Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am i still Infected


  • This topic is locked This topic is locked
8 replies to this topic

#1 moota1514

moota1514

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 17 December 2015 - 11:39 AM

Hi i ran "zamana Antimalware free" on my laptop yesterday and today and it found a few things ill post the zemana logs as well.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-12-2015
Ran by brian (administrator) on BRIAN-PC (17-12-2015 16:22:03)
Running from C:\Users\brian.brian-PC.007\Desktop
Loaded Profiles: brian (Available Profiles: brian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.5.5.15\ns.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.5.5.15\ns.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\rundll32.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [95712 2015-11-05] (Zemana Ltd.)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177600 2015-11-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86936 2015-11-05] (Zemana Ltd.)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155792 2015-11-05] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-11-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\brian.brian-PC.007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk [2015-11-01]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1AAD145D-8198-408B-83CB-EFC3604F4411}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2624342553-3699324696-2832596899-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
HKU\S-1-5-21-2624342553-3699324696-2832596899-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/2
SearchScopes: HKLM -> DefaultScope {55F20C52-A6B5-4367-B998-8E4731F6E3D8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {55F20C52-A6B5-4367-B998-8E4731F6E3D8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {55F20C52-A6B5-4367-B998-8E4731F6E3D8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {55F20C52-A6B5-4367-B998-8E4731F6E3D8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2624342553-3699324696-2832596899-1001 -> DefaultScope {55F20C52-A6B5-4367-B998-8E4731F6E3D8} URL =
SearchScopes: HKU\S-1-5-21-2624342553-3699324696-2832596899-1001 -> {55F20C52-A6B5-4367-B998-8E4731F6E3D8} URL =
SearchScopes: HKU\S-1-5-21-2624342553-3699324696-2832596899-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=1000&geo=GB&ver=22&locale=en_GB&gct=sb&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-19] (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-19] (Siber Systems Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-19] (Siber Systems Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-19] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2624342553-3699324696-2832596899-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-19] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2624342553-3699324696-2832596899-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Norton Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\brian.brian-PC.007\AppData\Roaming\Mozilla\Firefox\Profiles\sbl5zeoy.default
FF Homepage: hxxps://www.google.co.uk/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2624342553-3699324696-2832596899-1001: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [2015-10-14] (Ginger Software)
FF user.js: detected! => C:\Users\brian.brian-PC.007\AppData\Roaming\Mozilla\Firefox\Profiles\sbl5zeoy.default\user.js [2015-10-18]
FF SearchPlugin: C:\Users\brian.brian-PC.007\AppData\Roaming\Mozilla\Firefox\Profiles\sbl5zeoy.default\searchplugins\norton-safe-search.xml [2015-11-03]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\brian.brian-PC.007\AppData\Roaming\Mozilla\Firefox\Profiles\sbl5zeoy.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2015-10-27]
FF Extension: Classic Theme Restorer - C:\Users\brian.brian-PC.007\AppData\Roaming\Mozilla\Firefox\Profiles\sbl5zeoy.default\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2015-12-05]
FF Extension: WOT - C:\Users\brian.brian-PC.007\AppData\Roaming\Mozilla\Firefox\Profiles\sbl5zeoy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: I don't care about cookies - C:\Users\brian.brian-PC.007\AppData\Roaming\Mozilla\Firefox\Profiles\sbl5zeoy.default\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2015-12-10]
FF Extension: Privacy Badger - C:\Users\brian.brian-PC.007\AppData\Roaming\Mozilla\Firefox\Profiles\sbl5zeoy.default\Extensions\jid1-MnnxcxisBPnSXQ-eff@jetpack.xpi [2015-12-05]
FF Extension: Ginger - C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com [2015-10-19] [not signed]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.2.0.0.75.com [2015-10-16] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2015-12-15]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: No Name - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-10-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [adapter@gingersoftware.com] - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com
FF Extension: Ginger - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com [2015-06-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF HKU\S-1-5-21-2624342553-3699324696-2832596899-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF HKU\S-1-5-21-2624342553-3699324696-2832596899-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-25]
CHR HKLM-x32\...\Chrome\Extension: [hmobfennjmjnkdbklhcnnfbhfibedgkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeoacafpbcihiomhlakheieifhpjdfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 NS; C:\Program Files (x86)\Norton Security\Norton Security\Engine\22.5.5.15\NS.exe [282016 2015-11-20] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12902304 2015-12-14] (Zemana Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20151207.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
