Jump to content

Recommended Posts

Hi sorry for late response,

This is a personal computer.  I downloaded a suspicious file a week ago and I'm not really seeing any suspicious behaviour but a threat keeps being found by malwarebytes and doesn't appear in the quarantine. I ran the scan after running the suspicious file and it was initially found in the quarantine and I deleted it from the quarantine.  Is there a problem I need to fix or should I reinstall malwarebytes and see if the threat is still in my machine?

 

Thanks in advance

Link to post
Share on other sites

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;bitsadmin /reset /allusers;bipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)



Post its content into your next reply.

 

 

 

 

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please include their content into your next reply.
 

Link to post
Share on other sites

Thanks a lot _argus!  The Zoek scanner seems to have fixed the issue.  I've run Malwarebytes again and it seems that my system is clean.  For some reason I can't attach the logs as I did in the first posts so here are the logs:

 

Here is the content of the zoek log:

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Teck Jin on Wed 06/10/2015 at 10:47:21.78.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\DLs\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

6/10/2015 10:50:53 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\ioloGovernor deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\TECKJI~1\AppData\Roaming\Mozilla\Firefox\Profiles\u3izse66.default-1431484112698

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20150610_1100_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\APN deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\isRS-000.tmp deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\SETB507.tmp deleted
C:\Windows\Syswow64\SETB528.tmp deleted
C:\Windows\Syswow64\SETB6C2.tmp deleted
"C:\Users\Teck Jin\AppData\Roaming\iolo" not deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\TECKJI~1\AppData\Roaming\Mozilla\Firefox\Profiles\u3izse66.default-1431484112698
- Flash and Video Download - C:\Users\Teck Jin\AppData\Roaming\Mozilla\Firefox\Profiles\u3izse66.default-1431484112698\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
- Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
- YouTube Video Downloader - For Context Menu - %ProfilePath%\extensions\jid1-KWFaW5zc0EbtBQ@jetpack.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Teck Jin\AppData\Roaming\Mozilla\Firefox\Profiles\u3izse66.default-1431484112698
18CF51689186AEB9D1D149AEB0E92D03    - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -    Microsoft Office 2013
2E661988463BCFA1B95D4DAAB9B0B6FA    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll -    Shockwave Flash


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Teck Jin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Teck Jin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Teck Jin\AppData\Local\Mozilla\Firefox\Profiles\u3izse66.default-1431484112698\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=42 folders=44 77056905 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Teck Jin\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\TECKJI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Teck Jin\AppData\Roaming\iolo"  not found

==== EOF on Wed 06/10/2015 at 11:04:39.57 ======================

 

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Teck Jin (administrator) on TECKJIN-PC on 10-06-2015 11:19:11
Running from D:\DLs
Loaded Profiles: Teck Jin (Available Profiles: Teck Jin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Monect) C:\Program Files (x86)\MonectHost\MonectServerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Monect) C:\Program Files (x86)\MonectHost\MonectHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Megabit\KeepAliveHD\KeepAliveHD.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [sound Blaster Recon3Di Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-21] (Creative Technology Ltd)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4521272 2015-04-27] (iolo technologies, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-332493381-3162899488-2525873557-1000\...\Run: [KeepAliveHD] => C:\Program Files (x86)\Megabit\KeepAliveHD\KeepAliveHD.exe [326144 2014-01-24] ()
HKU\S-1-5-21-332493381-3162899488-2525873557-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-332493381-3162899488-2525873557-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-05-28] (NVIDIA Corporation)
Startup: C:\Users\Teck Jin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2015-05-27]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
BootExecute: "autocheck autochk * "

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\S-1-5-21-332493381-3162899488-2525873557-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9 05 C:\Windows\SysWOW64\BfLLR.dll [196096 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9 06 C:\Windows\SysWOW64\BfLLR.dll [196096 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9 17 C:\Windows\SysWOW64\BfLLR.dll [196096 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [216064 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [216064 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [216064 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [216064 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 05 C:\Windows\system32\BfLLR.dll [216064 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 06 C:\Windows\system32\BfLLR.dll [216064 2012-07-23] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 17 C:\Windows\system32\BfLLR.dll [216064 2012-07-23] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2

