Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Alfasistem Memory folder keeps coming back with Privoxy and proxy server changed


  • This topic is locked This topic is locked
7 replies to this topic

#1 longphi1080

longphi1080

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:25 AM

Posted 10 September 2015 - 11:37 AM

Well, this folder appear like twice every month and I don't remember how I got it. I just delete the folder, run CCleaner registry fix, run Malwarebytes, run AdwCleaner, run HitmanPro and somehow the problem is still there.

 

I ran Farbar Recovery Tool Scan, got "Line 9051 Error: Subscript used on non-accessible variable" message. I am not sure what to do with that information. What now?

 
AdwCleaner logs:
# AdwCleaner v5.007 - Logfile created 10/09/2015 at 23:43:13
# Updated 08/09/2015 by Xplode
# Database : 2015-09-08.2 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Manh Duc - COMPUTER
# Running from : C:\Users\Cua\Desktop\adwcleaner_5.007.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : PrivoxyService
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\SecureWebChannel
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [618 bytes] ##########
 
# AdwCleaner v5.007 - Logfile created 11/09/2015 at 00:03:19
# Updated 08/09/2015 by Xplode
# Database : 2015-09-08.2 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Manh Duc - COMPUTER
# Running from : C:\Users\Cua\Desktop\adwcleaner_5.007.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Cua\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [770 bytes] ##########
 
Malwarebytes logs:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Error, 10/09/2015 11:24 PM, SYSTEM, COMPUTER, Update, Bad md5 or size: akadomains, 11, 
Error, 10/09/2015 11:24 PM, SYSTEM, COMPUTER, Update, Bad md5 or size: akaips, 11, 
Update, 10/09/2015 11:24 PM, SYSTEM, COMPUTER, Manual, Remediation Database, 2015.5.13.1, 2015.8.28.2, 
Update, 10/09/2015 11:24 PM, SYSTEM, COMPUTER, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1, 
Update, 10/09/2015 11:24 PM, SYSTEM, COMPUTER, Manual, IP Database, 0.0.0.0, 2015.9.9.1, 
Update, 10/09/2015 11:24 PM, SYSTEM, COMPUTER, Manual, AKA IP Database, 0.0.0.0, 2015.9.10.1, 
Update, 10/09/2015 11:24 PM, SYSTEM, COMPUTER, Manual, Domain Database, 0.0.0.0, 2015.9.10.6, 
Update, 10/09/2015 11:24 PM, SYSTEM, COMPUTER, Manual, AKA Domain Database, 0.0.0.0, 2015.9.10.3, 
Update, 10/09/2015 11:24 PM, SYSTEM, COMPUTER, Manual, Malware Database, 2015.6.3.3, 2015.9.10.6, 
Scan, 10/09/2015 11:48 PM, SYSTEM, COMPUTER, Manual, Start:10/09/2015 11:24 PM, Duration:23 min 32 sec, Threat Scan, Completed, 1 Malware Detection, 2 Non-Malware Detections, 
Error, 10/09/2015 11:56 PM, SYSTEM, COMPUTER, Protection, IsLicensed, 13, 
Protection, 10/09/2015 11:56 PM, SYSTEM, COMPUTER, Protection, Malware Protection, Stopping, 
Protection, 10/09/2015 11:56 PM, SYSTEM, COMPUTER, Protection, Malware Protection, Stopped, 
 
(end)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/09/2015
Scan Time: 11:24 PM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.10.06
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Manh Duc
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376613
Time Elapsed: 23 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.Privoxy.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE, Quarantined, [df5feb4317742c0a3ac1b4739d66a55b], 
 
Registry Values: 1
PUP.Optional.Privoxy.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE|ImagePath, "C:\Program Files (x86)\Alfasistem Memory\privoxy.exe" --service, Quarantined, [df5feb4317742c0a3ac1b4739d66a55b]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Backdoor.Agent.WD, C:\Users\Cua\AppData\Local\Temp\hp_up_53523222.exe, Quarantined, [eb538aa4bad1fc3a2fcd8abc0af643bd], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by longphi1080, 10 September 2015 - 12:07 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 12 September 2015 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

How is the computer running now?