S3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [28344 2015-10-13] (Windows ® Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20151216.002\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-17] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151216.041\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\Norton Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151216.041\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299128 2015-11-05] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-10-03] (NVIDIA Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-10-18] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 UBQBTUSB; C:\Windows\System32\Drivers\UBQBTUSB.sys [45360 2015-10-07] (Canon i-tech, Inc.)
R2 WiseFS; C:\Windows\WiseFs64.sys [12328 2014-12-19] (WiseCleaner.com) [File not signed]
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [202144 2015-12-16] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [202144 2015-12-16] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-17 16:22 - 2015-12-17 16:23 - 00022525 _____ C:\Users\brian.brian-PC.007\Desktop\FRST.txt
2015-12-17 16:20 - 2015-12-17 16:22 - 00000000 ____D C:\FRST
2015-12-17 16:19 - 2015-12-17 16:19 - 02370048 _____ (Farbar) C:\Users\brian.brian-PC.007\Desktop\frst64.exe
2015-12-17 14:21 - 2015-12-17 14:21 - 00001234 _____ C:\Users\brian.brian-PC.007\Desktop\ConvertXToDVD 5.lnk
2015-12-17 14:16 - 2015-12-17 16:03 - 00001271 _____ C:\Windows\ZAM_Guard.krnl.trace
2015-12-17 14:16 - 2015-12-17 15:50 - 00000620 _____ C:\Windows\ZAM.krnl.trace
2015-12-16 17:23 - 2015-12-16 17:23 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2015-12-16 17:23 - 2015-12-16 17:23 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2015-12-16 17:23 - 2015-12-16 17:23 - 00001154 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2015-12-16 17:23 - 2015-12-16 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-12-16 17:23 - 2015-12-16 17:23 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-12-16 10:32 - 2015-12-16 10:34 - 00000000 ____D C:\Users\brian.brian-PC.007\Desktop\The.Bad.Education.Movie.2015.BRRip.XviD.AC3-EVO
2015-12-15 18:08 - 2015-12-15 18:08 - 00000218 _____ C:\Users\brian.brian-PC.007\AppData\Local\recently-used.xbel
2015-12-15 16:03 - 2015-12-15 17:21 - 00000000 ____D C:\Users\brian.brian-PC.007\Desktop\The.Ridiculous.6.2015.HDRip.XviD-ETRG
2015-12-14 18:04 - 2015-12-14 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-12-14 18:04 - 2015-12-14 18:04 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2015-12-14 18:04 - 2015-12-14 18:04 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2015-12-14 18:04 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2015-12-14 18:03 - 2015-12-16 17:23 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Local\Zemana
2015-12-14 18:03 - 2015-12-14 18:03 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Local\AntiLogger Free
2015-12-13 14:57 - 2015-12-13 14:57 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Roaming\Ashampoo
2015-12-13 14:57 - 2015-12-13 14:57 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Local\ashampoo
2015-12-13 14:56 - 2015-12-13 14:57 - 00000000 ____D C:\ProgramData\Ashampoo
2015-12-12 13:51 - 2015-12-12 13:51 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Local\GWX
2015-12-11 15:11 - 2015-11-11 21:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-11 15:11 - 2015-11-11 20:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-11 15:11 - 2015-11-11 16:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-11 15:11 - 2015-11-11 16:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-11 15:11 - 2015-11-11 15:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-11 15:11 - 2015-11-11 15:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-11 15:11 - 2015-11-11 15:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-11 15:11 - 2015-11-11 15:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-11 15:11 - 2015-11-11 14:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-11 15:11 - 2015-11-10 00:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-11 15:11 - 2015-11-10 00:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-11 15:11 - 2015-11-10 00:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-11 15:11 - 2015-11-10 00:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-11 15:11 - 2015-11-10 00:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-11 15:11 - 2015-11-10 00:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-11 15:11 - 2015-11-10 00:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-11 15:11 - 2015-11-10 00:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-11 15:11 - 2015-11-10 00:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-11 15:11 - 2015-11-10 00:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-11 15:11 - 2015-11-10 00:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-11 15:11 - 2015-11-10 00:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-11 15:11 - 2015-11-10 00:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-11 15:11 - 2015-11-09 23:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-11 15:11 - 2015-11-09 23:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-11 15:11 - 2015-11-09 23:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-11 15:11 - 2015-11-09 23:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-11 15:11 - 2015-11-09 23:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-11 15:11 - 2015-11-09 23:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-11 15:11 - 2015-11-09 23:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-11 15:11 - 2015-11-09 23:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-11 15:11 - 2015-11-09 23:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-11 15:11 - 2015-11-09 23:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-11 15:11 - 2015-11-09 23:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-11 15:11 - 2015-11-08 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-11 15:11 - 2015-11-08 22:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-11 15:11 - 2015-11-08 22:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-11 15:11 - 2015-11-08 22:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-11 15:11 - 2015-11-08 22:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-11 15:11 - 2015-11-08 22:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-11 15:11 - 2015-11-08 22:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-11 15:11 - 2015-11-08 22:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-11 15:11 - 2015-11-08 22:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-11 15:11 - 2015-11-08 22:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-11 15:11 - 2015-11-08 22:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-11 15:11 - 2015-11-08 22:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-11 15:11 - 2015-11-08 22:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-11 15:11 - 2015-11-08 22:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-11 15:11 - 2015-11-08 22:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-11 15:11 - 2015-11-08 22:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-11 15:11 - 2015-11-08 21:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-11 15:11 - 2015-11-08 21:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-11 15:11 - 2015-11-08 21:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-11 15:11 - 2015-11-08 21:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-11 15:11 - 2015-11-08 21:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-11 15:11 - 2015-11-08 21:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-11 15:11 - 2015-11-08 21:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-11 15:11 - 2015-11-08 21:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-11 15:11 - 2015-11-08 21:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-11 15:11 - 2015-11-08 21:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-11 15:11 - 2015-11-08 21:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-11 15:11 - 2015-11-08 21:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-11 15:11 - 2015-11-08 20:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-11 15:11 - 2015-11-08 20:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-11 15:11 - 2015-11-08 20:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-12-11 14:52 - 2015-12-11 14:52 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-12-11 14:52 - 2015-12-11 14:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-12-11 14:52 - 2015-12-11 14:52 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-12-11 14:52 - 2015-12-11 14:52 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-12-11 14:52 - 2015-12-11 14:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-12-11 14:52 - 2015-12-11 14:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-12-11 14:52 - 2015-12-11 14:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-12-11 14:52 - 2015-12-11 14:52 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-12-11 14:52 - 2015-12-11 14:52 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-12-11 14:52 - 2015-12-11 14:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-12-11 14:52 - 2015-12-11 14:52 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-12-11 14:52 - 2015-12-11 14:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-12-11 14:52 - 2015-12-11 14:52 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-12-11 14:52 - 2015-12-11 14:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-12-11 14:52 - 2015-12-11 14:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-12-11 14:52 - 2015-12-11 14:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-12-09 16:28 - 2015-11-11 18:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 16:28 - 2015-11-11 18:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 16:28 - 2015-11-11 18:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 16:28 - 2015-11-11 18:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 16:28 - 2015-11-10 18:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 16:28 - 2015-11-10 18:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 16:28 - 2015-11-10 18:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 16:28 - 2015-11-10 18:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 16:28 - 2015-11-10 18:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 16:28 - 2015-11-10 17:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 16:28 - 2015-11-05 19:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 16:28 - 2015-11-05 19:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 16:28 - 2015-11-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-09 16:28 - 2015-11-05 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-09 16:28 - 2015-11-05 09:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 16:28 - 2015-11-03 19:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 16:28 - 2015-11-03 19:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 16:28 - 2015-11-03 18:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-09 16:28 - 2015-11-03 18:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-08 16:21 - 2015-12-08 16:21 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Stumbler.lnk
2015-12-08 11:29 - 2015-12-08 11:29 - 624152880 _____ C:\Windows\MEMORY.DMP
2015-12-08 11:29 - 2015-12-08 11:29 - 00528328 _____ C:\Windows\Minidump\120815-18673-01.dmp
2015-12-06 14:59 - 2015-12-06 14:59 - 00034344 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\fsfreedometap.sys
