Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus blocking me from doing almost anything [Closed]


  • This topic is locked This topic is locked

#1
TheElderTrolls

TheElderTrolls

    Member

  • Member
  • PipPip
  • 14 posts
Hello GTG.

A couple days ago my computer encountered a virus completely blocking me from opening any software, browsing the web, basic Windows administration features(removing software and several settings).
It also leaves me unable to use or install any virus scan, whether in safe mode or not.
I'm still able to open a hand full of exe's though, but not the one's I need.
It tells me that I can't open one or more files because of my internet security settings.
I've already tried setting that back through a regedit file with no success.

I honestly have no idea how this crap got on my computer, nor how to remove it.
 
I wasn't able to run OTL(both in safe mode and not in safe mode) so I can't paste the logs here.
Exception EOIeSysError at 000584a5, keyset not defined.
 
Thanks in advance.

Edited by TheElderTrolls, 16 December 2014 - 09:12 AM.

  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

 

 

Answer these questions, they should help me better assess your situation.

 

What Windows version is running?

Any idea: 32- or 64-bit?


  • 0

#3
TheElderTrolls

TheElderTrolls

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

 

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

 

 

Answer these questions, they should help me better assess your situation.

 

What Windows version is running?

Any idea: 32- or 64-bit?

 

Hi Naathim, thank you for assisting me.

My OS is 64bit.


Edited by TheElderTrolls, 16 December 2014 - 10:09 AM.

  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

What Windows version is running?

Windows XP, Vista, 7, 8, 8.1?


  • 0

#5
TheElderTrolls

TheElderTrolls

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

 

What Windows version is running?

Windows XP, Vista, 7, 8, 8.1?

 

8.1


  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Do you have the access to anothe one clean machine and a thumbdrive?


  • 0

#7
TheElderTrolls

TheElderTrolls

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Do you have the access to anothe one clean machine and a thumbdrive?

Yes I do.


  • 0

#8
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

OK, let's try to get any view of what's going on there...

 

FRST.gif Scan with Farbar Recovery Scan Tool from the Recovery Environment

On a clean machine please download Farbar Recovery Scan Tool and save it to the root of your flash drive.

There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system (64-bit).

 

Plug the flash drive into the infected PC.

WindowsKey.png Enter the System Recovery Options

Enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Select Command Prompt.

notepad.png Access the notepad and identify your USB drive

In the Command Prompt please type in notepad.exe and press Enter.

  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.

Note down the letter and close the notepad.

FRST.gif Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:

  • Type in e:\frst.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
    Please mind also that for 64-bit systems you need to type in FRST64.exe!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.

When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Please include the content of that logfile in your next reply.


  • 0

#9
TheElderTrolls

TheElderTrolls

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I was unable to access that boot menu because it has dualboot(both grub and windows dualboot) enabled. 
I was whatsoever able to run the file through safe mode, and here are the results.
Also 2 strage desktop.ini's appeared with a timestamp dating from before the installation of this windows.
Not sure if this is related but I'll include them.
 
Edit: My educated guess says cvxasync.exe might cause this issue.
Edit2: These might be traces left from an old survfox(something like that) browser hijacker which has been removed already, don't know if it has anything to do with the current issues.
Also, cvxasync.exe is nowhere to be found, which supports this theory.

Attached Files


Edited by Naathim, 16 December 2014 - 11:37 AM.
quoting removed

  • 0

#10
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
1. Stop quoting every answer - it makes a thread difficult to read. Just post a new reply either using the box at the bottom or Post new reply button please.