#3 longphi1080

longphi1080
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:25 AM

Posted 12 September 2015 - 09:39 AM

Hi nasdaq. My computer is running fine, at least for now. I ran Zoek and FRST, here are the scan results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Manh Duc (administrator) on COMPUTER (12-09-2015 21:28:49)
Running from C:\Users\Cua\Desktop
Loaded Profiles: Manh Duc (Available Profiles: Manh Duc)
Platform: Windows 10 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\UniKey\UniKeyNT.exe
(Microsoft Corporation) C:\Users\Cua\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-18] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKU\S-1-5-21-2859149560-2021249466-1407946645-1001\...\Run: [UniKey] => C:\Program Files\UniKey\UniKeyNT.exe [316928 2009-11-02] ()
HKU\S-1-5-21-2859149560-2021249466-1407946645-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-19] (Microsoft Corporation)
HKU\S-1-5-21-2859149560-2021249466-1407946645-1001\...\Run: [OneDrive] => C:\Users\Cua\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-20] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-08-26] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9dcb3fc4-b38f-415b-af2c-4244e7a07ffc}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9dcb3fc4-b38f-415b-af2c-4244e7a07ffc}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2859149560-2021249466-1407946645-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
HKU\S-1-5-21-2859149560-2021249466-1407946645-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2859149560-2021249466-1407946645-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll [2013-11-10] (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll [2013-11-10] (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll [2013-11-10] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll [2013-11-10] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-2859149560-2021249466-1407946645-1001 -> No Name - {E120ACB6-21BA-45ED-9E79-32079107C103} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\Cua\AppData\Roaming\Mozilla\Firefox\Profiles\dgw4fr76.default
FF SelectedSearchEngine: Yahoo
FF Homepage: about:newtab
FF NetworkProxy: "user_pref("network.proxy.type", 5)
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2859149560-2021249466-1407946645-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cua\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Extension: Dictionary Extension - C:\Users\Cua\AppData\Roaming\Mozilla\Firefox\Profiles\dgw4fr76.default\Extensions\jid0-raWjElI57dRa4jx9CCiYm5qZUQU@jetpack.xpi [2015-07-11]
FF Extension: No Youtube Comments - C:\Users\Cua\AppData\Roaming\Mozilla\Firefox\Profiles\dgw4fr76.default\Extensions\jid1-YMBCq41qvDdqcA@jetpack.xpi [2015-06-10]
FF Extension: Adblock Plus - C:\Users\Cua\AppData\Roaming\Mozilla\Firefox\Profiles\dgw4fr76.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-22]
 