FireFox:
========
FF ProfilePath: C:\Users\Teck Jin\AppData\Roaming\Mozilla\Firefox\Profiles\u3izse66.default-1431484112698
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-02-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-02-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Extension: Flash and Video Download - C:\Users\Teck Jin\AppData\Roaming\Mozilla\Firefox\Profiles\u3izse66.default-1431484112698\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-05-29]
FF Extension: YouTube Video Downloader - For Context Menu - C:\Users\Teck Jin\AppData\Roaming\Mozilla\Firefox\Profiles\u3izse66.default-1431484112698\Extensions\jid1-KWFaW5zc0EbtBQ@jetpack.xpi [2015-05-15]
FF Extension: NoScript - C:\Users\Teck Jin\AppData\Roaming\Mozilla\Firefox\Profiles\u3izse66.default-1431484112698\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-05-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-02-15] (Adobe Systems Incorporated)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-02-03] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-02-03] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [124928 2014-10-21] (Creative Technology Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4676408 2015-04-27] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MonectServerService; C:\Program Files (x86)\MonectHost\MonectServerService.exe [72192 2014-10-29] (Monect) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2012-07-23] () [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [3364720 2012-07-23] (Qualcomm Atheros, Inc.)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2012-07-23] (Qualcomm Atheros, Inc.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1066752 2014-10-21] (Creative Technology Ltd)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 monectdevices; C:\Windows\System32\DRIVERS\monectdevices.sys [15768 2013-12-03] ()
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-05-28] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2015-02-12] (EldoS Corporation)
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S3 iusb3hub; system32\DRIVERS\iusb3hub.sys [X]
S3 iusb3xhc; system32\DRIVERS\iusb3xhc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 11:04 - 2015-06-10 11:04 - 00000000 ____D C:\Users\Teck Jin\AppData\Roaming\iolo
2015-06-10 11:04 - 2015-06-10 11:04 - 00000000 ____D C:\ProgramData\ioloGovernor
2015-06-10 11:02 - 2015-06-10 10:46 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-10 10:50 - 2015-06-10 11:04 - 00005885 _____ C:\zoek-results.log
2015-06-10 10:46 - 2015-06-10 11:00 - 00000000 ____D C:\zoek_backup
2015-06-07 17:05 - 2015-06-07 17:05 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-06-07 17:05 - 2015-06-07 17:05 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-06-05 10:25 - 2015-06-10 11:19 - 00000000 ____D C:\FRST
2015-06-03 15:54 - 2015-06-03 15:54 - 00001038 _____ C:\Users\Teck Jin\Desktop\Transcribe!.lnk
2015-06-03 15:54 - 2015-06-03 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transcribe!
2015-06-03 15:54 - 2015-06-03 15:54 - 00000000 ____D C:\Program Files (x86)\Transcribe!
2015-06-03 10:27 - 2015-06-03 13:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 15:40 - 2015-06-02 15:40 - 00000000 ____D C:\Users\Teck Jin\AppData\Roaming\Neuratron
2015-06-01 17:03 - 2015-06-01 17:03 - 00000000 ____D C:\Users\Teck Jin\AppData\Local\GWX
2015-06-01 16:38 - 2015-06-01 16:38 - 00000000 ____D C:\Windows\SysWOW64\NV
2015-06-01 16:38 - 2015-06-01 16:38 - 00000000 ____D C:\Windows\system32\NV
2015-06-01 16:38 - 2015-05-28 11:52 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-01 16:37 - 2015-05-28 15:04 - 42719888 _____ C:\Windows\system32\nvcompiler.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 37741712 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 30480528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 17486856 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 16185352 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 15864064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 14495448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 10995528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-01 16:37 - 2015-05-28 15:04 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 01050440 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 00407112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 00299664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2015-06-01 16:37 - 2015-05-28 15:04 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-01 16:37 - 2015-05-28 15:04 - 00031560 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-06-01 16:27 - 2015-04-03 21:21 - 00048784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-01 16:27 - 2015-04-03 21:21 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-05-31 15:41 - 2015-06-10 11:04 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2015-05-27 16:16 - 2015-05-27 16:16 - 00000000 ____D C:\Users\Teck Jin\Documents\PCSX2
2015-05-27 15:01 - 2015-05-27 15:01 - 00000000 ____D C:\Users\Teck Jin\AppData\Roaming\Mael