2015-12-06 14:52 - 2015-12-06 14:52 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Roaming\Digiarty
2015-12-04 13:50 - 2015-11-20 18:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-04 13:50 - 2015-11-20 18:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-04 13:50 - 2015-11-20 18:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-04 13:50 - 2015-11-20 18:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-04 13:50 - 2015-11-20 18:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-04 13:50 - 2015-11-20 18:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-04 13:50 - 2015-11-20 18:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-04 13:50 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-04 13:50 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-04 13:50 - 2015-11-20 18:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-04 13:50 - 2015-11-20 18:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-04 13:50 - 2015-11-20 18:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-04 13:50 - 2015-11-20 18:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-04 13:50 - 2015-11-20 18:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-04 13:50 - 2015-11-20 18:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-04 13:50 - 2015-11-20 18:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-02 14:07 - 2015-12-17 15:53 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-12-02 14:07 - 2015-12-02 14:07 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-28 15:57 - 2015-11-28 15:57 - 00000000 ____D C:\ProgramData\LHService
2015-11-27 16:10 - 2015-11-27 16:10 - 00000000 ____D C:\Users\brian.brian-PC.007\Documents\Bluetooth Exchange Folder
2015-11-27 16:10 - 2015-11-27 16:10 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Local\Broadcom
2015-11-27 16:09 - 2012-04-01 11:52 - 00594472 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
2015-11-27 16:07 - 2015-11-27 16:07 - 00000000 ____D C:\Program Files\WIDCOMM
2015-11-27 16:07 - 2012-04-01 11:52 - 00184872 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2015-11-27 16:07 - 2012-04-01 11:52 - 00163368 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
2015-11-27 16:07 - 2012-03-05 20:29 - 00210984 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2015-11-27 16:07 - 2012-03-05 20:29 - 00021544 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2015-11-27 16:07 - 2011-09-17 09:38 - 00039976 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys
2015-11-27 16:07 - 2011-07-20 15:29 - 00039340 _____ C:\Windows\system32\Drivers\BCM20702A1_001.002.014.0136.0175.hex
2015-11-25 17:30 - 2015-11-25 17:30 - 00002650 _____ C:\Users\brian.brian-PC.007\Desktop\Norton Security.lnk
2015-11-25 13:18 - 2015-11-25 13:18 - 00003248 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-11-25 13:18 - 2015-11-25 13:18 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2015-11-24 17:37 - 2015-12-12 11:45 - 02578130 _____ C:\Windows\ntbtlog.txt
2015-11-23 19:11 - 2015-11-23 19:11 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Roaming\BlueLabsSoftware
2015-11-23 18:17 - 2015-11-23 18:17 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass.lnk
2015-11-23 18:17 - 2015-11-23 18:17 - 00001097 _____ C:\Users\brian.brian-PC.007\Desktop\KeePass.lnk
2015-11-23 18:17 - 2015-11-23 18:17 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe
2015-11-21 18:09 - 2015-11-21 18:09 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Roaming\KeePass
2015-11-21 15:59 - 2015-11-21 15:59 - 00001112 _____ C:\Users\Public\Desktop\Free RAR Extract Frog.lnk
2015-11-21 15:59 - 2015-11-21 15:59 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Roaming\Philipp Winterberg
2015-11-21 15:59 - 2015-11-21 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free RAR Extract Frog
2015-11-21 15:59 - 2015-11-21 15:59 - 00000000 ____D C:\Program Files (x86)\Free RAR Extract Frog
2015-11-19 19:27 - 2015-11-19 19:27 - 00000000 ____D C:\Users\brian.brian-PC.007\Documents\PcSetup
2015-11-19 16:20 - 2015-10-08 23:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-11-19 16:20 - 2015-10-08 23:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-11-19 16:20 - 2015-10-08 23:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-11-19 16:20 - 2015-10-08 23:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-11-19 16:20 - 2015-10-08 23:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-11-19 16:20 - 2015-10-08 23:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-11-19 16:20 - 2015-10-08 23:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-11-19 16:20 - 2015-10-08 23:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-11-19 16:20 - 2015-10-08 19:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-11-19 16:20 - 2015-10-08 18:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-11-18 17:41 - 2015-12-14 14:56 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-11-18 17:41 - 2015-11-28 17:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-11-18 17:41 - 2015-11-23 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-11-18 16:28 - 2015-11-18 16:28 - 00001449 _____ C:\Users\brian.brian-PC.007\Desktop\Internet Explorer.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-17 16:20 - 2009-07-14 03:20 - 00000000 ____D C:\WINDOWS
2015-12-17 15:59 - 2009-07-14 04:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-17 15:59 - 2009-07-14 04:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-17 15:51 - 2015-09-04 17:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-17 15:51 - 2011-10-11 15:39 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-12-17 15:51 - 2011-10-11 15:39 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-12-17 15:51 - 2011-10-11 15:32 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-12-17 15:50 - 2011-10-11 17:02 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-17 15:50 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-17 14:21 - 2015-10-18 17:52 - 00099384 _____ C:\Users\brian.brian-PC.007\AppData\Roaming\inst.exe