Chrome: 
=======
CHR Profile: C:\Users\Cua\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Cua\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-02]
CHR Extension: (YouTube) - C:\Users\Cua\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-02]
CHR Extension: (Adblock Plus) - C:\Users\Cua\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-06]
CHR Extension: (Google Search) - C:\Users\Cua\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-02]
CHR Extension: (Google Calendar) - C:\Users\Cua\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-08-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cua\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-02]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Cua\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cua\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR Extension: (Gmail) - C:\Users\Cua\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [File not signed]
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-26] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-07-28] (ASUS Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-14] (LogMeIn Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-09-09] ()
S3 hwdatacard; C:\Windows\system32\DRIVERS\ZDDriver.sys [122496 2010-01-20] (ZD Secret Incorporated)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek                                            )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-12 21:28 - 2015-09-12 21:29 - 00000000 ___DC C:\FRST
2015-09-12 21:28 - 2015-09-12 21:28 - 00016638 ____C C:\Users\Cua\Desktop\FRST.txt
2015-09-12 21:26 - 2015-09-12 21:26 - 00000000 __HDC C:\OneDriveTemp
2015-09-12 21:25 - 2015-09-12 21:25 - 00016148 ____C C:\WINDOWS\system32\COMPUTER_Manh Duc_HistoryPrediction.bin
2015-09-12 21:19 - 2015-09-12 21:02 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-12 21:07 - 2015-09-12 21:25 - 00009611 ____C C:\zoek-results.log
2015-09-12 21:02 - 2015-09-12 21:28 - 02190848 ____C (Farbar) C:\Users\Cua\Desktop\FRST64.exe
2015-09-12 21:02 - 2015-09-12 21:17 - 00000000 ___DC C:\zoek_backup
2015-09-12 20:59 - 2015-09-12 21:02 - 01308672 ____C C:\Users\Cua\Desktop\zoek.exe
2015-09-12 20:35 - 2015-09-12 20:35 - 00002628 ____C C:\Users\Cua\Desktop\ESETScan.txt
2015-09-12 14:11 - 2015-09-12 14:11 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-12 14:04 - 2015-09-12 14:11 - 02870984 ____C (ESET) C:\Users\Cua\Desktop\esetsmartinstaller_enu.exe
2015-09-11 13:49 - 2015-09-11 14:13 - 00000000 ____D C:\Users\Cua\AppData\Roaming\Panda Security
2015-09-11 13:45 - 2015-09-11 14:14 - 00000000 ____D C:\ProgramData\Panda Security
2015-09-10 23:57 - 2015-09-12 21:25 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-10 23:56 - 2015-09-12 21:24 - 00004314 _____ C:\WINDOWS\PFRO.log
2015-09-09 18:31 - 2015-09-09 18:31 - 00000000 ____D C:\Users\Cua\AppData\Roaming\NVIDIA
2015-09-09 18:30 - 2015-09-09 19:21 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-09-09 18:13 - 2015-09-10 23:58 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-09 15:54 - 2015-09-02 08:20 - 00077400 ____C (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 15:54 - 2015-09-02 07:25 - 03586560 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 15:54 - 2015-09-02 07:25 - 01382912 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 15:54 - 2015-08-27 13:36 - 03620736 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 15:54 - 2015-08-27 13:32 - 00608936 ____C (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 15:54 - 2015-08-27 13:04 - 21874688 ____C (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 15:54 - 2015-08-27 12:59 - 02880032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 15:54 - 2015-08-27 12:55 - 24594944 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 15:54 - 2015-08-27 12:54 - 00541248 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 15:54 - 2015-08-27 12:54 - 00365568 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 15:54 - 2015-08-27 12:51 - 02350592 ____C (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 15:54 - 2015-08-27 12:51 - 01774592 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 15:54 - 2015-08-27 12:49 - 01008640 ____C (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 15:54 - 2015-08-27 12:47 - 12503552 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 15:54 - 2015-08-27 12:43 - 00826880 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 15:54 - 2015-08-27 12:43 - 00576000 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 15:54 - 2015-08-27 12:42 - 00596480 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 15:54 - 2015-08-27 12:42 - 00578560 ____C (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 15:54 - 2015-08-27 12:42 - 00187904 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 15:54 - 2015-08-27 12:42 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 15:54 - 2015-08-27 12:39 - 00045568 ____C (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 15:54 - 2015-08-27 12:23 - 19324416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 15:54 - 2015-08-27 12:23 - 00303104 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 15:54 - 2015-08-27 12:16 - 18806272 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 15:54 - 2015-08-27 12:16 - 02153472 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 15:54 - 2015-08-27 12:16 - 01612288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 15:54 - 2015-08-27 12:12 - 00650752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 15:54 - 2015-08-27 12:12 - 00504320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 15:54 - 2015-08-27 12:11 - 00484352 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 15:54 - 2015-08-27 12:11 - 00139776 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 15:54 - 2015-08-27 12:09 - 11262464 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 15:54 - 2015-08-27 12:08 - 00037376 ____C (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-07 14:50 - 2015-09-07 14:53 - 00000000 ____D C:\Users\Cua\AppData\Roaming\Teeworlds
2015-09-07 12:30 - 2015-09-07 12:30 - 00001840 ____C C:\Users\Cua\Desktop\iTunes.lnk
2015-09-01 00:17 - 2015-08-31 05:47 - 00040264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-09-01 00:17 - 2015-08-26 01:38 - 42840184 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 37819184 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 22559352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 18569336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 17932648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 16646624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 15630616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 15334976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 14945552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 13667032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 12611824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 12192048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 02354808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 02105976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 01898104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435582.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 01558648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435582.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 01178576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 01075320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 01064752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 01001440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 00986232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 00945272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 00632848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 00408368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 00387536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 00364152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 00316120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 00155976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-09-01 00:17 - 2015-08-26 01:38 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-08-31 22:54 - 2015-08-31 22:54 - 00000000 ____D C:\Users\Cua\AppData\Local\Curve Digital