2. I don't want the attachments - I told it in my first post. Please post that log directly as a text in your reply.

Thank you for your cooperation :)
  • 0

Advertisements


#11
TheElderTrolls

TheElderTrolls

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Mees (administrator) on MADMAX on 16-12-2014 17:42:18
Running from F:\
Loaded Profile: Mees (Available profiles: Mees & Admin)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) F:\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3991032115-1765476521-650572198-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-3991032115-1765476521-650572198-1001\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-3991032115-1765476521-650572198-1001\...\Run: [f.lux] => C:\Users\Mees\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3991032115-1765476521-650572198-1001\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe <==== ATTENTION 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3991032115-1765476521-650572198-1001 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.co...rms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-3991032115-1765476521-650572198-1001 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.co...rms}&gsc.page=1
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\Mees\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\Mees\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-05]
CHR Extension: (Google Documenten) - C:\Users\Mees\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-05]
CHR Extension: (Google Drive) - C:\Users\Mees\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-05]
CHR Extension: (YouTube) - C:\Users\Mees\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-05]
CHR Extension: (Adblock Plus) - C:\Users\Mees\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-18]
CHR Extension: (Google Zoeken) - C:\Users\Mees\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-05]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Mees\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2014-12-10]
CHR Extension: (Google Spreadsheets) - C:\Users\Mees\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-05]
CHR Extension: (Google Wallet) - C:\Users\Mees\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05]
CHR Extension: (Gmail) - C:\Users\Mees\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-05]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-11-07] ()
S2 RadeonPro Support Service; D:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [833728 2014-11-18] (Valve Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 AsrRamDisk; C:\Windows\System32\drivers\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)
S3 atillk64; C:\Users\Mees\AppData\Local\Temp\RarSFX0\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
S3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2735616 2013-12-11] (C-Media Inc)
S3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 AxtuDrv; \??\C:\WINDOWS\SysWOW64\Drivers\AxtuDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-16 17:26 - 2014-12-16 17:42 - 00000000 ____D () C:\FRST
2014-12-16 17:23 - 2014-12-16 17:23 - 00000919 _____ () C:\Users\Mees\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-16 17:23 - 2014-12-16 17:23 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-16 17:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-16 17:23 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-16 17:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-16 15:56 - 2014-12-16 15:50 - 00602112 _____ (OldTimer Tools) C:\Users\Mees\Desktop\OTL.exe
2014-12-16 15:26 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-16 15:26 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-16 15:13 - 2014-12-16 15:13 - 00000000 ____D () C:\Users\Mees\Desktop\New folder
2014-12-14 16:17 - 2014-12-14 16:05 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Mees\Desktop\rkill.exe
2014-12-14 16:08 - 2014-12-16 15:05 - 00002162 _____ () C:\Users\Mees\Desktop\Rkill.txt
2014-12-14 15:37 - 2014-12-14 15:37 - 00051022 _____ () C:\Users\Mees\Documents\run.reg
2014-12-14 15:33 - 2014-12-14 15:33 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3991032115-1765476521-650572198-1003
2014-12-14 15:27 - 2014-12-14 15:28 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages
2014-12-14 15:27 - 2014-12-14 15:27 - 00001276 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-14 15:27 - 2014-12-14 15:27 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2014-12-14 15:27 - 2014-12-14 15:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-12-14 15:27 - 2014-12-14 15:27 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2014-12-14 15:27 - 2014-12-14 15:27 - 00000000 ____D () C:\Users\Admin
2014-12-14 15:27 - 2014-11-14 02:34 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-14 15:27 - 2014-11-13 00:25 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-14 15:27 - 2014-03-18 11:15 - 00000369 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-14 15:27 - 2014-03-18 11:15 - 00000369 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-14 15:27 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-14 15:27 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-14 15:00 - 2014-12-14 15:00 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\Malwarebytes
2014-12-13 16:54 - 2014-12-13 16:54 - 00000222 _____ () C:\Users\Mees\Desktop\Call of Duty Advanced Warfare - Multiplayer.url
2014-12-11 15:39 - 2014-12-11 15:39 - 09698760 _____ (Nota Inc. ) C:\Users\Mees\Downloads\Gyazo-2.3.0 (1).exe
2014-12-10 19:47 - 2014-12-10 19:47 - 00040545 _____ () C:\Users\Mees\Downloads\((demonoid.pw))-Katchafire_Discography.TORRENT
2014-12-10 19:18 - 2014-12-10 19:18 - 00018871 _____ () C:\Users\Mees\Downloads\[katproxy.com]the.long.dark.v1.56.windows.viruz.torrent
2014-12-10 16:04 - 2014-12-10 16:04 - 00000553 _____ () C:\Users\Mees\Downloads\viewport.txt