2015-12-17 14:21 - 2015-10-18 17:52 - 00082816 _____ (VSO Software) C:\Users\brian.brian-PC.007\AppData\Roaming\pcouffin.sys
2015-12-17 14:21 - 2015-10-18 17:52 - 00007859 _____ C:\Users\brian.brian-PC.007\AppData\Roaming\pcouffin.cat
2015-12-17 14:21 - 2015-10-18 17:52 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Roaming\Vso
2015-12-17 14:21 - 2014-12-22 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2015-12-17 14:21 - 2014-04-24 11:57 - 00000000 ____D C:\Program Files (x86)\VSO
2015-12-17 14:19 - 2011-10-11 15:53 - 00000000 ____D C:\ProgramData\Sonic
2015-12-16 16:06 - 2014-04-23 18:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-16 13:23 - 2015-10-16 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-16 13:23 - 2014-04-23 18:25 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-16 13:23 - 2014-04-23 18:25 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-16 13:19 - 2015-10-18 13:10 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Roaming\vlc
2015-12-13 15:09 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-11 15:47 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-11 14:59 - 2015-10-17 18:08 - 00001379 _____ C:\Users\brian.brian-PC.007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-11 14:56 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2015-12-10 16:03 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\servicing
2015-12-10 15:59 - 2011-02-10 14:02 - 00000000 ____D C:\Windows\panther
2015-12-09 16:52 - 2009-07-14 04:45 - 00321280 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 16:51 - 2015-06-02 13:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 16:51 - 2011-10-11 15:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 16:39 - 2015-10-18 17:36 - 00000000 ____D C:\Users\brian.brian-PC.007\Desktop\DVDs+Mags
2015-12-09 16:36 - 2015-10-22 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 16:33 - 2014-04-24 10:09 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 16:29 - 2014-04-24 10:09 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 14:08 - 2009-07-14 05:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-08 17:00 - 2015-10-18 17:51 - 00000000 ____D C:\Users\brian.brian-PC.007\Documents\ConvertXToDVD
2015-12-08 16:06 - 2015-10-18 18:33 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Local\Adobe
2015-12-08 16:06 - 2014-04-24 14:54 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 16:06 - 2011-10-11 15:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-08 13:34 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-12-08 11:29 - 2014-11-24 12:52 - 00000000 ____D C:\Windows\Minidump
2015-12-07 12:45 - 2015-10-27 15:24 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Local\ElevatedDiagnostics
2015-12-07 12:45 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2015-12-06 16:03 - 2015-10-18 17:35 - 00000000 ____D C:\Users\brian.brian-PC.007\Desktop\Albums
2015-12-06 15:05 - 2015-10-10 14:51 - 00000000 ____D C:\ProgramData\F-Secure
2015-12-04 17:51 - 2014-12-17 13:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-04 16:36 - 2011-10-11 15:36 - 00000000 ____D C:\ProgramData\Temp
2015-12-04 16:35 - 2015-07-17 13:29 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-12-04 16:35 - 2014-04-23 19:57 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-11-30 15:52 - 2011-10-11 15:52 - 00000000 ____D C:\ProgramData\Roxio
2015-11-27 14:21 - 2015-10-18 17:37 - 00000000 ____D C:\Users\brian.brian-PC.007\Desktop\MY TUNES
2015-11-26 17:28 - 2014-04-24 12:31 - 00000000 ____D C:\Windows\pss
2015-11-26 17:11 - 2015-09-04 17:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-25 18:12 - 2015-10-17 18:30 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Local\Deployment
2015-11-25 13:18 - 2015-10-16 15:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-11-25 13:18 - 2015-04-19 18:19 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2015-11-20 13:59 - 2015-02-18 16:04 - 00000828 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-19 19:40 - 2015-10-17 18:18 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Roaming\Mozilla
2015-11-19 19:38 - 2015-10-22 14:00 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Local\node-webkit
2015-11-19 19:36 - 2015-10-22 13:57 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Roaming\Disconnect
2015-11-19 19:25 - 2014-04-24 11:57 - 00000000 ____D C:\ProgramData\VSO
2015-11-19 16:21 - 2015-11-13 16:50 - 00000000 ____D C:\Windows\SoftwareDistribution.old
2015-11-18 19:48 - 2015-11-11 14:36 - 00000000 ____D C:\Users\brian.brian-PC.007\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2014-04-28 18:28 - 2015-11-28 14:48 - 20320792 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-10-18 17:52 - 2015-12-17 14:21 - 0099384 _____ () C:\Users\brian.brian-PC.007\AppData\Roaming\inst.exe
2015-10-18 17:52 - 2015-12-17 14:21 - 0007859 _____ () C:\Users\brian.brian-PC.007\AppData\Roaming\pcouffin.cat
2015-10-18 17:52 - 2015-12-17 14:21 - 0001167 _____ () C:\Users\brian.brian-PC.007\AppData\Roaming\pcouffin.inf
2015-10-18 17:52 - 2015-12-17 14:21 - 0000055 _____ () C:\Users\brian.brian-PC.007\AppData\Roaming\pcouffin.log
2015-10-18 17:52 - 2015-12-17 14:21 - 0082816 _____ (VSO Software) C:\Users\brian.brian-PC.007\AppData\Roaming\pcouffin.sys
2015-12-15 18:08 - 2015-12-15 18:08 - 0000218 _____ () C:\Users\brian.brian-PC.007\AppData\Local\recently-used.xbel
2014-11-22 17:05 - 2014-11-22 17:05 - 0002568 ___SH () C:\ProgramData\win_mpwd_sys.dat