2015-08-31 17:25 - 2015-09-01 15:41 - 00000000 ____D C:\Users\Cua\AppData\Roaming\Origin
2015-08-31 17:19 - 2015-09-03 09:07 - 00000000 ____D C:\ProgramData\Origin
2015-08-30 22:31 - 2015-08-20 13:02 - 22324656 ____C (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-30 22:30 - 2015-08-20 13:07 - 08019296 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-30 22:30 - 2015-08-20 13:06 - 00609592 ____C (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-30 22:30 - 2015-08-20 12:26 - 00168960 ____C (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-30 22:30 - 2015-08-20 12:16 - 20857848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-30 22:30 - 2015-08-20 12:13 - 02235904 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-30 22:30 - 2015-08-20 12:09 - 00929280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-30 22:30 - 2015-08-18 14:56 - 02498808 ____C C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-30 22:30 - 2015-08-18 14:55 - 00373072 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-30 22:30 - 2015-08-18 14:54 - 01396064 ____C (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-30 22:30 - 2015-08-18 14:27 - 01771592 ____C C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-30 22:30 - 2015-08-18 14:24 - 00963920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-30 22:30 - 2015-08-18 14:13 - 00497664 ____C (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-30 22:30 - 2015-08-18 14:13 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-30 22:30 - 2015-08-18 14:12 - 02225664 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-30 22:30 - 2015-08-18 14:04 - 00859136 ____C (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-30 22:30 - 2015-08-18 13:59 - 01294336 ____C (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-30 22:30 - 2015-08-18 13:58 - 00187392 ____C (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-30 22:30 - 2015-08-18 13:58 - 00050176 ____C (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-30 22:30 - 2015-08-18 13:56 - 00079872 ____C (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-30 22:30 - 2015-08-18 13:54 - 00247296 ____C C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-30 22:30 - 2015-08-18 13:52 - 01888768 ____C (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-30 22:30 - 2015-08-18 13:49 - 01061888 ____C (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-30 22:30 - 2015-08-18 13:49 - 00274432 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-30 22:30 - 2015-08-18 13:29 - 01593344 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-30 22:30 - 2015-08-18 11:44 - 00008847 ____C C:\WINDOWS\system32\ResPriHMImageList
2015-08-30 22:29 - 2015-08-20 12:21 - 00193024 ____C (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-30 22:29 - 2015-08-18 14:07 - 02226688 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-30 22:29 - 2015-08-18 14:04 - 01234944 ____C (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-30 22:29 - 2015-08-18 13:59 - 00140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-30 22:29 - 2015-08-18 13:58 - 00117760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-30 22:29 - 2015-08-18 13:58 - 00112640 ____C (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-30 22:29 - 2015-08-18 13:57 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-30 22:29 - 2015-08-18 13:55 - 02178560 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-30 22:29 - 2015-08-18 13:54 - 00322048 ____C (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-30 22:29 - 2015-08-18 13:50 - 01795072 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-30 22:29 - 2015-08-18 13:49 - 00246272 ____C (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-30 22:29 - 2015-08-18 13:36 - 01226752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-30 22:29 - 2015-08-18 13:35 - 00100352 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-30 22:29 - 2015-08-18 13:35 - 00095744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-30 22:29 - 2015-08-18 13:34 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-30 22:29 - 2015-08-18 13:26 - 00195584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-28 15:01 - 2015-08-28 15:01 - 00000000 ____D C:\Users\Cua\AppData\Local\ToonHUD
2015-08-28 15:00 - 2015-08-28 15:00 - 00000000 ____D C:\Users\Cua\AppData\Local\Self_Updater
2015-08-24 21:30 - 2015-08-24 21:30 - 00001738 ____C C:\Users\Cua\Desktop\Personal Statement.lnk
2015-08-24 14:38 - 2015-08-07 18:07 - 01898288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435560.dll
2015-08-24 14:38 - 2015-08-07 18:07 - 01558832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435560.dll
2015-08-24 14:27 - 2015-08-25 22:57 - 06884984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-08-24 14:27 - 2015-08-25 22:57 - 03496752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-08-24 14:27 - 2015-08-25 22:57 - 02558584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-08-24 14:27 - 2015-08-25 22:57 - 01062520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-08-24 14:27 - 2015-08-25 22:57 - 00937592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-08-24 14:27 - 2015-08-25 22:57 - 00385144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-08-24 14:27 - 2015-08-25 22:57 - 00075056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-08-24 14:27 - 2015-08-25 22:57 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-08-24 14:27 - 2015-08-25 20:02 - 05165808 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-08-24 13:58 - 2015-08-24 13:58 - 00000000 ____D C:\Users\Cua\AppData\Local\NVIDIA
2015-08-24 13:57 - 2015-08-27 07:37 - 01423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-08-24 13:57 - 2015-08-27 07:37 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-08-24 13:57 - 2015-08-27 07:36 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-08-24 13:57 - 2015-08-27 07:36 - 01710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-08-24 13:57 - 2015-08-24 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-24 13:57 - 2015-08-11 11:52 - 00072504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-08-24 13:57 - 2015-08-11 11:52 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-08-24 13:57 - 2015-08-11 11:52 - 00050472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-08-23 00:51 - 2015-08-23 14:39 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-23 00:40 - 2015-08-23 00:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-23 00:21 - 2015-08-23 00:21 - 00000000 ____D C:\Users\Cua\AppData\Roaming\Synaptics