2014-12-10 14:26 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 14:26 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 14:26 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 14:26 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 14:26 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 14:26 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 14:25 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 14:25 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 14:25 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 14:25 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 14:25 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 14:25 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 14:25 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 14:25 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 14:25 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 14:25 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 14:25 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 14:25 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 14:25 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 14:25 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 14:25 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 14:25 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 14:25 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 14:25 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 14:25 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 14:25 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 14:25 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 14:25 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 14:25 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 14:25 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 14:25 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 14:25 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 14:25 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 14:25 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 14:25 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 14:25 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 14:25 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 14:25 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 14:25 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 14:25 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 14:25 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 14:25 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 14:25 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 14:25 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 14:25 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 14:25 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 14:25 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 14:25 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 14:25 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 14:25 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 14:25 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-10 12:15 - 2014-12-10 12:15 - 00053564 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201412101215535028.log
2014-12-10 12:15 - 2014-12-10 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-10 12:15 - 2014-12-10 12:15 - 00000000 ____D () C:\ProgramData\ATI
2014-12-10 12:12 - 2014-12-10 12:13 - 302470552 _____ (AMD Inc.) C:\Users\Mees\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2014-12-10 11:51 - 2014-12-10 11:51 - 00011310 _____ () C:\Users\Mees\Downloads\Battle-Royale-v050.torrent
2014-12-08 18:44 - 2014-10-24 23:48 - 01920512 _____ (LinGon) C:\Users\Mees\Desktop\DeadRising3+26Tr-LNG_v1.5.0.exe
2014-12-08 07:36 - 2013-07-02 16:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\WINDOWS\system32\Drivers\IOMap64.sys
2014-12-07 21:01 - 2014-12-07 21:01 - 01760331 _____ () C:\Users\Mees\Downloads\DeadRising3+26Tr-LNG_v1.5.0.rar
2014-12-07 20:35 - 2014-12-07 20:35 - 00000030 _____ () C:\Users\Mees\Downloads\user (1).ini
2014-12-07 19:50 - 2014-12-07 19:50 - 00000028 _____ () C:\Users\Mees\Downloads\user.ini
2014-12-07 18:26 - 2014-12-07 18:36 - 00001042 _____ () C:\Users\Mees\Desktop\Dead Rising 3 Apocalypse Edition.lnk
2014-12-07 18:26 - 2014-12-07 18:26 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\Dead Rising 3 Apocalypse Edition
2014-12-07 18:26 - 2014-12-07 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-12-07 17:41 - 2014-12-14 16:20 - 00000000 ____D () D:\Program Files (x86)\Dead Rising 3 Apocalypse Edition
2014-12-07 16:59 - 2014-12-07 16:59 - 13163326 _____ () C:\Users\Mees\Downloads\Realistic Shadows Mod-86-1-2.rar
2014-12-07 16:53 - 2014-12-07 16:53 - 18605140 _____ () C:\Users\Mees\Downloads\Cryengine MIX-14-0-0-2-1.rar
2014-12-07 16:43 - 2014-12-07 16:44 - 00133015 _____ () C:\Users\Mees\Downloads\New Amazing Effects EXPLOSIONS DUST SMOKE UPDATE-97-0-7Beta.zip
2014-12-07 16:42 - 2014-12-07 16:42 - 00001977 _____ () C:\Users\Public\Desktop\State of Decay - Lifeline.lnk
2014-12-07 16:42 - 2014-12-07 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Studios
2014-12-07 16:41 - 2014-12-07 16:41 - 00000000 ____D () D:\Program Files (x86)\Microsoft Studios
2014-12-07 15:24 - 2014-12-07 15:24 - 1208502997 _____ () C:\Users\Mees\Downloads\HL2EP2 Content Addon (Jul2014).rar
2014-12-07 15:23 - 2014-12-07 15:24 - 1500064412 _____ () C:\Users\Mees\Downloads\HL2+ Content Addon (Jul2014).rar
2014-12-07 15:22 - 2014-12-07 15:22 - 585937014 _____ () C:\Users\Mees\Downloads\HL2EP1 Content Addon (Jul2014).rar
2014-12-07 14:40 - 2014-12-07 14:40 - 00005640 _____ () C:\Users\Mees\Downloads\spawnlist_extract_v2p.zip
2014-12-07 14:35 - 2014-12-07 14:37 - 615532164 _____ () C:\Users\Mees\Downloads\hl2_episode_1and2_addon.zip
2014-12-07 14:30 - 2014-12-07 14:31 - 83854275 _____ () C:\Users\Mees\Downloads\extract-first-v2d.zip
2014-12-03 21:38 - 2014-12-03 21:38 - 00000570 _____ () C:\Users\Public\Desktop\Fraps.lnk
2014-12-03 21:38 - 2014-12-03 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-12-03 21:38 - 2014-12-03 21:38 - 00000000 ____D () C:\Fraps
2014-12-03 21:36 - 2014-12-03 21:37 - 02326976 _____ (Beepa Pty Ltd) C:\Users\Mees\Downloads\setup (1).exe
2014-12-03 21:30 - 2014-12-03 21:31 - 00002507 _____ () C:\Users\Mees\Desktop\The Vanishing of Ethan Carter (x64).lnk
2014-12-03 21:30 - 2014-12-03 21:30 - 00002229 _____ () C:\Users\Mees\Desktop\The Vanishing of Ethan Carter (x32).lnk
2014-12-03 21:30 - 2014-12-03 21:30 - 00002014 _____ () C:\Users\Mees\Desktop\Launcher The Vanishing of Ethan Carter.lnk
2014-12-03 21:30 - 2014-12-03 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMT-MAX.ORG
2014-12-03 21:22 - 2014-12-03 21:30 - 00000000 ____D () D:\Program Files (x86)\The Vanishing of Ethan Carter
2014-12-03 19:53 - 2014-12-03 19:53 - 00000220 _____ () C:\Users\Mees\Desktop\Garry's Mod.url
2014-12-03 15:42 - 2014-12-03 15:42 - 04552655 _____ () C:\Users\Mees\Downloads\Midhrastic ENB for Fallout 3 2.0a-18107-2-0a.7z
2014-12-03 15:35 - 2014-12-03 15:36 - 01975528 _____ () C:\Users\Mees\Downloads\enbseries_falloutnv_v0263.zip
2014-12-03 15:35 - 2014-12-03 15:35 - 01583397 _____ () C:\Users\Mees\Downloads\enbseries_fallout3_v0203enboost.zip
2014-12-03 15:30 - 2014-12-03 15:30 - 00330843 _____ () C:\Users\Mees\Downloads\Agoodstart-5325.rar
2014-12-03 15:25 - 2014-12-03 15:25 - 00284942 _____ () C:\Users\Mees\Downloads\FO3_3GB_ENABLER-6510.7z