Files to move or delete:
====================
C:\ProgramData\win_mpwd_sys.dat


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-11 11:19

==================== End of FRST.txt ============================





Zamana antimalware logs

Zemana AntiMalware 2.19.2.737 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/12/16
Operating System       : Windows 7 64-bit
Processor              : 8X Intel® Core™ i7-2630QM CPU @ 2.00GHz
BIOS Mode              : Legacy
CUID                   : 00DEABB184F240438D83A9
Scan Type              : Smart Scan
Duration               : 3m 24s
Scanned Objects        : 14550
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

HarmonyNew(TEST)
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\750F76D32AE307E5A87C42F5F86C7EAE69BE7120\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\750F76D32AE307E5A87C42F5F86C7EAE69BE7120\Blob = 190000000100000010000000038AB27EC3059C57A3A406DAFC26AC8E0F0000000100000014000000034CB2A503434DE7D29C593D548C24C5423E481F030000000100000014000000750F76D32AE307E5A87C42F5F86C7EAE69BE7120140000000100000014000000E53365A42EDB654D8454A902E43E3735DA7594812000000001000000070200003082020330820170A00302010202108741A873BECDE58B4863B8B14623C049300906052B0E03021D0500301B31193017060355040313104861726D6F6E794E6577285445535429301E170D3131303332393132353432385A170D3339313233313233353935395A301B31193017060355040313104861726D6F6E794E657728544553542930819F300D06092A864886F70D010101050003818D0030818902818100B872BC668998DA8933ABE1682808110B27B6B6FAF87024F7A30473FCDF7239E9941C84FD29E7C4CE543682C6FD3CB55699E57A534814C75500AF41F75996BEE1EB823A692D0CE6FC015485300D7923FEAE404CBF7760773E07D6F38EB45F2FD1E16D5B1DDAA06403A5808243716C94852B98F1AD95709A81B12BFB8661292B710203010001A350304E304C0603551D01044530438010761007EA06AB5815F9DD6529CA233057A11D301B31193017060355040313104861726D6F6E794E657728544553542982108741A873BECDE58B4863B8B14623C049300906052B0E03021D0500038181000A456E9E5D535D8974A4D158E1A8EEC98A4E7185A167732524A002A85E6B5E1C3310114EF5C9AA09FF841171912ADBAA158CCCCF641E06B4F3F6A0AD5F875BB1A85E9FEF46E2E415CC93ACD256A56129AEE05B92A853C6056A63EFABDEF22A39FBBB96C4CC076093D5A2F6D33ACC6714E070ED3CF01838692A1FA818CCDA1BE0

Harmony(Test)
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0874A3219367D67070C0F6D15D8FB55E03AE581B\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0874A3219367D67070C0F6D15D8FB55E03AE581B\Blob = 19000000010000001000000053189320D45E648560CA8832049196DA0F0000000100000014000000055D1D96C920E46C127CACBF9231BC13AE0C846E0300000001000000140000000874A3219367D67070C0F6D15D8FB55E03AE581B14000000010000001400000094D2AA768898020798422754BD72124B0715CA1D2000000001000000FE010000308201FA30820167A003020102021038FCAD602C04E28A4DC3F64C59461E55300906052B0E03021D05003018311630140603550403130D4861726D6F6E79285465737429301E170D3130303431353036353834365A170D3339313233313233353935395A3018311630140603550403130D4861726D6F6E7928546573742930819F300D06092A864886F70D010101050003818D00308189028181008CF252D1173BE08379C024EDC8091EB633BE8B2DB9A7C9B6C5C64BAD22DDE4196D3D5712261ABE09F98EFCBAC59C53E6ED083A20B1B561D688400167E8415AEDF5D1C70C2138343A82B2928970EE311B9231D018575148A4A1393FFCBC1CC80C2440E1A6268D73938EB36F22E6450FEF8C653F27F2995C30C52F7E986E4C0DD90203010001A34D304B30490603551D010442304080109338D22B9C15EF4444101BA00AD70D4FA11A3018311630140603550403130D4861726D6F6E79285465737429821038FCAD602C04E28A4DC3F64C59461E55300906052B0E03021D05000381810045A65982B8E4F8BC7ACDA81B67C205AE7CD02987579AE9CD4757612A23DAED69A503FEB10DACE19C2D7787823BB330FA7ADB9473775EB1752A126A035E39D1652D0F9068DDC09AD87B057D80BA199F89F39113302607B5ECEF11CD5B45EF7FC61F72D65707694BFC1D2C534145C6901D26E5C0272F088E56EDA30EE696620E53