2015-08-22 23:48 - 2015-08-23 00:20 - 00009735 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-08-22 23:17 - 2015-08-22 23:50 - 00000000 ____D C:\Users\Cua\AppData\Roaming\NCH Software
2015-08-22 23:17 - 2015-08-22 23:17 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2015-08-22 23:17 - 2015-08-22 23:17 - 00000000 ____D C:\ProgramData\NCH Software
2015-08-22 23:13 - 2013-08-22 05:16 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2015-08-22 23:09 - 2015-08-23 00:20 - 00000000 ____D C:\ProgramData\Intel
2015-08-22 23:08 - 2015-08-22 23:08 - 00000000 ____D C:\Users\Cua\Intel
2015-08-20 22:40 - 2015-08-20 22:51 - 00000000 ____D C:\Users\Cua\AppData\Local\RelicHuntersZero
2015-08-20 22:28 - 2015-09-09 19:16 - 00001234 _____ C:\WINDOWS\system32\.crusader
2015-08-20 18:41 - 2015-08-20 18:42 - 00000000 ____D C:\Users\Cua\AppData\Roaming\Syncios
2015-08-20 18:14 - 2015-08-20 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-20 18:13 - 2015-08-20 18:14 - 00000000 ____D C:\Program Files\iTunes
2015-08-20 18:13 - 2015-08-20 18:13 - 00000000 ____D C:\Program Files\iPod
2015-08-20 18:13 - 2015-08-20 18:13 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-20 18:12 - 2015-08-20 18:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-20 18:12 - 2015-08-20 18:12 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-08-20 18:12 - 2015-08-20 18:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-08-20 18:12 - 2015-08-20 18:12 - 00000000 ____D C:\Program Files\Bonjour
2015-08-20 18:12 - 2015-08-20 18:12 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-08-20 18:12 - 2015-08-20 18:12 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-08-19 22:08 - 2015-08-13 11:22 - 02093056 ____C (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-19 22:08 - 2015-08-13 11:20 - 00414208 ____C (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-19 22:08 - 2015-08-13 10:53 - 00311808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-19 22:08 - 2015-08-11 17:04 - 04532304 ____C (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-19 22:08 - 2015-08-11 17:04 - 02462648 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-19 22:08 - 2015-08-11 17:04 - 01087296 ____C (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-19 22:08 - 2015-08-11 17:03 - 00442208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-19 22:08 - 2015-08-11 17:02 - 00554744 ____C (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-19 22:08 - 2015-08-11 17:02 - 00292856 ____C (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-19 22:08 - 2015-08-11 17:02 - 00080720 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-19 22:08 - 2015-08-11 16:52 - 00993104 ____C (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-19 22:08 - 2015-08-11 16:50 - 01643872 ____C (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-19 22:08 - 2015-08-11 16:40 - 04048808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-19 22:08 - 2015-08-11 16:40 - 02151208 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-19 22:08 - 2015-08-11 16:40 - 00918320 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-19 22:08 - 2015-08-11 16:38 - 00454000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-19 22:08 - 2015-08-11 16:37 - 00243800 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-19 22:08 - 2015-08-11 16:26 - 00845664 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-19 22:08 - 2015-08-11 16:23 - 16706560 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-19 22:08 - 2015-08-11 16:21 - 00148992 ____C (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-19 22:08 - 2015-08-11 16:21 - 00052224 ____C (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-19 22:08 - 2015-08-11 16:20 - 00483328 ____C (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-19 22:08 - 2015-08-11 16:19 - 00235520 ____C (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-19 22:08 - 2015-08-11 16:18 - 00235008 ____C (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-19 22:08 - 2015-08-11 16:16 - 02416640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-19 22:08 - 2015-08-11 16:14 - 00404480 ____C C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-19 22:08 - 2015-08-11 16:13 - 00413184 ____C C:\WINDOWS\system32\diagtrack_win.dll
2015-08-19 22:08 - 2015-08-11 16:11 - 02446336 ____C C:\WINDOWS\system32\InputService.dll
2015-08-19 22:08 - 2015-08-11 16:11 - 00553472 ____C (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-19 22:08 - 2015-08-11 16:10 - 00778752 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-19 22:08 - 2015-08-11 16:10 - 00324096 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 22:08 - 2015-08-11 16:10 - 00293376 ____C C:\WINDOWS\system32\TextInputFramework.dll
2015-08-19 22:08 - 2015-08-11 16:09 - 00032768 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-19 22:08 - 2015-08-11 16:08 - 00893440 ____C (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-19 22:08 - 2015-08-11 16:08 - 00563200 ____C (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-19 22:08 - 2015-08-11 16:07 - 01178112 ____C (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-19 22:08 - 2015-08-11 16:07 - 00593920 ____C (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-19 22:08 - 2015-08-11 16:07 - 00115712 ____C (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-19 22:08 - 2015-08-11 16:06 - 07523328 ____C (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-19 22:08 - 2015-08-11 16:06 - 02662400 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-19 22:08 - 2015-08-11 16:05 - 03527168 ____C (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-19 22:08 - 2015-08-11 16:05 - 00996352 ____C (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-19 22:08 - 2015-08-11 16:05 - 00342016 ____C (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-19 22:08 - 2015-08-11 16:05 - 00269312 ____C (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-19 22:08 - 2015-08-11 16:05 - 00137216 ____C (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-19 22:08 - 2015-08-11 16:05 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-19 22:08 - 2015-08-11 16:03 - 02558976 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-19 22:08 - 2015-08-11 16:02 - 00621056 ____C (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-19 22:08 - 2015-08-11 16:02 - 00186368 ____C (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-19 22:08 - 2015-08-11 16:01 - 01334784 ____C (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-19 22:08 - 2015-08-11 16:00 - 00336384 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-19 22:08 - 2015-08-11 16:00 - 00274432 ____C (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-19 22:08 - 2015-08-11 15:59 - 01106432 ____C (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-19 22:08 - 2015-08-11 15:59 - 00642560 ____C (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-19 22:08 - 2015-08-11 15:59 - 00123392 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-19 22:08 - 2015-08-11 15:59 - 00042496 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-19 22:08 - 2015-08-11 15:58 - 00372224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-19 22:08 - 2015-08-11 15:57 - 13024768 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-19 22:08 - 2015-08-11 15:57 - 00159744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-19 22:08 - 2015-08-11 15:51 - 01916928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-19 22:08 - 2015-08-11 15:51 - 01823232 ____C C:\WINDOWS\SysWOW64\InputService.dll
