11:35 - 00000000 ____D C:\Users\Very Baked PC\AppData\Roaming\BitTorrent
2015-06-07 15:35 - 2009-07-14 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-06-07 15:34 - 2015-03-16 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-06-07 15:28 - 2015-03-16 20:38 - 00000000 ____D C:\GOG Games
2015-06-06 15:35 - 2015-04-20 19:47 - 00000000 ____D C:\Users\Very Baked PC\AppData\Local\Battle.net
2015-06-04 07:04 - 2015-04-15 20:50 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-04 07:04 - 2015-04-15 20:50 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-04 07:04 - 2015-04-15 20:50 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-04 07:04 - 2015-04-15 20:50 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-03 19:21 - 2011-01-06 23:37 - 00000000 ____D C:\Users\Very Baked PC
2015-06-03 18:45 - 2015-04-03 15:23 - 00001640 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2015-06-01 21:00 - 2011-01-06 23:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-01 17:51 - 2009-07-14 15:08 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-28 22:57 - 2015-03-08 22:37 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-05-24 11:09 - 2015-05-04 19:49 - 00001215 _____ C:\Windows\SysWOW64\debug.log
 
==================== Files in the root of some directories =======
 
2015-06-22 22:02 - 2015-06-22 22:13 - 0000024 _____ () C:\Users\Very Baked PC\AppData\Roaming\appdataFr25.bin
2015-03-08 19:26 - 2015-03-08 19:35 - 0007604 _____ () C:\Users\Very Baked PC\AppData\Local\Resmon.ResmonCfg
2015-03-08 22:04 - 2015-03-08 22:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-11 18:55 - 2015-03-11 18:59 - 0000819 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Very Baked PC\AppData\Local\Temp\7za.exe
C:\Users\Very Baked PC\AppData\Local\Temp\DaS_21.exe
C:\Users\Very Baked PC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvo_qop.dll
C:\Users\Very Baked PC\AppData\Local\Temp\hijackthis.exe
C:\Users\Very Baked PC\AppData\Local\Temp\NirCmd.exe
C:\Users\Very Baked PC\AppData\Local\Temp\PEVZ.EXE
C:\Users\Very Baked PC\AppData\Local\Temp\remove.exe
C:\Users\Very Baked PC\AppData\Local\Temp\sed.exe
C:\Users\Very Baked PC\AppData\Local\Temp\shortcut.exe
C:\Users\Very Baked PC\AppData\Local\Temp\swreg.exe
C:\Users\Very Baked PC\AppData\Local\Temp\swxcacls.exe
C:\Users\Very Baked PC\AppData\Local\Temp\wget.exe
C:\Users\Very Baked PC\AppData\Local\Temp\zoek-delete.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-13 13:23
 
==================== End of log ============================


#13 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:37 AM

Posted 23 June 2015 - 07:06 AM

Please move Farbar Recovery Scan Tool to your desktop.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.


FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
S1 mfnzfapa; \??\C:\Windows\system32\drivers\mfnzfapa.sys [X]
S1 pujarbqd; \??\C:\Windows\system32\drivers\pujarbqd.sys [X]
2015-03-08 19:26 - 2015-03-08 19:35 - 0007604 _____ () C:\Users\Very Baked PC\AppData\Local\Resmon.ResmonCfg
2015-03-08 22:04 - 2015-03-08 22:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Very Baked PC\AppData\Local\Resmon.ResmonCfg
C:\ProgramData\DP45977C.lfl
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST, (ie to the desktop), – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

Fixlog.txt
Mbam.txt


Can you tell me if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 S52

S52
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 23 June 2015 - 07:29 AM

Here is the Fixlog log 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Very Baked PC at 2015-06-23 22:15:46 Run:1
Running from C:\Users\Very Baked PC\Desktop
Loaded Profiles: Very Baked PC (Available Profiles: Very Baked PC)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
S1 mfnzfapa; \??\C:\Windows\system32\drivers\mfnzfapa.sys [X]
S1 pujarbqd; \??\C:\Windows\system32\drivers\pujarbqd.sys [X]
2015-03-08 19:26 - 2015-03-08 19:35 - 0007604 _____ () C:\Users\Very Baked PC\AppData\Local\Resmon.ResmonCfg
2015-03-08 22:04 - 2015-03-08 22:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Very Baked PC\AppData\Local\Resmon.ResmonCfg
C:\ProgramData\DP45977C.lfl
EmptyTemp:
*****************
 
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
mfnzfapa => Service removed successfully
pujarbqd => Service removed successfully
C:\Users\Very Baked PC\AppData\Local\Resmon.ResmonCfg => moved successfully.
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
"C:\Users\Very Baked PC\AppData\Local\Resmon.ResmonCfg" => File/Folder not found.
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
EmptyTemp: => 711.7 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-23 22:18:59)<=
 
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\DP45977C.lfl => Is moved successfully
 
==== End of Fixlog 22:18:59 ====
 
---------------------------------------------------------------------------------------------------------------------------------
 
MBAM Log
 
No quarantined items 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 23/06/2015
Scan Time: 10:20:34 PM
Logfile: Mbam.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.23.03
Rootkit Database: v2015.06.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Very Baked PC
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366649
Time Elapsed: 6 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
I assume now all is good or fairly close to? 


#15 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:37 AM

Posted 23 June 2015 - 08:17 AM

I would say so but I'd like you to run an online scan just to be sure.

Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:
 


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users