Solved Help removing ADCHOICES

S

Shuggie

New Member
Thread author
Verified
Oct 1, 2015
18
A few months ago i noticed that i was getting very targeted ads. I didnt pay attention.
Then i noticed that these ads were pretty much whatever i would google.
Then these ads would multiply. Now it is really bad. Sometimes video ads will come and i cant scroll up or down on a page unless i finish watching the video.
They all say "adchoices" on them.
On certain pages like amazon there will be up to 8 identical ones at once.
This is only happening to 1 of my computers. The other one on the same network is fine.
I also noticed that when i search on google for anything one will have different url in the address bar. The one that has adchoices on it will show the following when i search for adidas

"adidas - Google Search"

The other computer that is fine will show this:

"Google"

Please help.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.




warning.gif
Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.



FRST.gif
Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
 
S

Shuggie

New Member
Thread author
Verified
Oct 1, 2015
18
Hi TwinHeadedEagle,

Thanks for your reply.

I downloaded the file and sure it enough Norton deleted saying it was a virus. I restored it and ran it.

I am attaching the outputs for your reference.

Please let me know if you have any questions.

Thanks again
 

Attachments

  • FRST.txt
    83.2 KB · Views: 2
  • Addition.txt
    64.2 KB · Views: 1
S

Shuggie

New Member
Thread author
Verified
Oct 1, 2015
18
my business computers are at my warehouse and my laptop which is the one that doesnt have the adchoices. this one is at my house
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code: 
    createsrpoint;
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
S

Shuggie

New Member
Thread author
Verified
Oct 1, 2015
18
I downloaded the program. Disabled norton. Ran it as an administrator. Couple of hours and it never opened up.
 
S

Shuggie

New Member
Thread author
Verified
Oct 1, 2015
18
Zoek.exe v5.0.0.1 Updated 30-09-2015
Tool run by Shukhrat on Sat 10/03/2015 at 11:22:18.05.
Microsoft Windows 10 Pro 10.0.10240 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Shukhrat\Desktop\zoek.exe [Scan all users] [Quick Scan]

==== System Restore Info ======================

10/3/2015 11:23:22 AM Zoek.exe System Restore Point Created Successfully.

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\Shukhrat\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2015-10-02 21:14:48 D5B3690D367EC7EF2AC7FC48B854D1CC 178152 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-02 21:14:48 5BACD68B116CAA67B71F4F9DB500A47B 812008 ----a-w- C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-01 05:39:04 96CC96E8D16E315148047DFEB31EEEE9 13027840 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-01 05:39:04 5780FAC582AF72AF39D461336E23D39C 18806272 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-01 05:39:03 00A63F21DCEF7D6D58BB73C594C6C75F 19325440 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-01 05:39:01 3277E503E6EA72D19CDC16501FD151BA 5120056 ----a-w- C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-01 05:38:59 2DA15A53E965A27A3D5CF99E3CCC430A 6101504 ----a-w- C:\WINDOWS\SysWOW64\mos.dll
2015-10-01 05:38:58 08D6065A1D6D007C77A688271D915B00 5079552 ----a-w- C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-01 05:38:55 8E2D23AB73A5276FC7CDE134B06F0C03 5454848 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-01 05:38:54 19DFBB25AB67A2F4D23F08A7D765E802 2154808 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-01 05:38:53 A66B5D22B883373A44764C003078A828 2646528 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-01 05:38:52 EB7E8B15015C784D8852292206EF1461 1918464 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-01 05:38:51 BCCB55B18CE7054BA288FFEB27BA6F54 1766952 ----a-w- C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-01 05:38:51 73FC0143E518D8DB7AFE9675F4AF8063 2207232 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll
2015-10-01 05:38:48 F28E047EF8A68C586F177A3DD625831C 3579904 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-01 05:38:46 2570B5FA73B119C16E0E721265126C3A 2446648 ----a-w- C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-01 05:38:45 47F3B89782076037F328AEC18245D4B1 962400 ----a-w- C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-01 05:38:44 DFAE92F5EF58FF29E81D951B2BDF45B8 1104384 ----a-w- C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-01 05:38:43 EE8FDC90138DD93AA6B1ECA831D9D3CE 1162240 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-01 05:38:43 C637D94084069A10759E53F79D5DC4C5 899584 ----a-w- C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-01 05:38:43 776339B81E632F579AB1EC6EE503A9C0 58368 ----a-w- C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-01 05:38:43 6FA73C45D51E7909C68FE5A113D5585F 928256 ----a-w- C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-01 05:38:42 DAFFF5B7F43F88907A21996E71812D0C 764416 ----a-w- C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-01 05:38:42 BE36E4024EABE75FEF529553E023AEF8 646672 ----a-w- C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-01 05:38:41 F69835A120E9627327ECE984D2AC87EA 828928 ----a-w- C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-01 05:38:40 001D3D691DD268165A3EE49C69078054 658528 ----a-w- C:\WINDOWS\SysWOW64\mfds.dll
2015-10-01 05:38:39 E03EC1BA7B6061620367F19249705D1F 625152 ----a-w- C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-01 05:38:39 807178C85CF6375FAB2FE42395FE94D7 677888 ----a-w- C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-01 05:38:38 F65307E09D4807EDE95D1016CAF42DAD 587264 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-01 05:38:38 4B5286A021D8CA64BABB07D7B9739AF4 512000 ----a-w- C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-01 05:38:37 F38B52333E0C93A1C55323719103783B 1357888 ----a-w- C:\WINDOWS\SysWOW64\winmde.dll
2015-10-01 05:38:37 E0F11A1D1C7482BBD76448E6FD3AA327 454512 ----a-w- C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-01 05:38:37 A5F48E7E55B076996B67F8F32C9D6D33 2639872 ----a-w- C:\WINDOWS\SysWOW64\esent.dll
2015-10-01 05:38:37 78FBC37D02A39402B685B7E95A83EFE8 428128 ----a-w- C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-01 05:38:36 60242DBD3FCFA6D4163B6C29D76295B7 336384 ----a-w- C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-01 05:38:35 D124F89BBDCFC24A04F159D913852DDC 701952 ----a-w- C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-01 05:38:35 6740B4C8B8B3474F086B8AEBDE4861D8 217088 ----a-w- C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-01 05:38:35 258A4F9A2C91C6C6E36775CDCCB4AFE1 441168 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-01 05:38:35 00682184457B97EDA4C0C157331A7495 454656 ----a-w- C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-01 05:38:34 F4E25F21AC509AEE3617E9DBA086318E 434376 ----a-w- C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-01 05:38:34 53FC0EFBE44591CA16BE1A4309F689DC 253440 ----a-w- C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-01 05:38:34 1BFDE0B4AC3E0EB180FBC32A22B8A8B4 464896 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-01 05:38:34 1B102F53BD7209D712BBE96E9FAA32CA 313856 ----a-w- C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-01 05:38:33 FFCE532A61DD7518BE997267940D7AE4 466432 ----a-w- C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-01 05:38:32 DC7C56F01B96CA5FDB99D241D4E067FC 311808 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-01 05:38:31 99CEBD54809E76C9CD1839B0492CCF5E 1895568 ----a-w- C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-01 05:38:31 63900F897A025DDFE83737A260C250A5 371712 ----a-w- C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-01 05:38:31 037908D9C8C689490978BFF72532A361 195072 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-01 05:38:30 1253135EC3029F79601EDCFF55ADC9FC 508248 ----a-w- C:\WINDOWS\SysWOW64\mf.dll
2015-10-01 05:38:29 535DCD92E0C7D52A0F1237AF3DCFAAA9 613376 ----a-w- C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-01 05:38:27 3C9FDBB0963B18C9D60B54F8AF81DF11 268800 ----a-w- C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-01 05:38:26 E856065895D1133F5457BCDB4452A8D3 74880 ----a-w- C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-01 05:38:25 DBAAA86B138D2F8B7EDF7A3ED7ADF8B3 557568 ----a-w- C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-01 05:38:25 399BED6CD8A3AA7C7CF48A8E55FB4463 579584 ----a-w- C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-01 05:38:24 F2BCE0CF75943E18852148B2875F632B 41472 ----a-w- C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-01 05:38:24 1A917EA73F9B46F31F8E0BA3B44FDD8F 525312 ----a-w- C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-01 05:38:20 80D2AE15F53154CEE71C9E3C131FBB9B 407608 ----a-w- C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-01 05:38:19 C5FBD8DDCD35F7F1242F3587681A2654 193024 ----a-w- C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-01 05:38:19 8B4E59B0B71ECE3CF6234DFAAE0A05DF 172032 ----a-w- C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-01 05:38:19 6C8012BEB3FF973020E9429CBB6C1696 195584 ----a-w- C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-01 05:38:19 54DB5459A808BB03FDEA98325530B946 145920 ----a-w- C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-01 05:38:18 D0A5D8270FF8606D2B445C4359A8FCEB 328704 ----a-w- C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-01 05:38:18 C45DE57A004A5BD637923BB2EF410E19 131072 ----a-w- C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-01 05:38:18 9E8E29389AD2E2C31E65400C5BBC06EC 574464 ----a-w- C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-01 05:38:17 FB3B46B0FFCEDEED7BB5E74D82895118 1171456 ----a-w- C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-01 05:38:17 638747E5050BEB4F5DF9DDE8AC418296 473088 ----a-w- C:\WINDOWS\SysWOW64\wpnapps.dll
2015-09-23 11:31:21 C2CD362B3DEE0B032166BB2F92078434 574256 ----a-w- C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-09-23 11:30:25 D72F5D8790B61EE22674D880467EE028 339760 ----a-w- C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2015-09-23 11:30:25 B3E2B6237F7EE550BD3BC34246C170C1 364152 ----a-w- C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-09-23 11:30:25 748579DD24812A3EFE566BD3595460E9 2105976 ----a-w- C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-09-23 11:30:25 740A0D02D74CA5FE975F55E4675AB6CB 37819000 ----a-w- C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-09-23 11:30:25 6DDE5669624CF97A2010AC82B8F2BE3D 18569848 ----a-w- C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-09-23 11:30:25 649616F2C4BE2840AE43020F26D30230 632664 ----a-w- C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-09-23 11:30:25 524DCC47002DE4EEA0B53C7896233326 986416 ----a-w- C:\WINDOWS\SysWOW64\NvIFR.dll
2015-09-23 11:30:25 47408EE7297192C00A174712D97876CA 1001440 ----a-w- C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-09-23 11:30:25 22B152296997AA779935E5DFECE07E4D 128696 ----a-w- C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-09-23 11:30:25 1860A8CCA7BB2A36576CCD16E6D2E335 155792 ----a-w- C:\WINDOWS\SysWOW64\nvinit.dll
2015-09-23 11:30:25 12EF54F8C0D676B3506B415FCEAAD128 316120 ----a-w- C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-09-23 11:30:25 11677A28EB9D180114A56676D27B5AB4 945272 ----a-w- C:\WINDOWS\SysWOW64\NvFBC.dll
2015-09-23 11:30:25 10FCE28C6162C9F4C492A9A19457E29F 13666840 ----a-w- C:\WINDOWS\SysWOW64\nvopencl.dll
2015-09-23 11:30:25 00C36389D9C821DC4745D5FB81F3C35E 12191856 ----a-w- C:\WINDOWS\SysWOW64\nvcuda.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-10-03 15:20:14 1A8FA886D7B2905F74108354732BF0AE 16148 ----a-w- C:\WINDOWS\Sysnative\MACHINE_Shukhrat_HistoryPrediction.bin
2015-10-01 05:39:06 CD8169F2DE6AFF7CC56A596BCC2326E8 24595456 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2015-10-01 05:39:06 35DAE99CA54E05DE5EE404EC20DD073F 16708608 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2015-10-01 05:39:05 B91D329CB2EF570B6A7CEB409625DD32 21875712 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll
2015-10-01 05:39:00 DE82BD1C35547D04241DB1DB3D4808E0 6487248 ----a-w- C:\WINDOWS\Sysnative\windows.storage.dll
2015-10-01 05:39:00 7ED8EF17B3A6C69DA6A0EC90CFBB4ABB 7055872 ----a-w- C:\WINDOWS\Sysnative\BingMaps.dll
2015-10-01 05:38:59 537826436B921256BA9055F65A97ED91 7569408 ----a-w- C:\WINDOWS\Sysnative\mos.dll
2015-10-01 05:38:57 E130DF660C8E4C6ED1255F2276CC2802 7523328 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll
2015-10-01 05:38:57 9D4A09AB97C2F0EC6BFA6B54AA2BA239 3781120 ----a-w- C:\WINDOWS\Sysnative\SettingsHandlers_nt.dll
2015-10-01 05:38:55 C9C6D1C3171A866F10C7D58777E9638A 2417664 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll
2015-10-01 05:38:55 78ECC7FEDA1790706A8ED7D864F754FC 2464216 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll
2015-10-01 05:38:55 6D6E7210CBD7C0AA2130F3F3F14D32A5 2824248 ----a-w- C:\WINDOWS\Sysnative\msmpeg2vdec.dll
2015-10-01 05:38:54 6FA4BB1AA0C18F5CFB96F228376BD249 2494712 ----a-w- C:\WINDOWS\Sysnative\CoreUIComponents.dll
2015-10-01 05:38:54 33F308FD702D507A7BB28BF2E80C2717 3248640 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll
2015-10-01 05:38:53 E5D86250453B33900666D92ED1A92ABE 2740224 ----a-w- C:\WINDOWS\Sysnative\wininet.dll
2015-10-01 05:38:48 3C096082A9232B7CEE4653B9C9031769 2228736 ----a-w- C:\WINDOWS\Sysnative\wlansvc.dll
2015-10-01 05:38:47 68DE1997977CD3A86D5F8D0FD23056EA 1563392 ----a-w- C:\WINDOWS\Sysnative\winmde.dll
2015-10-01 05:38:47 223A5048FE554992D8E7D0195D57AA19 1397088 ----a-w- C:\WINDOWS\Sysnative\LicenseManager.dll
2015-10-01 05:38:47 11AE1E4065376FCD89C0A37C5953164E 4791296 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2015-10-01 05:38:46 87E5D206DCDD7E8DB7A597DA59FB9A07 1423872 ----a-w- C:\WINDOWS\Sysnative\UserDataService.dll
2015-10-01 05:38:46 52C3440B5098BFB99D91E869A26ECB30 1213440 ----a-w- C:\WINDOWS\Sysnative\RemoteNaturalLanguage.dll
2015-10-01 05:38:46 5252CE15DB06AB5A796EBC361EAC1528 8020816 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
2015-10-01 05:38:46 390EAAB81E5C1DB0FD4920796C74AB48 1290240 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Shell.dll
2015-10-01 05:38:45 E41C778D6208A51F57557523E2B479B5 1205248 ----a-w- C:\WINDOWS\Sysnative\Unistore.dll
2015-10-01 05:38:45 85AC4CA67BECC08CBC655A8D8919B23B 1331200 ----a-w- C:\WINDOWS\Sysnative\UIAutomationCore.dll
2015-10-01 05:38:45 0968D575D9108497A6DC37749D4A6C4F 2093056 ----a-w- C:\WINDOWS\Sysnative\wlidsvc.dll
2015-10-01 05:38:45 031080A610C302B0279A267411EDB7E3 2226688 ----a-w- C:\WINDOWS\Sysnative\NetworkMobileSettings.dll
2015-10-01 05:38:44 D23F211E1AA0787EFEC373D172D4A1C2 1181696 ----a-w- C:\WINDOWS\Sysnative\wwansvc.dll
2015-10-01 05:38:44 C5E2FBB19641860794CEE2B580192732 966416 ----a-w- C:\WINDOWS\Sysnative\twinapi.appcore.dll
2015-10-01 05:38:44 8AFDD74F2DC5BAD9B2215FB19DB65240 809352 ----a-w- C:\WINDOWS\Sysnative\CoreMessaging.dll
2015-10-01 05:38:44 10FC981B716CCC25CDD5D306EBBC022D 1276416 ----a-w- C:\WINDOWS\Sysnative\wifinetworkmanager.dll
2015-10-01 05:38:43 B70FF53144AC4B3C7D98BFB7D7C239BD 2236416 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2015-10-01 05:38:43 AF34122A1B595218036B4049D802B470 1203712 ----a-w- C:\WINDOWS\Sysnative\Windows.Devices.Bluetooth.dll
2015-10-01 05:38:43 444016D88142B82366EC516C3CF714E0 2178560 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll
2015-10-01 05:38:43 405BD80834094E297664CE0A7EE70EF9 2987520 ----a-w- C:\WINDOWS\Sysnative\esent.dll
2015-10-01 05:38:43 36E46F26B5291A7D324466602A88947B 784136 ----a-w- C:\WINDOWS\Sysnative\mfsvr.dll
2015-10-01 05:38:42 DE8B9EE2E86532686497FE5A1E44E90D 467968 ----a-w- C:\WINDOWS\Sysnative\MBMediaManager.dll
2015-10-01 05:38:42 A51AC21B1F31FD7F4EC2811E33572AFC 859136 ----a-w- C:\WINDOWS\Sysnative\modernexecserver.dll
2015-10-01 05:38:42 974C92640A3DAA475E15E3C79299B690 1795072 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll
2015-10-01 05:38:42 891C83BE8BA62B7547B9A6576A360C71 1010176 ----a-w- C:\WINDOWS\Sysnative\RDXService.dll
2015-10-01 05:38:42 7505ACFD9362DA74FEB623F21FE3B391 1601536 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Speech.dll
2015-10-01 05:38:41 DDCBE4B09287CF224B63015F9C6BD31F 1295712 ----a-w- C:\WINDOWS\Sysnative\wpx.dll
2015-10-01 05:38:41 7BCC113B00736AA930DAA49CA7858808 856576 ----a-w- C:\WINDOWS\Sysnative\ContactApis.dll
2015-10-01 05:38:41 3478670E8646CC536E1EF21F077F4DD6 2156400 ----a-w- C:\WINDOWS\Sysnative\hevcdecoder.dll
2015-10-01 05:38:40 B82363129E8554D58B95A6935B83891D 781976 ----a-w- C:\WINDOWS\Sysnative\mfds.dll
2015-10-01 05:38:40 B7927A1D40BD17BC963E9353DBB36CD7 869376 ----a-w- C:\WINDOWS\Sysnative\MapControlCore.dll
2015-10-01 05:38:40 3A4A543F135DE9A06ABA9DF982D79DD7 526336 ----a-w- C:\WINDOWS\Sysnative\bisrv.dll
2015-10-01 05:38:40 2C82D9E55432915A68A609008BDEF41A 1563472 ----a-w- C:\WINDOWS\Sysnative\wmpmde.dll
2015-10-01 05:38:39 F9BD360A4799BB54A01692940C46CA2B 537080 ----a-w- C:\WINDOWS\Sysnative\WWanAPI.dll
2015-10-01 05:38:39 C8C5DFF028EA28D7846E95D8E5461794 570880 ----a-w- C:\WINDOWS\Sysnative\MbaeApi.dll
2015-10-01 05:38:39 311F4D131C28DA12595132A35124E955 910848 ----a-w- C:\WINDOWS\Sysnative\SharedStartModel.dll
2015-10-01 05:38:38 D4E92C0C0F9C5054B03D67A3C0B41961 555768 ----a-w- C:\WINDOWS\Sysnative\directmanipulation.dll
2015-10-01 05:38:38 9C2B0E3A21CECD14E20A848F0DE94B24 517632 ----a-w- C:\WINDOWS\Sysnative\NotificationController.dll
2015-10-01 05:38:38 754BC3E56FF301B9EE8A764932D02124 513536 ----a-w- C:\WINDOWS\Sysnative\ngcsvc.dll
2015-10-01 05:38:38 684F1E1B5D07451B600EA3C3D728A534 281600 ----a-w- C:\WINDOWS\Sysnative\VEEventDispatcher.dll
2015-10-01 05:38:38 33FF0B7585F54C0F33C38F5DCAB1DA01 3586560 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys
2015-10-01 05:38:37 D5AAA188C70146977CFEE8D128599F3F 378368 ----a-w- C:\WINDOWS\Sysnative\SystemEventsBrokerServer.dll
2015-10-01 05:38:37 B3CD8B2CBC6E48B194116B28F72CDA67 408064 ----a-w- C:\WINDOWS\Sysnative\CredProvDataModel.dll
2015-10-01 05:38:37 913E47FCD3B43EC27215F90884915CAF 780288 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.Store.dll
2015-10-01 05:38:37 5E010B486F7FB28D9B79AAC471FE484F 476760 ----a-w- C:\WINDOWS\Sysnative\MFCaptureEngine.dll
2015-10-01 05:38:36 A40484AC27EE08DBE7F8DA5E1F6651ED 591360 ----a-w- C:\WINDOWS\Sysnative\wcmsvc.dll
2015-10-01 05:38:36 8D23F0819A00C547814409B734DD3747 503808 ----a-w- C:\WINDOWS\Sysnative\tileobjserver.dll
2015-10-01 05:38:36 5424E49F79EB68E5F10439405101A09B 627712 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.dll
2015-10-01 05:38:35 7614E6E6B53E8FE6E6B8A6D6D3CC2018 1067520 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll
2015-10-01 05:38:35 363F3F99863C2BB8612C9133E45BF3E6 387584 ----a-w- C:\WINDOWS\Sysnative\LockAppBroker.dll
2015-10-01 05:38:34 D907DFF972354542D5B0B4414B308B75 312832 ----a-w- C:\WINDOWS\Sysnative\SensorsApi.dll
2015-10-01 05:38:34 AE8B34FB5B54025E9C6895A45947A515 796160 ----a-w- C:\WINDOWS\Sysnative\TokenBroker.dll
2015-10-01 05:38:34 509FF13E5C4FD63846FCA01A5ED912DB 521728 ----a-w- C:\WINDOWS\Sysnative\PsmServiceExtHost.dll
2015-10-01 05:38:34 37B5ECB8C390D9FD5A5BB2FFB7294B9E 553808 ----a-w- C:\WINDOWS\Sysnative\SettingSyncHost.exe
2015-10-01 05:38:34 1CD8BB41436524A2748A77005E5DEB8A 579072 ----a-w- C:\WINDOWS\Sysnative\winlogon.exe
2015-10-01 05:38:33 B9FC9E9B55C74557FEC004BF8B1184F4 359936 ----a-w- C:\WINDOWS\Sysnative\ncsi.dll
2015-10-01 05:38:33 09247D43F19CAFEEFEBF6A32F3A1225F 118272 ----a-w- C:\WINDOWS\Sysnative\KnobsCsp.dll
2015-10-01 05:38:32 EA8B28FFF774F7C7862C8746E1FDECF6 273920 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.LockScreen.dll
2015-10-01 05:38:32 D1AA97B30A9ED6F89DC3848C8BF53513 224256 ----a-w- C:\WINDOWS\Sysnative\KnobsCore.dll
2015-10-01 05:38:32 C7503A49364DB2AF7A7DE177B233081F 1844736 ----a-w- C:\WINDOWS\Sysnative\workfolderssvc.dll
2015-10-01 05:38:32 86C0DEE6940878A1496CBBA856FF4E5B 584656 ----a-w- C:\WINDOWS\Sysnative\mf.dll
2015-10-01 05:38:32 506F9F526D42BB4C0A579CB78F923A48 483328 ----a-w- C:\WINDOWS\Sysnative\OneDriveSettingSyncProvider.dll
2015-10-01 05:38:32 49B00A59043431804A5BCB5E48F735B3 414208 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll
2015-10-01 05:38:32 157B1CABAF5201237EECA4FB0F34D822 403456 ----a-w- C:\WINDOWS\Sysnative\dmenrollengine.dll
2015-10-01 05:38:31 DAFEABE69E915A2374E13C6B24EF331F 690688 ----a-w- C:\WINDOWS\Sysnative\CellularAPI.dll
2015-10-01 05:38:31 887065722784FD70B880B0D900E4884D 185344 ----a-w- C:\WINDOWS\Sysnative\psmsrv.dll
2015-10-01 05:38:31 7910232E31799A576F2509DA92CB8813 928256 ----a-w- C:\WINDOWS\Sysnative\JpMapControl.dll
2015-10-01 05:38:31 2C144777278ECD6DFF4B5A90F742C1AA 346112 ----a-w- C:\WINDOWS\Sysnative\ngccredprov.dll
2015-10-01 05:38:31 194239DA484C7DB62E6773ABB5DD4463 269312 ----a-w- C:\WINDOWS\Sysnative\provengine.dll
2015-10-01 05:38:30 D7B28BF9E08128C5A8B89FFD5BEB6B88 465920 ----a-w- C:\WINDOWS\Sysnative\wwanconn.dll
2015-10-01 05:38:30 B31569B0E7A467D4050FA49CFCBFCEFA 204800 ----a-w- C:\WINDOWS\Sysnative\wcmcsp.dll
2015-10-01 05:38:30 65A0B3477231CE37B09A719DBBB9FCF1 671232 ----a-w- C:\WINDOWS\Sysnative\WUDFx02000.dll
2015-10-01 05:38:30 41C0EC5B11375F9CA045AFEF1EB75D5F 366592 ----a-w- C:\WINDOWS\Sysnative\wuuhext.dll
2015-10-01 05:38:29 D37063C5B492B7B4F26D24C62167C8BE 137728 ----a-w- C:\WINDOWS\Sysnative\VEStoreEventHandlers.dll
2015-10-01 05:38:29 CF2B0ADDBA61B3B9FA339118FC742032 1812480 ----a-w- C:\WINDOWS\Sysnative\pnidui.dll
2015-10-01 05:38:29 95EC1A9A6926F5091957F6CA52A34F21 162304 ----a-w- C:\WINDOWS\Sysnative\SubscriptionMgr.dll
2015-10-01 05:38:29 88E6A429944544346EC3AE1FD7D24BCC 149504 ----a-w- C:\WINDOWS\Sysnative\tetheringservice.dll
2015-10-01 05:38:29 85146ABCB1EF298D1FF6EE4D5541788C 832512 ----a-w- C:\WINDOWS\Sysnative\MapsStore.dll
2015-10-01 05:38:29 327DA4A4DE4E9BECF2C16967366C74E2 186880 ----a-w- C:\WINDOWS\Sysnative\cloudAP.dll
2015-10-01 05:38:28 99E14B1011FC214DA89D9559AD816B3A 243760 ----a-w- C:\WINDOWS\Sysnative\mfps.dll
2015-10-01 05:38:28 7D2165B4B27E11B3E557DB26CAA2BAFF 1382400 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys
2015-10-01 05:38:28 65F1F4DBB4A6FA971BF9F00129F452A0 494592 ----a-w- C:\WINDOWS\Sysnative\StoreAgent.dll
2015-10-01 05:38:28 38F08B82ADEEA1003B4A5177BB5366B3 347136 ----a-w- C:\WINDOWS\Sysnative\ncryptprov.dll
2015-10-01 05:38:28 1547E4F51567E522CA96BC367CC9D295 590336 ----a-w- C:\WINDOWS\Sysnative\MessagingDataModel2.dll
2015-10-01 05:38:27 D61C3ED7C5F0D1B5BD9B351FEC381D57 120832 ----a-w- C:\WINDOWS\Sysnative\omadmclient.exe
2015-10-01 05:38:27 B8401703E619E7BD7B5A659306A9BFE6 84480 ----a-w- C:\WINDOWS\Sysnative\MDMAppInstaller.exe
2015-10-01 05:38:27 9BD143B8F803AC81F701BA0B8486212D 752640 ----a-w- C:\WINDOWS\Sysnative\ChatApis.dll
2015-10-01 05:38:27 7DDB731AD3E9F9F91D62E991BD52814F 79872 ----a-w- C:\WINDOWS\Sysnative\HttpsDataSource.dll
2015-10-01 05:38:26 B171608F20705895726DE86B34D1FBAC 95744 ----a-w- C:\WINDOWS\Sysnative\LocationWiFiAdapter.dll
2015-10-01 05:38:26 888513B8C53C7574A9CC14195F5BFCA3 81488 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll
2015-10-01 05:38:26 71107775BE0E612150F032CE21DD9C7C 88384 ----a-w- C:\WINDOWS\Sysnative\remoteaudioendpoint.dll
2015-10-01 05:38:26 2481E9E8858AD0A223FA3110916EF0C1 6572032 ----a-w- C:\WINDOWS\Sysnative\wwanmm.dll
2015-10-01 05:38:26 02077F66F8CF2F1FD58403D371482B01 106496 ----a-w- C:\WINDOWS\Sysnative\KeywordDetectorMsftSidAdapter.dll
2015-10-01 05:38:25 C1E6FBEBD285CABA0985533A56144F5F 288256 ----a-w- C:\WINDOWS\Sysnative\PimIndexMaintenance.dll
2015-10-01 05:38:25 4A54273338073939384A14BF0D7AFC14 88064 ----a-w- C:\WINDOWS\Sysnative\ngckeyenum.dll
2015-10-01 05:38:25 334206DD8DA94B0AEBC46A3196888031 83968 ----a-w- C:\WINDOWS\Sysnative\DeviceEnroller.exe
2015-10-01 05:38:25 02707CF32272B726BB410E6717BBB7E8 446976 ----a-w- C:\WINDOWS\Sysnative\MapConfiguration.dll
2015-10-01 05:38:24 F1A6A22A63F380DFF28C55B11D688B0C 102304 ----a-w- C:\WINDOWS\Sysnative\omadmapi.dll
2015-10-01 05:38:24 EF3BBA8739757B470D0E49C8619A31C0 53760 ----a-w- C:\WINDOWS\Sysnative\Windows.Speech.Pal.dll
2015-10-01 05:38:23 EBD5F0FDD3EBB6EE6F6EE524206AD0AE 26624 ----a-w- C:\WINDOWS\Sysnative\LicenseManagerShellext.exe
2015-10-01 05:38:23 C92EBECB1E30E7E6006C0D8B4040C3F6 274944 ----a-w- C:\WINDOWS\Sysnative\syncutil.dll
2015-10-01 05:38:23 AA38E0578EBAD030D4CB098A9F5E650B 720896 ----a-w- C:\WINDOWS\Sysnative\EmailApis.dll
2015-10-01 05:38:23 A5B7CAFA0327BCBC2FC6F1C9F95191CA 342016 ----a-w- C:\WINDOWS\Sysnative\LocationGeofences.dll
2015-10-01 05:38:22 D88952BD78157D66A0921B63F5DD0EC5 439296 ----a-w- C:\WINDOWS\Sysnative\LocationWebproxy.dll
2015-10-01 05:38:21 DBA8FE1EAA344106C334E193D3D57B66 73728 ----a-w- C:\WINDOWS\Sysnative\wwancfg.dll
2015-10-01 05:38:21 14503C58C1528D83FB2328840784EC78 621056 ----a-w- C:\WINDOWS\Sysnative\enterprisecsps.dll
2015-10-01 05:38:20 F57FE0BD8BD7E1F8088FE18D0FD7BEE9 501008 ----a-w- C:\WINDOWS\Sysnative\AudioEng.dll
2015-10-01 05:38:20 AC180D981BD23443793F7AA71BBE344A 599552 ----a-w- C:\WINDOWS\Sysnative\wpnapps.dll
2015-10-01 05:38:20 959695FD137FF0DEFC6152AAB03AA3D6 1216512 ----a-w- C:\WINDOWS\Sysnative\netcenter.dll
2015-10-01 05:38:20 77C8CD0AACC1D059EDF6E91920D11550 421888 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Bluetooth.dll
2015-10-01 05:38:20 6C9DDD0611379864596D2A8DE7B1870C 504320 ----a-w- C:\WINDOWS\Sysnative\DataSenseHandlers.dll
2015-10-01 05:38:20 43A1B8B43CA4E213E0FD920F2FD6BCBA 267776 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Management.dll
2015-10-01 05:38:20 109F35CCD84FE9AD1E3B6A2953CF2C9D 685568 ----a-w- C:\WINDOWS\Sysnative\AppointmentApis.dll
2015-10-01 05:38:19 E6337423BD19DD12EB6777934B57E0F4 176640 ----a-w- C:\WINDOWS\Sysnative\LocationPeIP.dll
2015-10-01 05:38:19 3B397ED55AE652520503CCE0996B0D25 160256 ----a-w- C:\WINDOWS\Sysnative\enrollmentapi.dll
2015-10-01 05:38:19 07B5710393558DD734647D5F2F020647 215552 ----a-w- C:\WINDOWS\Sysnative\LocationCrowdsource.dll
2015-10-01 05:38:19 02954F6B3389EF56088EF1C99B6105BA 202240 ----a-w- C:\WINDOWS\Sysnative\accountaccessor.dll
2015-10-01 05:38:18 A0DBB9386BEA8DA1A159C2A2E07081A3 856576 ----a-w- C:\WINDOWS\Sysnative\MPSSVC.dll
2015-10-01 05:38:18 9170F95C48D44BABB9546CBDC2D4CEBA 257024 ----a-w- C:\WINDOWS\Sysnative\UserDataAccountApis.dll
2015-10-01 05:38:18 5BA872CD68B18193FC82DFE125A15FC4 163840 ----a-w- C:\WINDOWS\Sysnative\CallHistoryClient.dll
2015-10-01 05:38:18 52E7F6343A99747CE5772B04FFCE00A3 771072 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll
2015-10-01 05:38:18 3AED81953A08DA52C64F3D92D4A21CD8 223232 ----a-w- C:\WINDOWS\Sysnative\PhoneCallHistoryApis.dll
2015-10-01 05:38:17 63D8A023148D8436D6CBA65E2B9ED56A 143360 ----a-w- C:\WINDOWS\Sysnative\provops.dll
2015-10-01 05:38:17 49213BF8E7EEE157F128C58D75043B09 68096 ----a-w- C:\WINDOWS\Sysnative\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 05:38:16 EA1C2DAB8A63712B94897A58557B086C 371712 ----a-w- C:\WINDOWS\Sysnative\nlasvc.dll
2015-10-01 05:38:15 ECA28C8F0FF34A2BD8311CBA2D35B143 121856 ----a-w- C:\WINDOWS\Sysnative\dmcsps.dll
2015-10-01 05:38:15 BBA571F40F08F967531573109F7FA95E 169984 ----a-w- C:\WINDOWS\Sysnative\mdmregistration.dll
2015-10-01 05:38:15 98986780B8D494326D28DCAB6D601450 154624 ----a-w- C:\WINDOWS\Sysnative\dmcertinst.exe
2015-10-01 05:38:15 5793FBBB1F120D1815A8348434ED236C 221184 ----a-w- C:\WINDOWS\Sysnative\LocationPeWiFi.dll
2015-10-01 05:38:15 562078FF6ED0C2B1C09078343437D03E 168960 ----a-w- C:\WINDOWS\Sysnative\mdmmigrator.dll
2015-10-01 05:38:14 F0B43C550BD519423FB79A58A860CE0B 204288 ----a-w- C:\WINDOWS\Sysnative\LocationPeCell.dll
2015-10-01 05:38:13 F01743062DA74A24A0E7836289E33731 187904 ----a-w- C:\WINDOWS\Sysnative\provisioningcsp.dll
2015-10-01 05:38:13 E2AE190B76C27430E4E8258D0C44C79B 317440 ----a-w- C:\WINDOWS\Sysnative\configmanager2.dll
2015-10-01 05:38:13 C66E058599A44E0EEA95B3E0547345D2 30208 ----a-w- C:\WINDOWS\Sysnative\syncmlhook.dll
2015-09-23 11:30:25 F116C77FE2249302494FB74CF140C981 42840184 ----a-w- C:\WINDOWS\Sysnative\nvcompiler.dll
2015-09-23 11:30:25 E0983DB12BEDCEBC680B64D22716F613 1064056 ----a-w- C:\WINDOWS\Sysnative\NvIFR64.dll
2015-09-23 11:30:25 CE822DB2ADA8392C7E949E6D6D9F004B 16646112 ----a-w- C:\WINDOWS\Sysnative\nvopencl.dll
2015-09-23 11:30:25 CB5941ECF51485CF8E564EF81590C1E2 177088 ----a-w- C:\WINDOWS\Sysnative\nvinitx.dll
2015-09-23 11:30:25 C7F9946561C18CB45E4470EBBFA30875 2354808 ----a-w- C:\WINDOWS\Sysnative\nvcuvid.dll
2015-09-23 11:30:25 B04F24E51FFC70295A53C16205D555DA 1558832 ----a-w- C:\WINDOWS\Sysnative\nvdispgenco6435598.dll
2015-09-23 11:30:25 944C5EB57AF8766D84EE0688EF0006B9 787384 ----a-w- C:\WINDOWS\Sysnative\nvEncMFTH264.dll
2015-09-23 11:30:25 943D95A9EA7E3C3ADA3B018F9BEE7106 1898104 ----a-w- C:\WINDOWS\Sysnative\nvdispco6435598.dll
2015-09-23 11:30:25 5C7EA9E8409F39B9C5EA195CFFEA4B21 387720 ----a-w- C:\WINDOWS\Sysnative\nvEncodeAPI64.dll
2015-09-23 11:30:25 598F940C16324ED4F7CE7E9D5786551F 376440 ----a-w- C:\WINDOWS\Sysnative\nvDecMFTMjpeg.dll
2015-09-23 11:30:25 57B21A028503F3408FFDC304FE98BD38 1178248 ----a-w- C:\WINDOWS\Sysnative\nvumdshimx.dll
2015-09-23 11:30:25 48FAEF8DD71EB672DAB92710E6849183 150648 ----a-w- C:\WINDOWS\Sysnative\nvoglshim64.dll
2015-09-23 11:30:25 29DF0DC7371CF4F49C01C6E56AC7AE6C 22559352 ----a-w- C:\WINDOWS\Sysnative\nvoglv64.dll
2015-09-23 11:30:25 22039F08C1BC08CFFAE882CD246A6E4C 408184 ----a-w- C:\WINDOWS\Sysnative\NvIFROpenGL.dll
2015-09-23 10:48:11 56AC2C830231640229EE2BD61D207889 110616 ----a-w- C:\WINDOWS\Sysnative\NvRtmpStreamer64.dll
====== C:\WINDOWS\Sysnative\drivers =====
2015-10-01 05:38:51 89C9C3745F270EF93988DA57BC6AA62B 1983824 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2015-10-01 05:38:48 7EBD20284AC9BF9F0A020B86769BB074 2432336 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2015-10-01 05:38:39 927AD29D7F91B9A0C5294932374DA15E 894256 ----a-w- C:\WINDOWS\Sysnative\drivers\Wdf01000.sys
2015-10-01 05:38:33 FDB239DBE2A14B572D21ABCEDC7BB5D0 505696 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys
2015-10-01 05:38:33 FCC211B0F46D831506D0D76539203899 929280 ----a-w- C:\WINDOWS\Sysnative\drivers\bthport.sys
2015-10-01 05:38:33 C08449092043601887A1743350888635 516448 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2015-10-01 05:38:33 5A1C6AFFF6946C5C21A27AE05084C0D1 332624 ----a-w- C:\WINDOWS\Sysnative\drivers\fastfat.sys
2015-10-01 05:38:30 B6A33DCEBE437F909615E89BA5FB1385 395088 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2015-10-01 05:38:27 70469C8AC4AD367295E70CFDD81B754C 99664 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys
2015-10-01 05:38:26 FA5C94FB36625787063D04CF2F24E890 320000 ----a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys
2015-10-01 05:38:26 854AF190F55E6D70EC65A85798F896E2 36352 ----a-w- C:\WINDOWS\Sysnative\drivers\buttonconverter.sys
2015-10-01 05:38:23 616F40B897DA651221F86A1741E9609B 1168736 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2015-10-01 05:38:21 1434CA8A224655AD096D57DB24D3AA85 406864 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS
2015-10-01 05:38:21 004C66464D8FE76D5DA78BE6777D61AF 278352 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
====== C:\WINDOWS\Tasks ======
2015-09-09 17:51:20 985D7F00BCCE074FB44B73E65D079863 3816 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player Updater
2015-09-09 17:51:20 8DA57A02D5BDB225B18E6AF9A585C05B 830 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-09-11 19:06:44 -------- d-----w- C:\Program Files\Microsoft Silverlight
2015-09-09 16:56:40 -------- d-----w- C:\Program Files\Envelope Manager
======= C:\PROGRA~2 =====
2015-09-11 19:06:44 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight
2015-09-09 18:11:41 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
2015-09-09 16:57:16 -------- d-----w- C:\PROGRA~2\Endicia
======= C: =====
====== C:\Users\Shukhrat\AppData\Roaming ======
2015-09-14 15:15:11 -------- d-----w- C:\Users\Shukhrat\AppData\Local\LogMeIn Rescue Applet
2015-09-14 10:43:59 -------- d-----w- C:\Users\Shukhrat\AppData\Local\CEF
2015-09-11 19:01:42 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\PeerDistRepub
2015-09-09 16:57:02 -------- d-----w- C:\Users\Shukhrat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZzle
====== C:\Users\Shukhrat ======
2015-10-02 10:13:13 2DDAF1B28DD5B82A75C973CC263B1012 2192384 ----a-w- C:\Users\Shukhrat\Desktop\frst64.exe
2015-09-16 04:01:19 -------- d-----r- C:\Users\Shukhrat\3D Objects
2015-09-11 19:06:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-09 18:11:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-09 16:57:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Endicia

====== C: exe-files ==
2015-10-03 15:21:02 8259E9D39B76FC64BA8B3C009D9ACD16 70239 ----a-w- C:\Users\Shukhrat\AppData\Local\Temp\ocrFB09.tmp\bin\rubyw.exe
2015-10-03 15:20:17 8259E9D39B76FC64BA8B3C009D9ACD16 70239 ----a-w- C:\Users\Shukhrat\AppData\Local\Temp\ocr6B6C.tmp\bin\rubyw.exe
2015-10-02 21:14:48 5BACD68B116CAA67B71F4F9DB500A47B 812008 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-02 12:38:54 C73B06E7D0063713CDEE6C160B692603 6376136 ----a-w- C:\Users\Shukhrat\AppData\Local\NVIDIA\NvBackend\Packages\00007f71\DAO.20019059.exe
2015-10-02 10:13:13 2DDAF1B28DD5B82A75C973CC263B1012 2192384 ----a-w- C:\Users\Shukhrat\Desktop\frst64.exe
2015-10-02 09:48:46 B27D83D274BFECEF8F79DB8366A8A5A2 630200 ----a-w- C:\Users\Shukhrat\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2015-10-02 09:48:42 371AE2919C35094233EE40BA01FD02EF 172984 ----a-w- C:\Users\Shukhrat\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
2015-10-01 12:37:52 2C32056CB8E5C4F7A2CE7FF4588098B6 528632 ----a-w- C:\Users\Shukhrat\AppData\Local\NVIDIA\NvBackend\Packages\00007f6a\CoProc update.20014793.exe
2015-10-01 05:39:02 695DFBE0357DB32E4475F74053D021BC 7455056 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
2015-10-01 05:39:01 4A6E77B420F384AA8CB429904F7BF088 6263152 ----a-w- C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2015-10-01 05:38:53 E19833B3E69A5B829AB97D5CBD3BF356 1876832 ----a-w- C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2015-10-01 05:38:46 5252CE15DB06AB5A796EBC361EAC1528 8020816 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-10-01 05:38:44 5275394FE00E85B13DC535C67961DFEB 1907536 ----a-w- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
2015-10-01 05:38:40 F55E9DF5284E75728CBED4EC3228A536 624480 ----a-w- C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe
2015-10-01 05:38:35 258A4F9A2C91C6C6E36775CDCCB4AFE1 441168 ----a-w- C:\Windows\SysWOW64\SettingSyncHost.exe
2015-10-01 05:38:34 37B5ECB8C390D9FD5A5BB2FFB7294B9E 553808 ----a-w- C:\Windows\System32\SettingSyncHost.exe
2015-10-01 05:38:34 1CD8BB41436524A2748A77005E5DEB8A 579072 ----a-w- C:\Windows\System32\winlogon.exe
2015-10-01 05:38:31 E1DB432B3147F70BF684846439ADE38B 136192 ----a-w- C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
2015-10-01 05:38:30 948BD4AC1C7C572312048A284D6C9A7F 562688 ----a-w- C:\Windows\System32\Speech\SpeechUX\SpeechUXWiz.exe
2015-10-01 05:38:27 D61C3ED7C5F0D1B5BD9B351FEC381D57 120832 ----a-w- C:\Windows\System32\omadmclient.exe
2015-10-01 05:38:27 B8401703E619E7BD7B5A659306A9BFE6 84480 ----a-w- C:\Windows\System32\MDMAppInstaller.exe
2015-10-01 05:38:25 334206DD8DA94B0AEBC46A3196888031 83968 ----a-w- C:\Windows\System32\DeviceEnroller.exe
2015-10-01 05:38:23 EBD5F0FDD3EBB6EE6F6EE524206AD0AE 26624 ----a-w- C:\Windows\System32\LicenseManagerShellext.exe
2015-10-01 05:38:22 ACF279AB64D406EDB223543E5A113939 220160 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
2015-10-01 05:38:15 98986780B8D494326D28DCAB6D601450 154624 ----a-w- C:\Windows\System32\dmcertinst.exe
2015-10-01 05:38:14 9853C2A9EF7FBC341C65EF89908CA052 482816 ----a-w- C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
2015-10-01 01:21:25 07D733DAB53FD7E2E7C8442216073379 873800 ----a-w- C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\SwReporter\4.30.2\software_reporter_tool.exe
2015-09-30 01:33:01 B6C8B1928AC45478B6E93D1FE137C6B2 20002936 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\x86\server\NvStreamUserAgent.exe
2015-09-30 01:33:01 B4B94730DD0A773BEEE0D04C03831ED1 413816 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe
2015-09-30 01:33:01 0A5AED155856E5577C8459C342B281C8 196216 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\Update.Core\WLMerger.exe
2015-09-30 01:33:00 E96B799CB869D44EF1E9B86E6CF4C2E1 6753912 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\nvstreamer.exe
2015-09-30 01:33:00 DF8AD79792E1497931078DA1F4ABFD3D 5568632 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\NvStreamService.exe
2015-09-30 01:33:00 DB28739CEC33A99C8305FB3227551554 4325496 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\x86\server\NvStreamService.exe
2015-09-30 01:33:00 D0799048CB088A40C197D7A853A22BCA 7575160 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\NvStreamNetworkService.exe
2015-09-30 01:33:00 CF1D8A04AEA4430AED399784A59B2181 21982840 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\NvStreamUserAgent.exe
2015-09-30 01:33:00 8F8DEF7B1603DFFEA9B637F2D89B6485 5832824 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\x86\server\NvStreamNetworkService.exe
2015-09-30 01:33:00 3273C4A12363EB9C4B8012F14D5EFD9D 6536824 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShadowPlay\nvspcaps.exe
2015-09-30 01:33:00 2ED3B8015B64B7C16D8284345EAF9BDA 7521400 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShadowPlay\nvspcaps64.exe
2015-09-30 01:33:00 0B8B200882805714946A71BC48E8E8D8 5375608 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\x86\server\nvstreamer.exe
2015-09-30 01:32:59 F8B89E1C3481A0913C4907E0049B1C33 1872504 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\Network.Service\NVNetworkService.exe
2015-09-30 01:32:59 E2CEFE9EC6FC9F026560E114E0B65BB3 126768 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\LEDVisualizer\NvLedVisualizer.exe
2015-09-30 01:32:59 BFB4CF2C38D128E98A17C1B3F63E19A5 921208 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GfExperienceService\GfExperienceService32.exe
2015-09-30 01:32:59 8179F1373AC4D314D5DB635A7D229CFA 637560 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe
2015-09-30 01:32:59 7B94B2EEBC6598855A3BC3DC514BD4E7 967168 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\OSC\OSC\nvosc.exe
2015-09-30 01:32:59 779ED81CF4B582FDEA8640748DBEE505 4724856 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience\GFExperience.exe
2015-09-30 01:32:59 70B5A5DDC391A2D49A6B547D0E4C2D74 519800 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShadowPlay\DXSETUP.exe
2015-09-30 01:32:59 5CD29B38F63BC347CB1EB145F762B035 1058424 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience\LaunchGFExperience.exe
2015-09-30 01:32:59 556AB278B0F33E7B3C6552E0E47E8B40 1872504 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NVI2\NVNetworkService.exe
2015-09-30 01:32:59 1DBBA035AF2C44D1D512FC55DB57D3BB 1155192 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GfExperienceService\GfExperienceService64.exe
2015-09-30 01:32:59 196866BCDAAC49240DF9B8975D0652F9 87344 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\LEDVisualizer\NvLedServiceHost.exe
2015-09-30 01:32:59 182ACCC286FF1F9A1B37DB2B04F65586 595576 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience\7z.exe
2015-09-30 01:32:59 08CB3177A4FFCD0B5C22863B3D982709 2730616 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\Update.Core\NvBackend.exe
2015-09-30 01:32:50 A694CA5B8A120B12DFD8AF0E07099C1D 39990160 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\9ed0ae25-7d50-410f-b34b-016b5b2a9d77\GeForce_Experience_Beta_Update_v2.6.1.10.exe
=== C: other files ==
2015-10-03 15:20:28 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\Shukhrat\AppData\Local\Temp\_MEI95322\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2015-10-03 15:20:28 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Shukhrat\AppData\Local\Temp\_MEI95322\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2015-10-01 05:38:51 89C9C3745F270EF93988DA57BC6AA62B 1983824 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2015-10-01 05:38:48 7EBD20284AC9BF9F0A020B86769BB074 2432336 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2015-10-01 05:38:39 927AD29D7F91B9A0C5294932374DA15E 894256 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2015-10-01 05:38:38 33FF0B7585F54C0F33C38F5DCAB1DA01 3586560 ----a-w- C:\Windows\System32\win32kfull.sys
2015-10-01 05:38:33 FDB239DBE2A14B572D21ABCEDC7BB5D0 505696 ----a-w- C:\Windows\System32\drivers\dxgmms2.sys
2015-10-01 05:38:33 FCC211B0F46D831506D0D76539203899 929280 ----a-w- C:\Windows\System32\drivers\bthport.sys
2015-10-01 05:38:33 C08449092043601887A1743350888635 516448 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2015-10-01 05:38:33 5A1C6AFFF6946C5C21A27AE05084C0D1 332624 ----a-w- C:\Windows\System32\drivers\fastfat.sys
2015-10-01 05:38:30 B6A33DCEBE437F909615E89BA5FB1385 395088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2015-10-01 05:38:28 7D2165B4B27E11B3E557DB26CAA2BAFF 1382400 ----a-w- C:\Windows\System32\win32kbase.sys
2015-10-01 05:38:27 70469C8AC4AD367295E70CFDD81B754C 99664 ----a-w- C:\Windows\System32\drivers\pdc.sys
2015-10-01 05:38:26 FA5C94FB36625787063D04CF2F24E890 320000 ----a-w- C:\Windows\System32\drivers\portcls.sys
2015-10-01 05:38:26 854AF190F55E6D70EC65A85798F896E2 36352 ----a-w- C:\Windows\System32\drivers\buttonconverter.sys
2015-10-01 05:38:23 616F40B897DA651221F86A1741E9609B 1168736 ----a-w- C:\Windows\System32\drivers\ndis.sys
2015-10-01 05:38:21 1434CA8A224655AD096D57DB24D3AA85 406864 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2015-10-01 05:38:21 004C66464D8FE76D5DA78BE6777D61AF 278352 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2015-09-30 01:33:25 CD7C434AA2949DD5ABD3713A9CD91ACD 19576 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\amd64\server\NvStreamKms.sys
2015-09-30 01:33:25 C2A9985C97DF5946AEAE7C001625410C 44840 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NvVAD\nvvad32v.sys
2015-09-30 01:33:25 ADAFEE18602E1DE25C1EBC5C8695B5EC 14456 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NVI2\NVI2SystemService32.sys
2015-09-30 01:33:25 9D9CAD70EA640AB8D3EB77BFAE6CABE2 28344 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShieldWirelessController\NVSWCFilter64.sys
2015-09-30 01:33:25 950A55DD6B337EA7720802F6711099CE 15480 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NVI2\NVI2SystemService64.sys
2015-09-30 01:33:25 7ABD081BB7A1A8CF7E3B1E64183AB812 24760 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\ShieldWirelessController\NVSWCFilter32.sys
2015-09-30 01:33:25 6585F2637E7A845D030372B30AA61F2D 18552 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\GFExperience.NvStreamSrv\x86\server\NvStreamKms.sys
2015-09-30 01:33:25 35DFC12FD7E44B7CB8CCD7E5A2B3975A 50472 ----a-w- C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\NvVAD\nvvad64v.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-3881268226-3317070643-463687028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"Spotify Web Helper"="C:\Users\Shukhrat\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
"OzLINK for UPS Startup"="C:\Users\Shukhrat\AppData\Local\Oz Development\OzLINK for UPS\App\OzLINK for UPS Startup.exe"
"OneDrive"="C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Lync"="C:\Program Files\Microsoft Office\Office15\lync.exe /fromrunkey"
"Spotify"="C:\Users\Shukhrat\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"

[HKEY_USERS\S-1-5-21-3881268226-3317070643-463687028-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"

[HKEY_USERS\S-1-5-21-3881268226-3317070643-463687028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
"Uninstall C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
"Uninstall C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"

[HKEY_USERS\S-1-5-21-3881268226-3317070643-463687028-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology enterprise\IAStorIcon.exe"
"ControlCenterCount"="C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe"
"Corsair K95"="C:\Program Files (x86)\Corsair\K95 Keyboard\K95Hid.exe"
"PivotSoftware"="C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
"DT HPC"="C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC"
"PowerPanel Personal Edition User Interaction"="C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe"
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
"DLSService"="C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
"Intuit SyncManager"="C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup"
"ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun"
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"Fast Boot"="C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Corsair Utility Engine"="C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe --autorun"
"Super Charger"="C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe"
"Command Center"="C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe"
"Live Update"="C:\Program Files (x86)\MSI\Live Update\Live Update.exe /REMINDER"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"Spotify Web Helper"="C:\Users\Shukhrat\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"Plex Media Server"="C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
"OzLINK for UPS Startup"="C:\Users\Shukhrat\AppData\Local\Oz Development\OzLINK for UPS\App\OzLINK for UPS Startup.exe"
"OneDrive"="C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
"Lync"="C:\Program Files\Microsoft Office\Office15\lync.exe /fromrunkey"
"Spotify"="C:\Users\Shukhrat\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
"Uninstall C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
"Uninstall C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\Shukhrat\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/22/2015 01:52 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/28/2015 12:20 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/28/2015 12:20 AM]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3881268226-3317070643-463687028-1001UA" [C:\Users\Shukhrat\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\WSCStub.exe"]
"C:\WINDOWS\SysNative\tasks\Private Internet Access Startup" ["C:\Program Files\pia_manager\pia_manager.exe"]
"C:\WINDOWS\SysNative\tasks\SpyHunter4Startup" ["C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe"]
"C:\WINDOWS\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton Security with Backup\Norton Autofix" [C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton Security with Backup\Norton Error Analyzer" [C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\SymErr.exe]
"C:\WINDOWS\SysNative\tasks\Norton Security with Backup\Norton Error Processor" [C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\SymErr.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Shukhrat\AppData\Roaming\Mozilla\Firefox\Profiles\60j4u87l.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.defaultenginename.US", "Google");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.1.0.9\coFFPlgn" [10/03/2015 11:20 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Shukhrat\AppData\Roaming\Mozilla\Firefox\Profiles\60j4u87l.default
- Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.1.0.9\coFFPlgn

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Shukhrat\AppData\Roaming\Mozilla\Firefox\Profiles\60j4u87l.default
1A62BB86D17B8DC0D4339BACC8D60635 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll - Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 45.0.2454.101

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\Exts\Chrome.crx[07/10/2015 12:03 AM]
iikflkcanblccfahdhdonehdalibjnif - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 06:22 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Floorplanner - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag
Google Drive - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Firebug Lite for Google Chrome™ - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench
Google Cast - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
Videostream for Google Chromecast™ - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl
Google Search - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Tab Manager - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda
Calculator Widget - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpplagdendnkjkiaiaijfphiflaflinc
Google Calendar - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn
Postman - REST Client - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm
Compare International Prices - AMADIFF.com - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkgjaeeajfkgjmmpdgcocokcfgbfcoc
Google Docs Offline - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
The Camelizer - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo
AdBlock - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Amazonia Right Click Search - Amazon Co UK - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpmkacpkcakamljkjdjfgmncbpfjacjl
XPath Helper - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgimnogjllphhhkhlmebbmlgjoejdpjl
Google Keep - notes and lists - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki
DS Amazon Quick View mx - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphjnmlnfhakpddieemnfolejgbpjmcd
Google Forms - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhknlonaankphkkbnmjdlpehkinifeeg
DS Amazon Quick View - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg
Hangouts - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl
Chrome Hotword Shared Module - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Linkclump - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj
InvisibleHand - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko
JSON Editor - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkmoheomjbkfloacpgllgjcamhihfaj
ASIN Helper - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lknlnfochnodlbdhbakjjgelgomhjigk
Google Drive App Launcher - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Google Maps - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh
Session Manager - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc
Keepa - Amazon Price Tracker - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo
Please enter the name of the session - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmidkjogcjnnlfimjcedenagjfacpobb
Chrome Web Store Payments - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Context Menu Search - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga
Chrome Apps & Extensions Developer Tool - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc
The Tracktor - Price History Tracker - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\onajjgekdldckfgodnmoallcmdmfcfom
Amazon 1Button App for Chrome - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Extract Asin Universal - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pidkhbhaankobmkallidpgihcdcjdefn
Gmail - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Amazonia Right Click Search - Amazon.com - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkngfjindjkdikklhiiofondocdmdeep

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Sat 10/03/2015 at 11:25:46.92 ======================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
There's no need to bump, I'll respond when I can.

This is not the correct script I asked you to do. Please go through my Zoek instructions again.
 
S

Shuggie

New Member
Thread author
Verified
Oct 1, 2015
18
Sorry about for both not doing the script right and bumping. Thanks for your help.

Here are thew new results:


Zoek.exe v5.0.0.1 Updated 30-09-2015
Tool run by Shukhrat on Sun 10/04/2015 at 7:12:40.18.
Microsoft Windows 10 Pro 10.0.10240 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Shukhrat\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-10-03-152546.log 57773 bytes

==== System Restore Info ======================

10/4/2015 7:13:10 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\Program Files\Google deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\PCSettings deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\QBDataServiceUser24\AppData\LocalLow deleted successfully
C:\Users\Shukhrat\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Shukhrat\AppData\Local\EmieSiteList deleted successfully
C:\Users\Shukhrat\AppData\Local\EmieUserList deleted successfully
C:\Users\Shukhrat\AppData\Local\LogMeIn Rescue Applet deleted successfully
C:\Users\Shukhrat\AppData\Local\NetworkTiles deleted successfully
C:\Users\Shukhrat\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3881268226-3317070643-463687028-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{F04D2D30-776C-4d02-8627-8E4385ECA58D} deleted successfully

==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Shukhrat\AppData\Roaming\Mozilla\Firefox\Profiles\60j4u87l.default\searchplugins\safesearch.xml deleted
C:\Users\Shukhrat\GeForce_Experience_v2.1.0.0.exe deleted
C:\Users\Shukhrat\vlc-2.1.3-win64.exe deleted
"C:\PROGRA~2\CyberPower PowerPanel Personal Edition\ppped.exe" deleted
"C:\PROGRA~2\CyberPower PowerPanel Personal Edition\pppeuser.exe" deleted
"C:\PROGRA~2\CyberPower PowerPanel Personal Edition" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Shukhrat\AppData\Roaming\Mozilla\Firefox\Profiles\60j4u87l.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.defaultenginename.US", "Google");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.1.0.9\coFFPlgn" [10/03/2015 11:20 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Shukhrat\AppData\Roaming\Mozilla\Firefox\Profiles\60j4u87l.default
- Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.1.0.9\coFFPlgn

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Shukhrat\AppData\Roaming\Mozilla\Firefox\Profiles\60j4u87l.default
1A62BB86D17B8DC0D4339BACC8D60635 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll - Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 45.0.2454.101

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.2.15\Exts\Chrome.crx[07/10/2015 12:03 AM]
iikflkcanblccfahdhdonehdalibjnif - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 06:22 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Floorplanner - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag
Firebug Lite for Google Chrome™ - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench
Google Cast - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd
Videostream for Google Chromecast™ - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl
Tab Manager - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda
Calculator Widget - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpplagdendnkjkiaiaijfphiflaflinc
AdBlock - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Amazonia Right Click Search - Amazon Co UK - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpmkacpkcakamljkjdjfgmncbpfjacjl
XPath Helper - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgimnogjllphhhkhlmebbmlgjoejdpjl
DS Amazon Quick View mx - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphjnmlnfhakpddieemnfolejgbpjmcd
DS Amazon Quick View - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkompbllimaoekaogchhkmkdogpkhojg
Linkclump - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj
InvisibleHand - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko
JSON Editor - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkmoheomjbkfloacpgllgjcamhihfaj
ASIN Helper - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lknlnfochnodlbdhbakjjgelgomhjigk
Google Drive App Launcher - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Session Manager - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc
Keepa - Amazon Price Tracker - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo
Context Menu Search - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga
Chrome Apps & Extensions Developer Tool - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc
The Tracktor - Price History Tracker - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\onajjgekdldckfgodnmoallcmdmfcfom
Extract Asin Universal - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pidkhbhaankobmkallidpgihcdcjdefn
Amazonia Right Click Search - Amazon.com - Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkngfjindjkdikklhiiofondocdmdeep

==== Chromium Fix ======================

C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shoppingcart.aliexpress.com_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shoppingcart.aliexpress.com_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.escapetheroomnyc.com_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.escapetheroomnyc.com_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.shoefitr.com_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.shoefitr.com_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3b3ehuo35wzeh.cloudfront.net_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d3b3ehuo35wzeh.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3l3lkinz3f56t.cloudfront.net_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3l3lkinz3f56t.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dew9ckzjyt2gn.cloudfront.net_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dew9ckzjyt2gn.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchesinteractive.com_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchesinteractive.com_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.ebay.com_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_deals.ebay.com_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_slickdeals.net_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_slickdeals.net_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ebay-turbo-lister.en.softonic.com_0.localstorage deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ebay-turbo-lister.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pidkhbhaankobmkallidpgihcdcjdefn deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="Google"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="{searchTerms} - Google Search"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3881268226-3317070643-463687028-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Shukhrat\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Shukhrat\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Shukhrat\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Shukhrat\AppData\Local\Microsoft\Windows\INetCache\IE\1B7WZRY1 will be deleted at reboot
C:\Users\Shukhrat\AppData\Local\Microsoft\Windows\INetCache\IE\6XS8ZGT0 will be deleted at reboot
C:\Users\Shukhrat\AppData\Local\Microsoft\Windows\INetCache\IE\V1J2YMB4 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Shukhrat\AppData\Local\Mozilla\Firefox\Profiles\60j4u87l.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Shukhrat\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=173 folders=32 143557170 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Shukhrat\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\CyberPower PowerPanel Personal Edition" not found
"C:\Users\Shukhrat\AppData\Local\Microsoft\Windows\INetCache\IE\1B7WZRY1" not found
"C:\Users\Shukhrat\AppData\Local\Microsoft\Windows\INetCache\IE\6XS8ZGT0" not found
"C:\Users\Shukhrat\AppData\Local\Microsoft\Windows\INetCache\IE\V1J2YMB4" not found

==== EOF on Sun 10/04/2015 at 7:30:52.63 ======================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 
S

Shuggie

New Member
Thread author
Verified
Oct 1, 2015
18
thanks. here they are
 

Attachments

  • FRST.txt
    107.5 KB · Views: 1
  • Addition.txt
    62.5 KB · Views: 1

Similar threads

J
  • Locked
Google Chrome redirecting to Bing and Yahoo
Replies
2
Views
480
Windows Malware Removal Help & Support
nasdaq
nasdaq
P
  • Locked
Microsoft Edge infected w/"yahoo search redirect virus"
Replies
7
Views
515
Windows Malware Removal Help & Support
nasdaq
nasdaq
vtqhtr413
    • Like
    • Sad
Technology Roku patent will show ads over anything you plug into your TV's HDMI
Replies
20
Views
790
Technology News
n8chavez
n8chavez

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top