Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A little slow performances


  • This topic is locked This topic is locked
26 replies to this topic

#1 GeorgeStam89

GeorgeStam89

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 06 February 2015 - 01:23 PM

My provider is OTE and my moden/router is Thomson TG585 v8(wired connection), windows 7 64-bit with Intel Core i5-4670K 3.40GHz (clocking 3.80 at the time),GeForce GTX660,HDDx2 WD Blue 1TB and G-skill 8GB(2x4GB) DDR3 RAM (in MB ASUS Z87 PRO C2).
I think that my internet was way better and in other pc activities...i think (about 2-3 days ago).
Yesterday i scanned with Malwarebytes Anti-Malware and found a Trojan.Agent in C:\Users\User\AppData\Local\Temp\Quarantine.exe.
All these are trojan result or even virus/malware? If yes can i remove them and my system works good again?

 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:53 PM

Posted 10 February 2015 - 06:43 AM



:welcome:

Hello GeorgeStam89,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic ‘til you get the “all clean” post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 10 February 2015 - 12:34 PM

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.94) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by User (administrator) on GEORGE on 10-02-2015 19:30:30
Running from E:\UserFiles\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Ελληνικά (Ελλάδας)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(CPUID) C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CPUID) C:\Program Files\CPUID\ROG CPU-Z\cpuz.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [362896 2014-06-23] (Cyber Power Systems, Inc.)
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-11-24] (Glarysoft Ltd)
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23]
FF HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-20]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.gr/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Διαφάνειες Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Έγγραφα Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive ) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Αναζήτηση Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Υπολογιστικά φύλλα Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Πορτοφόλι Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-02-03] (BlueStack Systems, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1034640 2014-06-23] (Cyber Power Systems, Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-23] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-02-03] (BlueStack Systems)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-27] (Intel Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-11-26] (Glarysoft Ltd)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2014-12-16] ()
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
R3 cpuz137; \??\C:\Users\User\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
R3 cpuz138; \??\C:\Users\User\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 19:29 - 2015-02-10 19:30 - 00000000 ____D () C:\FRST
2015-02-09 17:46 - 2015-02-09 17:46 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7BAD1D65.sys
2015-02-09 17:05 - 2015-02-09 17:05 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\75DF7E52.sys
2015-02-06 03:06 - 2015-02-06 03:06 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-02-06 03:05 - 2015-02-06 03:13 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-06 03:05 - 2015-02-06 03:05 - 00000000 ____D () C:\Users\User\AppData\Local\Bluestacks
2015-02-06 03:05 - 2015-02-06 03:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-02-06 03:05 - 2015-02-06 03:05 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-02-06 03:05 - 2015-02-06 03:05 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-02-04 22:20 - 2015-02-06 02:37 - 00001304 _____ () C:\Windows\PFRO.log
2015-02-03 08:19 - 2015-02-05 22:20 - 00000000 ____D () C:\AdwCleaner
2015-01-31 20:02 - 2015-02-06 14:24 - 00000616 _____ () C:\Windows\setupact.log
2015-01-31 20:02 - 2015-01-31 20:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-29 21:23 - 2015-01-29 21:23 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-29 21:23 - 2015-01-29 21:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-29 21:23 - 2015-01-29 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-29 21:23 - 2015-01-29 21:23 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-15 07:57 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:49 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:49 - 2014-12-12 07:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:49 - 2014-12-12 07:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 11:49 - 2014-12-12 07:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 11:49 - 2014-12-12 07:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 11:49 - 2014-12-12 07:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:49 - 2014-12-12 07:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:49 - 2014-12-12 07:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 11:49 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:49 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:49 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:49 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 19:15 - 2014-11-23 12:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 19:06 - 2015-01-06 08:55 - 00001184 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 18:28 - 2014-11-23 11:36 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-10 18:28 - 2014-11-23 11:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-10 18:21 - 2014-11-23 11:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-10 18:21 - 2014-11-21 18:08 - 01708420 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 18:20 - 2014-11-23 12:36 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2015-02-10 06:48 - 2014-12-06 16:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 05:50 - 2014-11-23 15:01 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2015-02-10 04:17 - 2014-11-23 14:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-10 03:06 - 2015-01-06 08:55 - 00001180 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 20:06 - 2014-12-16 19:40 - 00000402 _____ () C:\Windows\Tasks\Defraggler Volume C Task.job
2015-02-09 17:01 - 2014-11-27 13:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-09 06:20 - 2014-11-23 12:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-02-09 00:26 - 2014-12-06 16:23 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-08 00:59 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 00:59 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 20:12 - 2014-11-21 20:12 - 01458180 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-06 20:12 - 2010-11-21 12:05 - 00606732 _____ () C:\Windows\system32\perfh008.dat
2015-02-06 20:12 - 2010-11-21 12:05 - 00110928 _____ () C:\Windows\system32\perfc008.dat
2015-02-06 20:11 - 2009-07-14 07:13 - 01458180 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 17:46 - 2015-01-06 09:10 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-06 14:25 - 2014-11-26 13:09 - 00000326 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-02-06 14:24 - 2014-11-21 19:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-06 14:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 03:06 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-06 03:01 - 2015-01-06 08:55 - 00004180 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 03:01 - 2015-01-06 08:55 - 00003928 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 23:24 - 2014-11-21 17:59 - 00000000 ____D () C:\Windows\Panther
2015-02-05 22:15 - 2014-11-23 12:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 22:15 - 2014-11-23 12:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 22:15 - 2014-11-23 12:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-29 21:29 - 2014-11-23 14:19 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-15 09:05 - 2014-11-21 19:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 09:04 - 2014-11-21 19:25 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 00:56 - 2015-01-06 09:13 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-12 07:49 - 2014-11-28 02:41 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiafk5g.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 12:05
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by User at 2015-02-10 19:30:49
Running from E:\UserFiles\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{E78B4959-B348-4913-874B-FF982378E035}) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CPUID ROG CPU-Z 1.70 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.70 - CPUID, Inc.)
CyberPower PowerPanel Personal Edition 1.4.3 (HKLM-x32\...\{DEC7E1CD-31A2-4F2F-BEE5-CF80E8E58C2A}) (Version: 1.4.3 - Cyber Power Systems, Inc.)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version:  - Vigil Games)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox (HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Glary Utilities 5.13 (HKLM-x32\...\Glary Utilities 5) (Version: 5.13.0.26 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7220 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware έκδοση 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mouse Editor (HKLM-x32\...\InstallShield_{3A4218DE-B9DB-4AD5-9DB2-5853D3AA0335}) (Version: 12.08.0006 - Mouse Editor)
MOUSE Editor (x32 Version: 12.08.0006 - Mouse Editor) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Πρόγραμμα οδήγησης 3D Vision 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης γραφικών 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης ήχου HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{2D55F2B5-8C83-4818-892D-9B3B125C119D}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6853 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Ενημερώσεις NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Πίνακας Ελέγχου NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
10-02-2015 08:39:41 Προγραμματισμένο σημείο ελέγχου
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {012B4B75-37BD-46D0-8AD8-93C5DD09233E} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-11-24] (Glarysoft Ltd)
Task: {130E260B-174B-402B-B627-D215D403CC5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {5207C3F0-B032-4BAA-91F1-0A1523174195} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {657B9BEB-638D-42CF-8D6D-3A4B8DF53B2C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-23] (AVAST Software)
Task: {8A3FE9DD-BDF0-438A-9EFE-16ED278FA567} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {A4BB7C67-D876-47F8-A98E-BFBEC8F41D0D} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-11-24] (Glarysoft Ltd)
Task: {B07399DF-C063-4CAE-91EB-368B3B7D03BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {B22A368A-C642-486C-953D-FE73BAE8933B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {E7B95FB4-B1E5-4E50-BA2E-16470E8ADDB8} - System32\Tasks\Defraggler Volume C Task => C:\Program Files\Defraggler\df64.exe [2014-04-09] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Defraggler Volume C Task.job => C:\Program Files\Defraggler\df64.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-11-21 19:00 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-21 18:27 - 2012-10-29 09:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2015-02-05 23:25 - 2015-02-05 23:25 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020501\algo.dll
2015-02-09 20:35 - 2015-02-09 20:35 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020900\algo.dll
2015-02-10 18:21 - 2015-02-10 18:21 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15021000\algo.dll
2014-11-21 18:27 - 2015-02-06 14:24 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2014-11-21 18:27 - 2012-05-07 18:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2014-11-23 11:31 - 2014-11-23 11:31 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-21 18:34 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-02-06 03:14 - 2015-02-04 11:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 03:14 - 2015-02-04 11:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 03:14 - 2015-02-04 11:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-06 03:14 - 2015-02-04 11:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
2014-10-22 02:22 - 2014-10-22 02:22 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-10 18:28 - 2015-02-10 18:28 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiafk5g.dll
2014-10-22 02:22 - 2014-10-22 02:22 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 02:22 - 2014-10-22 02:22 - 00863744 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 02:22 - 2014-10-22 02:22 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: OscarEditor => "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1889768098-1045734326-830431835-500 - Administrator - Disabled)
Guest (S-1-5-21-1889768098-1045734326-830431835-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1889768098-1045734326-830431835-1002 - Limited - Enabled)
User (S-1-5-21-1889768098-1045734326-830431835-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Faulty Device Manager Devices =============
 
Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/09/2015 01:16:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Το πρόγραμμα Battle.net.exe έκδοση 1.2.5.5522 σταμάτησε να αλληλεπιδρά με τα Windows και έκλεισε. Για να δείτε αν υπάρχουν διαθέσιμες περισσότερες πληροφορίες για το πρόβλημα, ελέγξτε το ιστορικό του προβλήματος στον πίνακα ελέγχου του Κέντρου ενεργειών.
 
Αναγνωριστικό διεργασίας: 121c
 
Ώρα έναρξης: 01d043f50f8655bc
 
Ώρα τερματισμού: 9
 
Διαδρομή εφαρμογής: C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe
 
Αναγνωριστικό αναφοράς: 690a6be3-afe8-11e4-8b1d-ac220bda953c
 
Error: (02/06/2015 02:24:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/06/2015 02:22:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/06/2015 02:38:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 11:41:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Η δημιουργία περιβάλλοντος ενεργοποίησης για το "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1" απέτυχε. Παρουσιάστηκε σφάλμα στο αρχείο διακήρυξης ή πολιτικής "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" στη γραμμή C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Η έκδοση ενός στοιχείου που απαιτείται για την εφαρμογή έρχεται σε διένεξη με την έκδοση άλλου στοιχείου το οποίο είναι ήδη ενεργό.
Τα στοιχεία που έρχονται σε διένεξη είναι:.
Στοιχείο 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Στοιχείο 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/05/2015 11:24:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 10:21:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 09:26:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/09/2015 07:57:12 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Τα σκιώδη αντίγραφα του τόμου C: ματαιώθηκαν επειδή ο χώρος αποθήκευσης σκιωδών αντιγράφων δεν ήταν δυνατό να αυξηθεί εξαιτίας ενός επιβεβλημένου ορίου από το χρήστη.
 
Error: (02/09/2015 00:23:51 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Τα σκιώδη αντίγραφα του τόμου C: ματαιώθηκαν επειδή ο χώρος αποθήκευσης σκιωδών αντιγράφων δεν ήταν δυνατό να αυξηθεί εξαιτίας ενός επιβεβλημένου ορίου από το χρήστη.
 
Error: (02/08/2015 01:04:21 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Τα σκιώδη αντίγραφα του τόμου C: ματαιώθηκαν επειδή ο χώρος αποθήκευσης σκιωδών αντιγράφων δεν ήταν δυνατό να αυξηθεί εξαιτίας ενός επιβεβλημένου ορίου από το χρήστη.
 
Error: (02/06/2015 09:52:36 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Το κύριο πρόγραμμα περιήγησης έχει λάβει μια ανακοίνωση διακομιστή από τον υπολογιστή TURBOXMAESTROHR
ότι θεωρεί πως είναι το κύριο πρόγραμμα περιήγησης για τον τομέα στο στοιχείο μεταφοράς NetBT_Tcpip_{192BF155-7089-4BAB-97E7-6C1EB0AFADC9}.
Το κύριο πρόγραμμα περιήγησης διακόπτεται ή εξαναγκάζεται μια εκλογή.
 
Error: (02/06/2015 08:28:40 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Τα σκιώδη αντίγραφα του τόμου C: ματαιώθηκαν επειδή ο χώρος αποθήκευσης σκιωδών αντιγράφων δεν ήταν δυνατό να αυξηθεί εξαιτίας ενός επιβεβλημένου ορίου από το χρήστη.
 
Error: (02/06/2015 02:36:12 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Το κύριο πρόγραμμα περιήγησης έχει λάβει μια ανακοίνωση διακομιστή από τον υπολογιστή GIORGOS-PC
ότι θεωρεί πως είναι το κύριο πρόγραμμα περιήγησης για τον τομέα στο στοιχείο μεταφοράς NetBT_Tcpip_{192BF155-7089-4BAB-97E7-6C1EB0AFADC9}.
Το κύριο πρόγραμμα περιήγησης διακόπτεται ή εξαναγκάζεται μια εκλογή.
 
Error: (02/06/2015 02:24:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: συγκεκριμένης εφαρμογήςΤοπικήΕκκίνηση{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Χρήση LRPC)
 
Error: (02/06/2015 02:24:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: συγκεκριμένης εφαρμογήςΤοπικήΕκκίνηση{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Χρήση LRPC)
 
Error: (02/06/2015 02:24:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: συγκεκριμένης εφαρμογήςΤοπικήΕκκίνηση{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Χρήση LRPC)
 
Error: (02/06/2015 02:24:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: συγκεκριμένης εφαρμογήςΤοπικήΕκκίνηση{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Χρήση LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (02/09/2015 01:16:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Battle.net.exe1.2.5.5522121c01d043f50f8655bc9C:\Program Files (x86)\Battle.net\Battle.net.5522\Battle.net.exe690a6be3-afe8-11e4-8b1d-ac220bda953c
 
Error: (02/06/2015 02:24:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/06/2015 02:22:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/06/2015 02:38:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 11:41:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\$RECYCLE.BIN\S-1-5-21-1889768098-1045734326-830431835-1000\$R4FY0GU.exe
 
Error: (02/05/2015 11:24:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 10:21:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/05/2015 09:26:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-10 19:22:07.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-10 18:28:03.012
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-10 18:21:03.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-09 17:52:32.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-09 17:45:23.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-09 17:32:13.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-09 16:54:24.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-09 16:47:53.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-09 01:43:17.349
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-09 01:16:39.337
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 44%
Total physical RAM: 8129.73 MB
Available physical RAM: 4550.78 MB
Total Pagefile: 16257.64 MB
Available Pagefile: 7521.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.51 GB) (Free:868.86 GB) NTFS
Drive e: (Data) (Fixed) (Total:931.41 GB) (Free:473.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 870A0A11)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 38D27533)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:53 PM

Posted 10 February 2015 - 12:40 PM

Hello GeorgeStam89,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 10 February 2015 - 03:13 PM

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.02.10.10
  rootkit: v2015.02.03.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
User :: GEORGE [administrator]
 
10/2/2015 7:58:20 μμ
mbar-log-2015-02-10 (19-58-20).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 321233
Time elapsed: 22 minute(s), 31 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

# AdwCleaner v4.110 - Logfile created 10/02/2015 at 20:23:33
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : User - GEORGE
# Running from : E:\UserFiles\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v40.0.2214.111
 
*************************
 
AdwCleaner[R1].txt - [1149 bytes] - [03/02/2015 08:20:28]
AdwCleaner[R2].txt - [1209 bytes] - [04/02/2015 22:18:06]
AdwCleaner[R3].txt - [921 bytes] - [05/02/2015 22:19:04]
AdwCleaner[R4].txt - [781 bytes] - [10/02/2015 20:23:33]
AdwCleaner[S0].txt - [1278 bytes] - [04/02/2015 22:19:34]
AdwCleaner[S1].txt - [981 bytes] - [05/02/2015 22:20:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [956 bytes] ##########
 


#6 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:53 PM

Posted 10 February 2015 - 03:40 PM

Hello GeorgeStam89,

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 10 February 2015 - 04:19 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by User on ’¨  10/02/2015 at 22:49:10,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ’¨  10/02/2015 at 22:50:59,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by User (administrator) on GEORGE on 10-02-2015 23:04:09
Running from E:\UserFiles\Downloads
Loaded Profiles: User (Available profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Ελληνικά (Ελλάδας)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(CPUID) C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(CPUID) C:\Program Files\CPUID\ROG CPU-Z\cpuz.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [362896 2014-06-23] (Cyber Power Systems, Inc.)
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-11-24] (Glarysoft Ltd)
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23]
FF HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-20]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.gr/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Διαφάνειες Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Έγγραφα Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive ) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Αναζήτηση Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Υπολογιστικά φύλλα Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Πορτοφόλι Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-02-03] (BlueStack Systems, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1034640 2014-06-23] (Cyber Power Systems, Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-23] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-02-03] (BlueStack Systems)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-27] (Intel Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-11-26] (Glarysoft Ltd)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2014-12-16] ()
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
R3 cpuz137; \??\C:\Users\User\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
R3 cpuz138; \??\C:\Users\User\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 19:54 - 2015-02-10 19:54 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\72CC4DB3.sys
2015-02-10 19:29 - 2015-02-10 23:04 - 00000000 ____D () C:\FRST
2015-02-09 17:46 - 2015-02-09 17:46 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7BAD1D65.sys
2015-02-09 17:05 - 2015-02-09 17:05 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\75DF7E52.sys
2015-02-06 03:06 - 2015-02-06 03:06 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-02-06 03:05 - 2015-02-06 03:13 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-06 03:05 - 2015-02-06 03:05 - 00000000 ____D () C:\Users\User\AppData\Local\Bluestacks
2015-02-06 03:05 - 2015-02-06 03:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-02-06 03:05 - 2015-02-06 03:05 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-02-06 03:05 - 2015-02-06 03:05 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-02-04 22:20 - 2015-02-06 02:37 - 00001304 _____ () C:\Windows\PFRO.log
2015-02-03 08:19 - 2015-02-10 20:24 - 00000000 ____D () C:\AdwCleaner
2015-01-31 20:02 - 2015-02-06 14:24 - 00000616 _____ () C:\Windows\setupact.log
2015-01-31 20:02 - 2015-01-31 20:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-29 21:23 - 2015-01-29 21:23 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-29 21:23 - 2015-01-29 21:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-29 21:23 - 2015-01-29 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-29 21:23 - 2015-01-29 21:23 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-15 07:57 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:49 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:49 - 2014-12-12 07:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:49 - 2014-12-12 07:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 11:49 - 2014-12-12 07:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 11:49 - 2014-12-12 07:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 11:49 - 2014-12-12 07:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:49 - 2014-12-12 07:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:49 - 2014-12-12 07:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 11:49 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:49 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:49 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 11:49 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-10 22:15 - 2014-11-23 12:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 22:06 - 2015-01-06 08:55 - 00001184 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 20:22 - 2014-11-27 13:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-10 20:20 - 2014-12-16 19:40 - 00000402 _____ () C:\Windows\Tasks\Defraggler Volume C Task.job
2015-02-10 19:58 - 2014-12-06 16:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 18:28 - 2014-11-23 11:36 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-10 18:28 - 2014-11-23 11:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-10 18:21 - 2014-11-23 11:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-10 18:21 - 2014-11-21 18:08 - 01708420 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 18:20 - 2014-11-23 12:36 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2015-02-10 05:50 - 2014-11-23 15:01 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2015-02-10 04:17 - 2014-11-23 14:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-10 03:06 - 2015-01-06 08:55 - 00001180 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 06:20 - 2014-11-23 12:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-02-09 00:26 - 2014-12-06 16:23 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-08 00:59 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 00:59 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 20:12 - 2014-11-21 20:12 - 01458180 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-06 20:12 - 2010-11-21 12:05 - 00606732 _____ () C:\Windows\system32\perfh008.dat
2015-02-06 20:12 - 2010-11-21 12:05 - 00110928 _____ () C:\Windows\system32\perfc008.dat
2015-02-06 20:11 - 2009-07-14 07:13 - 01458180 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 17:46 - 2015-01-06 09:10 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-06 14:25 - 2014-11-26 13:09 - 00000326 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-02-06 14:24 - 2014-11-21 19:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-06 14:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 03:06 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-06 03:01 - 2015-01-06 08:55 - 00004180 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 03:01 - 2015-01-06 08:55 - 00003928 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 23:24 - 2014-11-21 17:59 - 00000000 ____D () C:\Windows\Panther
2015-02-05 22:15 - 2014-11-23 12:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 22:15 - 2014-11-23 12:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 22:15 - 2014-11-23 12:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-29 21:29 - 2014-11-23 14:19 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-01-15 09:05 - 2014-11-21 19:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 09:04 - 2014-11-21 19:25 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 00:56 - 2015-01-06 09:13 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-12 07:49 - 2014-11-28 02:41 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiafk5g.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 12:05
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by User at 2015-02-10 23:04:31
Running from E:\UserFiles\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{E78B4959-B348-4913-874B-FF982378E035}) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CPUID ROG CPU-Z 1.70 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.70 - CPUID, Inc.)
CyberPower PowerPanel Personal Edition 1.4.3 (HKLM-x32\...\{DEC7E1CD-31A2-4F2F-BEE5-CF80E8E58C2A}) (Version: 1.4.3 - Cyber Power Systems, Inc.)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version:  - Vigil Games)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox (HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Glary Utilities 5.13 (HKLM-x32\...\Glary Utilities 5) (Version: 5.13.0.26 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7220 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware έκδοση 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mouse Editor (HKLM-x32\...\InstallShield_{3A4218DE-B9DB-4AD5-9DB2-5853D3AA0335}) (Version: 12.08.0006 - Mouse Editor)
MOUSE Editor (x32 Version: 12.08.0006 - Mouse Editor) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Πρόγραμμα οδήγησης 3D Vision 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης γραφικών 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης ήχου HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{2D55F2B5-8C83-4818-892D-9B3B125C119D}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6853 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (HKLM-x32\...\RivaTuner) (Version: v2.24 MSI Master Overclocking Arena 2009 edition - Alexey Nicolaychuk)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Ενημερώσεις NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Πίνακας Ελέγχου NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1889768098-1045734326-830431835-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {012B4B75-37BD-46D0-8AD8-93C5DD09233E} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-11-24] (Glarysoft Ltd)
Task: {130E260B-174B-402B-B627-D215D403CC5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {5207C3F0-B032-4BAA-91F1-0A1523174195} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {657B9BEB-638D-42CF-8D6D-3A4B8DF53B2C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-23] (AVAST Software)
Task: {8A3FE9DD-BDF0-438A-9EFE-16ED278FA567} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {A4BB7C67-D876-47F8-A98E-BFBEC8F41D0D} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-11-24] (Glarysoft Ltd)
Task: {B07399DF-C063-4CAE-91EB-368B3B7D03BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {B22A368A-C642-486C-953D-FE73BAE8933B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06] (Google Inc.)
Task: {E7B95FB4-B1E5-4E50-BA2E-16470E8ADDB8} - System32\Tasks\Defraggler Volume C Task => C:\Program Files\Defraggler\df64.exe [2014-04-09] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Defraggler Volume C Task.job => C:\Program Files\Defraggler\df64.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-11-21 19:00 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-21 18:27 - 2012-10-29 09:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2015-02-05 23:25 - 2015-02-05 23:25 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020501\algo.dll
2015-02-09 20:35 - 2015-02-09 20:35 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020900\algo.dll
2015-02-10 22:22 - 2015-02-10 22:22 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15021001\algo.dll
2014-11-21 18:27 - 2015-02-06 14:24 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2014-11-21 18:27 - 2012-05-07 18:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2014-11-23 11:31 - 2014-11-23 11:31 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-21 18:34 - 2013-03-12 13:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-10-22 02:22 - 2014-10-22 02:22 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-10 18:28 - 2015-02-10 18:28 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiafk5g.dll
2014-10-22 02:22 - 2014-10-22 02:22 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 02:22 - 2014-10-22 02:22 - 00863744 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 02:22 - 2014-10-22 02:22 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-06 03:14 - 2015-02-04 11:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 03:14 - 2015-02-04 11:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 03:14 - 2015-02-04 11:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-06 03:14 - 2015-02-04 11:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: OscarEditor => "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1889768098-1045734326-830431835-500 - Administrator - Disabled)
Guest (S-1-5-21-1889768098-1045734326-830431835-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1889768098-1045734326-830431835-1002 - Limited - Enabled)
User (S-1-5-21-1889768098-1045734326-830431835-1000 - Administrator - Enabled) => C:\Users\User
 
==================== Faulty Device Manager Devices =============
 
Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-10 22:42:19.944
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-10 22:28:16.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-10 22:11:33.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-10 20:15:22.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-10 20:01:10.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-10 19:47:30.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-10 19:22:07.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-10 18:28:03.012
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-10 18:21:03.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-09 17:52:32.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 42%
Total physical RAM: 8129.73 MB
Available physical RAM: 4702.69 MB
Total Pagefile: 16257.64 MB
Available Pagefile: 11541.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.51 GB) (Free:869.71 GB) NTFS
Drive e: (Data) (Fixed) (Total:931.41 GB) (Free:473.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 870A0A11)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 38D27533)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

At this time i have open: steam and chrome with 22 panels and it's slow to scroll up and down into steam and chrome or entering in new site of them...But i think isn't virus's or malware's issue.Isn't it??



#8 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:53 PM

Posted 10 February 2015 - 06:21 PM

Hello GeorgeStam89,


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 11 February 2015 - 06:01 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Ημερομηνία Σάρωσης: 11/2/2015
Ώρα Σάρωσης: 10:51:42 μμ
Αρχείο καταγραφής: 
Διαχειριστής: Ναι
 
Έκδοση: 2.00.4.1028
Βάση Δεδομένων Κακόβουλου Λογισμικού: v2015.02.11.07
Βάση Δεδομένων Rootkit: v2015.02.03.01
Άδεια Χρήσης: Δωρεάν
Προστασία από Κακόβουλο Λογισμικό: Απενεργοποιημένο
Προστασία από Κακόβουλο Ιστότοπο: Απενεργοποιημένο
Αυτοπροστασία: Απενεργοποιημένο
 
ΛΣ: Windows 7 Service Pack 1
Επεξεργαστής: x64
Σύστημα Αρχείων: NTFS
Χρήστης: User
 
Τύπος Σάρωσης: Σάρωση για Απειλές
Αποτέλεσμα: Ολοκληρώθηκε
Αντικείμενα που σαρώθηκαν: 320956
Χρόνος που πέρασε: 4 λεπ, 51 δευτ
 
Μνήμη: Ενεργοποιημένο
Εκκίνηση: Ενεργοποιημένο
Σύστημα αρχείων: Ενεργοποιημένο
Συμπιεσμένα αρχεία: Ενεργοποιημένο
Rootkits: Ενεργοποιημένο
Heuristics: Ενεργοποιημένο
ΠΑΠ: Ενεργοποιημένο
ΠΑΤ: Ενεργοποιημένο
 
Διεργασίες: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Μονάδες: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Κλειδιά Μητρώου: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Τιμές Μητρώου: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Δεδομένα Μητρώου: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Φάκελοι: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Αρχεία: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
Φυσικοί Τομείς: 0
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)
 
 
(end)

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=71d54b67cc5a584c99bcba068c072dd4
# engine=22425
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-11 10:59:31
# local_time=2015-02-12 12:59:31 )
# country="Greece"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 1354688 6964386 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 403832 175325421 0 0
# scanned=138309
# found=0
# cleaned=0
# scan_time=1926

I think that is a little little slow


#10 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 12 February 2015 - 11:59 AM

Also check the task manager and every time i open it i see 2 dllhost.exe running for 2-3 seconds and after gone both of them...Maybe this a reason..?



#11 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:53 PM

Posted 14 February 2015 - 04:39 AM

Hello GeorgeStam89,

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

 

***


Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs


***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***


Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 14 February 2015 - 03:30 PM

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
 
Database version:
  main:    v2015.02.14.05
  rootkit: v2015.02.03.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
User :: GEORGE [administrator]
 
14/2/2015 10:11:09 μμ
mbar-log-2015-02-14 (22-11-09).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 320447
Time elapsed: 5 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

ComboFix 15-02-13.02 - User 14/02/2015  22:20:45.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1253.30.1032.18.8130.5769 [GMT 2:00]
Running from: e:\userfiles\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-14 to 2015-02-14  )))))))))))))))))))))))))))))))
.
.
2015-02-14 20:23 . 2015-02-14 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-13 07:39 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71E9839D-C6E5-4863-830C-A7FA1F38FE02}\mpengine.dll
2015-02-13 06:21 . 2015-02-13 06:21 -------- d-----w- c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
2015-02-13 06:20 . 2015-02-13 06:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-02-13 06:20 . 2015-02-13 06:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-02-12 17:22 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-02-12 17:22 . 2014-07-02 20:48 75040 ----a-w- c:\windows\system32\OpenCL.dll
2015-02-12 17:22 . 2014-07-02 20:48 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-02-12 03:35 . 2015-02-14 19:59 -------- d-----w- c:\programdata\NVIDIA
2015-02-12 03:34 . 2014-07-02 18:55 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-12 03:34 . 2014-07-02 18:55 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-12 03:34 . 2014-07-02 18:55 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-12 03:34 . 2014-07-02 18:55 62808 ----a-w- c:\windows\system32\nvshext.dll
2015-02-12 03:34 . 2014-07-02 18:55 386520 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-12 03:34 . 2014-07-02 18:55 2559960 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-12 03:34 . 2014-07-02 10:14 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2015-02-12 03:23 . 2015-02-12 03:23 -------- d-----w- C:\NVIDIA
2015-02-12 02:50 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-12 02:48 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-12 02:48 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-12 02:48 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-12 02:48 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-12 02:48 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-12 02:48 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-12 02:48 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-12 02:47 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-12 02:33 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 02:33 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-12 02:33 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-12 02:33 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 01:37 . 2015-02-12 01:37 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2015-02-10 17:54 . 2015-02-10 17:54 97496 ----a-w- c:\windows\system32\drivers\72CC4DB3.sys
2015-02-10 17:29 . 2015-02-10 21:04 -------- d-----w- C:\FRST
2015-02-09 15:46 . 2015-02-09 15:46 93400 ----a-w- c:\windows\system32\drivers\7BAD1D65.sys
2015-02-09 15:05 . 2015-02-09 15:05 93400 ----a-w- c:\windows\system32\drivers\75DF7E52.sys
2015-02-06 01:05 . 2015-02-06 01:05 -------- d-----w- c:\programdata\BlueStacks
2015-02-06 01:05 . 2015-02-06 01:05 -------- d-----w- c:\program files (x86)\BlueStacks
2015-02-06 01:05 . 2015-02-06 01:05 -------- d-----w- c:\users\User\AppData\Local\Bluestacks
2015-02-03 06:19 . 2015-02-13 06:00 -------- d-----w- C:\AdwCleaner
2015-01-29 19:23 . 2015-01-29 19:23 -------- d-----w- c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-14 20:11 . 2014-12-06 14:23 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-14 20:09 . 2014-12-06 14:23 97496 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-12 03:08 . 2014-11-21 17:25 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 20:15 . 2014-11-23 10:29 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 20:15 . 2014-11-23 10:29 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-12 05:49 . 2014-11-28 00:41 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-22 22:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 09:49 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-15 05:57 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 09:49 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 09:49 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 09:49 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 09:49 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2014-11-26 11:09 . 2014-11-26 11:09 20160 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2014-11-23 09:31 . 2014-11-23 09:31 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-23 09:31 . 2014-11-23 09:31 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-23 09:31 . 2014-11-23 09:31 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-23 09:31 . 2014-11-23 09:31 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-23 09:31 . 2014-11-23 09:31 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-11-23 09:31 . 2014-11-23 09:31 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-23 09:31 . 2014-11-23 09:31 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-23 09:31 . 2014-11-23 09:31 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-23 09:31 . 2014-11-23 09:31 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-23 09:31 . 2014-11-23 09:31 43152 ----a-w- c:\windows\avastSS.scr
2014-11-21 18:03 . 2014-11-21 18:03 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-11-21 18:03 . 2014-11-21 18:03 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-11-21 18:03 . 2014-11-21 18:03 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-11-21 18:03 . 2014-11-21 18:03 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-11-21 18:03 . 2014-11-21 18:03 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-11-21 18:03 . 2014-11-21 18:03 81408 ----a-w- c:\windows\system32\icardie.dll
2014-11-21 18:03 . 2014-11-21 18:03 774144 ----a-w- c:\windows\system32\jscript.dll
2014-11-21 18:03 . 2014-11-21 18:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-11-21 18:03 . 2014-11-21 18:03 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-11-21 18:03 . 2014-11-21 18:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-11-21 18:03 . 2014-11-21 18:03 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-11-21 18:03 . 2014-11-21 18:03 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-11-21 18:03 . 2014-11-21 18:03 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-11-21 18:03 . 2014-11-21 18:03 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-11-21 18:03 . 2014-11-21 18:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-11-21 18:03 . 2014-11-21 18:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-11-21 18:03 . 2014-11-21 18:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-11-21 18:03 . 2014-11-21 18:03 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-11-21 18:03 . 2014-11-21 18:03 413696 ----a-w- c:\windows\system32\html.iec
2014-11-21 18:03 . 2014-11-21 18:03 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-11-21 18:03 . 2014-11-21 18:03 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-11-21 18:03 . 2014-11-21 18:03 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-11-21 18:03 . 2014-11-21 18:03 247808 ----a-w- c:\windows\system32\msls31.dll
2014-11-21 18:03 . 2014-11-21 18:03 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-11-21 18:03 . 2014-11-21 18:03 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-11-21 18:03 . 2014-11-21 18:03 235520 ----a-w- c:\windows\system32\url.dll
2014-11-21 18:03 . 2014-11-21 18:03 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-11-21 18:03 . 2014-11-21 18:03 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-11-21 18:03 . 2014-11-21 18:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-11-21 18:03 . 2014-11-21 18:03 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-11-21 18:03 . 2014-11-21 18:03 147968 ----a-w- c:\windows\system32\occache.dll
2014-11-21 18:03 . 2014-11-21 18:03 143872 ----a-w- c:\windows\system32\wextract.exe
2014-11-21 18:03 . 2014-11-21 18:03 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-11-21 18:03 . 2014-11-21 18:03 13824 ----a-w- c:\windows\system32\mshta.exe
2014-11-21 18:03 . 2014-11-21 18:03 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-11-21 18:03 . 2014-11-21 18:03 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-11-21 18:03 . 2014-11-21 18:03 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-11-21 18:03 . 2014-11-21 18:03 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-11-21 18:03 . 2014-11-21 18:03 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-11-21 18:03 . 2014-11-21 18:03 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-11-21 18:03 . 2014-11-21 18:03 101376 ----a-w- c:\windows\system32\inseng.dll
2014-11-21 17:59 . 2014-11-21 17:59 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-11-21 17:59 . 2014-11-21 17:59 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-11-21 17:59 . 2014-11-21 17:59 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-11-21 17:59 . 2014-11-21 17:59 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-11-21 17:59 . 2014-11-21 17:59 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-11-21 17:59 . 2014-11-21 17:59 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-11-21 17:59 . 2014-11-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-11-21 17:59 . 2014-11-21 17:59 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-11-21 17:59 . 2014-11-21 17:59 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-11-21 17:59 . 2014-11-21 17:59 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-11-21 17:59 . 2014-11-21 17:59 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-11-21 17:59 . 2014-11-21 17:59 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-11-21 17:59 . 2014-11-21 17:59 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-11-21 17:59 . 2014-11-21 17:59 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-11-21 17:59 . 2014-11-21 17:59 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-11-21 17:59 . 2014-11-21 17:59 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-11-21 17:59 . 2014-11-21 17:59 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-11-21 17:59 . 2014-11-21 17:59 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-11-21 17:59 . 2014-11-21 17:59 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-11-21 17:59 . 2014-11-21 17:59 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2014-11-24 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-26 5227112]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2014-06-23 362896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Πρόγραμμα οδήγησης διακόπτη κεντρικού ελεγκτή Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 cpuz138;cpuz138;c:\users\User\AppData\Local\Temp\cpuz138\cpuz138_x64.sys;c:\users\User\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 iusb3hub;Πρόγραμμα οδήγησης διανομέα Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Πρόγραμμα οδήγησης επεκτάσιμου κεντρικού ελεγκτή Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CPUZ138
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-06 01:13 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-23 20:15]
.
2015-02-10 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df64.exe [2014-04-09 11:05]
.
2015-02-14 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-11-24 05:59]
.
2015-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06 06:55]
.
2015-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-06 06:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-23 09:31 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-19 1796056]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-05 7156296]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-05 1278024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-9X7U-YAZJ-PTHX-JDFD-MEZA-TGX83HW"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-14  22:24:41
ComboFix-quarantined-files.txt  2015-02-14 20:24
.
Pre-Run: 12 Κατάλογοι 921.484.230.656 διαθέσιμα byte
Post-Run: 15 Κατάλογοι 921.109.766.144 διαθέσιμα byte
.
- - End Of File - - AEB962EACD17B0F3F56A6AF2945563D3
A36C5E4F47E84449FF07ED3517B43A31

Farbar Service Scanner Version: 17-01-2015
Ran by User (administrator) on 14-02-2015 at 22:28:35
Running from "E:\UserFiles\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#13 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:53 PM

Posted 14 February 2015 - 03:56 PM

Hello GeorgeStam89,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop, you ran it from E:\UserFiles\Downloads) as fixlist.txt

 
start
EmptyTemp:
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X] 
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X] 
S3 btath_avdt; system32\drivers\btath_avdt.sys [X] 
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X] 
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X] 
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X] 
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X] 
S3 BtFilter; system32\DRIVERS\btfilter.sys [X] 
R3 cpuz137; \??\C:\Users\User\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] 
R3 cpuz138; \??\C:\Users\User\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 GeorgeStam89

GeorgeStam89
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 15 February 2015 - 02:02 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015
Ran by User at 2015-02-15 08:53:27 Run:1
Running from E:\UserFiles\Desktop
Loaded Profiles: User (Available profiles: User)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
EmptyTemp:
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X] 
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X] 
S3 btath_avdt; system32\drivers\btath_avdt.sys [X] 
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X] 
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X] 
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X] 
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X] 
S3 BtFilter; system32\DRIVERS\btfilter.sys [X] 
R3 cpuz137; \??\C:\Users\User\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X] 
R3 cpuz138; \??\C:\Users\User\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
end
*****************
 
AthBTPort => Service deleted successfully.
BTATH_A2DP => Service deleted successfully.
btath_avdt => Service deleted successfully.
BTATH_BUS => Service deleted successfully.
BTATH_HCRP => Service deleted successfully.
BTATH_LWFLT => Service deleted successfully.
BTATH_RCP => Service deleted successfully.
BtFilter => Service deleted successfully.
cpuz137 => Service not found.
cpuz138 => Service stopped successfully.
cpuz138 => Service deleted successfully.
EmptyTemp: => Removed 415.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 08:53:35 ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by User (administrator) on GEORGE on 15-02-2015 08:57:59
Running from E:\UserFiles\Desktop
Loaded Profiles: User (Available profiles: User)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Ελληνικά (Ελλάδας)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [362896 2014-06-23] (Cyber Power Systems, Inc.)
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-11-24] (Glarysoft Ltd)
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-23]
FF HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-20]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.gr/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Διαφάνειες Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Έγγραφα Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive ) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Αναζήτηση Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Υπολογιστικά φύλλα Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Πορτοφόλι Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-02-03] (BlueStack Systems, Inc.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1034640 2014-06-23] (Cyber Power Systems, Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-23] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-02-03] (BlueStack Systems)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-27] (Intel Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-11-26] (Glarysoft Ltd)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2014-12-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 cpuz138; \??\C:\Users\User\AppData\Local\Temp\cpuz138_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-14 22:20 - 2015-02-14 22:24 - 00000000 ____D () C:\Qoobox
2015-02-14 22:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-14 22:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-14 22:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-14 22:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-14 22:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-14 22:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-14 22:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-14 22:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-14 22:19 - 2015-02-14 22:24 - 00000000 ____D () C:\Windows\erdnt
2015-02-13 08:21 - 2015-02-13 08:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2015-02-13 08:20 - 2015-02-13 08:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-13 08:20 - 2015-02-13 08:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-02-13 08:20 - 2015-02-13 08:20 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-02-13 07:43 - 2015-02-13 07:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-12 19:22 - 2014-07-02 22:48 - 00075040 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-12 19:22 - 2014-07-02 22:48 - 00061912 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-12 19:22 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-12 19:21 - 2014-08-11 22:31 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-12 19:21 - 2014-08-11 22:31 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-02-12 19:21 - 2014-08-11 22:31 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 18626304 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 14498552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-12 19:21 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 02814656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-12 19:21 - 2014-07-02 22:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-12 05:39 - 2015-02-12 05:39 - 492322274 _____ () C:\Windows\MEMORY.DMP
2015-02-12 05:39 - 2015-02-12 05:39 - 00409064 _____ () C:\Windows\Minidump\021215-25490-01.dmp
2015-02-12 05:39 - 2015-02-12 05:39 - 00000000 ____D () C:\Windows\Minidump
2015-02-12 05:35 - 2015-02-15 08:54 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-12 05:34 - 2014-07-02 20:55 - 06783776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-12 05:34 - 2014-07-02 20:55 - 03522392 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-12 05:34 - 2014-07-02 20:55 - 02559960 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-12 05:34 - 2014-07-02 20:55 - 00935368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-12 05:34 - 2014-07-02 20:55 - 00386520 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-12 05:34 - 2014-07-02 20:55 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-12 05:34 - 2014-07-02 12:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-12 05:27 - 2015-02-15 08:54 - 00001574 _____ () C:\Windows\PFRO.log
2015-02-12 05:23 - 2015-02-12 05:23 - 00000000 ____D () C:\NVIDIA
2015-02-12 05:22 - 2015-02-15 08:54 - 00002466 _____ () C:\Windows\setupact.log
2015-02-12 05:22 - 2015-02-12 05:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-12 04:56 - 2015-02-04 05:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-12 04:56 - 2015-02-04 05:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-12 04:56 - 2015-02-04 05:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-12 04:56 - 2015-02-04 05:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-12 04:56 - 2015-02-04 05:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-12 04:56 - 2015-02-04 05:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-12 04:56 - 2015-02-04 05:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-12 04:56 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-12 04:56 - 2015-01-14 07:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-12 04:56 - 2015-01-14 07:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-12 04:56 - 2015-01-12 05:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 04:56 - 2015-01-12 05:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 04:56 - 2015-01-12 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 04:56 - 2015-01-12 04:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-12 04:56 - 2015-01-12 04:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 04:56 - 2015-01-12 04:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-12 04:56 - 2015-01-12 04:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-12 04:56 - 2015-01-12 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-12 04:56 - 2015-01-12 04:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 04:56 - 2015-01-12 04:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-12 04:56 - 2015-01-12 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 04:56 - 2015-01-12 04:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-12 04:56 - 2015-01-12 04:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-12 04:56 - 2015-01-12 04:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-12 04:56 - 2015-01-12 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 04:56 - 2015-01-12 04:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-12 04:56 - 2015-01-12 04:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 04:56 - 2015-01-12 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 04:56 - 2015-01-12 04:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-12 04:56 - 2015-01-12 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-12 04:56 - 2015-01-12 04:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 04:56 - 2015-01-12 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-12 04:56 - 2015-01-12 04:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-12 04:56 - 2015-01-12 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-12 04:56 - 2015-01-12 04:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 04:56 - 2015-01-12 04:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-12 04:56 - 2015-01-12 04:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-12 04:56 - 2015-01-12 03:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-12 04:56 - 2015-01-12 03:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-12 04:56 - 2015-01-12 03:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-12 04:56 - 2015-01-12 03:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 04:56 - 2015-01-12 03:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-12 04:56 - 2015-01-12 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 04:56 - 2015-01-12 03:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-12 04:56 - 2015-01-12 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-12 04:56 - 2015-01-12 03:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 04:56 - 2015-01-12 03:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-12 04:56 - 2015-01-12 03:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-12 04:56 - 2015-01-12 03:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-12 04:56 - 2015-01-12 03:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-12 04:56 - 2015-01-12 03:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 04:56 - 2015-01-12 03:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-12 04:56 - 2015-01-12 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-12 04:56 - 2015-01-12 03:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-12 04:56 - 2015-01-12 03:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-12 04:56 - 2015-01-12 03:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 04:56 - 2015-01-12 03:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 04:56 - 2015-01-12 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-12 04:56 - 2015-01-12 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-12 04:56 - 2015-01-12 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-12 04:56 - 2015-01-10 08:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-12 04:56 - 2015-01-10 08:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-12 04:56 - 2015-01-10 08:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-12 04:56 - 2015-01-10 08:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-12 04:56 - 2015-01-10 08:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-12 04:56 - 2015-01-10 08:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-12 04:56 - 2015-01-10 08:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-12 04:56 - 2015-01-10 08:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-12 04:56 - 2015-01-10 08:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-12 04:56 - 2015-01-10 08:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-12 04:56 - 2015-01-10 08:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-12 04:56 - 2015-01-10 08:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-12 04:56 - 2015-01-10 08:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-12 04:56 - 2015-01-10 08:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-12 04:50 - 2015-01-15 10:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-12 04:50 - 2015-01-15 10:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 04:50 - 2015-01-15 10:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-12 04:50 - 2015-01-15 10:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-12 04:50 - 2015-01-15 10:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-12 04:50 - 2015-01-15 10:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-12 04:50 - 2015-01-15 10:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-12 04:50 - 2015-01-15 10:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-12 04:50 - 2015-01-15 10:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-12 04:50 - 2015-01-15 10:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-12 04:50 - 2015-01-15 10:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-12 04:50 - 2015-01-15 09:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-12 04:50 - 2015-01-15 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 04:50 - 2015-01-15 09:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-12 04:50 - 2015-01-15 09:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-12 04:50 - 2015-01-15 09:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-12 04:50 - 2015-01-15 09:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-12 04:50 - 2015-01-15 06:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-12 04:50 - 2015-01-13 05:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 04:50 - 2015-01-13 04:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 04:50 - 2014-12-12 07:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-12 04:50 - 2014-12-12 07:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-12 04:50 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 04:50 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 04:50 - 2014-11-26 05:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 04:50 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 04:50 - 2014-07-07 04:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-12 04:50 - 2014-07-07 04:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-12 04:50 - 2014-07-07 03:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-12 04:50 - 2014-07-07 03:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-12 04:48 - 2015-01-14 08:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-12 04:48 - 2015-01-14 08:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-12 04:48 - 2015-01-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-12 04:48 - 2015-01-14 08:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-12 04:48 - 2015-01-14 07:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-12 04:48 - 2015-01-14 07:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-12 04:48 - 2015-01-14 07:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-12 04:47 - 2015-01-09 04:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 04:33 - 2015-01-23 06:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 04:33 - 2015-01-23 06:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 04:33 - 2015-01-23 05:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 04:33 - 2015-01-23 05:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 03:37 - 2015-02-12 03:37 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-10 19:54 - 2015-02-10 19:54 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\72CC4DB3.sys
2015-02-10 19:29 - 2015-02-15 08:58 - 00000000 ____D () C:\FRST
2015-02-09 17:46 - 2015-02-09 17:46 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7BAD1D65.sys
2015-02-09 17:05 - 2015-02-09 17:05 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\75DF7E52.sys
2015-02-06 03:06 - 2015-02-06 03:06 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-02-06 03:05 - 2015-02-12 05:21 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-06 03:05 - 2015-02-06 03:05 - 00000000 ____D () C:\Users\User\AppData\Local\Bluestacks
2015-02-06 03:05 - 2015-02-06 03:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-02-06 03:05 - 2015-02-06 03:05 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-02-06 03:05 - 2015-02-06 03:05 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-02-03 08:19 - 2015-02-13 08:00 - 00000000 ____D () C:\AdwCleaner
2015-01-29 21:23 - 2015-01-29 21:23 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-29 21:23 - 2015-01-29 21:23 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-29 21:23 - 2015-01-29 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-29 21:23 - 2015-01-29 21:23 - 00000000 ____D () C:\Program Files\CCleaner
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-15 08:56 - 2014-11-26 13:09 - 00000326 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-02-15 08:55 - 2015-01-06 08:55 - 00001180 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 08:55 - 2014-11-23 12:36 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2015-02-15 08:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 08:53 - 2014-11-21 18:08 - 02087373 _____ () C:\Windows\WindowsUpdate.log
2015-02-15 08:15 - 2014-11-23 12:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 08:06 - 2015-01-06 08:55 - 00001184 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 01:04 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 01:04 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-14 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-02-14 22:24 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-02-14 22:23 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-14 22:17 - 2014-11-27 13:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-14 22:11 - 2014-12-06 16:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 22:09 - 2014-12-06 16:23 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-14 22:00 - 2014-11-23 11:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-12 19:23 - 2014-11-21 19:00 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-12 19:23 - 2014-11-21 18:10 - 00000000 ____D () C:\Temp
2015-02-12 19:22 - 2014-11-21 19:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-12 07:22 - 2014-11-26 13:09 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-02-12 05:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2015-02-12 05:33 - 2014-11-21 19:00 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-12 05:21 - 2014-11-23 14:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-12 05:21 - 2014-11-23 14:19 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-02-12 05:13 - 2009-07-14 06:45 - 00294992 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 05:12 - 2014-12-11 10:16 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 05:12 - 2014-11-22 03:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 05:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 05:10 - 2014-11-21 19:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 05:08 - 2014-11-21 19:25 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 04:38 - 2014-11-23 12:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-02-12 04:38 - 2014-11-22 16:40 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-02-12 04:38 - 2014-11-22 16:38 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-02-12 04:38 - 2014-11-21 18:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-12 04:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2015-02-12 04:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-02-12 04:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-12 03:47 - 2014-11-21 18:32 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-02-12 03:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2015-02-10 20:20 - 2014-12-16 19:40 - 00000402 _____ () C:\Windows\Tasks\Defraggler Volume C Task.job
2015-02-10 18:28 - 2014-11-23 11:36 - 00000000 ___RD () C:\Users\User\Dropbox
2015-02-10 18:28 - 2014-11-23 11:31 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-02-10 05:50 - 2014-11-23 15:01 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2015-02-06 20:12 - 2014-11-21 20:12 - 01458180 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-06 20:12 - 2010-11-21 12:05 - 00606732 _____ () C:\Windows\system32\perfh008.dat
2015-02-06 20:12 - 2010-11-21 12:05 - 00110928 _____ () C:\Windows\system32\perfc008.dat
2015-02-06 20:11 - 2009-07-14 07:13 - 01458180 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 17:46 - 2015-01-06 09:10 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-06 03:06 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-06 03:01 - 2015-01-06 08:55 - 00004180 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 03:01 - 2015-01-06 08:55 - 00003928 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 23:24 - 2014-11-21 17:59 - 00000000 ____D () C:\Windows\Panther
2015-02-05 22:15 - 2014-11-23 12:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 22:15 - 2014-11-23 12:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 22:15 - 2014-11-23 12:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-14 23:34
 
==================== End Of Log ============================


#15 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:53 PM

Posted 15 February 2015 - 02:32 AM

Hello GeorgeStam89,

is Sytem Restore enabled on this pc?
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop, you ran it from E:\UserFiles\Downloads) as fixlist.txt

 
start
EmptyTemp:
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Policies\system: [LogonHoursAction] 2 
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION 
HKU\S-1-5-21-1889768098-1045734326-830431835-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 cpuz138; \??\C:\Users\User\AppData\Local\Temp\cpuz138_x64.sys [X]
CreateRestorePoint:
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users