2015-08-19 22:08 - 2015-08-11 15:50 - 00420352 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-19 22:08 - 2015-08-11 15:50 - 00200704 ____C C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-19 22:08 - 2015-08-11 15:50 - 00131584 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-19 22:08 - 2015-08-11 15:49 - 00586752 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-19 22:08 - 2015-08-11 15:49 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 22:08 - 2015-08-11 15:48 - 00671232 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-19 22:08 - 2015-08-11 15:47 - 00448512 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-19 22:08 - 2015-08-11 15:45 - 01820672 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-19 22:08 - 2015-08-11 15:43 - 02748416 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-19 22:08 - 2015-08-11 15:42 - 05454848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-19 22:08 - 2015-08-11 15:40 - 01964544 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-19 22:08 - 2015-08-11 15:40 - 01112064 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-19 22:08 - 2015-08-11 15:39 - 00280576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-19 22:08 - 2015-08-11 15:38 - 00162304 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-18 16:18 - 2015-08-18 16:23 - 00000000 ____D C:\Users\Cua\AppData\Roaming\iFunbox_UserCache
2015-08-18 15:35 - 2015-08-18 15:55 - 00000000 ____D C:\Users\Cua\AppData\Roaming\WindSolutions
2015-08-18 15:35 - 2015-08-18 15:43 - 00000000 ____D C:\ProgramData\WindSolutions
2015-08-14 18:55 - 2015-09-12 21:27 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-08-14 13:45 - 2015-08-23 00:38 - 00003628 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2015-08-14 13:44 - 2015-08-14 13:44 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-08-14 13:43 - 2015-08-14 13:43 - 00065456 _____ C:\WINDOWS\system32\ASGCoInstaller_x64.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-12 21:26 - 2015-07-31 19:40 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-12 21:26 - 2015-05-13 22:17 - 00000000 ___DC C:\Users\Cua\OneDrive
2015-09-12 21:25 - 2015-07-10 19:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-12 21:25 - 2015-06-06 18:23 - 00000342 ____C C:\WINDOWS\Tasks\iToolsDaemon.job
2015-09-12 21:24 - 2015-07-10 18:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-12 21:24 - 2015-07-10 16:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-12 21:24 - 2015-05-13 01:43 - 00000892 ____C C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-09-12 21:17 - 2013-08-22 22:36 - 00000000 __HDC C:\WINDOWS\system32\GroupPolicy
2015-09-12 21:10 - 2015-08-02 16:59 - 00000924 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-12 20:35 - 2014-06-09 10:59 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-12 20:35 - 2014-01-12 14:37 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FCF40BAA-6034-477D-A3B4-73400B40786F}
2015-09-12 14:11 - 2015-07-10 18:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-11 14:16 - 2015-07-10 19:20 - 00406152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-10 23:56 - 2015-07-10 18:04 - 00000000 ____D C:\WINDOWS\Cursors
2015-09-10 23:42 - 2015-07-31 19:37 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-10 21:56 - 2015-08-01 11:12 - 00003414 _____ C:\WINDOWS\System32\Tasks\Alfasistem Memory Schedualer
2015-09-10 18:33 - 2015-07-31 20:05 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-09 19:20 - 2015-07-10 18:04 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-09-09 19:18 - 2015-07-31 19:44 - 00000000 ____D C:\Users\Cua
2015-09-09 19:18 - 2015-07-10 23:29 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 19:18 - 2015-07-10 18:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-09 18:07 - 2015-07-10 17:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-09 18:07 - 2014-01-12 17:04 - 00000000 ___DC C:\ProgramData\Microsoft Help
2015-09-09 18:05 - 2014-01-14 19:50 - 00000000 ___DC C:\WINDOWS\system32\MRT
2015-09-06 14:17 - 2015-07-10 18:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-03 19:02 - 2014-01-18 12:31 - 00291512 ____C C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2015-09-03 19:01 - 2014-01-16 19:25 - 00000000 ___DC C:\Users\Cua\AppData\Local\PunkBuster
2015-09-03 18:58 - 2014-01-18 12:19 - 00291496 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-09-01 00:20 - 2015-07-31 19:33 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-31 23:45 - 2015-07-10 18:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-31 22:56 - 2015-07-31 19:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-31 08:20 - 2015-08-03 12:57 - 00000000 ___DC C:\temp
2015-08-31 05:47 - 2015-08-11 18:05 - 11188880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-08-31 00:24 - 2015-07-10 18:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-08-31 00:23 - 2015-07-10 18:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-28 14:05 - 2015-08-02 16:59 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 14:05 - 2015-08-02 16:59 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-28 14:05 - 2015-08-02 16:59 - 00000920 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-26 18:37 - 2014-01-14 19:50 - 134753440 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-26 01:38 - 2015-08-11 18:05 - 03480792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-08-26 01:38 - 2015-08-11 18:05 - 03074776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-08-26 01:38 - 2015-08-11 18:05 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-08-26 01:38 - 2015-08-11 18:05 - 00034044 _____ C:\WINDOWS\system32\nvinfo.pb
2015-08-24 14:27 - 2015-07-31 19:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-24 14:27 - 2015-07-10 18:04 - 00000000 ____D C:\WINDOWS\Help
2015-08-24 14:25 - 2015-07-31 19:32 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-08-23 00:20 - 2015-07-31 19:34 - 00000000 ____D C:\Program Files\Intel
2015-08-23 00:20 - 2014-01-12 15:01 - 00000000 ___DC C:\Program Files (x86)\Intel
2015-08-22 22:09 - 2013-08-22 20:25 - 00000139 ____C C:\WINDOWS\win.ini
2015-08-20 21:58 - 2014-04-13 23:30 - 00000000 __DOC C:\Users\Cua\SkyDrive
2015-08-20 21:57 - 2015-07-31 21:00 - 00002370 _____ C:\Users\Cua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-20 18:11 - 2014-03-16 12:22 - 00000000 ___DC C:\ProgramData\Apple
2015-08-20 03:30 - 2015-07-10 18:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-18 13:00 - 2015-08-11 11:43 - 00000000 ____D C:\Users\Cua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-14 13:44 - 2015-07-31 19:33 - 00000000 ____D C:\ProgramData\SetupTPDriver
2015-08-13 20:54 - 2014-01-12 16:58 - 00000000 ___DC C:\Program Files\DIFX
 