2014-12-03 15:08 - 2014-12-03 15:10 - 209307929 _____ () C:\Users\Mees\Downloads\Fallout 3 Redesigned-6341-2-73.rar
2014-12-03 15:08 - 2014-12-03 15:08 - 00384875 _____ () C:\Users\Mees\Downloads\fose_v1_2_beta2.7z
2014-12-03 14:57 - 2014-12-03 14:57 - 00686405 _____ () C:\Users\Mees\Downloads\SweetFX_1-5-1 for Fallout 3-18362-1-0.7z
2014-12-03 14:57 - 2014-12-03 14:57 - 00686405 _____ () C:\Users\Mees\Downloads\SweetFX_1-5-1 for Fallout 3-18362-1-0 (1).7z
2014-12-03 14:53 - 2014-12-03 14:55 - 00000000 ____D () C:\Users\Mees\AppData\Local\Fallout3
2014-12-02 15:29 - 2014-12-02 15:29 - 00488228 _____ () C:\Users\Mees\Downloads\1417530515929.zip
2014-12-02 15:25 - 2014-12-02 15:25 - 00000000 ____D () C:\Users\Mees\AppData\Local\My Games
2014-12-02 15:25 - 2014-12-02 15:25 - 00000000 ____D () C:\ProgramData\Steam
2014-12-02 15:21 - 2014-12-02 15:21 - 00502106 _____ () C:\Users\Mees\Downloads\1417529950335.zip
2014-12-02 15:15 - 2014-12-03 11:27 - 00000000 ____D () D:\Program Files (x86)\Sid Meiers Civilization Beyond Earth
2014-12-02 15:15 - 2014-12-02 15:15 - 00000719 _____ () C:\Users\Public\Desktop\Sid Meiers Civilization Beyond Earth.lnk
2014-12-02 15:15 - 2014-12-02 15:15 - 00000719 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meiers Civilization Beyond Earth.lnk
2014-12-01 20:09 - 2014-12-01 20:09 - 00000854 _____ () C:\Users\Public\Desktop\Fallout 3.lnk
2014-12-01 20:09 - 2014-12-01 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 3
2014-12-01 20:02 - 2014-12-03 15:43 - 00000000 ____D () D:\Program Files\Fallout 3
2014-12-01 18:11 - 2014-12-01 18:11 - 00019277 _____ () C:\Users\Mees\Downloads\Epoch_0.2.5_RC1.zip.torrent
2014-12-01 18:09 - 2014-12-01 18:09 - 00001370 _____ () C:\Users\Mees\AppData\Roaming\BreakingPoint_Options.ini
2014-12-01 18:09 - 2014-12-01 18:09 - 00000309 _____ () C:\Users\Mees\AppData\Roaming\BreakingPoint_Login.ini
2014-12-01 17:55 - 2014-12-01 17:55 - 00000637 _____ () C:\Users\Mees\Desktop\Breaking Point.lnk
2014-12-01 17:49 - 2014-12-01 17:50 - 01543680 _____ (Alderon Games) C:\Users\Mees\Downloads\BP_Installer.exe
2014-11-30 21:50 - 2014-11-30 21:50 - 00000000 ____D () C:\Users\Mees\Documents\Rockstar Games
2014-11-30 21:50 - 2014-11-30 21:50 - 00000000 ____D () C:\Users\Mees\AppData\Local\Chromium
2014-11-30 21:40 - 2014-11-30 21:40 - 00000796 _____ () C:\Users\Mees\Desktop\Max Payne 3.lnk
2014-11-30 21:40 - 2014-11-30 21:40 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\Rockstar Games
2014-11-30 21:40 - 2014-11-30 21:40 - 00000000 ____D () C:\Users\Mees\AppData\Local\Rockstar Games
2014-11-30 21:40 - 2014-11-30 21:40 - 00000000 ____D () C:\ProgramData\Rockstar Games
2014-11-30 21:40 - 2014-11-30 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Payne 3
2014-11-30 19:49 - 2014-11-30 19:49 - 01527455 _____ () C:\Users\Mees\Downloads\QuickSave (2).sav
2014-11-30 19:41 - 2014-11-30 19:41 - 01718760 _____ () C:\Users\Mees\Downloads\w2ee_16-06-13_+4tr.rar
2014-11-30 19:41 - 2013-06-16 00:37 - 00010593 _____ () C:\Users\Mees\Downloads\sILeNt heLLsCrEAm.nfo
2014-11-30 19:41 - 2007-12-22 15:09 - 00036548 _____ () C:\Users\Mees\Downloads\Play.dll
2014-11-30 18:32 - 2014-11-30 18:32 - 01411561 _____ () C:\Users\Mees\Downloads\w2eev3442+4tr.rar
2014-11-30 18:31 - 2014-11-30 18:31 - 03497031 _____ () C:\Users\Mees\Downloads\the-witcher-2-EE_trainer_by_airflyer13.rar
2014-11-30 18:24 - 2014-11-30 18:28 - 00000399 _____ () C:\Users\Mees\Desktop\config.ini
2014-11-30 18:24 - 2014-11-30 18:24 - 00554614 _____ () C:\Users\Mees\Downloads\WindowedBorderlessGaming_2.1.0.0.zip
2014-11-30 18:02 - 2014-11-30 18:02 - 00007795 _____ () C:\Users\Mees\Downloads\Extreme Quality Flora - Full Combat Rebalance - COMPATIBILITY FIX.rar
2014-11-30 17:38 - 2014-11-30 17:39 - 02085055 _____ () C:\Users\Mees\Downloads\QuickSave (1).sav
2014-11-30 17:38 - 2014-11-30 17:38 - 00232640 _____ () C:\Users\Mees\Downloads\Requiem ENB - Version 1.0-703-1-0.rar
2014-11-30 17:36 - 2014-11-30 17:36 - 00762507 _____ () C:\Users\Mees\Downloads\enbseries_witcher2_v0189.zip
2014-11-30 17:18 - 2014-11-30 17:18 - 00007602 _____ () C:\Users\Mees\AppData\Local\Resmon.ResmonCfg
2014-11-30 17:11 - 2014-11-30 17:34 - 00000000 ____D () C:\Users\Mees\Documents\Witcher 2
2014-11-30 17:11 - 2014-11-30 17:11 - 00000000 ____D () C:\Users\Mees\AppData\Local\The Witcher 2
2014-11-30 17:08 - 2014-11-30 17:08 - 00001790 _____ () C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk
2014-11-30 17:08 - 2014-11-30 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-11-30 17:01 - 2014-11-30 17:13 - 814969599 _____ () C:\Users\Mees\Downloads\Better Texture Environment-158-2-0.zip
2014-11-30 17:01 - 2014-11-30 17:04 - 169522065 _____ () C:\Users\Mees\Downloads\High Texture Weapons-158-1-0.rar
2014-11-30 16:40 - 2014-11-30 16:40 - 02085055 _____ () C:\Users\Mees\Downloads\QuickSave.sav
2014-11-30 16:39 - 2014-11-30 18:09 - 00000000 ____D () D:\Program Files (x86)\The Witcher 2 Enhanced Edition
2014-11-30 16:18 - 2014-11-30 16:18 - 00000000 ____D () C:\Users\Mees\Documents\Nexus Mod Manager
2014-11-30 16:18 - 2014-11-30 16:18 - 00000000 ____D () C:\Users\Mees\AppData\Local\Black_Tree_Gaming
2014-11-30 16:17 - 2014-11-30 16:17 - 00000762 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-11-30 16:17 - 2014-11-30 16:17 - 00000000 ____D () D:\Program Files\Nexus Mod Manager
2014-11-30 16:17 - 2014-11-30 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-11-30 16:14 - 2014-11-30 16:15 - 04282672 _____ (Black Tree Gaming ) C:\Users\Mees\Downloads\Nexus Mod Manager-0.52.3.exe
2014-11-23 23:10 - 2014-11-23 23:10 - 00650981 _____ () C:\Users\Mees\Downloads\kaartjes.zip
2014-11-23 23:10 - 2014-11-23 23:10 - 00000000 ____D () C:\Users\Mees\Downloads\kaartjes
2014-11-23 21:42 - 2014-11-23 21:42 - 00012158 _____ () C:\Users\Mees\Downloads\ZSpawnV0.1.rar
2014-11-23 17:23 - 2014-11-23 18:46 - 00000000 ____D () C:\Users\Mees\Zomboid
2014-11-23 17:16 - 2014-11-23 17:16 - 00000968 _____ () C:\Users\Mees\Desktop\Project Zomboid Build 29.4.lnk
2014-11-23 17:15 - 2014-11-23 17:16 - 00000000 ____D () D:\Program Files\Project Zomboid Build 29.4
2014-11-23 16:06 - 2014-11-18 04:36 - 01922048 _____ (LinGon) C:\Users\Mees\Desktop\AC_UNITY+10Tr-LNG_v1.2.0_rev4.exe
2014-11-23 16:05 - 2014-11-23 16:05 - 01704650 _____ () C:\Users\Mees\Downloads\AC_UNITY+10Tr-LNG_v1.2.0_rev4.rar
2014-11-23 15:36 - 2014-12-01 23:08 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\Skype
2014-11-23 15:36 - 2014-11-23 15:36 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-11-23 15:36 - 2014-11-23 15:36 - 00000000 ____D () C:\Users\Mees\AppData\Local\Skype
2014-11-23 15:36 - 2014-11-23 15:36 - 00000000 ____D () C:\ProgramData\Skype
