Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem after Trojan removal on Windows 7 x64 PC


  • This topic is locked This topic is locked
15 replies to this topic

#1 larry90

larry90

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 06 July 2014 - 08:25 AM

Hello,

 

My pc (Windows 7 x64) was recently infected by an interpol/scam trojan virus.

I used the latest version of Malwarebytes Anti-Malware to remove the threat, and then did a complete PC scan with AVG anti-virus 2014 and used some of CCleaner's features.

I ran sfc and no issues came up.

I have been encountering some problems on my PC since this happened (might be a month already) such as AVG firewall cannot be activated even if I reinstall or repair the installation, and some of my installed programs (including some games) freeze at a starting point and might open normally but only if I wait about 15 minutes or sth...

Unfortunatelly, I couldn't use system restore because no previous points existed on the list.

I cannot find any info regarding my problem anywhere on the internet, so any help would be appreciated!

 

Thanks in advance.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:07 PM

Posted 11 July 2014 - 08:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/540050 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:07 PM

Posted 16 July 2014 - 08:35 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 AM

Posted 18 July 2014 - 05:47 PM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:07 AM

Posted 18 July 2014 - 09:10 PM

Greetings larry90 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 larry90

larry90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 19 July 2014 - 07:28 AM

Hello Gary,

 

Thanks for the reply! You can call me by my first name Laertis.

I did what you asked me to. I have attached the Summary file but I'm not sure if you are going to understand what it says since it is in Greek in my PC...

What I see when I click on Summary (roughly translated) is that access to the Management Tools Software of Windows is not possible because the Windows management files have been moved or missing.

Some stuff from the Addition.txt file are also in Greek, let me know if you want me to translate it for you.

Here is the output from the Farbar Recovery Scan Tool (FRST):

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by user (administrator) on LARRY on 19-07-2014 14:46:11
Running from C:\Users\user\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Ελληνικά (Ελλάδας)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Simnet Ltd.                                                 ) C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-862746075-1632763178-2973453302-1000\...\Run: [Simple Sticky Notes] => C:\Program Files (x86)\Simnet\Simple Sticky Notes\ssn.exe [570224 2014-06-01] (Simnet Ltd.                                                 )
HKU\S-1-5-21-862746075-1632763178-2973453302-1000\...\MountPoints2: {7624f6bb-ac93-11e2-b317-08606e53efc6} - E:\LGAutoRun.exe
HKU\S-1-5-21-862746075-1632763178-2973453302-1000\...\Command Processor: CD /d C:\Users\user\Desktop <===== ATTENTION!
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.gr/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://gr.msn.com/?mkt=el-gr&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0E598702615CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = el
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {F44B5DFA-9DC8-4739-9D13-EF8A38087621} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=620
SearchScopes: HKCU - {F44B5DFA-9DC8-4739-9D13-EF8A38087621} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qhm5jr0e.default-1374440766349
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Adblock Plus Pop-up Addon - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qhm5jr0e.default-1374440766349\Extensions\adblockpopups@jessehakanen.net.xpi [2014-04-18]
FF Extension: Wappalyzer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qhm5jr0e.default-1374440766349\Extensions\wappalyzer@crunchlabz.com.xpi [2014-03-22]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qhm5jr0e.default-1374440766349\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-18]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-18]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-01-31] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
S4 WPSHWPBC; C:\Program Files (x86)\D-Link CORPORATION\DWA-127\WPSHWPBC.exe [217088 2011-08-08] () [File not signed]
S2 Winmgmt; C:\PROGRA~3\54568DC52C6E5CC7C962803CD3178CE2\flcq1bf.dot [X]

