Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Router infected with Adultcameras.info


  • This topic is locked This topic is locked
28 replies to this topic

#1 hogopo

hogopo

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 02 February 2015 - 10:19 AM

hi this is my first post here. im having the same problem as the person who started the thread the link below, im having trouble replying to his thread, so i decided to start a new thread for myself.

in my home wifi all device are infected with adultcameras.info virus.

i have done what said about ipconfig/ flushdns but the virus is still there. i took the liberty of scanning it with FRST..

 

 

http://www.bleepingcomputer.com/forums/t/564970/adultcamerasinfo-virus-on-chrome-and-internet-explorerpls-help-me/

 

Please help......  :(

 

Attached File  Addition.txt   18.1KB   1 downloadsAttached File  FRST.txt   37.42KB   1 downloads


Edited by hogopo, 02 February 2015 - 10:20 AM.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 PM

Posted 03 February 2015 - 11:29 AM

Hey, :)
Can you please post the logs directly into the thread rather than attaching them? I can not open any Attachments on my system ...

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 hogopo

hogopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 04 February 2015 - 01:46 AM

FRST

 

---------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Admin (administrator) on DELLWORKSTATION on 04-02-2015 14:48:42
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Platform: Windows 8 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\MountPoints2: {5867c7e3-e080-11e3-bf54-a41f7271a99a} - "D:\AutoRun.exe" 
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\MountPoints2: {cdc9568e-1c24-11e4-bfab-a41f7271a99a} - "D:\AutoRun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKU\S-1-5-21-2729415231-3787973486-3125954293-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 124.106.6.2 122.2.167.2
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3k7vsip.default-1415249785580
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2729415231-3787973486-3125954293-1002: @eximion.com/KalydoPlayer -> C:\Users\Admin\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKU\S-1-5-21-2729415231-3787973486-3125954293-1002: @g2.com/iggweb3dupdater -> C:\Users\Admin\AppData\Roaming\IGG\Web3D\1.0.0.37\NPIGGWeb3DUpdater.dll (IGG)
FF Plugin HKU\S-1-5-21-2729415231-3787973486-3125954293-1002: @g2.com/joyconnectshell -> C:\Users\Admin\AppData\Roaming\IGG\Web3D\1.0.0.37\NPJoyConnectShell.dll (IGG)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3k7vsip.default-1415249785580\user.js
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-02-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-03]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-03]
CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-03]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-03]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
S2 MaintainerSvc3.38.8461645; "C:\ProgramData\5fd2ca9d-b04a-4998-b7e8-2d30ebba8fbe\maintainer.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2015-02-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2015-02-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation                           )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation                           )
S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 {0729a3ff-5ca9-4654-a275-96df29273fbf}Gw64; C:\Windows\System32\drivers\{0729a3ff-5ca9-4654-a275-96df29273fbf}Gw64.sys [48784 2014-10-12] (StdLib)
R1 {0cc68180-2a05-471a-a647-5c6cbe910ab9}Gw64; C:\Windows\System32\drivers\{0cc68180-2a05-471a-a647-5c6cbe910ab9}Gw64.sys [48784 2014-10-20] (StdLib)
R1 {18fa7aee-6838-42dd-8d32-3fd665a7e664}Gw64; C:\Windows\System32\drivers\{18fa7aee-6838-42dd-8d32-3fd665a7e664}Gw64.sys [48784 2014-10-17] (StdLib)
R1 {1fe5a9eb-d0ad-44c6-8e0e-e079118db915}Gw64; C:\Windows\System32\drivers\{1fe5a9eb-d0ad-44c6-8e0e-e079118db915}Gw64.sys [48784 2014-10-13] (StdLib)
R1 {2429c312-24d3-4127-94ed-c247fe9e02fc}Gw64; C:\Windows\System32\drivers\{2429c312-24d3-4127-94ed-c247fe9e02fc}Gw64.sys [48784 2014-10-22] (StdLib)
R1 {285c7149-b94b-40df-b9c8-1fe643cfbf33}Gw64; C:\Windows\System32\drivers\{285c7149-b94b-40df-b9c8-1fe643cfbf33}Gw64.sys [48784 2014-10-14] (StdLib)
R1 {2ac9eb83-636e-4a51-ab66-bf4f388a02ab}Gw64; C:\Windows\System32\drivers\{2ac9eb83-636e-4a51-ab66-bf4f388a02ab}Gw64.sys [48784 2014-10-20] (StdLib)
R1 {38f72c19-9857-4bc2-b729-9d00bd429872}Gw64; C:\Windows\System32\drivers\{38f72c19-9857-4bc2-b729-9d00bd429872}Gw64.sys [48784 2014-10-15] (StdLib)
R1 {3c63e588-2804-44de-9c53-4848a16d847a}Gw64; C:\Windows\System32\drivers\{3c63e588-2804-44de-9c53-4848a16d847a}Gw64.sys [48784 2014-10-14] (StdLib)
R1 {481a6589-8e34-4bd5-9be2-2f7ce66c44d6}Gw64; C:\Windows\System32\drivers\{481a6589-8e34-4bd5-9be2-2f7ce66c44d6}Gw64.sys [48784 2014-10-15] (StdLib)
R1 {6cfec6a5-9d93-4492-985a-470a68eff4e9}Gw64; C:\Windows\System32\drivers\{6cfec6a5-9d93-4492-985a-470a68eff4e9}Gw64.sys [48784 2014-10-22] (StdLib)
R1 {944d25d5-1adf-4cba-98d5-05e5f2efd201}Gw64; C:\Windows\System32\drivers\{944d25d5-1adf-4cba-98d5-05e5f2efd201}Gw64.sys [48784 2014-10-14] (StdLib)
R1 {94538859-34de-4cd4-9dc6-aa29e98ff214}Gw64; C:\Windows\System32\drivers\{94538859-34de-4cd4-9dc6-aa29e98ff214}Gw64.sys [48784 2014-10-15] (StdLib)
R1 {ad28a4d5-ff34-4e4c-af95-b3aa1bbc1d20}Gw64; C:\Windows\System32\drivers\{ad28a4d5-ff34-4e4c-af95-b3aa1bbc1d20}Gw64.sys [48784 2014-10-16] (StdLib)
R1 {b0c51d23-966e-4986-81ac-a04859acb990}Gw64; C:\Windows\System32\drivers\{b0c51d23-966e-4986-81ac-a04859acb990}Gw64.sys [48784 2014-10-19] (StdLib)
R1 {b35afcf6-0992-4551-b2da-3af8a5dc5119}Gw64; C:\Windows\System32\drivers\{b35afcf6-0992-4551-b2da-3af8a5dc5119}Gw64.sys [48784 2014-10-11] (StdLib)
R1 {b512317f-9024-4dbe-9337-79eca8c875a4}Gw64; C:\Windows\System32\drivers\{b512317f-9024-4dbe-9337-79eca8c875a4}Gw64.sys [48784 2014-10-15] (StdLib)
R1 {c5d2a915-f26c-4145-b1b0-0ab69f6f538f}Gw64; C:\Windows\System32\drivers\{c5d2a915-f26c-4145-b1b0-0ab69f6f538f}Gw64.sys [48784 2014-10-18] (StdLib)
R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [44688 2014-09-17] (StdLib)
R1 {c89879cb-75b8-4cb6-bc13-07c704396fd0}Gw64; C:\Windows\System32\drivers\{c89879cb-75b8-4cb6-bc13-07c704396fd0}Gw64.sys [48784 2014-10-13] (StdLib)
R1 {e0cbbba5-5c5d-4016-a69f-410443e505d1}Gw64; C:\Windows\System32\drivers\{e0cbbba5-5c5d-4016-a69f-410443e505d1}Gw64.sys [48784 2014-10-12] (StdLib)
R1 {ea2115a6-5989-483c-b1ee-19fba43198ff}Gw64; C:\Windows\System32\drivers\{ea2115a6-5989-483c-b1ee-19fba43198ff}Gw64.sys [48784 2014-10-21] (StdLib)
R1 {f8280ede-2ab0-420d-ae0f-169ba406978b}Gw64; C:\Windows\System32\drivers\{f8280ede-2ab0-420d-ae0f-169ba406978b}Gw64.sys [48784 2014-10-20] (StdLib)
R1 {fff2d2b4-0f90-4edd-a75a-047e2658236a}Gw64; C:\Windows\System32\drivers\{fff2d2b4-0f90-4edd-a75a-047e2658236a}Gw64.sys [48784 2014-10-16] (StdLib)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 22:36 - 2015-02-02 23:00 - 00018537 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-02-02 22:35 - 2015-02-04 14:48 - 00021160 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-02-02 22:35 - 2015-02-04 14:48 - 00000000 ____D () C:\FRST
2015-02-02 22:35 - 2015-02-02 22:35 - 02131456 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-02-02 22:35 - 2015-02-02 22:35 - 00380416 _____ () C:\Users\Admin\Downloads\y2j7njq9.exe
2015-02-01 23:04 - 2015-02-01 23:04 - 00001190 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-02-01 23:04 - 2015-02-01 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-02-01 23:04 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-02-01 23:03 - 2015-02-01 23:14 - 00771272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-02-01 23:03 - 2015-02-01 23:14 - 00142344 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-02-01 23:03 - 2015-02-01 23:03 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-02-01 23:03 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-02-01 22:51 - 2015-02-04 13:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-01 22:35 - 2015-02-01 22:50 - 170379824 _____ () C:\Users\Admin\Downloads\setup_11.0.3.8.x01_2015_02_01_15_38.exe