DSDTestProvider
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\02C2D931062D7B1DC2A5C7F5F0685064081FB221\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\02C2D931062D7B1DC2A5C7F5F0685064081FB221\Blob = 0200000001000000BC0000001C0000006C00000001000000200000000000000000000000020000007B00420042003900460035003200450043002D0038004200310036002D0034003900410037002D0042003100440037002D003000340037004500300041004400370034003800370030007D00000000004D006900630072006F0073006F006600740020005300740072006F006E0067002000430072007900700074006F0067007200610070006800690063002000500072006F00760069006400650072000000140000000100000014000000F39ED20744D66966D79E51807306D083EB3A91700F00000001000000400000004832110EDD033CFE952CC5D1022F69ADA9693B6169CECA01D06AB75768C7DF98CB140FC4BA3F95C7780A4C97EA8961AB57692028758021C7F5A7594E341B529603000000010000001400000002C2D931062D7B1DC2A5C7F5F0685064081FB221040000000100000010000000B52B5A2F3F5537F893759D12E0B0487819000000010000001000000055EF82227F4B93EEF44AE57BDCD7AF045C0000000100000004000000001000002000000001000000C0050000308205BC308203A4A0030201020210A44C3847F8EE7180434DB180B9A7E962300D06092A864886F70D01010D0500304E31183016060355040B130F4453445465737450726F766964657231183016060355040A130F4453445465737450726F7669646572311830160603550403130F4453445465737450726F7669646572301E170D3135303532373133333631385A170D3339313233313233353935395A304E31183016060355040B130F4453445465737450726F766964657231183016060355040A130F4453445465737450726F7669646572311830160603550403130F4453445465737450726F766964657230820222300D06092A864886F70D01010105000382020F003082020A0282020100DD26A582030B931D312C7F65F83151F272E048E9B87BB1724644CA013072E8184639045B8FD4DFC883D88F742B99BA215BF5E8CED3D5A2066F29FE088A850741998FF5231A239E8239827302E0B977C54EECE3946C1A3779FD82719422B07817DD549C015271D2F54A2BA699CA358F9EC428A8EFFDB61AE550A48137F096ECF740B73643BF66E92F1BD7BCA2064E3D56EB68645D51ECE48F88B9D128A69C92A4848DA89FBDC0193DEDE49E0295E5D0BD58DCEA9C7E3EF9B49666D4ED3D95EF1F060A1031E2C740E2E968B6A9BF3DE1B357272C2AA91ED289BD57663FF315765F85D484A727084FD332D1097AAFCA58577F6D0631BD1E0F14704DE783C8DEE877B554159D76E018884F994E4F88E786C6E571E1424953DAA780012F7E34F26578299F9E16206FAC21E77B16134C06E8EB464E2489F932C49FD028453D1CB6B3CB4449260DB5D7ADD3AF54CDD8ECA8E15B399E4B6F1C1B6B818A39B2A67CBA66B5B0827066E77AF71AF5FC35C646971009B37EC9428DC4B4ADA4FFE82F693C9C084CD948817A9BD76E6F4652DC42DC989B0592C39E1E3A6AB0C0910CECC76807337F762257EE3EDBA17E3C95044A6FB9B76632C8BFF9D262549692CEBB44C9BB4F59A5A3F5293528B4C49D201ECA3DCD344EBA24C7DCB98929D499FC5718499F81704450035DD4A408A6543F9A3BD75F799756D476E05F3B78FE35500C0CC678E30203010001A38195308192300F0603551D130101FF040530030101FF307F0603551D01047830768010E2B48D4F927D8003A3647210E06E24D0A150304E31183016060355040B130F4453445465737450726F766964657231183016060355040A130F4453445465737450726F7669646572311830160603550403130F4453445465737450726F76696465728210A44C3847F8EE7180434DB180B9A7E962300D06092A864886F70D01010D050003820201004A175C46BC5AA4C186CA7704C17445454200E9173A170541426579E7B02348B220FB6EE04F63447988B8B00B415ABBA5390F9CA9B040E284BC86FF86941F52A18F9E9D08E87A4AE4D5BF81494FB7785E1073D1A91702535596EDBDF682D150329723B9DAD4E68D07EC572166949B3B0FA16CB314DBC5840F82C6B4881B246EA8EF56381A7D9966E0CC30EB2BE60F272DF40B28CD9876FE54F7FC5E7219E5B794AC5D5CA950EA8A8A08282DDF9A86BFAC54A05CC59DB74232ABF720F0A6D5F1CD34BBBCA13B6264D31CDFF9F49B9C25150931A03BB0E9BC336F23F0FA958EB48FC470B95F0DDB9AAA93099A2C638422015235185FA2AC3E137E61033C013A2B22A0539C4E3542B5C776D40C581DAAC8B57B348D9CC2A420F60D23FE67A9BD28417FBE1950B72B3DC118953D655A7C886313E834FDF909EC2F0508848E8B38013D9BBD080EB9B7827C861376DD5C1C991371B8B17B4A9F868DA91D86A90B9738F89E36E6C242383A52BDEEF7E719D46956D7F4C1F5222C71AE8703AA7DEFE1E35B478D72C101B09A1A57A9AB7F5D9D3527D10355E557F49A4036FD77豈ࡿᝫr㫤x혐ࡿð
Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 0
Failed                : 0