2014-11-23 15:36 - 2014-11-23 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-23 15:35 - 2014-11-23 15:35 - 01546856 _____ (Skype Technologies S.A.) C:\Users\Mees\Downloads\SkypeSetup.exe
2014-11-22 21:23 - 2014-11-22 22:57 - 00000000 ___RD () C:\Users\Mees\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2014-11-22 03:24 - 2014-11-22 03:26 - 21348712 _____ () C:\Users\Mees\Downloads\detekt (1).exe
2014-11-21 16:53 - 2014-12-06 21:07 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\vlc
2014-11-21 16:52 - 2014-11-21 16:52 - 24743106 _____ () C:\Users\Mees\Downloads\vlc-2.1.5-win32.exe
2014-11-21 16:52 - 2014-11-21 16:52 - 00000799 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-11-21 16:52 - 2014-11-21 16:52 - 00000000 ____D () D:\Program Files (x86)\VideoLAN
2014-11-21 16:52 - 2014-11-21 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-21 03:44 - 2014-11-21 03:44 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2014-11-21 03:44 - 2014-11-21 03:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2014-11-21 03:41 - 2014-11-21 03:41 - 00294600 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
2014-11-21 03:40 - 2014-11-21 03:40 - 18959360 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2014-11-21 03:33 - 2014-11-21 03:33 - 47899136 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2014-11-21 03:33 - 2014-11-21 03:33 - 00235008 _____ () C:\WINDOWS\system32\clinfo.exe
2014-11-21 03:33 - 2014-11-21 03:33 - 00098816 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OpenVideo64.dll
2014-11-21 03:33 - 2014-11-21 03:33 - 00086528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OVDecode64.dll
2014-11-21 03:33 - 2014-11-21 03:33 - 00083456 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OpenVideo.dll
2014-11-21 03:33 - 2014-11-21 03:33 - 00073216 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OVDecode.dll
2014-11-21 03:32 - 2014-11-21 03:32 - 40987136 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2014-11-21 03:31 - 2014-11-21 03:31 - 00442368 _____ () C:\WINDOWS\system32\amdmiracast.dll
2014-11-21 03:31 - 2014-11-21 03:31 - 00065024 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2014-11-21 03:31 - 2014-11-21 03:31 - 00058880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2014-11-21 03:25 - 2014-11-21 03:25 - 00134656 _____ () C:\WINDOWS\system32\amdhdl64.dll
2014-11-21 03:25 - 2014-11-21 03:25 - 00123392 _____ () C:\WINDOWS\SysWOW64\amdhdl32.dll
2014-11-21 03:24 - 2014-11-21 03:24 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2014-11-21 03:19 - 2014-11-21 03:19 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2014-11-21 03:19 - 2014-11-21 03:19 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2014-11-21 03:18 - 2014-11-21 03:18 - 05837312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2014-11-21 03:18 - 2014-11-21 03:18 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2014-11-21 03:18 - 2014-11-21 03:18 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2014-11-21 03:17 - 2014-11-21 03:17 - 03437632 _____ () C:\WINDOWS\system32\atiumd6a.cap
2014-11-21 03:17 - 2014-11-21 03:17 - 00631912 _____ () C:\WINDOWS\SysWOW64\atiapfxx.blb
2014-11-21 03:17 - 2014-11-21 03:17 - 00631912 _____ () C:\WINDOWS\system32\atiapfxx.blb
2014-11-21 03:17 - 2014-11-21 03:17 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2014-11-21 03:17 - 2014-11-21 03:17 - 00062464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2014-11-21 03:17 - 2014-11-21 03:17 - 00052224 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2014-11-21 03:16 - 2014-11-21 03:16 - 15716352 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2014-11-21 03:16 - 2014-11-21 03:16 - 14302208 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2014-11-21 03:16 - 2014-11-21 03:16 - 00055808 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2014-11-21 03:16 - 2014-11-21 03:16 - 00049152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2014-11-21 03:15 - 2014-11-21 03:15 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2014-11-21 03:13 - 2014-11-21 03:13 - 03471376 _____ () C:\WINDOWS\SysWOW64\atiumdva.cap
2014-11-21 03:13 - 2014-11-21 03:13 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2014-11-21 03:13 - 2014-11-21 03:13 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2014-11-21 03:12 - 2014-11-21 03:12 - 00774656 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2014-11-21 03:12 - 2014-11-21 03:12 - 00244736 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2014-11-21 03:12 - 2014-11-21 03:12 - 00190976 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2014-11-21 03:12 - 2014-11-21 03:12 - 00031232 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2014-11-21 03:10 - 2014-11-21 03:10 - 00843776 _____ (AMD) C:\WINDOWS\system32\coinst_14.50.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2014-11-21 03:09 - 2014-11-21 03:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2014-11-21 03:08 - 2014-11-21 03:08 - 00589312 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2014-11-21 03:08 - 2014-11-21 03:08 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2014-11-21 03:08 - 2014-11-21 03:08 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2014-11-20 21:36 - 2014-11-20 21:36 - 00051200 _____ () C:\WINDOWS\system32\kdbsdk64.dll
2014-11-20 21:35 - 2014-11-20 21:35 - 00038912 _____ () C:\WINDOWS\SysWOW64\kdbsdk32.dll
2014-11-20 18:46 - 2014-11-22 03:34 - 00018019 _____ () C:\Users\Mees\Downloads\detekt.log
2014-11-20 18:45 - 2014-11-20 18:46 - 27810096 _____ () C:\Users\Mees\Downloads\detekt.exe
2014-11-19 18:17 - 2014-11-19 18:18 - 04107348 _____ () C:\Users\Mees\Downloads\This War Of Mine V1.00 Trainer +1 MrAntiFun.zip
2014-11-19 14:06 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 14:06 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 14:06 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 14:06 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-19 00:01 - 2014-11-19 00:01 - 00000167 _____ () C:\Users\Mees\Downloads\this_war_of_mine_config.rar
2014-11-18 23:47 - 2014-11-19 00:05 - 00001115 _____ () C:\Users\Public\Desktop\This War of Mine.lnk
2014-11-18 23:47 - 2014-11-19 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\This War of Mine
2014-11-18 23:47 - 2014-11-19 00:02 - 00000000 ____D () D:\Program Files (x86)\This War of Mine
2014-11-18 23:47 - 2014-11-18 23:47 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\11bitstudios
2014-11-18 14:45 - 2014-11-18 14:45 - 00056548 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201411181445058809.log
2014-11-18 14:37 - 2014-11-18 14:38 - 286063288 _____ (AMD Inc.) C:\Users\Mees\Downloads\AMD-Catalyst-14.11.2Beta-64Bit-Win8.1-Win7-Nov18.exe