2015-05-27 14:23 - 2015-05-27 14:23 - 00000000 ____D C:\Users\Teck Jin\Documents\My Games
2015-05-27 14:15 - 2015-05-27 14:15 - 00000000 ____D C:\Program Files\Flagship Studios
2015-05-27 14:11 - 2015-05-27 14:11 - 00003042 _____ C:\Windows\System32\Tasks\{3BAAFCA5-856B-4040-8111-A0D7FE36BBD8}
2015-05-27 14:02 - 2015-05-27 14:02 - 00000953 _____ C:\Users\Teck Jin\Desktop\MagicDisc.lnk
2015-05-27 14:02 - 2015-05-27 14:02 - 00000000 ____D C:\Users\Teck Jin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
2015-05-27 14:02 - 2015-05-27 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2015-05-27 14:02 - 2015-05-27 14:02 - 00000000 ____D C:\Program Files (x86)\MagicDisc
2015-05-27 14:02 - 2009-02-24 18:35 - 00255552 _____ (MagicISO, Inc.) C:\Windows\SysWOW64\Drivers\mcdbus.sys
2015-05-27 14:02 - 2009-02-24 18:35 - 00255552 _____ (MagicISO, Inc.) C:\Windows\system32\Drivers\mcdbus.sys
2015-05-26 17:18 - 2015-06-09 17:13 - 00000000 ____D C:\Users\Teck Jin\AppData\Roaming\MuseScore
2015-05-26 17:18 - 2015-05-26 17:18 - 00001053 _____ C:\Users\Teck Jin\Desktop\MuseScore 2.lnk
2015-05-26 17:18 - 2015-05-26 17:18 - 00000000 ____D C:\Users\Teck Jin\Documents\MuseScore2
2015-05-26 17:18 - 2015-05-26 17:18 - 00000000 ____D C:\Users\Teck Jin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2015-05-26 17:18 - 2015-05-26 17:18 - 00000000 ____D C:\Users\Teck Jin\AppData\Local\MuseScore
2015-05-26 17:18 - 2015-05-26 17:18 - 00000000 ____D C:\Program Files (x86)\MuseScore 2
2015-05-26 16:21 - 2015-05-26 16:21 - 00000000 ____D C:\Users\Teck Jin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software
2015-05-25 21:40 - 2015-05-25 21:40 - 00000000 ____D C:\Users\Teck Jin\AppData\Local\TempTaskUpdateDetectionEEA359E8-8245-4882-8EAA-0176FF6FCDD7
2015-05-21 10:54 - 2015-05-21 10:54 - 00000840 _____ C:\Users\Teck Jin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-05-21 10:15 - 2015-05-21 10:22 - 35854880 _____ C:\Users\Teck Jin\Downloads\torbrowser-install-4.5.1_en-US.exe
2015-05-19 16:08 - 2015-05-12 14:27 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-19 16:08 - 2015-05-12 14:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-13 09:04 - 2015-05-01 21:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:04 - 2015-05-01 21:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:04 - 2015-04-22 10:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 09:04 - 2015-04-22 09:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 09:04 - 2015-04-22 01:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 09:04 - 2015-04-22 01:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 09:04 - 2015-04-22 00:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 09:04 - 2015-04-22 00:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 09:04 - 2015-04-22 00:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 09:04 - 2015-04-22 00:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 09:04 - 2015-04-22 00:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 09:04 - 2015-04-22 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 09:04 - 2015-04-22 00:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 09:04 - 2015-04-22 00:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 09:04 - 2015-04-22 00:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 09:04 - 2015-04-22 00:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 09:04 - 2015-04-22 00:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 09:04 - 2015-04-22 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 09:04 - 2015-04-22 00:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 09:04 - 2015-04-22 00:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 09:04 - 2015-04-22 00:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 09:04 - 2015-04-22 00:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 09:04 - 2015-04-22 00:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 09:04 - 2015-04-21 23:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 09:04 - 2015-04-21 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 09:04 - 2015-04-21 23:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 09:04 - 2015-04-21 23:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 09:04 - 2015-04-21 23:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 09:04 - 2015-04-21 23:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 09:04 - 2015-04-21 23:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 09:04 - 2015-04-21 23:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 09:04 - 2015-04-21 23:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 09:04 - 2015-04-21 23:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 09:04 - 2015-04-21 23:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 09:04 - 2015-04-21 23:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 09:04 - 2015-04-21 23:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 09:04 - 2015-04-21 22:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 09:04 - 2015-04-21 22:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 