==================== Files in the root of some directories =======
 
2009-02-13 11:02 - 2009-02-13 11:02 - 0080896 ____C (Microsoft Corporation) C:\Program Files\devcon_amd64.exe
2015-07-31 19:34 - 2015-07-31 19:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-08 11:34
 
==================== End of FRST.txt ============================

Attached Files


Edited by longphi1080, 12 September 2015 - 09:46 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 12 September 2015 - 01:24 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Toolbar: HKU\S-1-5-21-2859149560-2021249466-1407946645-1001 -> No Name - {E120ACB6-21BA-45ED-9E79-32079107C103} -  No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {0E938CAA-4DA2-4FBE-8E8D-3577D357B255} - System32\Tasks\Security Defrag => C:\Users\Cua\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {1B4ABC5D-C221-4532-9B18-C9D204D22A9B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3C2A6636-E0A5-42B7-A5BC-C7F394D03B19} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {50C05317-65BF-4B22-85F8-B9B896B80337} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {84428A5A-AEDC-4833-B3F7-89B09BBA6832} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9F411E6F-7EE9-48D0-9DE6-58FB5EEB4781} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8234093-EBAB-4DEB-B725-8FD960DAAD29} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BAE42EA8-90B5-4E43-963E-555B0CF6B7EA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BDCB181A-2D73-4C65-8FE1-3603071E348D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C7111C91-2B42-4901-AE17-75EBF716B518} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E29E8D53-995C-4A53-991B-FD3FA233630E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EFEFE916-8C82-4527-B3C9-2250124E1C1D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
C:\Users\Cua\AppData\Roaming\Updater\winupd.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now.

#5 longphi1080

longphi1080
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:25 AM

Posted 13 September 2015 - 05:55 AM

My computer still looks OK. Here's the fix log:
 
Fix result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Manh Duc (2015-09-13 11:47:29) Run:1
Running from C:\Users\Cua\Desktop
Loaded Profiles: Manh Duc (Available Profiles: Manh Duc)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Toolbar: HKU\S-1-5-21-2859149560-2021249466-1407946645-1001 -> No Name - {E120ACB6-21BA-45ED-9E79-32079107C103} -  No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {0E938CAA-4DA2-4FBE-8E8D-3577D357B255} - System32\Tasks\Security Defrag => C:\Users\Cua\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {1B4ABC5D-C221-4532-9B18-C9D204D22A9B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3C2A6636-E0A5-42B7-A5BC-C7F394D03B19} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {50C05317-65BF-4B22-85F8-B9B896B80337} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {84428A5A-AEDC-4833-B3F7-89B09BBA6832} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9F411E6F-7EE9-48D0-9DE6-58FB5EEB4781} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A8234093-EBAB-4DEB-B725-8FD960DAAD29} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BAE42EA8-90B5-4E43-963E-555B0CF6B7EA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BDCB181A-2D73-4C65-8FE1-3603071E348D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C7111C91-2B42-4901-AE17-75EBF716B518} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E29E8D53-995C-4A53-991B-FD3FA233630E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EFEFE916-8C82-4527-B3C9-2250124E1C1D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
C:\Users\Cua\AppData\Roaming\Updater\winupd.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2859149560-2021249466-1407946645-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E120ACB6-21BA-45ED-9E79-32079107C103} => value removed successfully
HKCR\CLSID\{E120ACB6-21BA-45ED-9E79-32079107C103} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5" => key removed successfully
SmbDrvI => service removed successfully
wfpcapture => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E938CAA-4DA2-4FBE-8E8D-3577D357B255}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E938CAA-4DA2-4FBE-8E8D-3577D357B255}" => key removed successfully
C:\WINDOWS\System32\Tasks\Security Defrag => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Defrag" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B4ABC5D-C221-4532-9B18-C9D204D22A9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B4ABC5D-C221-4532-9B18-C9D204D22A9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C2A6636-E0A5-42B7-A5BC-C7F394D03B19}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C2A6636-E0A5-42B7-A5BC-C7F394D03B19}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50C05317-65BF-4B22-85F8-B9B896B80337}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50C05317-65BF-4B22-85F8-B9B896B80337}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84428A5A-AEDC-4833-B3F7-89B09BBA6832}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84428A5A-AEDC-4833-B3F7-89B09BBA6832}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F411E6F-7EE9-48D0-9DE6-58FB5EEB4781}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F411E6F-7EE9-48D0-9DE6-58FB5EEB4781}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8234093-EBAB-4DEB-B725-8FD960DAAD29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8234093-EBAB-4DEB-B725-8FD960DAAD29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BAE42EA8-90B5-4E43-963E-555B0CF6B7EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAE42EA8-90B5-4E43-963E-555B0CF6B7EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDCB181A-2D73-4C65-8FE1-3603071E348D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDCB181A-2D73-4C65-8FE1-3603071E348D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7111C91-2B42-4901-AE17-75EBF716B518}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7111C91-2B42-4901-AE17-75EBF716B518}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E29E8D53-995C-4A53-991B-FD3FA233630E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E29E8D53-995C-4A53-991B-FD3FA233630E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFEFE916-8C82-4527-B3C9-2250124E1C1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFEFE916-8C82-4527-B3C9-2250124E1C1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"C:\Users\Cua\AppData\Roaming\Updater\winupd.exe" => File/Folder not found.
EmptyTemp: => 219.6 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 11:48:18 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 13 September 2015 - 07:29 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 longphi1080

longphi1080
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:25 AM

Posted 13 September 2015 - 07:49 AM

Thank you for taking your time to help me. I really appreciate it.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:25 AM

Posted 14 September 2015 - 06:26 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users