2014-11-18 14:28 - 2014-11-18 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-11-17 17:33 - 2014-11-17 17:34 - 1094731722 _____ () C:\Users\Mees\Downloads\Far.Cry.4.Update.v1.03.rar
2014-11-17 17:11 - 2014-12-13 01:15 - 00002223 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-17 17:11 - 2014-11-17 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-17 17:10 - 2014-11-17 17:09 - 00880784 _____ (Google Inc.) C:\Users\Mees\Desktop\ChromeSetup.exe
2014-11-16 21:04 - 2014-11-16 21:04 - 40068694 _____ () C:\Users\Mees\AppData\Roaming\fpacked.exe
2014-11-16 21:04 - 2014-11-16 21:04 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\Mozilla
2014-11-16 21:04 - 2014-11-16 21:04 - 00000000 ____D () C:\Users\Mees\AppData\Local\Mozilla
2014-11-16 21:04 - 2014-09-22 04:39 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\fportable
2014-11-16 20:53 - 2014-12-07 20:33 - 00000000 ____D () D:\Program Files (x86)\Dragon Age Inquisition
2014-11-16 15:48 - 2014-11-16 15:48 - 03797179 _____ () C:\Users\Mees\Downloads\Far Cry 4 V1.00 Trainer +12 MrAntiFun.zip
2014-11-16 15:13 - 2014-11-16 15:13 - 1015216652 _____ () C:\Users\Mees\Downloads\data_win32.7z
2014-11-16 11:48 - 2014-11-16 15:49 - 03959296 _____ () C:\Users\Mees\Desktop\Far Cry 4 V1.00 Trainer +12 MrAntiFun.EXE
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-16 17:39 - 2014-11-06 06:10 - 01527334 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-16 17:39 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-16 17:36 - 2014-11-05 21:38 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3991032115-1765476521-650572198-1001
2014-12-16 17:31 - 2014-11-05 21:34 - 00000000 ___DO () C:\Users\Mees\OneDrive
2014-12-16 17:28 - 2014-03-18 10:54 - 00014550 _____ () C:\WINDOWS\PFRO.log
2014-12-16 17:27 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-16 17:16 - 2014-11-06 15:11 - 00000000 ____D () D:\Program Files (x86)\Steam
2014-12-16 15:37 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-16 15:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-14 17:59 - 2014-11-05 23:43 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\BitTorrent
2014-12-14 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-14 16:23 - 2014-11-05 22:23 - 00000000 ____D () C:\Users\Mees\AppData\Local\Google
2014-12-14 15:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-14 14:48 - 2014-11-06 16:38 - 00000972 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-13 17:12 - 2014-11-07 16:25 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-13 16:29 - 2014-11-05 21:54 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\Raptr
2014-12-12 21:40 - 2014-11-05 21:28 - 00000000 ____D () C:\Users\Mees
2014-12-12 07:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-12 07:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-12 07:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-11 18:47 - 2014-11-07 18:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 18:43 - 2014-11-07 18:31 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 16:32 - 2014-11-06 14:30 - 00000898 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2014-12-11 15:39 - 2014-11-06 14:30 - 00003738 _____ () C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2014-12-11 15:39 - 2014-11-06 14:30 - 00000994 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2014-12-11 15:39 - 2014-11-06 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2014-12-10 13:00 - 2013-08-22 15:46 - 00013491 _____ () C:\WINDOWS\setupact.log
2014-12-10 12:56 - 2014-11-05 21:47 - 00000000 ____D () C:\AMD
2014-12-10 12:43 - 2014-11-06 14:29 - 00000000 ____D () D:\Program Files\AMD
2014-12-10 12:15 - 2014-11-05 21:53 - 00000000 ____D () C:\ProgramData\AMD
2014-12-07 18:31 - 2014-11-07 19:46 - 00000000 ____D () C:\Users\Mees\Documents\My Games
2014-12-07 18:31 - 2014-11-06 17:39 - 00000000 ____D () C:\Users\Mees\AppData\Local\SKIDROW
2014-12-07 18:25 - 2014-11-06 17:33 - 00080595 _____ () C:\WINDOWS\DirectX.log
2014-12-04 20:46 - 2014-11-06 16:38 - 00000000 ____D () D:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-04 20:46 - 2014-11-06 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-01 18:24 - 2014-11-07 17:19 - 00000000 ____D () C:\Users\Mees\AppData\Local\Arma 3
2014-11-30 21:41 - 2014-11-06 17:33 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-11-30 18:24 - 2014-08-26 09:10 - 00973312 _____ (GameplayCrush) C:\Users\Mees\Desktop\WindowedBorderlessGaming.exe
2014-11-30 17:11 - 2014-11-09 15:14 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\Notepad++
2014-11-26 22:10 - 2014-11-07 20:23 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-11-07 20:23 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 00:01 - 2014-11-08 21:02 - 00000000 ____D () C:\Users\Mees\AppData\Roaming\TS3Client
2014-11-23 17:06 - 2014-11-05 21:30 - 00000000 ____D () C:\Users\Mees\AppData\Local\Packages
2014-11-21 03:44 - 2014-09-15 23:31 - 11076784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2014-11-21 03:44 - 2014-09-15 23:31 - 09401480 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2014-11-21 03:44 - 2014-09-15 23:31 - 01348928 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2014-11-21 03:44 - 2014-09-15 23:31 - 01127496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2014-11-21 03:44 - 2014-09-15 23:31 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2014-11-21 03:44 - 2014-09-15 23:31 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2014-11-21 03:44 - 2014-09-15 23:31 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2014-11-21 03:44 - 2014-09-15 23:31 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2014-11-21 03:43 - 2014-09-15 23:31 - 08379720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2014-11-21 03:43 - 2014-09-15 23:31 - 08369408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2014-11-21 03:43 - 2014-09-15 23:31 - 07558816 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2014-11-21 03:43 - 2014-09-15 23:31 - 07077776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2014-11-21 03:19 - 2014-09-15 23:08 - 23621632 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2014-11-21 03:12 - 2014-09-15 23:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2014-11-21 03:09 - 2014-09-15 22:59 - 01214976 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2014-11-21 03:09 - 2014-09-15 22:59 - 00903168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2014-11-21 03:09 - 2014-09-15 22:59 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2014-11-21 03:08 - 2014-09-15 22:59 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
 