Zemana AntiMalware 2.19.2.737 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/12/17
Operating System       : Windows 7 64-bit
Processor              : 8X Intel® Core™ i7-2630QM CPU @ 2.00GHz
BIOS Mode              : Legacy
CUID                   : 00DEABB184F240438D83A9
Scan Type              : Deep Scan
Duration               : 56m 20s
Scanned Objects        : 192322
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : No
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

EsgScanner.sys
Status             : Scanned
Object             : %systemroot%\system32\drivers\esgscanner.sys
MD5                : 3B32CAA07D672F8A2E0DF5CB3A873F45
Publisher          : Enigma Software Group USA, LLC
Size               : 22704
Version            : 1.2.0.119
Detection          : Scareware:Win32/FakeAV!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %systemroot%\system32\drivers\esgscanner.sys

DataSafe_9_4_57_9_4_60_x64_Update.exe
Status             : Scanned
Object             : %programfiles%\dell datasafe local backup\components\dsupdate\updates\datasafe_9_4_57_9_4_60_x64_update.exe
MD5                : 68E5CB412CFD8E89A3F5FD118ABFA8EF
Publisher          : -
Size               : 155648
Version            : 3.5.0.41364
Detection          : Malware:Win32/Thracia.A!Ieek
Cleaning Action    : Quarantine
Traces             :
                File - %programfiles%\dell datasafe local backup\components\dsupdate\updates\datasafe_9_4_57_9_4_60_x64_update.exe

ARTP3.exe
Status             : Scanned
Object             : %programw6432%\adware-removal-tool\artp3.exe
MD5                : 785CC096C1286D187B1C5C6AE95BA774
Publisher          : Pawan Kumar
Size               : 118440
Version            : 3.8.0.0
Detection          : Trojan:Win32/Quarand!Itkt
Cleaning Action    : Quarantine
Traces             :
                File - %programw6432%\adware-removal-tool\artp3.exe


Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 0
Failed                : 0



 


Edited by moota1514, 17 December 2015 - 11:45 AM.


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:10 AM

Posted 20 December 2015 - 06:24 PM

:welcome: back to BleepingComputer! 
My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.
 


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.  :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started  :thumbup2:

===================================================

 

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

 

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.
 
 
 
I don't see any malware in the logs. Let's run Malwarebytes to double check your computer is clean of infections.

Malwarebytes
Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and paste the mbam.log in your next reply.
  • .
    To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
    -- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
    • Open Malwarebytes Anti-Malware.
    • Click the History Tab at the top and select Application Logs.
    • Select (check) the box next to Scan Log. Choose the most current scan.
    • Click the View button.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
    • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    • Open Malwarebytes Anti-Malware.
    • Click the Scan Tab at the top.
    • Click the View detailed log link on the right.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
    • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

 

In your next reply, please include:

  • Malwabytes log
  • How is your computer running now? Please be as descriptive as possible

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 moota1514

moota1514
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 21 December 2015 - 08:27 AM

Hi laptop looks like its going fine

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21/12/2015
Scan Time: 11:40
Logfile: 1.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.21.03
Rootkit Database: v2015.12.18.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: brian

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 381373
Time Elapsed: 12 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by moota1514, 21 December 2015 - 08:45 AM.


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:10 AM

Posted 21 December 2015 - 06:16 PM

Ok, I think your computer is clean of infections, but let's double check.

ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using another browser, please stop here and let me know!
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.
  • Click this link to open ESET OnlineScan.
  • Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
  • When prompted allow the Add-On/Active X to install.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.
Don't forget to re-enable your antivirus when finished!
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 moota1514

moota1514
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 22 December 2015 - 08:19 AM


 


Edited by moota1514, 22 December 2015 - 08:24 AM.


#6 moota1514

moota1514
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 22 December 2015 - 08:26 AM

Hi here is the ESET.scan




 

Attached Files



#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:10 AM

Posted 22 December 2015 - 04:57 PM

Your computer looks clean.

Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and possibly infected system restore points:
  • You can uninstall programs that you had to install (e.g. ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Tips

I recommend to read and follow advice in the "16 simple and easy ways to keep your computer safe and secure on the Internet" [ Link ] by Lawrence Abrams.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 moota1514

moota1514
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 23 December 2015 - 10:31 AM

Thanks for your kind help............ :bananas:



#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:08:10 AM

Posted 23 December 2015 - 08:53 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users