09:03 - 2015-05-05 09:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 09:03 - 2015-05-05 09:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 09:03 - 2015-04-22 01:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 09:03 - 2015-04-22 00:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 09:03 - 2015-04-22 00:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 09:03 - 2015-04-22 00:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 09:03 - 2015-04-22 00:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 09:03 - 2015-04-22 00:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 09:03 - 2015-04-22 00:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 09:03 - 2015-04-22 00:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 09:03 - 2015-04-22 00:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 09:03 - 2015-04-22 00:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 09:03 - 2015-04-22 00:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 09:03 - 2015-04-22 00:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 09:03 - 2015-04-22 00:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 09:03 - 2015-04-22 00:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 09:03 - 2015-04-22 00:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 09:03 - 2015-04-21 23:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 09:03 - 2015-04-21 23:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 09:03 - 2015-04-21 23:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 09:03 - 2015-04-21 23:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 09:03 - 2015-04-21 23:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 09:03 - 2015-04-21 23:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 09:03 - 2015-04-21 23:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 09:03 - 2015-04-21 23:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 09:03 - 2015-04-21 23:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 09:03 - 2015-04-20 11:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 09:03 - 2015-04-20 11:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 09:03 - 2015-04-20 10:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 09:03 - 2015-04-20 10:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 09:03 - 2015-04-18 11:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 09:03 - 2015-04-18 10:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 09:03 - 2015-04-13 11:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 09:03 - 2015-04-08 11:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 09:03 - 2015-04-08 11:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 09:03 - 2015-04-08 11:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-11 10:35 - 2015-05-12 11:24 - 00000132 _____ C:\Users\Teck Jin\AppData\Roaming\Adobe PNG Format CC Prefs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 11:12 - 2009-07-14 12:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-10 11:12 - 2009-07-14 12:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-10 11:11 - 2009-07-14 13:13 - 00781742 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-10 11:08 - 2015-02-03 10:37 - 01098888 _____ C:\Windows\WindowsUpdate.log
2015-06-10 11:05 - 2015-05-07 15:48 - 00000000 ___RD C:\Users\Teck Jin\Google Drive
2015-06-10 11:04 - 2015-05-07 15:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-10 11:04 - 2015-02-03 12:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-10 11:04 - 2015-02-03 11:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-10 11:04 - 2010-11-21 11:47 - 02591734 _____ C:\Windows\PFRO.log
2015-06-10 11:04 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-10 11:04 - 2009-07-14 12:51 - 00096497 _____ C:\Windows\setupact.log
2015-06-10 10:57 - 2015-05-07 15:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-10 10:11 - 2015-03-03 22:50 - 00000000 ____D C:\Users\Teck Jin\AppData\Roaming\vlc
2015-06-10 10:07 - 2015-02-04 15:41 - 71120896 _____ C:\Users\Teck Jin\AppData\Local\SageThumbs.db3
2015-06-10 09:48 - 2015-02-04 11:01 - 00000000 ____D C:\Users\Teck Jin\AppData\Local\Adobe
2015-06-08 00:12 - 2015-03-12 10:29 - 00000000 ____D C:\Users\Teck Jin\AppData\Roaming\BitComet
2015-06-07 17:05 - 2015-05-07 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-04 11:06 - 2009-07-14 13:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-03 13:49 - 2015-02-03 10:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 08:48 - 2009-07-14 12:45 - 04992344 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-02 19:50 - 2015-02-03 11:35 - 00070480 _____ C:\Users\Teck Jin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-01 16:39 - 2015-02-03 12:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-01 16:38 - 2015-02-03 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-01 16:27 - 2015-02-03 12:24 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-06-01 16:27 - 2015-02-03 11:43 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-05-28 15:04 - 2015-02-03 12:34 - 12852152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-28 15:04 - 2015-02-03 12:34 - 03379680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-28 15:04 - 2015-02-03 12:34 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-05-28 15:04 - 2015-02-03 12:34 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-05-28 15:04 - 2015-02-03 12:34 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-05-28 15:04 - 2015-02-03 12:34 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-05-28 15:04 - 2015-02-03 12:34 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-05-28 12:15 - 2015-02-03 12:34 - 06872904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-28 12:15 - 2015-02-03 12:34 - 03491984 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-28 12:15 - 2015-02-03 12:34 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-28 12:15 - 2015-02-03 12:34 - 01059472 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-05-28 12:15 - 2015-02-03 12:34 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-28 12:15 - 2015-02-03 12:34 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-28 12:15 - 2015-02-03 12:34 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-05-28 12:15 - 2015-02-03 12:34 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-27 18:48 - 2015-02-03 12:34 - 04408727 _____ C:\Windows\system32\nvcoproc.bin
2015-05-27 15:22 - 2009-07-14 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-27 14:22 - 2015-02-06 17:14 - 00094875 _____ C:\Windows\DirectX.log
2015-05-26 16:35 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Help
2015-05-26 16:22 - 2015-02-03 10:37 - 00000000 ____D C:\Users\Teck Jin\AppData\Local\VirtualStore
2015-05-23 09:47 - 2015-02-03 12:02 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-23 09:47 - 2015-02-03 12:02 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-23 09:47 - 2015-02-03 12:02 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-23 09:47 - 2015-02-03 12:02 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-21 11:33 - 2015-02-12 16:09 - 00000000 ____D C:\Users\Teck Jin\dwhelper
2015-05-21 10:55 - 2015-02-09 10:16 - 00000000 ____D C:\Users\Teck Jin\Desktop\Tor Browser
2015-05-20 10:24 - 2015-04-05 16:47 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-20 10:24 - 2015-04-05 16:47 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-19 17:02 - 2015-03-19 18:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-19 17:02 - 2015-03-19 18:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-19 16:10 - 2015-02-03 11:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-05-19 16:09 - 2015-02-03 11:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-05-19 08:43 - 2015-02-03 20:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-17 14:52 - 2015-05-07 15:47 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 14:52 - 2015-05-07 15:47 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 00:55 - 2015-02-06 16:36 - 00000000 ____D C:\Users\Teck Jin\AppData\Roaming\PeaZip
2015-05-13 15:39 - 2015-02-26 15:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 12:12 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2015-05-13 11:46 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2015-05-13 10:27 - 2015-03-13 15:46 - 00000000 ____D C:\ProgramData\iolo
2015-05-13 10:26 - 2015-03-13 15:47 - 00003118 _____ C:\Windows\System32\Tasks\iolo Process Governor
2015-05-13 10:26 - 2015-03-13 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2015-05-13 10:26 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\Media
2015-05-13 10:20 - 2011-04-12 16:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 09:07 - 2015-02-03 16:32 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 09:05 - 2015-02-03 16:32 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 14:27 - 2015-02-03 12:34 - 03363224 _____ (NVIDIA Corporation) C:\Windows\system32\SETABBC.tmp
2015-05-12 14:27 - 2015-02-03 12:34 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\SETB154.tmp
2015-05-12 14:27 - 2015-02-03 12:34 - 00176064 _____ (NVIDIA Corporation) C:\Windows\system32\SETAF5B.tmp

==================== Files in the root of some directories =======

2015-05-11 10:35 - 2015-05-12 11:24 - 0000132 _____ () C:\Users\Teck Jin\AppData\Roaming\Adobe PNG Format CC Prefs
2015-02-28 23:27 - 2015-03-03 21:19 - 0016384 _____ () C:\Users\Teck Jin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-04 15:41 - 2015-06-10 10:07 - 71120896 _____ () C:\Users\Teck Jin\AppData\Local\SageThumbs.db3

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 19:00

==================== End of log ============================
 

Link to post
Share on other sites

The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings

    [*]Push Run and wait until the tool completes his work. [*]All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)


The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

 

 

 

 

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme  

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practicesKeep safe

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.