Some content of TEMP:
====================
C:\Users\Mees\AppData\Local\Temp\Bass.dll
C:\Users\Mees\AppData\Local\Temp\Bass.Net.dll
C:\Users\Mees\AppData\Local\Temp\CH.dll
C:\Users\Mees\AppData\Local\Temp\Copy.dll
C:\Users\Mees\AppData\Local\Temp\dotnetfx45fullsetup.exe
C:\Users\Mees\AppData\Local\Temp\raptrpatch.exe
C:\Users\Mees\AppData\Local\Temp\raptr_stub.exe
C:\Users\Mees\AppData\Local\Temp\tmpC319.exe
C:\Users\Mees\AppData\Local\Temp\utt4326.tmp.exe
C:\Users\Mees\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
 
 
LastRegBack: 2014-12-14 13:47
 
==================== End Of Log ============================

  • 0

#12
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Is there on the thumbdrive the Addition.txt file?

 

If so go ahead and post it.


  • 0

#13
TheElderTrolls

TheElderTrolls

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Mees at 2014-12-16 17:43:08
Running from F:\
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
BitTorrent (HKU\S-1-5-21-3991032115-1765476521-650572198-1001\...\BitTorrent) (Version: 7.9.2.35704 - BitTorrent Inc.)
f.lux (HKU\S-1-5-21-3991032115-1765476521-650572198-1001\...\Flux) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
UNi Xonar Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
11-12-2014 17:39:18 Windows Update
14-12-2014 15:51:41 Installed Microsoft Fix it 50194
16-12-2014 14:04:11 Installed Microsoft Fix it 50194
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {CDB2BCF5-0D94-43E4-84AB-6DC2B044C2C1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {DABE5E4F-E6AE-4E88-85B1-4DA1F3120460} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
 
==================== Loaded Modules (whitelisted) =============
 
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Mees\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ASGT => 2
 
========================= Accounts: ==========================
 
Admin (S-1-5-21-3991032115-1765476521-650572198-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3991032115-1765476521-650572198-500 - Administrator - Disabled)
Guest (S-1-5-21-3991032115-1765476521-650572198-501 - Limited - Disabled)
Mees (S-1-5-21-3991032115-1765476521-650572198-1001 - Administrator - Enabled) => C:\Users\Mees
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/16/2014 05:39:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64 (1).exe, version: 14.12.2014.1, time stamp: 0x548e07cb
Faulting module name: FRST64 (1).exe, version: 14.12.2014.1, time stamp: 0x548e07cb
Exception code: 0xc0000005
Fault offset: 0x0000000000024a00
Faulting process id: 0xa58
Faulting application start time: 0xFRST64 (1).exe0
Faulting application path: FRST64 (1).exe1
Faulting module path: FRST64 (1).exe2
Report Id: FRST64 (1).exe3
Faulting package full name: FRST64 (1).exe4
Faulting package-relative application ID: FRST64 (1).exe5
 
Error: (12/16/2014 05:36:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OTL.exe, version: 3.2.69.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x0eedfade
Fault offset: 0x00012f71
Faulting process id: 0xc6c
Faulting application start time: 0xOTL.exe0
Faulting application path: OTL.exe1
Faulting module path: OTL.exe2
Report Id: OTL.exe3
Faulting package full name: OTL.exe4
Faulting package-relative application ID: OTL.exe5
 
Error: (12/16/2014 05:23:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x784
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
Error: (12/16/2014 05:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OTL (1).exe, version: 3.2.69.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x0eedfade
Fault offset: 0x00012f71
Faulting process id: 0x79c
Faulting application start time: 0xOTL (1).exe0
Faulting application path: OTL (1).exe1
Faulting module path: OTL (1).exe2
Report Id: OTL (1).exe3
Faulting package full name: OTL (1).exe4
Faulting package-relative application ID: OTL (1).exe5
 
Error: (12/16/2014 05:16:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OTL.exe, version: 3.2.69.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x0eedfade
Fault offset: 0x00012f71
Faulting process id: 0x4b0
Faulting application start time: 0xOTL.exe0
Faulting application path: OTL.exe1
Faulting module path: OTL.exe2
Report Id: OTL.exe3
Faulting package full name: OTL.exe4
Faulting package-relative application ID: OTL.exe5
 
Error: (12/16/2014 05:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OTL.exe, version: 3.2.69.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x0eedfade
Fault offset: 0x00012f71
Faulting process id: 0x714
Faulting application start time: 0xOTL.exe0
Faulting application path: OTL.exe1
Faulting module path: OTL.exe2
Report Id: OTL.exe3
Faulting package full name: OTL.exe4
Faulting package-relative application ID: OTL.exe5
 