==================== Drivers (Whitelisted) ====================

S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2011-09-06] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2011-09-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [35840 2011-09-06] (LG Electronics Inc.)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BM0523; C:\Windows\System32\DRIVERS\BM0523.sys [25328 2012-05-20] (ShenZhen ShanWan Technology Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-19 14:46 - 2014-07-19 14:46 - 00013144 _____ () C:\Users\user\Desktop\FRST.txt
2014-07-19 14:45 - 2014-07-19 14:46 - 00000000 ____D () C:\FRST
2014-07-19 14:45 - 2014-07-19 14:45 - 02086912 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-07-19 14:36 - 2014-07-19 14:36 - 00000056 _____ () C:\Windows\setupact.log
2014-07-19 14:36 - 2014-07-19 14:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-12 22:45 - 2014-07-12 22:45 - 00594944 _____ () C:\Users\user\northwind.db
2014-07-12 22:40 - 2014-07-12 21:45 - 00019456 _____ () C:\Users\user\doctors.sqlite3
2014-07-12 22:39 - 2014-07-12 22:38 - 00048128 _____ () C:\Users\user\test.sqlite3
2014-07-09 08:51 - 2014-07-09 08:51 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-07-09 08:51 - 2014-07-09 08:51 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-07-09 02:07 - 2014-07-09 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GATE Developer 8.0
2014-07-09 02:05 - 2014-07-09 02:06 - 00000000 ____D () C:\Program Files\GATE_Developer_8.0
2014-07-07 19:51 - 2014-07-07 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SqliteBrowser3
2014-07-07 19:51 - 2014-07-07 19:51 - 00000000 ____D () C:\Program Files (x86)\SqliteBrowser3
2014-07-07 19:49 - 2014-07-07 19:50 - 00000000 ____D () C:\sqlite
2014-07-04 23:02 - 2014-07-04 23:02 - 00002291 _____ () C:\Users\user\Desktop\Text mining tool - Benchmark.lnk
2014-07-04 23:01 - 2014-07-11 22:59 - 00002260 _____ () C:\Users\user\Desktop\Text Mining tool.lnk
2014-07-04 22:58 - 2014-07-04 22:58 - 00002220 _____ () C:\Users\user\Desktop\ERGASIA 6 - Asvestas.lnk
2014-07-04 01:17 - 2014-07-04 01:20 - 00000000 ____D () C:\Program Files\NetBeans 8.0
2014-07-04 01:17 - 2014-07-04 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
2014-07-04 01:07 - 2014-07-04 01:23 - 00000000 ____D () C:\Users\user\.nbi
2014-07-01 20:05 - 2014-07-01 20:05 - 00000000 ____D () C:\Users\user\.swt
2014-07-01 19:42 - 2014-07-06 12:07 - 00000000 ___RD () C:\Users\user\Google Drive
2014-06-30 12:43 - 2014-06-30 12:43 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-26 21:27 - 2014-06-26 21:27 - 00001970 _____ () C:\Users\user\Desktop\Απαλλακτική - Emiris.lnk
2014-06-25 15:44 - 2014-07-09 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-25 15:43 - 2014-07-19 14:37 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 15:43 - 2014-07-19 03:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 15:43 - 2014-06-25 15:43 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 15:43 - 2014-06-25 15:43 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 15:29 - 2014-06-19 15:29 - 00000000 ____D () C:\Users\user\.eclipse
2014-06-19 15:24 - 2014-06-19 15:25 - 00000000 ____D () C:\Program Files (x86)\adt-bundle-windows-x86-20140321
2014-06-19 15:23 - 2014-06-19 15:23 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-19 15:23 - 2014-06-19 15:23 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-19 15:23 - 2014-06-19 15:23 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-19 15:23 - 2014-06-19 15:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-19 15:21 - 2014-06-19 15:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-19 11:53 - 2014-07-04 01:05 - 00001051 _____ () C:\Users\user\Desktop\Notepad++.lnk

==================== One Month Modified Files and Folders =======

2014-07-19 14:46 - 2014-07-19 14:46 - 00013144 _____ () C:\Users\user\Desktop\FRST.txt
2014-07-19 14:46 - 2014-07-19 14:45 - 00000000 ____D () C:\FRST
2014-07-19 14:46 - 2014-03-28 13:56 - 01410760 _____ () C:\Windows\WindowsUpdate.log
2014-07-19 14:45 - 2014-07-19 14:45 - 02086912 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-07-19 14:44 - 2009-07-14 07:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-19 14:44 - 2009-07-14 07:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-19 14:43 - 2014-06-13 02:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-19 14:38 - 2014-05-25 03:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-19 14:37 - 2014-06-25 15:43 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 14:36 - 2014-07-19 14:36 - 00000056 _____ () C:\Windows\setupact.log
2014-07-19 14:36 - 2014-07-19 14:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-19 14:36 - 2013-02-27 17:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-19 14:36 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-19 03:48 - 2014-06-25 15:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 03:21 - 2013-06-30 16:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 02:04 - 2014-06-11 23:16 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-07-18 18:23 - 2013-09-27 00:20 - 00000000 ____D () C:\Users\user\Documents\El Condor Pasa
2014-07-18 13:18 - 2013-05-06 14:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\Notepad++
2014-07-18 13:18 - 2013-04-11 03:05 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-07-18 01:28 - 2013-07-12 21:23 - 00000000 ____D () C:\Users\user\Documents\Simple Sticky Notes
2014-07-16 11:42 - 2014-06-13 03:09 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-16 11:42 - 2014-06-13 03:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-13 16:22 - 2014-03-20 22:49 - 00000000 ____D () C:\Users\user\Documents\MATLAB
2014-07-12 22:45 - 2014-07-12 22:45 - 00594944 _____ () C:\Users\user\northwind.db
2014-07-12 22:38 - 2014-07-12 22:39 - 00048128 _____ () C:\Users\user\test.sqlite3
2014-07-12 21:45 - 2014-07-12 22:40 - 00019456 _____ () C:\Users\user\doctors.sqlite3
2014-07-12 04:33 - 2014-05-14 00:57 - 00015444 _____ () C:\Users\user\weka.log
2014-07-11 22:59 - 2014-07-04 23:01 - 00002260 _____ () C:\Users\user\Desktop\Text Mining tool.lnk
2014-07-09 14:12 - 2013-06-30 16:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 14:12 - 2013-02-27 17:53 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 14:12 - 2013-02-27 17:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 08:51 - 2014-07-09 08:51 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-07-09 08:51 - 2014-07-09 08:51 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-07-09 08:51 - 2014-06-25 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-09 02:07 - 2014-07-09 02:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GATE Developer 8.0
2014-07-09 02:06 - 2014-07-09 02:05 - 00000000 ____D () C:\Program Files\GATE_Developer_8.0
2014-07-07 19:51 - 2014-07-07 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SqliteBrowser3
2014-07-07 19:51 - 2014-07-07 19:51 - 00000000 ____D () C:\Program Files (x86)\SqliteBrowser3
2014-07-07 19:51 - 2011-06-13 17:41 - 00000000 ____D () C:\Users\user\Documents\Files
2014-07-07 19:50 - 2014-07-07 19:49 - 00000000 ____D () C:\sqlite
2014-07-06 20:38 - 2014-06-17 19:49 - 00000000 ____D () C:\Users\user\.android
2014-07-06 18:37 - 2014-06-17 19:48 - 00000000 ____D () C:\Users\user\Documents\EclipseWorkspace
2014-07-06 17:33 - 2014-01-19 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-06 17:33 - 2013-07-06 02:37 - 00000000 ____D () C:\Program Files\Adobe
2014-07-06 17:33 - 2013-02-27 18:13 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-06 17:33 - 2013-02-27 18:13 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-06 14:41 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-06 13:52 - 2013-04-11 02:06 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-06 13:52 - 2013-04-11 02:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-06 13:52 - 2013-04-11 02:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-06 12:07 - 2014-07-01 19:42 - 00000000 ___RD () C:\Users\user\Google Drive
2014-07-05 21:44 - 2013-10-01 03:34 - 00000000 ____D () C:\Users\user\AppData\Local\PokerStars.EU
2014-07-04 23:02 - 2014-07-04 23:02 - 00002291 _____ () C:\Users\user\Desktop\Text mining tool - Benchmark.lnk
2014-07-04 22:58 - 2014-07-04 22:58 - 00002220 _____ () C:\Users\user\Desktop\ERGASIA 6 - Asvestas.lnk
2014-07-04 01:23 - 2014-07-04 01:07 - 00000000 ____D () C:\Users\user\.nbi
2014-07-04 01:20 - 2014-07-04 01:17 - 00000000 ____D () C:\Program Files\NetBeans 8.0
2014-07-04 01:17 - 2014-07-04 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
2014-07-04 01:05 - 2014-06-19 11:53 - 00001051 _____ () C:\Users\user\Desktop\Notepad++.lnk
2014-07-01 20:05 - 2014-07-01 20:05 - 00000000 ____D () C:\Users\user\.swt
2014-07-01 19:56 - 2013-12-21 11:31 - 00000000 ____D () C:\Program Files (x86)\Artisteer 4
2014-07-01 11:02 - 2014-03-21 23:56 - 00000000 ____D () C:\Windows\Minidump
2014-06-30 12:43 - 2014-06-30 12:43 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-29 18:03 - 2013-10-29 08:50 - 00000000 ____D () C:\Windows\pss
2014-06-27 12:31 - 2009-07-14 08:08 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-26 21:27 - 2014-06-26 21:27 - 00001970 _____ () C:\Users\user\Desktop\Απαλλακτική - Emiris.lnk
2014-06-25 15:44 - 2013-09-22 16:25 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2014-06-25 15:44 - 2013-09-22 16:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-25 15:43 - 2014-06-25 15:43 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 15:43 - 2014-06-25 15:43 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 14:48 - 2009-07-14 08:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-06-20 03:02 - 2013-10-01 03:34 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-06-19 15:29 - 2014-06-19 15:29 - 00000000 ____D () C:\Users\user\.eclipse
2014-06-19 15:25 - 2014-06-19 15:24 - 00000000 ____D () C:\Program Files (x86)\adt-bundle-windows-x86-20140321
2014-06-19 15:23 - 2014-06-19 15:23 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-19 15:23 - 2014-06-19 15:23 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-19 15:23 - 2014-06-19 15:23 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-19 15:23 - 2014-06-19 15:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-19 15:23 - 2014-06-19 15:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-19 14:35 - 2014-01-16 18:44 - 00000000 ____D () C:\Program Files\Java
2014-06-19 14:31 - 2014-01-23 00:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-19 14:30 - 2014-01-16 18:45 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-19 14:30 - 2014-01-16 18:45 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-19 14:30 - 2014-01-16 18:45 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-19 14:30 - 2014-01-16 18:45 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-19 10:28 - 2013-03-04 04:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 00:49

==================== End Of Log ============================

 

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by user at 2014-07-19 14:46:31
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Assassin's Creed® III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4744 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4744 - AVG Technologies) Hidden
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MP230 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series) (Version: 1.03 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Combined Community Codec Pack 2014-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.04.20.0 - CCCP Project)
DWA-127 (HKLM-x32\...\{E6F2D638-0846-46B6-8669-3CE08AFF3362}) (Version: 1.0.0.0 - D-Link CORPORATION)
GATE Developer 8.0 (HKLM\...\GATE Developer 8.0) (Version:  - )
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java 8 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
LG United Mobile Drivers (HKLM-x32\...\{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}) (Version: 3.6.0.0 - LG Electronics)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware έκδοση 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - Greek/Ελληνικά (HKLM-x32\...\OMUI.el-gr) (Version: 12.0.4518.1029 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Greek/Ελληνικά (HKLM\...\Office14.OMUI.el-gr) (Version: 14.0.4763.1013 - Microsoft Corporation)
Microsoft Office O MUI (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office O MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Proof (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Greek) 2007 (Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Office X MUI (Greek) 2007 (x32 Version: 12.0.4518.1029 - Microsoft Corporation) Hidden
Microsoft Office X MUI (Greek) 2010 (Version: 14.0.4763.1013 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182 - NVIDIA Corporation) Hidden
NVIDIA Λογισμικό σύστημα PhysX 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης 3D Vision 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης γραφικών 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης ελεγκτή 3D Vision 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης ήχου HD 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Saitek Dual Analog Rumble Pad (HKLM-x32\...\Saitek Dual Analog Rumble Pad) (Version:  - )
Simple Sticky Notes 2.4 (HKLM-x32\...\Simple Sticky Notes_is1) (Version:  - Simnet Ltd.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
SqliteBrowser3 (HKLM-x32\...\SqliteBrowser3) (Version: 3.2.0 - oldsch00l)
Strawberry Perl (64-bit) (HKLM\...\{61719A5F-6C9C-1014-8F19-DDB236F7176A}) (Version: 5.18.1001 - strawberryperl.com project)
Tenda Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.12.0 - Tenda)
UoA OpenVPN 2.1_rc20 (HKLM-x32\...\UoAOpenVPN) (Version: 2.1_rc20 - )
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
USB Network Joystick (BM) (HKLM-x32\...\{2D8DCCA2-2339-4155-A29B-46041362DFDD}) (Version: 1.00.0000 - )
VIA Διαχειριστής Συσκευών Πλατφόρμας (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Weka 3.6.11 (HKLM\...\Weka 3.6.11) (Version: 3.6.11 - Machine Learning Group, University of Waikato, Hamilton, NZ)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-2 - BitNami)
Πίνακας Ελέγχου NVIDIA 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 05:34 - 2013-08-23 23:54 - 00000954 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com
127.0.0.1 support.apowersoft.com
127.0.0.1 www.apowersoft.com
127.0.0.1 apowersoft.com


==================== Scheduled Tasks (whitelisted) =============

Task: {26E1B853-64E3-4DC5-AB63-11B1070DCB5D} - System32\Tasks\AdobeAAMUpdater-1.0-LARRY-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {3F541380-75AC-4F1D-A0C5-2B92C9C6897E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25] (Google Inc.)
Task: {71DAA11F-CED5-431D-8346-7047AE90E2B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25] (Google Inc.)
Task: {7E619FCC-9292-4C7C-852F-F0CD75855212} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {7EB99448-C3B3-4940-AEA3-3BCE202E6D13} - System32\Tasks\0214dUpdateInfo => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe [2014-03-24] ()
Task: {82F6F8BC-A931-4A57-B451-C29230935F32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {8EF083EF-3FBB-4632-A6FE-63E17B613773} - System32\Tasks\Games\UpdateCheck_S-1-5-21-862746075-1632763178-2973453302-1000
Task: {B331836C-DD79-4230-9570-90380D661311} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {D1FB0610-C160-489B-AD2E-2BB564E48240} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] ()
Task: C:\Windows\Tasks\0214dUpdateInfo.job => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) =============

2013-02-27 17:35 - 2013-11-11 18:02 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-31 23:20 - 2014-01-31 23:20 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-12 21:23 - 2012-12-04 21:19 - 00378368 _____ () C:\Program Files (x86)\Simnet\Simple Sticky Notes\sqlite3.dll
2014-06-18 15:35 - 2014-06-18 15:35 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-09 14:12 - 2014-07-09 14:12 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
2013-02-27 23:02 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: WPSHWPBC => 2
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^explorer.lnk => C:\Windows\pss\explorer.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge =>
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2014 02:37:48 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Δεν ήταν δυνατή η προετοιμασία του ευρετηρίου.

Λεπτομέρειες:
    Ο κατάλογος του ευρετηρίου περιεχομένου είναι κατεστραμμένος.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/19/2014 02:37:48 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Δεν ήταν δυνατή η προετοιμασία της εφαρμογής.

Περιβάλλον: Windows Εφαρμογή

Λεπτομέρειες:
    Ο κατάλογος του ευρετηρίου περιεχομένου είναι κατεστραμμένος.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/19/2014 02:37:48 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Δεν ήταν δυνατή η προετοιμασία του αντικειμένου της υπηρεσίας συγκέντρωσης.

Περιβάλλον: Windows Εφαρμογή, SystemIndex Κατάλογος

Λεπτομέρειες:
    Ο κατάλογος του ευρετηρίου περιεχομένου είναι κατεστραμμένος.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/19/2014 02:37:48 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Δεν ήταν δυνατή η προετοιμασία της προσθήκης στο <Search.TripoliIndexer>.

Περιβάλλον: Windows Εφαρμογή, SystemIndex Κατάλογος

Λεπτομέρειες:
    Το στοιχείο δεν βρέθηκε.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/19/2014 02:37:45 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Δεν ήταν δυνατή η προετοιμασία της προσθήκης στο <Search.JetPropStore>.

Περιβάλλον: Windows Εφαρμογή, SystemIndex Κατάλογος

Λεπτομέρειες:
    Ο κατάλογος του ευρετηρίου περιεχομένου είναι κατεστραμμένος.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/19/2014 02:37:45 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Η υπηρεσία Windows Search Service δεν μπορεί να φορτώσει τις πληροφορίες του χώρου αποθήκευσης ιδιοτήτων.

Περιβάλλον: Windows Εφαρμογή, SystemIndex Κατάλογος

Λεπτομέρειες:
    Η βάση δεδομένων του ευρετηρίου περιεχομένου είναι κατεστραμμένη.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/19/2014 02:37:45 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Η υπηρεσία Αναζήτησης των Windows τερματίζεται γιατί υπάρχει πρόβλημα με τον δεικτοδότη, The catalog is corrupt.

Λεπτομέρειες:
    Ο κατάλογος του ευρετηρίου περιεχομένου είναι κατεστραμμένος.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/19/2014 02:37:45 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Η υπηρεσία αναζήτησης εντόπισε κατεστραμμένα αρχεία δεδομένων στο ευρετήριο {id=4700}. Η υπηρεσία θα επιχειρήσει να διορθώσει αυτόματα αυτό το πρόβλημα, δημιουργώντας ξανά το ευρετήριο.

Λεπτομέρειες:
    Ο κατάλογος του ευρετηρίου περιεχομένου είναι κατεστραμμένος.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/19/2014 02:37:45 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Η υπηρεσία Windows Search Service δεν μπορεί να ανοίξει το χώρο αποθήκευσης ιδιοτήτων Jet.

Λεπτομέρειες:
    0x%08x (0xc0041800 - Η βάση δεδομένων του ευρετηρίου περιεχομένου είναι κατεστραμμένη.  (HRESULT : 0xc0041800))

Error: (07/19/2014 02:37:44 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3656) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0040C.log.


System errors:
=============
Error: (07/19/2014 02:53:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Η υπηρεσία Όργανα Διαχείρισης των Windows τερματίστηκε με το ακόλουθο σφάλμα:
%%126

Error: (07/19/2014 02:52:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Η υπηρεσία Όργανα Διαχείρισης των Windows τερματίστηκε με το ακόλουθο σφάλμα:
%%126

Error: (07/19/2014 02:52:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Η υπηρεσία Όργανα Διαχείρισης των Windows τερματίστηκε με το ακόλουθο σφάλμα:
%%126

Error: (07/19/2014 02:51:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Η υπηρεσία Όργανα Διαχείρισης των Windows τερματίστηκε με το ακόλουθο σφάλμα:
%%126

Error: (07/19/2014 02:51:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Η υπηρεσία Όργανα Διαχείρισης των Windows τερματίστηκε με το ακόλουθο σφάλμα:
%%126

Error: (07/19/2014 02:50:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Η υπηρεσία Όργανα Διαχείρισης των Windows τερματίστηκε με το ακόλουθο σφάλμα:
%%126

Error: (07/19/2014 02:50:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Η υπηρεσία Όργανα Διαχείρισης των Windows τερματίστηκε με το ακόλουθο σφάλμα:
%%126

Error: (07/19/2014 02:49:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Η υπηρεσία Όργανα Διαχείρισης των Windows τερματίστηκε με το ακόλουθο σφάλμα:
%%126

Error: (07/19/2014 02:49:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Η υπηρεσία Όργανα Διαχείρισης των Windows τερματίστηκε με το ακόλουθο σφάλμα:
%%126

Error: (07/19/2014 02:48:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Η υπηρεσία Όργανα Διαχείρισης των Windows τερματίστηκε με το ακόλουθο σφάλμα:
%%126

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:07 AM

Posted 19 July 2014 - 01:46 PM

Greetings Laertis,

I typically ask for the System Summary file so I have it on hand if I need to find more detailed informtion about a device or problem. If I need a translation I would appreciate the help.

Please consider and do these things.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-862746075-1632763178-2973453302-1000\...\Command Processor: CD /d C:\Users\user\Desktop <===== ATTENTION!
S2 Winmgmt; C:\PROGRA~3\54568DC52C6E5CC7C962803CD3178CE2\flcq1bf.dot [X]
C:\PROGRA~3\54568DC52C6E5CC7C962803CD3178CE2\flcq1bf.dot
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Combofix log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 larry90

larry90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 22 July 2014 - 08:13 AM

Hello again and sorry for the delay.

I uninstalled μTorrent as you recommended amd created the Fixlog.txt with FRST.
After this I downloaded AppRemover and removed AVG (please let me know when I should reinstall it).
But on AppRemover's "Selected Items for Removal" ESET NOD32 Antivirus also appears!
It's strange since I have never installed this antivirus on my PC, and I get an error from AppRemover when I try to remove it...
(Maybe it was included as default antivirus when I purchased my PC but I don't remember)
I downloaded Combofix on my desktop, disabled Malwarebytes, and ran Combofix.
Even though I uninstalled AVG Antivirus, I get a message from Combofix that "antispyware: AVG Internet Security 2014" is still running!
I checked Task Manager and there is no AVG process running...Anyway Combofix ran properly!
Here are the contents of the two files requested:

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by user at 2014-07-22 15:10:03 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-862746075-1632763178-2973453302-1000\...\Command Processor: CD /d C:\Users\user\Desktop <===== ATTENTION!
S2 Winmgmt; C:\PROGRA~3\54568DC52C6E5CC7C962803CD3178CE2\flcq1bf.dot [X]
C:\PROGRA~3\54568DC52C6E5CC7C962803CD3178CE2\flcq1bf.dot
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
*****************

HKU\S-1-5-21-862746075-1632763178-2973453302-1000\Software\Microsoft\Command Processor\\AutoRun => value deleted successfully.
Winmgmt => Service restored successfully.
"C:\PROGRA~3\54568DC52C6E5CC7C962803CD3178CE2\flcq1bf.dot" => File/Directory not found.
nvvad_WaveExtensible => Service deleted successfully.
VGPU => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

ComboFix.txt:

 

ComboFix 14-07-21.01 - user 22/07/2014  15:49:39.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1253.30.1032.18.8144.5967 [GMT 3:00]
Running from: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\user\.artemis_options.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-22 to 2014-07-22  )))))))))))))))))))))))))))))))
.
.
2014-07-22 12:54 . 2014-07-22 12:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-19 11:45 . 2014-07-22 12:10    --------    d-----w-    C:\FRST
2014-07-09 05:51 . 2014-07-09 05:51    --------    d-----w-    c:\users\Default\AppData\Local\Google
2014-07-08 23:05 . 2014-07-08 23:06    --------    d-----w-    c:\program files\GATE_Developer_8.0
2014-07-07 16:51 . 2014-07-07 16:51    --------    d-----w-    c:\program files (x86)\SqliteBrowser3
2014-07-07 16:49 . 2014-07-07 16:50    --------    d-----w-    C:\sqlite
2014-07-03 22:17 . 2014-07-03 22:20    --------    d-----w-    c:\program files\NetBeans 8.0
2014-07-03 22:07 . 2014-07-03 22:23    --------    d-----w-    c:\users\user\.nbi
2014-07-02 02:19 . 2014-06-16 23:57    10779000    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{56EABEAF-CAFC-4B2F-800E-14CD1212AFB0}\mpengine.dll
2014-07-01 17:05 . 2014-07-01 17:05    --------    d-----w-    c:\users\user\.swt
2014-07-01 16:42 . 2014-07-06 09:07    --------    d-----r-    c:\users\user\Google Drive
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-22 11:36 . 2014-05-25 00:25    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-09 11:12 . 2013-02-27 14:53    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 11:12 . 2013-02-27 14:53    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-19 12:23 . 2014-06-19 12:23    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-19 11:30 . 2014-01-16 15:45    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-06-19 11:30 . 2014-01-16 15:45    313256    ----a-w-    c:\windows\system32\javaws.exe
2014-06-19 11:30 . 2014-01-16 15:45    191400    ----a-w-    c:\windows\system32\javaw.exe
2014-06-19 11:30 . 2014-01-16 15:45    190888    ----a-w-    c:\windows\system32\java.exe
2014-05-14 05:23 . 2014-05-14 05:23    17352880    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-05-12 04:26 . 2014-05-25 00:25    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-12 04:26 . 2014-05-25 00:25    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 04:25 . 2013-06-04 16:22    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Simple Sticky Notes"="c:\program files (x86)\Simnet\Simple Sticky Notes\ssn.exe" [2014-06-01 570224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 BM0523;BM0523 NTamd64 Driver;c:\windows\system32\DRIVERS\BM0523.sys;c:\windows\SYSNATIVE\DRIVERS\BM0523.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R4 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R4 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 WPSHWPBC;WPSHWPBC;c:\program files (x86)\D-Link CORPORATION\DWA-127\WPSHWPBC.exe;c:\program files (x86)\D-Link CORPORATION\DWA-127\WPSHWPBC.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-14 c:\windows\Tasks\0214dUpdateInfo.job
- c:\programdata\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe [2014-06-14 15:56]
.
2014-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 11:12]
.
2014-03-19 c:\windows\Tasks\MATLAB R2013b Startup Accelerator.job
- c:\program files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2014-03-10 14:44]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.gr/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qhm5jr0e.default-1374440766349\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{57B012C9-5EAD-441B-9925-6B560B543D87}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.474.0"
"UniqueId"="00102B05512E2040"
"ScannerBuild"=dword:000017cd
"ScannerVersionId"=dword:00001214
"ScannerVersion"="Open window for status."
"FixId"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-22  15:56:03
ComboFix-quarantined-files.txt  2014-07-22 12:56
.
Pre-Run: 14 Κατάλογοι 264.653.500.416 διαθέσιμα byte
Post-Run: 18 Κατάλογοι 264.192.012.288 διαθέσιμα byte
.
- - End Of File - - 26652568421829548E550B88F3F3C846
A36C5E4F47E84449FF07ED3517B43A31

 

Now, how is my PC running...

I've got to admit I didn't expect to see any results so soon, but my games seem to be running perfectly now, I have access to some modules in control panel that I couldn't access before, and I think the only problem that I want to see if it has been resolved is if I will be able to activate the firewall of AVG, after I reinstall it of course!
I am very impressed thank you! I'm waiting for you to tell me if there is anything else I should do, any further advice, what I should do with ESET NOD32 Antivirus, and when to reinstall AVG Antivirus.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:07 AM

Posted 22 July 2014 - 10:15 AM

Greetings and thanks for the detailed reply.

Very good results. :thumbsup2:

Please do these things now in the order listed.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
ESET NOD32 Antivirus
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Sophos Free Virus Removal Tool

--------------------
  • Download Sophos Free Virus Removal Tool and save it to your desktop
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
===================================================

Reinstall AVG and check the Firewall.

===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the program(s) uninstall properly?
  • Sophos results
  • Does AVG Firewall work properly?
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 larry90

larry90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 23 July 2014 - 11:20 AM

Hello again,

I used Revo uninstaller but ESET NOD32 Antivirus wasn't listed as an installed program.
Then I performed a scan with Sophos Virus Removal Tool and a malware appeared which I cleaned.
I installed AVG Antivirus, ran an update, and the firewall works properly!
Finally, I did a Security Check with "screen317's Security Check", and here are the contents of the files you requested:
 

SophosVirusRemovalTool.log:

 

2014-07-23 13:28:37.650    Sophos Virus Removal Tool version 2.5
2014-07-23 13:28:37.650    Copyright © 2009-2014 Sophos Limited. All rights reserved.

2014-07-23 13:28:37.650    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2014-07-23 13:28:37.650    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2014-07-23 13:28:37.650    Checking for updates...
2014-07-23 13:28:49.490    Option all = no
2014-07-23 13:28:49.490    Option recurse = yes
2014-07-23 13:28:49.490    Option archive = no
2014-07-23 13:28:49.490    Option service = yes
2014-07-23 13:28:49.490    Option confirm = yes
2014-07-23 13:28:49.490    Option sxl = yes
2014-07-23 13:28:49.490    Option max-data-age = 35
2014-07-23 13:28:49.490    Option EnableSafeClean = yes
2014-07-23 13:28:51.680    Component SVRTcli.exe version 2.5
2014-07-23 13:28:51.680    Component control.dll version 2.5
2014-07-23 13:28:51.680    Component SVRTservice.exe version 2.5
2014-07-23 13:28:51.680    Component engine\osdp.dll version 1.44.1.2162
2014-07-23 13:28:51.680    Component engine\veex.dll version 3.53.2.2162
2014-07-23 13:28:51.680    Component engine\savi.dll version 8.1.2.2162
2014-07-23 13:28:51.680    Component rkdisk.dll version 1.5.30.0
2014-07-23 13:28:51.680    Version info:    Product version    2.5
2014-07-23 13:28:51.680    Version info:    Detection engine    3.53.2
2014-07-23 13:28:51.680    Version info:    Detection data    5.01
2014-07-23 13:28:51.680    Version info:    Build date    14/5/2014
2014-07-23 13:28:51.680    Version info:    Data files added    716
2014-07-23 13:28:51.680    Version info:    Last successful update    (not yet updated)
2014-07-23 13:28:54.250    Update progress: proxy server not available
2014-07-23 13:29:37.761    Downloading updates...
2014-07-23 13:29:37.761    Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2014-07-23 13:29:37.761    Update progress: [I49502] Found supplement SAVIW32 LATEST
2014-07-23 13:29:37.761    Update progress: [I49502] Found supplement IDE502 LATEST
2014-07-23 13:29:37.761    Update progress: [I49502] Found supplement IDE503 LATEST
2014-07-23 13:29:37.761    Update progress: [I49502] Found supplement IDE504 LATEST
2014-07-23 13:29:37.761    Update progress: [I49502] Found supplement IDE505 LATEST
2014-07-23 13:29:37.761    Update progress: [I49502] Found supplement IDE506 LATEST
2014-07-23 13:29:37.761    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-07-23 13:29:37.761    Update progress: [I19463] Syncing product SAVIW32 40
2014-07-23 13:29:43.831    Update progress: [I19463] Syncing product IDE502 180
2014-07-23 13:29:45.411    Installing updates...
2014-07-23 13:29:45.821    Update progress: [I19463] Syncing product IDE503 184
2014-07-23 13:29:45.821    Update progress: [I19463] Syncing product IDE504 178
2014-07-23 13:29:45.821    Update progress: [I19463] Syncing product IDE505 175
2014-07-23 13:29:45.821    Update progress: [I19463] Syncing product IDE506 9
2014-07-23 13:30:08.141    Update successful
2014-07-23 13:30:18.271    Option all = no
2014-07-23 13:30:18.271    Option recurse = yes
2014-07-23 13:30:18.271    Option archive = no
2014-07-23 13:30:18.271    Option service = yes
2014-07-23 13:30:18.271    Option confirm = yes
2014-07-23 13:30:18.271    Option sxl = yes
2014-07-23 13:30:18.271    Option max-data-age = 35
2014-07-23 13:30:18.271    Option EnableSafeClean = yes
2014-07-23 13:30:18.311    Component SVRTcli.exe version 2.5
2014-07-23 13:30:18.311    Component control.dll version 2.5
2014-07-23 13:30:18.311    Component SVRTservice.exe version 2.5
2014-07-23 13:30:18.311    Component engine\osdp.dll version 1.44.1.2162
2014-07-23 13:30:18.311    Component engine\veex.dll version 3.53.2.2162
2014-07-23 13:30:18.311    Component engine\savi.dll version 8.1.2.2162
2014-07-23 13:30:18.311    Component rkdisk.dll version 1.5.30.0
2014-07-23 13:30:18.311    Version info:    Product version    2.5
2014-07-23 13:30:18.311    Version info:    Detection engine    3.53.2
2014-07-23 13:30:18.311    Version info:    Detection data    5.01G
2014-07-23 13:30:18.311    Version info:    Build date    14/5/2014
2014-07-23 13:30:18.311    Version info:    Data files added    716
2014-07-23 13:30:18.311    Version info:    Last successful update    23/7/2014 4:30:08 ??

2014-07-23 14:05:37.787    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\fifa14-3dm.exe
2014-07-23 14:05:37.787    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\fifa14-3dm.exe
2014-07-23 14:05:37.787    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\fifa14-3dm.exe
2014-07-23 14:05:37.787    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\fifa14-3dm.exe
2014-07-23 14:05:37.787    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\fifa14-3dm.exe
2014-07-23 14:05:37.787    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-862746075-1632763178-2973453302-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-07-23 14:05:37.787    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-862746075-1632763178-2973453302-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-07-23 14:05:37.787    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-07-23 14:05:55.040    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\fifa14-SKIDROWGAMES.NET.exe
2014-07-23 14:05:55.040    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\fifa14-SKIDROWGAMES.NET.exe
2014-07-23 14:05:55.040    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\fifa14-SKIDROWGAMES.NET.exe
2014-07-23 14:05:55.040    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\fifa14-SKIDROWGAMES.NET.exe
2014-07-23 14:05:55.040    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\fifa14-SKIDROWGAMES.NET.exe
2014-07-23 14:05:55.040    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-862746075-1632763178-2973453302-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-07-23 14:05:55.040    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-862746075-1632763178-2973453302-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-07-23 14:05:55.040    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-07-23 14:06:12.403    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\Game\fifa14-3dm.exe
2014-07-23 14:06:12.403    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\Game\fifa14-3dm.exe
2014-07-23 14:06:12.403    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\Game\fifa14-3dm.exe
2014-07-23 14:06:12.403    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\Game\fifa14-3dm.exe
2014-07-23 14:06:12.419    >>> Virus 'Mal/Generic-S' found in file C:\Games\FIFA 14\Game\Game\fifa14-3dm.exe
2014-07-23 14:06:12.419    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-862746075-1632763178-2973453302-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-07-23 14:06:12.419    >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-862746075-1632763178-2973453302-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-07-23 14:06:12.419    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2014-07-23 14:06:13.324    Could not open C:\hiberfil.sys
2014-07-23 14:06:16.210    Could not open C:\pagefile.sys
2014-07-23 14:39:42.217    Could not open C:\System Volume Information\{06955df8-028a-11e4-9bb3-08606e53efc6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-23 14:39:42.217    Could not open C:\System Volume Information\{2d130898-1199-11e4-8dbe-08606e53efc6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-23 14:39:42.217    Could not open C:\System Volume Information\{2d1308ab-1199-11e4-8dbe-08606e53efc6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-23 14:39:42.217    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-23 14:39:42.217    Could not open C:\System Volume Information\{53285f3a-0875-11e4-98b8-08606e53efc6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-23 14:39:42.217    Could not open C:\System Volume Information\{716a63fe-1254-11e4-9d39-08606e53efc6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-23 14:39:42.217    Could not open C:\System Volume Information\{de1b3620-0df4-11e4-aad1-08606e53efc6}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-23 14:54:06.709    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2014-07-23 14:54:06.709    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2014-07-23 15:07:41.635    The following items will be cleaned up:
2014-07-23 15:07:41.635    Mal/Generic-S
 

 

checkup.txt:

 

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 5  
 Java SE Development Kit 8 Update 5
 Java version out of Date!
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:07 AM

Posted 23 July 2014 - 03:19 PM

Excellent,

If you want to follow up on removing ESET entries on your computer let me know. They don't seem to be bothering anything but we can still remove them if you'd like.

Please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET?
  • Did Java install properly?
  • Are you having any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 larry90

larry90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 23 July 2014 - 07:16 PM

I deleted the ESET directory I found in Program files and I don't see it in AppRemover anymore!

Java was installed properly and I deleted the previous Java installations as you recommended.

Thank you very much for the advice and the detailed steps in order to clean my PC! You are great Gary!

The PC is running smoothly now :)



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:07 AM

Posted 23 July 2014 - 08:12 PM

Excellent.
 
It really was a pleasure working with you.  I appreciated your detailed posts, you made my part of this much easier.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 larry90

larry90
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 24 July 2014 - 05:00 AM

The pleasure was all mine! Thanks again for the time you wasted on supporting me and for the extra advice, it is really helpful!

You may close this topic.

I'll be sure to ask you guys for advice if I experience any other issues. :thumbup2:



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:07 AM

Posted 24 July 2014 - 08:45 AM

You are welcome. Anytime we can help we are more than happy to.

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users