2015-02-01 22:35 - 2015-02-01 22:35 - 01628992 _____ (Kaspersky Lab) C:\Users\Admin\Downloads\kss15.0.0.380en_ru_7138.exe
2015-01-23 13:52 - 2015-01-23 13:52 - 00000000 ____D () C:\Users\Admin\Downloads\The.Interview.2014.1080P.5.1.DD.Custom.NL.Subs.UnlimitedMovieS
2015-01-22 21:44 - 2015-01-22 21:44 - 00000141 _____ () C:\Users\Admin\Documents\LRTExport.log
2015-01-22 20:40 - 2015-01-22 20:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-22 19:53 - 2015-01-22 19:53 - 00000000 ____D () C:\Users\Admin\Desktop\Adobe
2015-01-22 19:09 - 2015-01-24 10:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-01-22 19:08 - 2015-01-25 19:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-22 19:08 - 2015-01-25 19:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-22 19:07 - 2015-02-01 11:38 - 00000000 ____D () C:\Program Files\Adobe
2015-01-19 22:35 - 2014-04-17 02:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-01-19 22:34 - 2014-04-17 02:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-19 22:02 - 2014-11-27 10:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-19 22:02 - 2014-11-27 09:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-19 22:02 - 2014-11-15 14:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-19 22:02 - 2014-11-15 13:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-19 22:02 - 2014-11-15 13:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-19 22:02 - 2014-11-15 11:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-19 22:02 - 2014-11-15 11:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-19 22:02 - 2014-11-15 11:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-19 22:02 - 2014-11-15 11:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-19 22:00 - 2014-11-05 14:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-19 22:00 - 2014-11-05 14:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-19 22:00 - 2014-11-01 14:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-19 22:00 - 2014-10-29 22:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-19 22:00 - 2014-10-28 06:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-19 21:58 - 2014-12-19 14:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-19 21:58 - 2014-12-11 15:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-19 21:58 - 2014-12-06 15:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-19 21:58 - 2014-12-06 15:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-19 21:58 - 2014-12-06 15:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-19 21:58 - 2014-12-06 15:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-19 21:58 - 2014-12-06 15:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-19 21:58 - 2014-12-06 14:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-19 21:58 - 2014-12-06 14:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-19 21:58 - 2014-12-06 14:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-19 21:57 - 2014-12-19 12:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 21:51 - 2014-12-11 14:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 21:51 - 2014-12-06 15:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 21:51 - 2014-12-06 15:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 21:51 - 2014-12-06 15:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 21:51 - 2014-12-06 14:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-09 20:59 - 2015-01-09 20:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wargaming.net
2015-01-09 20:42 - 2015-01-09 20:42 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation
2015-01-09 20:41 - 2015-01-09 20:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA
2015-01-09 20:40 - 2015-01-09 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-09 20:40 - 2014-12-13 08:11 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-09 20:40 - 2014-12-13 08:11 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-09 20:40 - 2014-12-13 08:11 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-09 20:40 - 2014-12-13 08:11 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-09 20:39 - 2014-12-13 08:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-09 20:37 - 2014-12-13 18:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-09 20:37 - 2014-12-13 18:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-01-09 20:37 - 2014-11-22 18:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-09 20:37 - 2014-11-22 18:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-01-09 20:37 - 2014-11-22 18:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-09 20:37 - 2014-10-10 01:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-09 20:37 - 2014-10-10 01:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-09 20:37 - 2014-10-09 15:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-09 20:35 - 2015-01-09 20:35 - 00000000 ____D () C:\NVIDIA
2015-01-09 19:19 - 2015-01-09 19:19 - 533066174 _____ () C:\Windows\MEMORY.DMP
2015-01-09 19:19 - 2015-01-09 19:19 - 00299936 _____ () C:\Windows\Minidump\010915-21093-01.dmp
2015-01-09 19:19 - 2015-01-09 19:19 - 00000000 ____D () C:\Windows\Minidump
2015-01-07 08:50 - 2015-01-07 08:50 - 00000068 _____ () C:\Users\Admin\Desktop\tent.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 14:03 - 2014-11-04 07:53 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 14:02 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-04 13:16 - 2013-07-07 11:28 - 01062747 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 08:17 - 2013-10-15 12:51 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2729415231-3787973486-3125954293-1002
2015-02-04 07:29 - 2013-07-07 11:53 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-04 07:24 - 2014-11-04 07:53 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 18:40 - 2012-07-26 15:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 18:39 - 2013-07-07 11:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-02 09:09 - 2014-12-02 20:29 - 00000000 ____D () C:\Users\Admin\Downloads\Warcraft III Reign of Chaos & The Frozen Thron & DotA
2015-02-02 08:02 - 2014-11-08 11:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-02-01 23:04 - 2012-07-26 13:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-01 23:03 - 2012-07-26 16:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-01 10:44 - 2012-07-26 13:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-30 10:08 - 2014-11-04 07:57 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-28 23:03 - 2012-07-26 15:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-28 13:08 - 2014-06-19 15:29 - 00113016 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 09:24 - 2014-10-24 07:41 - 05050248 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 19:03 - 2013-10-14 06:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-01-25 04:20 - 2014-10-17 08:28 - 00714176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 04:20 - 2014-10-17 08:28 - 00106432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 19:54 - 2012-07-26 15:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-22 08:46 - 2013-07-07 11:25 - 00031188 _____ () C:\Windows\PFRO.log
2015-01-21 21:45 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-21 20:32 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\rescache
2015-01-19 22:39 - 2013-11-17 17:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 22:36 - 2013-11-17 17:55 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 20:42 - 2013-07-07 11:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-09 20:40 - 2013-07-07 11:54 - 00000000 ____D () C:\Temp
2015-01-09 20:40 - 2013-07-07 11:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-09 20:40 - 2013-07-07 11:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-09 20:40 - 2012-07-26 15:21 - 01073355 _____ () C:\Windows\setupact.log
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\CloudBackup4027.exe
C:\Users\Admin\AppData\Local\Temp\dsrsetup.exe
C:\Users\Admin\AppData\Local\Temp\kis_setup.exe
C:\Users\Admin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Admin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Admin\AppData\Local\Temp\nvStInst.exe
C:\Users\Admin\AppData\Local\Temp\res.dll
C:\Users\Admin\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-30 10:30
 
==================== End Of Log ============================

Edited by hogopo, 04 February 2015 - 01:49 AM.


#4 hogopo

hogopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 04 February 2015 - 01:51 AM

Addition

 

---------------------------------------------------------------------------------------------------------

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Admin at 2015-02-02 23:00:41
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.6 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.6 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{4B3230C5-F069-416B-9169-1B84A216ED6A}) (Version: 2.5.1400.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.6 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
GodsWar (HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\Kalydo App GodsWar) (Version: 1.01.64 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IGG Web3D Player version 1.0.0.37 (HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\IGG Web3D Player_is1) (Version: 1.0.0.37 - IGG, Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Kalydo Player 6.04.02 (HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\KalydoPlayer) (Version: 6.04.02 - Eximion B.V.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2729415231-3787973486-3125954293-1002_Classes\CLSID\{F7D4B6AD-AB5F-4fe8-9469-3A4697E41129}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Kalydo\KalydoPlayer\bin2\kalydoplayer64.dll (Eximion B.V.)
 
==================== Restore Points  =========================
 
12-01-2015 13:03:58 Scheduled Checkpoint
19-01-2015 22:34:03 Windows Update
22-01-2015 19:07:05 Installed Adobe Photoshop Lightroom 5.2 RC 64-bit.
25-01-2015 20:38:36 Removed Microsoft Visual C++ 2005 Redistributable (x64)
28-01-2015 23:01:07 Windows Update
01-02-2015 11:35:49 Removed Adobe Photoshop Lightroom 5.3 64-bit.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 13:26 - 2012-07-26 13:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1078733D-196F-477B-BBEC-18993D14E899} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-19] (Microsoft Corporation)
Task: {137D9850-4F61-4B21-93AF-66E96B11A61C} - System32\Tasks\{9DC0F2B4-A8A9-459F-A518-74E6672362D8} => pcalua.exe -a "C:\Program Files (x86)\IObit\Start Menu 8\unins000.exe"
Task: {2D4A62BC-525D-4DBA-B571-0F8E64251266} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {4E21084A-F08A-4DA8-8191-6A16687C6464} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-02-01] (PC-Doctor, Inc.)
Task: {521E428D-1908-42C1-B7FA-C28EA26B6A9F} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {6A817E75-252A-484D-B482-9612F53106C9} - System32\Tasks\{8AD7BD1F-D383-4B48-BB6A-2AD05DF4EB89} => pcalua.exe -a C:\Users\Admin\Downloads\SS20_T20_26_20E_10_11_W2K_664E_s.exe -d C:\Users\Admin\Downloads
Task: {A901C2D6-5AE1-4171-BAE9-C862DA3C31F3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C5A6CF77-C75D-42D0-9021-D6D508019921} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-04] (Google Inc.)
Task: {C648C7C8-1A3E-413A-8FB5-A5097E699EE0} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-10] (Dell, Inc.)
Task: {FAA211F1-BBCA-425E-8ACE-0C2C0131DC30} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-02-01] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-07-07 11:28 - 2014-12-13 16:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-07 11:58 - 2012-07-26 04:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-26 04:44 - 2012-07-26 04:35 - 00129024 _____ () C:\Windows\system32\WinMetadata\Windows.UI.winmd
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-01-30 10:08 - 2015-01-27 11:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-30 10:08 - 2015-01-27 11:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-21 20:11 - 2015-01-21 20:11 - 00016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\658efb4e1789d48181d0a2758b8f2bab\PSIClient.ni.dll
2013-07-07 11:50 - 2012-07-19 03:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-01-30 10:08 - 2015-01-27 11:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2015-01-30 10:08 - 2015-01-27 11:44 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Admin (S-1-5-21-2729415231-3787973486-3125954293-1002 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2729415231-3787973486-3125954293-500 - Administrator - Disabled)
Guest (S-1-5-21-2729415231-3787973486-3125954293-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/01/2015 11:33:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: delegate_execute.exe, version: 40.0.2214.94, time stamp: 0x54c6efe4
Faulting module name: delegate_execute.exe, version: 40.0.2214.94, time stamp: 0x54c6efe4
Exception code: 0xc0000005
Fault offset: 0x0002bdab
Faulting process id: 0x1e44
Faulting application start time: 0xdelegate_execute.exe0
Faulting application path: delegate_execute.exe1
Faulting module path: delegate_execute.exe2
Report Id: delegate_execute.exe3
Faulting package full name: delegate_execute.exe4
Faulting package-relative application ID: delegate_execute.exe5
 
Error: (02/01/2015 09:23:41 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (01/30/2015 10:00:16 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (01/29/2015 07:57:05 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (01/26/2015 08:35:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 40.0.2214.91, time stamp: 0x54bf0a96
Faulting module name: chrome.dll, version: 40.0.2214.91, time stamp: 0x54bf0685
Exception code: 0xc0000005
Fault offset: 0x0124abf7
Faulting process id: 0x19c4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (01/26/2015 08:34:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 40.0.2214.91, time stamp: 0x54bf0a96
Faulting module name: chrome.dll, version: 40.0.2214.91, time stamp: 0x54bf0685
Exception code: 0xc0000005
Fault offset: 0x0124ac90
Faulting process id: 0x2350
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (01/26/2015 09:07:59 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (01/24/2015 05:07:07 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (01/23/2015 09:09:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WWAHost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c90
 
Start Time: 01d036a93113135d
 
Termination Time: 4294967295
 
Application Path: C:\Windows\System32\WWAHost.exe
 
Report Id: 78a855c5-a29c-11e4-8019-a41f7271a99a
 
Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: Windows.Store
 
Error: (01/23/2015 09:09:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: DellWorkstation)
Description: App winstore_cw5n1h2txyewy!Windows.Store did not launch within its allotted time.
 
 
System errors:
=============
Error: (02/02/2015 08:45:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MaintainerSvc3.38.8461645 service failed to start due to the following error: 
%%2
 
Error: (02/02/2015 06:10:19 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (02/02/2015 04:42:48 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (02/02/2015 03:30:50 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (02/02/2015 02:19:46 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (02/02/2015 01:49:15 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (02/02/2015 00:50:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MaintainerSvc3.38.8461645 service failed to start due to the following error: 
%%2
 
Error: (02/02/2015 00:39:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MaintainerSvc3.38.8461645 service failed to start due to the following error: 
%%2
 
Error: (02/02/2015 09:10:37 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (02/02/2015 08:41:22 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-18 07:44:20.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3330S CPU @ 2.70GHz
Percentage of memory in use: 54%
Total physical RAM: 3967.57 MB
Available physical RAM: 1815.64 MB
Total Pagefile: 7935.57 MB
Available Pagefile: 5276.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.12 GB) (Free:779.71 GB) NTFS
Drive e: (PhotoshopCS6) (CDROM) (Total:1.79 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6E2F17AB)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 PM

Posted 04 February 2015 - 10:39 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 hogopo

hogopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 05 February 2015 - 12:29 AM

Step 1: Adwarecleaner

 

# AdwCleaner v4.109 - Report created 05/02/2015 at 13:21:02
# Updated 24/01/2015 by Xplode
# Database : 2015-02-04.1 [Live]
# Operating System : Windows 8 Single Language  (64 bits)
# Username : Admin - DELLWORKSTATION
# Running from : C:\Users\Admin\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : {0729a3ff-5ca9-4654-a275-96df29273fbf}Gw64
Service Deleted : {0cc68180-2a05-471a-a647-5c6cbe910ab9}Gw64
Service Deleted : {18fa7aee-6838-42dd-8d32-3fd665a7e664}Gw64
Service Deleted : {1fe5a9eb-d0ad-44c6-8e0e-e079118db915}Gw64
Service Deleted : {2429c312-24d3-4127-94ed-c247fe9e02fc}Gw64
Service Deleted : {285c7149-b94b-40df-b9c8-1fe643cfbf33}Gw64
Service Deleted : {2ac9eb83-636e-4a51-ab66-bf4f388a02ab}Gw64
Service Deleted : {38f72c19-9857-4bc2-b729-9d00bd429872}Gw64
Service Deleted : {3c63e588-2804-44de-9c53-4848a16d847a}Gw64
Service Deleted : {481a6589-8e34-4bd5-9be2-2f7ce66c44d6}Gw64
Service Deleted : {6cfec6a5-9d93-4492-985a-470a68eff4e9}Gw64
Service Deleted : {944d25d5-1adf-4cba-98d5-05e5f2efd201}Gw64
Service Deleted : {94538859-34de-4cd4-9dc6-aa29e98ff214}Gw64
Service Deleted : {ad28a4d5-ff34-4e4c-af95-b3aa1bbc1d20}Gw64
Service Deleted : {b0c51d23-966e-4986-81ac-a04859acb990}Gw64
Service Deleted : {b35afcf6-0992-4551-b2da-3af8a5dc5119}Gw64
Service Deleted : {b512317f-9024-4dbe-9337-79eca8c875a4}Gw64
Service Deleted : {c5d2a915-f26c-4145-b1b0-0ab69f6f538f}Gw64
Service Deleted : {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64
Service Deleted : {c89879cb-75b8-4cb6-bc13-07c704396fd0}Gw64
Service Deleted : {e0cbbba5-5c5d-4016-a69f-410443e505d1}Gw64
Service Deleted : {ea2115a6-5989-483c-b1ee-19fba43198ff}Gw64
Service Deleted : {f8280ede-2ab0-420d-ae0f-169ba406978b}Gw64
Service Deleted : {fff2d2b4-0f90-4edd-a75a-047e2658236a}Gw64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Admin\AppData\Local\Temp\ClearThink
Folder Deleted : C:\Users\Admin\AppData\Local\pay-by-ads
Folder Deleted : C:\Users\Admin\AppData\Roaming\RHEng
File Deleted : C:\Windows\System32\drivers\{0729a3ff-5ca9-4654-a275-96df29273fbf}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{0cc68180-2a05-471a-a647-5c6cbe910ab9}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{18fa7aee-6838-42dd-8d32-3fd665a7e664}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{1fe5a9eb-d0ad-44c6-8e0e-e079118db915}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{2429c312-24d3-4127-94ed-c247fe9e02fc}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{285c7149-b94b-40df-b9c8-1fe643cfbf33}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{2ac9eb83-636e-4a51-ab66-bf4f388a02ab}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{38f72c19-9857-4bc2-b729-9d00bd429872}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{3c63e588-2804-44de-9c53-4848a16d847a}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{481a6589-8e34-4bd5-9be2-2f7ce66c44d6}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{6cfec6a5-9d93-4492-985a-470a68eff4e9}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{944d25d5-1adf-4cba-98d5-05e5f2efd201}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{94538859-34de-4cd4-9dc6-aa29e98ff214}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{ad28a4d5-ff34-4e4c-af95-b3aa1bbc1d20}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{b0c51d23-966e-4986-81ac-a04859acb990}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{b35afcf6-0992-4551-b2da-3af8a5dc5119}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{b512317f-9024-4dbe-9337-79eca8c875a4}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{c5d2a915-f26c-4145-b1b0-0ab69f6f538f}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{c89879cb-75b8-4cb6-bc13-07c704396fd0}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{e0cbbba5-5c5d-4016-a69f-410443e505d1}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{ea2115a6-5989-483c-b1ee-19fba43198ff}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{f8280ede-2ab0-420d-ae0f-169ba406978b}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{fff2d2b4-0f90-4edd-a75a-047e2658236a}Gw64.sys
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3k7vsip.default-1415249785580\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LaunchSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17183
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
 
-\\ Google Chrome v40.0.2214.94
 
 
*************************
 
AdwCleaner[R0].txt - [5341 octets] - [05/02/2015 13:19:32]
AdwCleaner[S0].txt - [5372 octets] - [05/02/2015 13:21:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5432 octets] ##########


#7 hogopo

hogopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 05 February 2015 - 12:56 AM

Step 2: Malwarebytes

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 2/5/2015
Scan Time: 1:29:13 PM
Logfile: malware.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.05.02
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334998
Time Elapsed: 9 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.MaintainerSvc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc3.38.8461645, , [e23079a1cebc41f5e99af712cc399f61], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.MyPCBackup.A, C:\Users\Admin\AppData\Local\Temp\CloudBackup4027.exe, , [789aee2c8bff10268badf2f928d9e719], 
PUP.Optional.PayByAds.A, C:\Users\Admin\AppData\Local\Temp\dsrsetup.exe, , [54be1efc9eec261076f6abb78a767789], 
PUP.Optional.PayByAds.A, C:\Users\Admin\AppData\Local\Temp\res.dll, , [878b44d64b3f95a1988f8a5ca461837d], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 hogopo

hogopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 05 February 2015 - 01:08 AM

Step 3: Junkware Removal Tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8 Single Language x64
Ran by Admin on Thu 02/05/2015 at 13:58:47.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\pcdr"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/05/2015 at 14:02:25.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 hogopo

hogopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 05 February 2015 - 01:09 AM

Step 4: FRST Scan

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01

Ran by Admin (administrator) on DELLWORKSTATION on 05-02-2015 14:08:35
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Platform: Windows 8 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Thisisu) C:\Users\Admin\Downloads\JRT (2).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2015-01-23] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\MountPoints2: {5867c7e3-e080-11e3-bf54-a41f7271a99a} - "D:\AutoRun.exe" 
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\MountPoints2: {cdc9568e-1c24-11e4-bfab-a41f7271a99a} - "D:\AutoRun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 122.2.129.2 122.2.167.2
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3k7vsip.default-1415249785580
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2729415231-3787973486-3125954293-1002: @eximion.com/KalydoPlayer -> C:\Users\Admin\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKU\S-1-5-21-2729415231-3787973486-3125954293-1002: @g2.com/iggweb3dupdater -> C:\Users\Admin\AppData\Roaming\IGG\Web3D\1.0.0.37\NPIGGWeb3DUpdater.dll (IGG)
FF Plugin HKU\S-1-5-21-2729415231-3787973486-3125954293-1002: @g2.com/joyconnectshell -> C:\Users\Admin\AppData\Roaming\IGG\Web3D\1.0.0.37\NPJoyConnectShell.dll (IGG)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-02-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-03]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-03]
CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-03]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-03]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-01-23] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-01-23] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [786136 2015-01-23] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-01-23] (BlueStack Systems)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2015-02-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2015-02-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation                           )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation                           )
S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-05 14:08 - 2015-02-05 14:08 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2015-02-05 14:02 - 2015-02-05 14:02 - 00000762 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-02-05 13:57 - 2015-02-05 13:57 - 01388274 _____ (Thisisu) C:\Users\Admin\Downloads\JRT (2).exe
2015-02-05 13:38 - 2015-02-05 13:38 - 00001457 _____ () C:\Users\Admin\Desktop\malware.txt
2015-02-05 13:27 - 2015-02-05 13:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 13:27 - 2015-02-05 13:27 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-05 13:27 - 2015-02-05 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-05 13:27 - 2015-02-05 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-05 13:27 - 2015-02-05 13:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-05 13:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-05 13:27 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-05 13:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-05 13:18 - 2015-02-05 13:23 - 00000000 ____D () C:\AdwCleaner
2015-02-05 13:17 - 2015-02-05 13:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-05 13:16 - 2015-02-05 13:17 - 02194432 _____ () C:\Users\Admin\Downloads\AdwCleaner.exe
2015-02-04 18:29 - 2015-02-04 18:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-02-04 18:28 - 2015-02-04 18:28 - 00001869 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-02-04 18:28 - 2015-02-04 18:28 - 00001809 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-02-04 18:27 - 2015-02-04 19:27 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-02-04 18:27 - 2015-02-04 19:24 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-04 18:27 - 2015-02-04 18:27 - 00000000 ____D () C:\Users\Admin\AppData\Local\Bluestacks
2015-02-04 18:27 - 2015-02-04 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-02-04 18:27 - 2015-02-04 18:27 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-02-04 18:18 - 2015-02-04 18:26 - 13451872 _____ (BlueStack Systems Inc.) C:\Users\Admin\Downloads\BlueStacks-SplitInstaller_native_b.exe
2015-02-02 22:36 - 2015-02-02 23:00 - 00018537 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-02-02 22:35 - 2015-02-05 14:08 - 02131968 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-02-02 22:35 - 2015-02-05 14:08 - 00019805 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-02-02 22:35 - 2015-02-05 14:08 - 00000000 ____D () C:\FRST
2015-02-02 22:35 - 2015-02-02 22:35 - 00380416 _____ () C:\Users\Admin\Downloads\y2j7njq9.exe
2015-02-01 23:04 - 2015-02-01 23:04 - 00001190 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-02-01 23:04 - 2015-02-01 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-02-01 23:04 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-02-01 23:03 - 2015-02-01 23:14 - 00771272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-02-01 23:03 - 2015-02-01 23:14 - 00142344 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-02-01 23:03 - 2015-02-01 23:03 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-02-01 23:03 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-02-01 22:51 - 2015-02-05 13:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-01 22:35 - 2015-02-01 22:50 - 170379824 _____ () C:\Users\Admin\Downloads\setup_11.0.3.8.x01_2015_02_01_15_38.exe
2015-02-01 22:35 - 2015-02-01 22:35 - 01628992 _____ (Kaspersky Lab) C:\Users\Admin\Downloads\kss15.0.0.380en_ru_7138.exe
2015-01-23 13:52 - 2015-01-23 13:52 - 00000000 ____D () C:\Users\Admin\Downloads\The.Interview.2014.1080P.5.1.DD.Custom.NL.Subs.UnlimitedMovieS
2015-01-22 21:44 - 2015-01-22 21:44 - 00000141 _____ () C:\Users\Admin\Documents\LRTExport.log
2015-01-22 20:40 - 2015-01-22 20:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-22 19:53 - 2015-01-22 19:53 - 00000000 ____D () C:\Users\Admin\Desktop\Adobe
2015-01-22 19:09 - 2015-01-24 10:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-01-22 19:08 - 2015-01-25 19:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-22 19:08 - 2015-01-25 19:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-22 19:07 - 2015-02-01 11:38 - 00000000 ____D () C:\Program Files\Adobe
2015-01-19 22:35 - 2014-04-17 02:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-01-19 22:34 - 2014-04-17 02:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-19 22:02 - 2014-11-27 10:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-19 22:02 - 2014-11-27 09:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-19 22:02 - 2014-11-15 14:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-19 22:02 - 2014-11-15 13:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-19 22:02 - 2014-11-15 13:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-19 22:02 - 2014-11-15 11:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-19 22:02 - 2014-11-15 11:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-19 22:02 - 2014-11-15 11:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-19 22:02 - 2014-11-15 11:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-19 22:00 - 2014-11-05 14:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-19 22:00 - 2014-11-05 14:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-19 22:00 - 2014-11-01 14:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-19 22:00 - 2014-10-29 22:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-19 22:00 - 2014-10-28 06:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-19 21:58 - 2014-12-19 14:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-19 21:58 - 2014-12-11 15:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-19 21:58 - 2014-12-06 15:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-19 21:58 - 2014-12-06 15:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-19 21:58 - 2014-12-06 15:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-19 21:58 - 2014-12-06 15:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-19 21:58 - 2014-12-06 15:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-19 21:58 - 2014-12-06 14:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-19 21:58 - 2014-12-06 14:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-19 21:58 - 2014-12-06 14:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-19 21:57 - 2014-12-19 12:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 21:51 - 2014-12-11 14:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 21:51 - 2014-12-06 15:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 21:51 - 2014-12-06 15:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 21:51 - 2014-12-06 15:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 21:51 - 2014-12-06 14:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-09 20:59 - 2015-01-09 20:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wargaming.net
2015-01-09 20:42 - 2015-01-09 20:42 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation
2015-01-09 20:41 - 2015-01-09 20:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA
2015-01-09 20:40 - 2015-01-09 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-09 20:40 - 2014-12-13 08:11 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-09 20:40 - 2014-12-13 08:11 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-09 20:40 - 2014-12-13 08:11 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-09 20:40 - 2014-12-13 08:11 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-09 20:39 - 2014-12-13 08:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-09 20:37 - 2014-12-13 18:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-09 20:37 - 2014-12-13 18:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-01-09 20:37 - 2014-11-22 18:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-09 20:37 - 2014-11-22 18:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-01-09 20:37 - 2014-11-22 18:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-09 20:37 - 2014-10-10 01:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-09 20:37 - 2014-10-10 01:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-09 20:37 - 2014-10-09 15:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-09 20:35 - 2015-01-09 20:35 - 00000000 ____D () C:\NVIDIA
2015-01-09 19:19 - 2015-01-09 19:19 - 533066174 _____ () C:\Windows\MEMORY.DMP
2015-01-09 19:19 - 2015-01-09 19:19 - 00299936 _____ () C:\Windows\Minidump\010915-21093-01.dmp
2015-01-09 19:19 - 2015-01-09 19:19 - 00000000 ____D () C:\Windows\Minidump
2015-01-07 08:50 - 2015-01-07 08:50 - 00000068 _____ () C:\Users\Admin\Desktop\tent.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-05 14:06 - 2013-10-15 12:51 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2729415231-3787973486-3125954293-1002
2015-02-05 14:03 - 2014-11-04 07:53 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 14:00 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-05 13:48 - 2013-07-07 11:53 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-05 13:41 - 2014-11-04 07:53 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 13:41 - 2012-07-26 15:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-05 13:40 - 2013-07-07 11:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-05 13:40 - 2013-07-07 11:25 - 00032566 _____ () C:\Windows\PFRO.log
2015-02-05 13:40 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\addins
2015-02-05 13:23 - 2013-07-07 11:28 - 01117300 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 18:29 - 2012-07-26 15:21 - 01074034 _____ () C:\Windows\setupact.log
2015-02-04 18:28 - 2012-07-26 16:12 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-02 09:09 - 2014-12-02 20:29 - 00000000 ____D () C:\Users\Admin\Downloads\Warcraft III Reign of Chaos & The Frozen Thron & DotA
2015-02-02 08:02 - 2014-11-08 11:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-02-01 23:04 - 2012-07-26 13:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-01 23:03 - 2012-07-26 16:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-01 10:44 - 2012-07-26 13:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-30 10:08 - 2014-11-04 07:57 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-28 23:03 - 2012-07-26 15:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-28 13:08 - 2014-06-19 15:29 - 00113016 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 09:24 - 2014-10-24 07:41 - 05050248 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 19:03 - 2013-10-14 06:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-01-25 04:20 - 2014-10-17 08:28 - 00714176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 04:20 - 2014-10-17 08:28 - 00106432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 19:54 - 2012-07-26 15:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 21:45 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-21 20:32 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\rescache
2015-01-19 22:39 - 2013-11-17 17:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 22:36 - 2013-11-17 17:55 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 20:42 - 2013-07-07 11:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-09 20:40 - 2013-07-07 11:54 - 00000000 ____D () C:\Temp
2015-01-09 20:40 - 2013-07-07 11:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-09 20:40 - 2013-07-07 11:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\kis_setup.exe
C:\Users\Admin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Admin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Admin\AppData\Local\Temp\nvStInst.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Admin\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-30 10:30
 
==================== End Of Log ============================


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 PM

Posted 05 February 2015 - 11:25 AM

PUP.Optional.MaintainerSvc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc3.38.8461645, , [e23079a1cebc41f5e99af712cc399f61],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.MyPCBackup.A, C:\Users\Admin\AppData\Local\Temp\CloudBackup4027.exe, , [789aee2c8bff10268badf2f928d9e719],
PUP.Optional.PayByAds.A, C:\Users\Admin\AppData\Local\Temp\dsrsetup.exe, , [54be1efc9eec261076f6abb78a767789],
PUP.Optional.PayByAds.A, C:\Users\Admin\AppData\Local\Temp\res.dll, , [878b44d64b3f95a1988f8a5ca461837d],

Can you please move them into quarantine? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 hogopo

hogopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 06 February 2015 - 12:59 AM

yes i move it to quarantine sir, and also deleted it.. run another scan.... 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 2/6/2015
Scan Time: 1:46:46 PM
Logfile: 12.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.06.03
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335881
Time Elapsed: 8 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
------------------------------------------
 
should i connect all my devices to my home wife? 
is it safe ?


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 PM

Posted 06 February 2015 - 08:29 AM

What's "home wife"?
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Cheers

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 hogopo

hogopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 06 February 2015 - 01:14 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Admin (administrator) on DELLWORKSTATION on 07-02-2015 02:11:25
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available profiles: Admin)
Platform: Windows 8 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2015-01-23] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\MountPoints2: {5867c7e3-e080-11e3-bf54-a41f7271a99a} - "D:\AutoRun.exe" 
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\MountPoints2: {cdc9568e-1c24-11e4-bfab-a41f7271a99a} - "D:\AutoRun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 122.2.129.2 122.2.167.2
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3k7vsip.default-1415249785580
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2729415231-3787973486-3125954293-1002: @eximion.com/KalydoPlayer -> C:\Users\Admin\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKU\S-1-5-21-2729415231-3787973486-3125954293-1002: @g2.com/iggweb3dupdater -> C:\Users\Admin\AppData\Roaming\IGG\Web3D\1.0.0.37\NPIGGWeb3DUpdater.dll (IGG)
FF Plugin HKU\S-1-5-21-2729415231-3787973486-3125954293-1002: @g2.com/joyconnectshell -> C:\Users\Admin\AppData\Roaming\IGG\Web3D\1.0.0.37\NPJoyConnectShell.dll (IGG)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-02-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-03]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-03]
CHR Extension: (Kaspersky Protection) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-02-03]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-03]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-03]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-01-23] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-01-23] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [786136 2015-01-23] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-01-23] (BlueStack Systems)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2015-02-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2015-02-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation                           )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation                           )
S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-06 13:58 - 2015-02-06 13:58 - 00001036 _____ () C:\Users\Admin\Desktop\12.txt
2015-02-06 13:44 - 2015-02-06 13:44 - 00001120 _____ () C:\Users\Admin\Desktop\a.txt
2015-02-06 13:27 - 2015-02-07 02:09 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 13:27 - 2015-02-06 13:27 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 13:26 - 2015-02-06 13:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 13:26 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 13:26 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 13:26 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 13:23 - 2015-02-06 13:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-06 13:21 - 2015-02-06 13:21 - 02112512 _____ () C:\Users\Admin\Downloads\AdwCleaner.exe
2015-02-05 17:03 - 2015-02-05 17:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Leadertech
2015-02-05 15:13 - 2015-02-05 15:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\PCDr
2015-02-05 15:11 - 2015-02-05 15:11 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-05 14:08 - 2015-02-05 14:08 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2015-02-05 14:02 - 2015-02-05 14:02 - 00000762 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-02-05 13:38 - 2015-02-05 13:38 - 00001457 _____ () C:\Users\Admin\Desktop\malware.txt
2015-02-05 13:27 - 2015-02-05 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-04 18:29 - 2015-02-04 18:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-02-04 18:28 - 2015-02-04 18:28 - 00001869 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-02-04 18:28 - 2015-02-04 18:28 - 00001809 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-02-04 18:27 - 2015-02-04 19:27 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-02-04 18:27 - 2015-02-04 19:24 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-04 18:27 - 2015-02-04 18:27 - 00000000 ____D () C:\Users\Admin\AppData\Local\Bluestacks
2015-02-04 18:27 - 2015-02-04 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-02-04 18:27 - 2015-02-04 18:27 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-02-04 18:18 - 2015-02-04 18:26 - 13451872 _____ (BlueStack Systems Inc.) C:\Users\Admin\Downloads\BlueStacks-SplitInstaller_native_b.exe
2015-02-02 22:36 - 2015-02-02 23:00 - 00018537 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-02-02 22:35 - 2015-02-07 02:11 - 00019206 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-02-02 22:35 - 2015-02-07 02:11 - 00000000 ____D () C:\FRST
2015-02-02 22:35 - 2015-02-05 14:08 - 02131968 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-02-01 23:04 - 2015-02-01 23:04 - 00001190 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-02-01 23:04 - 2015-02-01 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-02-01 23:04 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-02-01 23:03 - 2015-02-01 23:14 - 00771272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-02-01 23:03 - 2015-02-01 23:14 - 00142344 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-02-01 23:03 - 2015-02-01 23:03 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-02-01 23:03 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-02-01 22:51 - 2015-02-07 02:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-01 22:35 - 2015-02-01 22:50 - 170379824 _____ () C:\Users\Admin\Downloads\setup_11.0.3.8.x01_2015_02_01_15_38.exe
2015-02-01 22:35 - 2015-02-01 22:35 - 01628992 _____ (Kaspersky Lab) C:\Users\Admin\Downloads\kss15.0.0.380en_ru_7138.exe
2015-01-23 13:52 - 2015-01-23 13:52 - 00000000 ____D () C:\Users\Admin\Downloads\The.Interview.2014.1080P.5.1.DD.Custom.NL.Subs.UnlimitedMovieS
2015-01-22 21:44 - 2015-01-22 21:44 - 00000141 _____ () C:\Users\Admin\Documents\LRTExport.log
2015-01-22 20:40 - 2015-01-22 20:54 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-22 19:53 - 2015-01-22 19:53 - 00000000 ____D () C:\Users\Admin\Desktop\Adobe
2015-01-22 19:09 - 2015-01-24 10:34 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-01-22 19:08 - 2015-01-25 19:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-22 19:08 - 2015-01-25 19:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-22 19:07 - 2015-02-01 11:38 - 00000000 ____D () C:\Program Files\Adobe
2015-01-19 22:35 - 2014-04-17 02:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-01-19 22:34 - 2014-04-17 02:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-19 22:02 - 2014-11-27 10:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-19 22:02 - 2014-11-27 09:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-19 22:02 - 2014-11-15 14:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-19 22:02 - 2014-11-15 13:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-19 22:02 - 2014-11-15 13:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-19 22:02 - 2014-11-15 11:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-19 22:02 - 2014-11-15 11:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-19 22:02 - 2014-11-15 11:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-19 22:02 - 2014-11-15 11:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-19 22:00 - 2014-11-05 14:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-19 22:00 - 2014-11-05 14:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-19 22:00 - 2014-11-01 14:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-19 22:00 - 2014-10-29 22:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-19 22:00 - 2014-10-28 06:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-19 21:58 - 2014-12-19 14:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-19 21:58 - 2014-12-11 15:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-19 21:58 - 2014-12-06 15:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-19 21:58 - 2014-12-06 15:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-19 21:58 - 2014-12-06 15:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-19 21:58 - 2014-12-06 15:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-19 21:58 - 2014-12-06 15:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-19 21:58 - 2014-12-06 14:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-19 21:58 - 2014-12-06 14:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-19 21:58 - 2014-12-06 14:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-19 21:57 - 2014-12-19 12:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 21:51 - 2014-12-11 14:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 21:51 - 2014-12-06 15:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 21:51 - 2014-12-06 15:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 21:51 - 2014-12-06 15:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 21:51 - 2014-12-06 14:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-09 20:59 - 2015-01-09 20:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wargaming.net
2015-01-09 20:42 - 2015-01-09 20:42 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation
2015-01-09 20:41 - 2015-01-09 20:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA
2015-01-09 20:40 - 2015-01-09 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-09 20:40 - 2014-12-13 08:11 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-09 20:40 - 2014-12-13 08:11 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-01-09 20:40 - 2014-12-13 08:11 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-09 20:40 - 2014-12-13 08:11 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-09 20:39 - 2014-12-13 08:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-09 20:37 - 2014-12-13 18:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-01-09 20:37 - 2014-12-13 18:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-01-09 20:37 - 2014-12-13 18:08 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-01-09 20:37 - 2014-11-22 18:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-09 20:37 - 2014-11-22 18:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-01-09 20:37 - 2014-11-22 18:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-09 20:37 - 2014-10-10 01:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-01-09 20:37 - 2014-10-10 01:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-01-09 20:37 - 2014-10-09 15:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2015-01-09 20:35 - 2015-01-09 20:35 - 00000000 ____D () C:\NVIDIA
2015-01-09 19:19 - 2015-01-09 19:19 - 533066174 _____ () C:\Windows\MEMORY.DMP
2015-01-09 19:19 - 2015-01-09 19:19 - 00299936 _____ () C:\Windows\Minidump\010915-21093-01.dmp
2015-01-09 19:19 - 2015-01-09 19:19 - 00000000 ____D () C:\Windows\Minidump
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 02:11 - 2013-07-07 11:53 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-07 02:08 - 2014-11-04 07:53 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 02:08 - 2013-10-14 06:51 - 00000000 ____D () C:\Users\Admin
2015-02-07 02:08 - 2013-07-07 11:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-07 02:08 - 2013-07-07 11:25 - 00034164 _____ () C:\Windows\PFRO.log
2015-02-07 02:08 - 2012-07-26 15:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 02:04 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-06 23:22 - 2013-10-15 12:51 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2729415231-3787973486-3125954293-1002
2015-02-06 23:03 - 2014-11-04 07:53 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 20:21 - 2013-07-07 11:28 - 01259863 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 13:43 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\addins
2015-02-06 13:20 - 2012-07-26 15:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-04 18:29 - 2012-07-26 15:21 - 01074034 _____ () C:\Windows\setupact.log
2015-02-04 18:28 - 2012-07-26 16:12 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-04 03:29 - 2014-10-17 08:28 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 03:29 - 2014-10-17 08:28 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 09:09 - 2014-12-02 20:29 - 00000000 ____D () C:\Users\Admin\Downloads\Warcraft III Reign of Chaos & The Frozen Thron & DotA
2015-02-02 08:02 - 2014-11-08 11:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-02-01 23:04 - 2012-07-26 13:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-01 23:03 - 2012-07-26 16:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-01 10:44 - 2012-07-26 13:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-30 10:08 - 2014-11-04 07:57 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-28 13:08 - 2014-06-19 15:29 - 00113016 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 09:24 - 2014-10-24 07:41 - 05050248 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-22 19:54 - 2012-07-26 15:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 21:45 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-21 20:32 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\rescache
2015-01-19 22:39 - 2013-11-17 17:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 22:36 - 2013-11-17 17:55 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 20:42 - 2013-07-07 11:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-09 20:40 - 2013-07-07 11:54 - 00000000 ____D () C:\Temp
2015-01-09 20:40 - 2013-07-07 11:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-09 20:40 - 2013-07-07 11:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-30 10:30
 
==================== End Of Log ============================
 
sorry its home wifi.... 
darn it the pop up window of adultcameras.info just show up just now... 
i thought it was gone... >_< 


#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:40 PM

Posted 07 February 2015 - 08:18 AM

You can connect your devices to your Wifi ... I don't think that it will infect other systems. ;)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\MountPoints2: {5867c7e3-e080-11e3-bf54-a41f7271a99a} - "D:\AutoRun.exe" 
    HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\MountPoints2: {cdc9568e-1c24-11e4-bfab-a41f7271a99a} - "D:\AutoRun.exe" 
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 hogopo

hogopo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 07 February 2015 - 10:41 AM

Step 1 

 

-------------------------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by Admin at 2015-02-07 23:33:00 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & UpdatusUser (Available profiles: Admin & UpdatusUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\MountPoints2: {5867c7e3-e080-11e3-bf54-a41f7271a99a} - "D:\AutoRun.exe" 
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\MountPoints2: {cdc9568e-1c24-11e4-bfab-a41f7271a99a} - "D:\AutoRun.exe" 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
EmptyTemp:
*****************
 
"HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5867c7e3-e080-11e3-bf54-a41f7271a99a}" => Key deleted successfully.
HKCR\CLSID\{5867c7e3-e080-11e3-bf54-a41f7271a99a} => Key not found. 
"HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdc9568e-1c24-11e4-bfab-a41f7271a99a}" => Key deleted successfully.
HKCR\CLSID\{cdc9568e-1c24-11e4-bfab-a41f7271a99a} => Key not found. 
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
EmptyTemp: => Removed 15.6 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 23:33:53 ====

Step 2 

 

-----------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Admin (administrator) on DELLWORKSTATION on 07-02-2015 23:37:11
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Admin & UpdatusUser)
Platform: Windows 8 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2015-01-23] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\MountPoints2: {5867c7e3-e080-11e3-bf54-a41f7271a99a} - "D:\AutoRun.exe" 
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\...\MountPoints2: {cdc9568e-1c24-11e4-bfab-a41f7271a99a} - "D:\AutoRun.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-08-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-08-19] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com
HKU\S-1-5-21-2729415231-3787973486-3125954293-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y3k7vsip.default-1415249785580
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2729415231-3787973486-3125954293-1002: @eximion.com/KalydoPlayer -> C:\Users\Admin\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll No File
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2015-02-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2015-02-01]
 
Chrome: 
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-03]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-03]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-03]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-01-23] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-01-23] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [786136 2015-01-23] (BlueStack Systems, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-01-23] (BlueStack Systems)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2015-02-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2015-02-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation                           )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-09-17] (Realtek Semiconductor Corporation                           )
S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 23:37 - 2015-02-07 23:37 - 00016380 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-02-07 23:28 - 2015-02-07 23:30 - 00000000 ____D () C:\Users\Admin\Desktop\nonsense
2015-02-07 13:50 - 2015-02-07 13:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\615C38F5.sys
2015-02-07 13:16 - 2015-02-07 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-07 13:15 - 2015-02-07 13:15 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA
2015-02-07 10:03 - 2015-02-07 10:03 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-02-07 10:03 - 2014-07-03 02:55 - 06783776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-07 10:03 - 2014-07-03 02:55 - 03522392 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-07 10:03 - 2014-07-03 02:55 - 02559960 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-07 10:03 - 2014-07-03 02:55 - 01084704 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-02-07 10:03 - 2014-07-03 02:55 - 00935368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-07 10:03 - 2014-07-03 02:55 - 00386520 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-07 10:03 - 2014-07-03 02:55 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-02-07 10:03 - 2014-07-03 02:55 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-07 10:03 - 2014-07-03 01:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-07 10:03 - 2014-07-02 18:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-07 09:50 - 2015-02-07 09:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\35B60113.sys
2015-02-07 03:25 - 2015-02-07 23:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-07 03:25 - 2015-02-07 03:25 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2015-02-07 03:25 - 2014-11-13 13:47 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-07 03:25 - 2014-07-11 16:42 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-07 03:25 - 2012-07-26 16:13 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-07 03:25 - 2012-07-26 16:13 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-07 02:30 - 2015-02-07 02:30 - 00022014 _____ () C:\Users\Admin\Downloads\ComboFix.txt
2015-02-06 13:27 - 2015-02-07 23:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 13:27 - 2015-02-06 13:27 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 13:26 - 2015-02-06 13:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 13:26 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 13:26 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 13:26 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 13:23 - 2015-02-06 13:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-06 13:21 - 2015-02-06 13:21 - 02112512 _____ () C:\Users\Admin\Downloads\AdwCleaner.exe
2015-02-05 17:03 - 2015-02-05 17:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Leadertech
2015-02-05 15:13 - 2015-02-05 15:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\PCDr
2015-02-05 15:11 - 2015-02-05 15:11 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-05 14:08 - 2015-02-05 14:08 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion
2015-02-05 13:27 - 2015-02-05 13:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-04 18:29 - 2015-02-04 18:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-02-04 18:28 - 2015-02-04 18:28 - 00001869 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-02-04 18:28 - 2015-02-04 18:28 - 00001809 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-02-04 18:27 - 2015-02-04 19:27 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-02-04 18:27 - 2015-02-04 19:24 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-04 18:27 - 2015-02-04 18:27 - 00000000 ____D () C:\Users\Admin\AppData\Local\Bluestacks
2015-02-04 18:27 - 2015-02-04 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-02-04 18:27 - 2015-02-04 18:27 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-02-04 18:18 - 2015-02-04 18:26 - 13451872 _____ (BlueStack Systems Inc.) C:\Users\Admin\Downloads\BlueStacks-SplitInstaller_native_b.exe
2015-02-02 22:36 - 2015-02-02 23:00 - 00018537 _____ () C:\Users\Admin\Downloads\Addition.txt
2015-02-02 22:35 - 2015-02-07 23:37 - 00000000 ____D () C:\FRST
2015-02-02 22:35 - 2015-02-07 02:12 - 00037659 _____ () C:\Users\Admin\Downloads\FRST.txt
2015-02-02 22:35 - 2015-02-05 14:08 - 02131968 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-02-01 23:04 - 2015-02-01 23:04 - 00001190 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-02-01 23:04 - 2015-02-01 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-02-01 23:04 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-02-01 23:03 - 2015-02-01 23:14 - 00771272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-02-01 23:03 - 2015-02-01 23:14 - 00142344 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-02-01 23:03 - 2015-02-01 23:03 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-02-01 23:03 - 2014-04-10 17:25 - 00243808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-02-01 22:51 - 2015-02-07 23:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-01 22:35 - 2015-02-01 22:50 - 170379824 _____ () C:\Users\Admin\Downloads\setup_11.0.3.8.x01_2015_02_01_15_38.exe
2015-02-01 22:35 - 2015-02-01 22:35 - 01628992 _____ (Kaspersky Lab) C:\Users\Admin\Downloads\kss15.0.0.380en_ru_7138.exe
2015-01-23 13:52 - 2015-01-23 13:52 - 00000000 ____D () C:\Users\Admin\Downloads\The.Interview.2014.1080P.5.1.DD.Custom.NL.Subs.UnlimitedMovieS
2015-01-22 21:44 - 2015-01-22 21:44 - 00000141 _____ () C:\Users\Admin\Documents\LRTExport.log
2015-01-19 22:35 - 2014-04-17 02:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-01-19 22:34 - 2014-04-17 02:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-19 22:02 - 2014-11-27 10:40 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-19 22:02 - 2014-11-27 09:28 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-19 22:02 - 2014-11-15 14:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-19 22:02 - 2014-11-15 13:13 - 03286016 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-19 22:02 - 2014-11-15 13:13 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-19 22:02 - 2014-11-15 13:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-01-19 22:02 - 2014-11-15 11:54 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-19 22:02 - 2014-11-15 11:53 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-19 22:02 - 2014-11-15 11:53 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-19 22:02 - 2014-11-15 11:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-19 22:00 - 2014-11-05 14:40 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-19 22:00 - 2014-11-05 14:39 - 01024512 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-19 22:00 - 2014-11-01 14:28 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-01-19 22:00 - 2014-10-29 22:21 - 00499008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-01-19 22:00 - 2014-10-28 06:10 - 00390841 _____ () C:\Windows\system32\ApnDatabase.xml
2015-01-19 21:58 - 2014-12-19 14:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-19 21:58 - 2014-12-11 15:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-19 21:58 - 2014-12-06 15:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-19 21:58 - 2014-12-06 15:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-19 21:58 - 2014-12-06 15:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-19 21:58 - 2014-12-06 15:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-19 21:58 - 2014-12-06 15:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-19 21:58 - 2014-12-06 14:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-19 21:58 - 2014-12-06 14:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-19 21:58 - 2014-12-06 14:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-19 21:57 - 2014-12-19 12:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 21:51 - 2014-12-11 14:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 21:51 - 2014-12-06 15:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 21:51 - 2014-12-06 15:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 21:51 - 2014-12-06 15:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 21:51 - 2014-12-06 14:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-09 20:59 - 2015-01-09 20:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Wargaming.net
2015-01-09 20:37 - 2014-11-22 18:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-09 20:37 - 2014-11-22 18:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-01-09 20:37 - 2014-11-22 18:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-09 20:35 - 2015-01-09 20:35 - 00000000 ____D () C:\NVIDIA
2015-01-09 19:19 - 2015-01-09 19:19 - 533066174 _____ () C:\Windows\MEMORY.DMP
2015-01-09 19:19 - 2015-01-09 19:19 - 00299936 _____ () C:\Windows\Minidump\010915-21093-01.dmp
2015-01-09 19:19 - 2015-01-09 19:19 - 00000000 ____D () C:\Windows\Minidump
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-07 23:35 - 2014-11-04 07:53 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 23:35 - 2014-09-22 08:05 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-07 23:35 - 2012-07-26 15:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 23:34 - 2013-07-07 11:25 - 00034472 _____ () C:\Windows\PFRO.log
2015-02-07 23:33 - 2012-07-26 16:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-07 23:12 - 2014-11-04 07:53 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 23:02 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\sru
2015-02-07 22:38 - 2013-07-07 11:28 - 01536565 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 18:10 - 2013-10-15 12:51 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2729415231-3787973486-3125954293-1002
2015-02-07 13:18 - 2013-07-07 11:53 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-07 13:16 - 2012-07-26 15:21 - 01074343 _____ () C:\Windows\setupact.log
2015-02-07 10:04 - 2013-07-07 11:54 - 00000000 ____D () C:\Temp
2015-02-07 10:04 - 2013-07-07 11:28 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-07 10:04 - 2013-07-07 11:28 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-07 10:03 - 2013-07-07 11:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-07 10:03 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\Help
2015-02-07 03:15 - 2014-11-04 07:57 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-07 03:08 - 2013-10-14 06:51 - 00000000 ____D () C:\Users\Admin
2015-02-07 03:07 - 2014-11-04 07:53 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 03:07 - 2014-11-04 07:53 - 00003674 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 02:08 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\addins
2015-02-06 13:45 - 2012-07-26 15:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-04 18:28 - 2012-07-26 16:12 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-04 03:29 - 2014-10-17 08:28 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 03:29 - 2014-10-17 08:28 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 09:09 - 2014-12-02 20:29 - 00000000 ____D () C:\Users\Admin\Downloads\Warcraft III Reign of Chaos & The Frozen Thron & DotA
2015-02-01 23:04 - 2012-07-26 13:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-01 23:03 - 2012-07-26 16:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-01 10:44 - 2012-07-26 13:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-01-28 13:08 - 2014-06-19 15:29 - 00113016 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 09:24 - 2014-10-24 07:41 - 05050248 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-22 19:54 - 2012-07-26 15:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 21:45 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-21 20:32 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\rescache
2015-01-19 22:39 - 2013-11-17 17:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-19 22:36 - 2013-11-17 17:55 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-30 10:30
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users