Error: (12/16/2014 05:15:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x4f8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
Error: (12/16/2014 05:13:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x648
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
Error: (12/16/2014 05:12:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x6b0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
Error: (12/16/2014 04:34:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.1.711, time stamp: 0x542b53ec
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x410
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
 
System errors:
=============
Error: (12/16/2014 05:43:09 PM) (Source: DCOM) (EventID: 10005) (User: MADMAX)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/16/2014 05:42:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%1068
 
Error: (12/16/2014 05:42:19 PM) (Source: DCOM) (EventID: 10005) (User: MADMAX)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/16/2014 05:42:19 PM) (Source: DCOM) (EventID: 10005) (User: MADMAX)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/16/2014 05:42:19 PM) (Source: DCOM) (EventID: 10005) (User: MADMAX)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (12/16/2014 05:42:13 PM) (Source: DCOM) (EventID: 10005) (User: MADMAX)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/16/2014 05:42:13 PM) (Source: DCOM) (EventID: 10005) (User: MADMAX)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/16/2014 05:42:13 PM) (Source: DCOM) (EventID: 10005) (User: MADMAX)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/16/2014 05:42:13 PM) (Source: DCOM) (EventID: 10005) (User: MADMAX)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (12/16/2014 05:42:13 PM) (Source: DCOM) (EventID: 10005) (User: MADMAX)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
Microsoft Office Sessions:
=========================
Error: (12/16/2014 05:39:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64 (1).exe14.12.2014.1548e07cbFRST64 (1).exe14.12.2014.1548e07cbc00000050000000000024a00a5801d0194e6d71c969F:\FRST64 (1).exeF:\FRST64 (1).exe10ee71f3-8542-11e4-829f-bc5ff42ccc35
 
Error: (12/16/2014 05:36:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OTL.exe3.2.69.02a425e19KERNELBASE.dll6.3.9600.1727853eeb4600eedfade00012f71c6c01d0194e69aa3c7cC:\Users\Mees\Desktop\OTL.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlla7b57970-8541-11e4-829f-bc5ff42ccc35
 
Error: (12/16/2014 05:23:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd78401d0194cb0635143C:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\MSVCR100.dllee3865e2-853f-11e4-829e-95bf9d66d68c
 
Error: (12/16/2014 05:19:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OTL (1).exe3.2.69.02a425e19KERNELBASE.dll6.3.9600.1727853eeb4600eedfade00012f7179c01d0194c03b0b247F:\OTL (1).exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll4188294b-853f-11e4-829e-95bf9d66d68c
 
Error: (12/16/2014 05:16:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OTL.exe3.2.69.02a425e19KERNELBASE.dll6.3.9600.1727853eeb4600eedfade00012f714b001d0194bac9f45f8C:\Users\Mees\Desktop\OTL.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllea745a93-853e-11e4-829e-95bf9d66d68c
 
Error: (12/16/2014 05:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OTL.exe3.2.69.02a425e19KERNELBASE.dll6.3.9600.1727853eeb4600eedfade00012f7171401d0194b9a73656dC:\Users\Mees\Desktop\OTL.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlld8487a10-853e-11e4-829e-95bf9d66d68c
 
Error: (12/16/2014 05:15:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd4f801d0194b8c90529eC:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\MSVCR100.dllca4ff1a9-853e-11e4-829e-95bf9d66d68c
 
Error: (12/16/2014 05:13:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd64801d0194b2d2bc1b3C:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\MSVCR100.dll6aeb60be-853e-11e4-829e-95bf9d66d68c
 
Error: (12/16/2014 05:12:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6b001d0194b257ca9e1C:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\MSVCR100.dll633c48f2-853e-11e4-829e-95bf9d66d68c
 
Error: (12/16/2014 04:34:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.1.711542b53ecMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd41001d01945ca720a1cC:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\MSVCR100.dll0831a92a-8539-11e4-829e-95bf9d66d68c
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 13%
Total physical RAM: 8075.07 MB
Available physical RAM: 6959.84 MB
Total Pagefile: 12939.07 MB
Available Pagefile: 11624.47 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:194.51 GB) (Free:117.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:903.4 GB) (Free:440.34 GB) NTFS
Drive f: (UUI) (Removable) (Total:15.12 GB) (Free:0.39 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 826EBF27)
Partition 1: (Active) - (Size=194.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=954 MB) - (Type=05)
Partition 3: (Not Active) - (Size=37.4 GB) - (Type=83)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: C17BB783)
Partition 1: (Active) - (Size=903.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=28.1 GB) - (Type=83)
 
========================================================
Disk: 2 (Size: 15.1 GB) (Disk ID: 08DA58C2)
Partition 1: (Active) - (Size=15.1 GB) - (Type=0C)
 
==================== End Of Log ============================

  • 0

#14
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

FRST.gif Fix with Farbar Recovery Scan Tool



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    HKLM-x32\...\Winlogon: [Userinit]  [X]
    HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
    HKU\S-1-5-21-3991032115-1765476521-650572198-1001\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe <==== ATTENTION 
    C:\ProgramData\nvxasync
    testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Save it to the root of your thumbdrive.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Now again on your infected machine - please re-run FRST, but this time run the Fix option.
Upon completion a fixlog.txt file should appear on your thumbdrive. Paste it here.


  • 0

#15
TheElderTrolls

TheElderTrolls

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by Mees at 2014-12-16 20:46:56 Run:1
Running from F:\
Loaded Profile: Mees (Available profiles: Mees & Admin)
Boot Mode: Safe Mode (minimal)
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKU\S-1-5-21-3991032115-1765476521-650572198-1001\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe <==== ATTENTION 
C:\ProgramData\nvxasync
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKU\S-1-5-21-3991032115-1765476521-650572198-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"C:\ProgramData\nvxasync" => File/Directory not found.
 
An error occurred while attempting to delete the specified data element.
Element not found.
 
==== End of Fixlog ====

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP