Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU processes taking 15% CPU, various windows security features disabled, more


  • This topic is locked This topic is locked
13 replies to this topic

#1 Koutsiog

Koutsiog

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 26 September 2015 - 12:27 PM

For a few days I've been struggling with what seems to be a piece of malware that has passed through every defense on my PC, screwed up the insides and now is sitting there undetectable.

 

I have scanned with malwarebytes' antimalware and antirootkit, supernatispyware, panda antivirus free, roguekiller, RKill, adwcleaner, ESET online and many more recommended apps I forgot that don't seem to solve my issues.

 

Basically I found 3 CMD processes taking 13-15% cpu each, which tipped me off as strange. Looking deeper into them they seem to come from SysWOW64/cmd.exe, not sure if that means anything helpful. I can close these processes but eventually they reappear, I'm not sure what causes them to but they do.

 

My windows defender had been disabled and the error message when trying to run it dissappeared immediately after being opened. I tried to run it from the service but ti gave me a "cannot find file" type of error, and now the service itself is completely gone from my services.

The action center icon has been removed from my taskbar and it's greyed out off in the system icons switcher.

My computer won't connect to my phone for file transfer, though I am unsure if this is caused by the malware and I'm only reporting it in case it might help.

 

It might bear mentioning that I installed panda after this whole issue started, when I found out windows defender had been killed.

 

Note: I might not have an internet connection for a few days next week, so please wait a bit longer than usual before closing my topic for innactivity.

 

 

 

FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Koutsiog (administrator) on MSI (26-09-2015 20:07:29)
Running from D:\Desktop
Loaded Profiles: Koutsiog (Available Profiles: Koutsiog)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Flux Software LLC) C:\Users\Koutsiog\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\puush\puush.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
() C:\Program Files (x86)\Launchy\Launchy.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 2015-01-17] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322712 2014-10-10] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3347688 2015-07-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [405504 2014-11-07] (MSI)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1569416 2014-11-12] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39175960 2015-08-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-07-28] (Panda Security, S.L.)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [14844416 2015-08-02] ()
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\Run: [f.lux] => C:\Users\Koutsiog\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-08-26] ()
HKU\S-1-5-18\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-08-02] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-01-17]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{5B62C353-75A3-463F-A52E-CC005846F3CE}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Koutsiog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2015-07-13]
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8C20E956-17EE-46F1-B965-5471699DD97F}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi13.msn.com
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi13.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-04] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-04] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default
FF DefaultSearchEngine: Google US
FF Homepage: about:superstart
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-25] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-04] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-25] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\searchplugins\google-.xml [2015-03-11]
FF SearchPlugin: C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\searchplugins\google-im-feeling-lucky.xml [2015-09-04]
FF SearchPlugin: C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\searchplugins\the-pirate-bay-.xml [2015-02-03]
FF SearchPlugin: C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\searchplugins\wolframalpha-computational-knowledge-engine.xml [2014-09-11]
FF SearchPlugin: C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\searchplugins\youtube.xml [2014-09-07]
FF Extension: Greek Spelling dictionary - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\el-GR@dictionaries.addons.mozilla.org [2015-07-13]
FF Extension: British English Dictionary (Forked by Marco Pinto) - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\marcoagpinto@mail.telepac.pt [2015-08-31]
FF Extension: Super Start - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\superstart@enjoyfreeware.org [2015-07-13]
FF Extension: OpenDownload² - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{210249CE-F888-11DD-B868-4CB456D89593} [2015-09-25]
FF Extension: iMacros for Firefox - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-09-25]
FF Extension: Add to Search Bar - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2015-07-13]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-07-13]
FF Extension: Firebug - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\firebug@software.joehewitt.com.xpi [2015-07-13]
FF Extension: Ghostery - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\firefox@ghostery.com.xpi [2015-07-13]
FF Extension: MEGA - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\firefox@mega.co.nz.xpi [2015-07-13]
FF Extension: FireGestures - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\firegestures@xuldev.org.xpi [2015-07-13]
FF Extension: AutoPagerize - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\jid0-tKjnEA5X3eBoP5HnqjBYQ4U3AcM@jetpack.xpi [2015-07-13]
FF Extension: Enable Click to Play - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\jid1-4Vy68XOTvAbEBQ@jetpack.xpi [2015-07-13]
FF Extension: Google Similar Images - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\nishan.naseer.googimagesearch@gmail.com.xpi [2015-08-10]
FF Extension: Omnibar - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\omnibar@ajitk.com.xpi [2015-07-13]
FF Extension: Omnibar Plus - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\omnibarplus@quicksaver.xpi [2015-07-13]
FF Extension: Secure Login - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\secureLogin@blueimp.net.xpi [2015-07-13]
FF Extension: Thumbnail Zoom Plus - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2015-07-13]
FF Extension: Imagus - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{00000f2a-7cde-4f20-83ed-434fcb420d71}.xpi [2015-07-13]
FF Extension: All-in-One Sidebar - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2015-07-13]
FF Extension: Resurrect Pages - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2015-07-13]
FF Extension: LastTab - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{68E5DD30-A659-4987-99F9-EAF21F9D4140}.xpi [2015-07-13]
FF Extension: NoScript - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-07-13]
FF Extension: Ads no more - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi [2015-07-13]
FF Extension: Adblock Plus - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-13] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-07-31] (ELAN Microelectronics Corp.)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1720888 2015-08-04] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6874680 2015-08-04] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
U2 HiPatchService; d:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-10] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [122984 2015-01-17] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-11-07] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-30] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-07-29] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-07-23] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-07-28] (Panda Security, S.L.)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [360448 2014-08-18] (Qualcomm Atheros) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18480 2015-05-11] (Intel® Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-30] (Intel® Corporation)
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2015-07-14] ()
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-08-13] (Qualcomm Atheros, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-07-13] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [222664 2015-01-17] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-06-17] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2015-07-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-26] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3446240 2014-06-18] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [78072 2015-07-09] ()
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2015-01-17] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466648 2015-01-17] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R1 Win10Pcap; C:\Windows\system32\DRIVERS\Win10Pcap.sys [41544 2015-06-10] (Daiyuu Nobori, University of Tsukuba, Japan)
S3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
S3 RTCore64; \??\D:\Program Files (x86)\RMClock\RTCore64.sys [X]
U3 fgrdypog; \??\C:\Users\Koutsiog\AppData\Local\Temp\fgrdypog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-26 19:39 - 2015-05-22 11:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-09-26 18:59 - 2015-09-26 18:59 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-09-26 18:56 - 2015-07-30 17:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-26 18:56 - 2015-07-30 16:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-09-26 18:50 - 2015-01-06 06:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-09-26 18:50 - 2015-01-06 05:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-09-26 18:50 - 2015-01-06 04:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-09-26 18:50 - 2015-01-06 04:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-09-26 18:49 - 2015-08-10 21:15 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-09-26 18:49 - 2015-08-10 21:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-09-26 18:49 - 2015-08-10 21:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-09-26 18:49 - 2015-08-10 20:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-09-26 18:49 - 2015-08-10 19:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-09-26 18:49 - 2015-08-10 19:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-09-26 18:49 - 2015-08-08 00:41 - 07460168 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-26 18:49 - 2015-08-08 00:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-26 18:49 - 2015-08-08 00:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-26 18:49 - 2015-08-08 00:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-26 18:49 - 2015-08-08 00:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-26 18:49 - 2015-08-08 00:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-26 18:49 - 2015-08-07 17:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-26 18:49 - 2015-08-06 20:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-09-26 18:49 - 2015-08-06 19:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-26 18:49 - 2015-08-06 19:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-09-26 18:49 - 2015-08-06 19:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-09-26 18:49 - 2015-07-30 20:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-26 18:49 - 2015-07-30 19:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-26 18:49 - 2015-07-29 02:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-09-26 18:49 - 2015-07-28 17:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-09-26 18:49 - 2015-07-28 17:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-09-26 18:49 - 2015-07-28 17:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-09-26 18:49 - 2015-07-28 17:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-09-26 18:49 - 2015-07-28 17:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-09-26 18:49 - 2015-07-28 17:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-09-26 18:49 - 2015-07-07 12:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-09-26 18:49 - 2015-06-27 14:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-26 18:49 - 2015-06-19 20:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-26 18:49 - 2015-06-12 20:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-09-26 18:49 - 2015-06-12 19:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-09-26 18:49 - 2014-11-17 23:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-09-26 18:49 - 2014-11-17 23:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2015-09-26 18:49 - 2014-11-14 09:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2015-09-26 18:49 - 2014-11-14 09:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2015-09-26 18:49 - 2014-11-10 21:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-09-26 18:48 - 2015-08-22 21:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-26 18:48 - 2015-08-22 20:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-26 18:48 - 2015-08-22 20:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-26 18:48 - 2015-08-22 20:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-26 18:48 - 2015-08-22 20:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-26 18:48 - 2015-08-22 20:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-26 18:48 - 2015-08-22 19:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-26 18:48 - 2015-08-22 19:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-26 18:48 - 2015-08-22 19:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-26 18:48 - 2015-08-22 19:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-26 18:48 - 2015-08-22 19:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-26 18:48 - 2015-08-22 19:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-26 18:48 - 2015-08-22 19:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-26 18:48 - 2015-08-22 19:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-26 18:48 - 2015-08-22 19:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-26 18:48 - 2015-08-22 19:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-26 18:48 - 2015-08-22 19:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-26 18:48 - 2015-08-22 19:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-26 18:48 - 2015-08-22 19:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-26 18:48 - 2015-08-22 19:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-26 18:48 - 2015-08-22 19:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-26 18:48 - 2015-08-22 19:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-26 18:48 - 2015-08-22 19:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-26 18:48 - 2015-08-22 19:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-26 18:48 - 2015-08-22 19:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-26 18:48 - 2015-08-22 19:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-26 18:48 - 2015-08-22 19:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-26 18:48 - 2015-08-22 18:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-26 18:48 - 2015-08-22 18:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-26 18:48 - 2015-08-22 16:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-26 18:48 - 2015-08-01 06:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-26 18:48 - 2015-08-01 06:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-26 18:48 - 2015-08-01 06:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-26 18:48 - 2015-08-01 06:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-26 18:48 - 2015-08-01 06:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-26 18:48 - 2015-07-22 17:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-26 18:48 - 2015-07-22 16:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-26 18:48 - 2015-07-17 17:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-26 18:48 - 2015-07-17 17:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-26 18:48 - 2015-07-16 23:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-26 18:48 - 2015-07-16 23:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-26 18:48 - 2015-07-16 22:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-09-26 18:48 - 2015-07-16 22:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-26 18:48 - 2015-07-16 22:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-26 18:48 - 2015-07-16 22:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-09-26 18:48 - 2015-07-16 21:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-09-26 18:48 - 2015-07-16 21:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-09-26 18:48 - 2015-07-15 00:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-09-26 18:48 - 2015-07-15 00:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-09-26 18:48 - 2015-07-15 00:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-09-26 18:48 - 2015-07-14 06:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-26 18:48 - 2015-07-10 21:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-09-26 18:48 - 2015-07-10 20:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-09-26 18:48 - 2015-07-10 20:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-09-26 18:48 - 2015-07-10 19:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-09-26 18:48 - 2015-07-07 12:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-09-26 18:48 - 2015-07-07 12:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-09-26 18:48 - 2015-06-11 23:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-09-26 18:48 - 2015-06-11 23:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-09-26 18:48 - 2015-06-10 01:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2015-09-26 18:48 - 2015-06-10 01:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2015-09-26 18:48 - 2015-06-10 01:38 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-09-26 18:48 - 2015-05-01 04:13 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-09-26 18:48 - 2015-05-01 04:13 - 01488000 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-09-26 18:48 - 2015-05-01 04:13 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-09-26 18:48 - 2014-11-15 22:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-09-26 18:48 - 2014-11-15 09:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-09-26 18:48 - 2014-11-14 09:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-09-26 18:48 - 2014-11-14 08:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-09-26 18:48 - 2014-11-10 21:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-09-26 18:48 - 2014-11-10 05:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2015-09-26 18:48 - 2014-11-10 04:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-09-26 18:48 - 2014-11-10 04:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2015-09-26 18:48 - 2014-11-10 03:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2015-09-26 18:48 - 2014-11-08 07:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2015-09-26 18:48 - 2014-11-08 06:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-09-26 18:48 - 2014-11-08 06:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2015-09-26 18:48 - 2014-11-08 06:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2015-09-26 18:48 - 2014-11-08 06:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2015-09-26 18:48 - 2014-11-08 06:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2015-09-26 18:48 - 2014-11-08 06:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2015-09-26 18:48 - 2014-11-08 06:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2015-09-26 18:48 - 2014-11-08 06:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2015-09-26 18:48 - 2014-11-08 05:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2015-09-26 18:48 - 2014-11-08 05:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-09-26 18:48 - 2014-11-08 05:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-09-26 18:48 - 2014-11-08 05:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-09-26 18:48 - 2014-11-08 04:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-09-26 18:48 - 2014-11-08 04:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-09-26 18:48 - 2014-11-07 06:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-09-26 18:48 - 2014-11-07 06:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-09-26 18:48 - 2014-11-05 05:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-09-26 18:48 - 2014-11-05 05:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2015-09-26 18:48 - 2014-11-05 05:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2015-09-26 18:48 - 2014-11-05 04:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-09-26 18:48 - 2014-11-05 04:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-09-26 18:48 - 2014-11-05 04:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-09-26 18:48 - 2014-11-05 04:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2015-09-26 18:48 - 2014-11-05 04:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2015-09-26 18:48 - 2014-11-05 04:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2015-09-26 18:48 - 2014-11-05 04:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-09-26 18:48 - 2014-11-05 04:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-09-26 18:48 - 2014-11-05 04:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-09-26 18:48 - 2014-11-05 04:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-09-26 18:48 - 2014-11-05 04:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-09-26 18:48 - 2014-11-04 22:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-09-26 18:48 - 2014-11-04 09:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-09-26 18:48 - 2014-11-04 08:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-09-26 18:48 - 2014-10-29 06:05 - 00551232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-09-26 18:48 - 2014-10-29 04:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-09-26 18:48 - 2014-10-29 04:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-09-26 18:48 - 2014-10-21 04:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2015-09-26 18:48 - 2014-10-21 04:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2015-09-26 18:48 - 2014-10-21 03:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-09-26 18:48 - 2014-10-21 03:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-09-26 18:48 - 2014-10-21 03:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2015-09-26 18:48 - 2014-10-21 03:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-09-26 18:48 - 2014-10-21 03:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-09-26 18:48 - 2014-10-17 07:56 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-09-26 18:48 - 2014-10-17 06:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-09-26 18:47 - 2015-09-03 05:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-26 18:47 - 2015-09-03 05:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-26 18:47 - 2015-09-02 21:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-26 18:47 - 2015-09-02 20:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-26 18:47 - 2015-09-02 05:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-26 18:47 - 2015-09-02 05:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-26 18:47 - 2015-09-02 05:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-26 18:47 - 2015-09-02 05:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-26 18:47 - 2015-09-02 05:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-26 18:47 - 2015-08-27 05:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-26 18:47 - 2015-08-26 21:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-26 18:47 - 2015-08-26 21:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-26 18:47 - 2015-08-26 21:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-26 18:47 - 2015-08-26 21:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-26 18:47 - 2015-08-26 17:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-26 18:47 - 2015-08-26 17:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-26 18:47 - 2015-08-26 17:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-26 18:47 - 2015-08-26 17:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-26 18:47 - 2015-08-26 17:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-26 18:47 - 2015-08-26 17:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-26 18:47 - 2015-08-26 17:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-26 18:47 - 2015-08-04 00:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-26 18:47 - 2015-08-04 00:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-26 18:47 - 2015-08-01 17:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-26 18:47 - 2015-07-29 17:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-09-26 18:47 - 2015-07-29 17:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-09-26 18:47 - 2015-07-29 17:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-09-26 18:47 - 2015-07-22 17:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-26 18:47 - 2015-07-22 17:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-26 18:47 - 2015-07-22 17:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-26 18:47 - 2015-07-22 17:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-26 18:47 - 2015-07-18 21:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-26 18:47 - 2015-07-18 21:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-26 18:47 - 2015-07-18 21:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-26 18:47 - 2015-07-18 21:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-26 18:47 - 2015-07-16 03:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-09-26 18:47 - 2015-07-13 22:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-26 18:47 - 2015-07-13 22:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-09-26 18:47 - 2015-07-13 22:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-26 18:47 - 2015-07-10 22:06 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-09-26 18:47 - 2015-07-10 20:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-09-26 18:47 - 2015-07-09 20:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-09-26 18:47 - 2015-07-09 20:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-09-26 18:47 - 2015-07-09 19:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-09-26 18:47 - 2015-07-09 19:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-26 18:47 - 2015-07-04 00:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-26 18:47 - 2015-07-03 17:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-26 18:47 - 2015-07-02 01:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-09-26 18:47 - 2015-07-02 01:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-09-26 18:47 - 2015-07-02 00:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-09-26 18:47 - 2015-07-02 00:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-09-26 18:27 - 2015-09-26 19:32 - 00000000 ____D C:\AdwCleaner
2015-09-26 17:58 - 2015-09-26 19:22 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-26 17:58 - 2015-09-26 18:10 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-26 15:24 - 2015-09-26 15:24 - 00000000 ____D C:\Program Files\TaglibHandler
2015-09-26 15:24 - 2015-09-26 15:24 - 00000000 ____D C:\Program Files (x86)\TaglibHandler
2015-09-26 14:56 - 2015-09-26 14:56 - 00003062 _____ C:\Windows\System32\Tasks\{3EC91B69-433F-4BF3-B544-CB1ABA8B29CA}
2015-09-26 14:56 - 2015-09-26 14:56 - 00003054 _____ C:\Windows\System32\Tasks\{1924FBD4-1B4B-45DC-BFA3-20B6ADACA89B}
2015-09-26 14:50 - 2015-09-26 14:50 - 00000000 ____D C:\Windows\SysWOW64\xlive
2015-09-26 14:48 - 2015-09-26 14:48 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\To the Moon
2015-09-25 21:40 - 2015-09-25 21:40 - 00000000 ____D C:\ProgramData\X360CE
2015-09-25 21:19 - 2015-09-25 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grey Goo
2015-09-25 21:17 - 2015-09-25 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lichdom - Battlemage [GOG.com]
2015-09-25 15:18 - 2015-09-26 18:29 - 00000410 ____H C:\Windows\Tasks\{928394A4-6836-45EF-A52B-0FAE47A29759}.job
2015-09-25 15:18 - 2015-09-25 15:18 - 00003246 _____ C:\Windows\System32\Tasks\{928394A4-6836-45EF-A52B-0FAE47A29759}
2015-09-25 14:40 - 2015-09-14 03:29 - 42840368 _____ C:\Windows\system32\nvcompiler.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 17082928 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 16637528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 14635600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 13660648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 12185344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 11096696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-09-25 14:40 - 2015-09-14 03:29 - 02940024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 02627192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435598.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435598.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 01074808 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 01064056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 00944760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 00512904 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 00421544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 00408184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 00364152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-09-25 14:40 - 2015-09-14 03:29 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-09-25 14:11 - 2015-09-26 19:44 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1253574191-45192698-2028136428-1001
2015-09-25 14:05 - 2015-09-25 14:05 - 00002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus.lnk
2015-09-25 14:05 - 2015-09-25 14:05 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\Panda Security
2015-09-25 14:05 - 2015-09-25 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-09-25 14:05 - 2015-09-25 14:05 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-09-25 14:03 - 2015-09-25 14:05 - 00000000 ____D C:\ProgramData\Panda Security
2015-09-25 13:59 - 2015-09-25 13:59 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-25 13:50 - 2015-09-25 13:50 - 00111714 _____ C:\Windows\PFRO.log
2015-09-25 13:42 - 2015-09-25 13:48 - 00002842 _____ C:\Windows\system32\lic2.xml19332
2015-09-25 13:42 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-09-25 09:53 - 2015-09-25 09:53 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\QuickScan
2015-09-24 23:38 - 2015-09-24 23:49 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-24 20:44 - 2015-09-24 20:44 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-09-24 20:44 - 2015-09-24 20:44 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-09-24 20:44 - 2015-09-24 20:44 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-09-24 20:44 - 2015-09-24 20:44 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-09-24 20:44 - 2015-09-24 20:44 - 00000000 ____D C:\Program Files (x86)\OpenAL
2015-09-24 20:43 - 2015-09-24 20:43 - 00000000 ____D C:\Users\Koutsiog\AppData\Local\Curve Digital
2015-09-24 20:43 - 2015-09-24 20:43 - 00000000 ____D C:\Users\Koutsiog\AppData\Local\4A Games
2015-09-24 20:42 - 2015-09-26 14:55 - 00068587 _____ C:\Windows\DirectX.log
2015-09-24 19:05 - 2015-09-24 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2015-09-24 19:05 - 2015-09-24 19:05 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.2.1
2015-09-24 18:30 - 2015-09-26 19:39 - 00004170 _____ C:\Windows\setupact.log
2015-09-24 18:30 - 2015-09-24 18:30 - 00000000 _____ C:\Windows\setuperr.log
2015-09-24 16:34 - 2015-09-26 20:00 - 01411579 _____ C:\Windows\WindowsUpdate.log
2015-09-23 19:28 - 2015-09-26 19:39 - 00000326 _____ C:\Windows\Tasks\hrushpa.job
2015-09-23 19:28 - 2015-09-23 19:28 - 00303104 __RSH C:\Windows\SysWOW64\Windowsz.dll
2015-09-23 16:45 - 2015-09-23 16:45 - 00000954 _____ C:\Users\Koutsiog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Besiege.lnk
2015-09-23 13:30 - 2015-09-23 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planetary Annihilation TITANS
2015-09-21 19:21 - 2015-09-21 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-09-21 19:21 - 2015-09-21 19:21 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-09-19 20:45 - 2015-09-19 20:45 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\Wireshark
2015-09-19 20:44 - 2015-09-19 20:44 - 00000000 ____D C:\Program Files\Wireshark
2015-09-19 20:41 - 2015-09-19 20:41 - 00000000 ____D C:\Program Files (x86)\Win10Pcap
2015-09-19 20:41 - 2015-06-10 20:47 - 00140448 _____ (Daiyuu Nobori, University of Tsukuba, Japan) C:\Windows\system32\Packet.dll
2015-09-19 20:41 - 2015-06-10 20:47 - 00122528 _____ (Daiyuu Nobori, University of Tsukuba, Japan) C:\Windows\SysWOW64\Packet.dll
2015-09-19 20:41 - 2015-06-07 22:19 - 00370424 _____ (Riverbed Technology, Inc.) C:\Windows\system32\wpcap.dll
2015-09-19 20:41 - 2015-06-07 22:19 - 00282360 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\wpcap.dll
2015-09-15 13:23 - 2015-09-15 13:23 - 00000972 _____ C:\Users\Koutsiog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prison Architect.lnk
2015-09-13 13:24 - 2015-09-13 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2015-09-13 13:24 - 2015-09-13 13:24 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2015-09-12 22:53 - 2015-09-12 22:53 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\LibreOffice
2015-09-12 18:40 - 2015-09-12 18:40 - 00001859 _____ C:\Users\Koutsiog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AltDrag.lnk
2015-09-12 18:40 - 2015-09-12 18:40 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\AltDrag
2015-09-11 11:05 - 2015-09-11 11:05 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\ParadoxInteractive
2015-09-10 17:13 - 2015-09-04 13:03 - 00322144 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-09-10 17:13 - 2015-09-04 13:03 - 00274016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-09-10 17:13 - 2015-09-04 13:03 - 00206944 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-09-10 17:13 - 2015-09-04 13:03 - 00206944 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-09-10 17:13 - 2015-09-04 13:03 - 00191584 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-09-10 17:13 - 2015-09-04 13:03 - 00191584 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-09-10 17:13 - 2015-09-04 13:03 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-09 20:48 - 2015-09-09 20:48 - 00000990 _____ C:\Users\Koutsiog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Magicka 2.lnk
2015-09-09 16:56 - 2015-09-09 16:56 - 00001362 _____ C:\Users\Koutsiog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Deus Ex Human Revolution. Directors Cut.lnk
2015-09-09 14:46 - 2015-09-09 14:46 - 00000000 ____D C:\Users\Koutsiog\AppData\Local\238010
2015-09-09 13:52 - 2015-09-09 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deus Ex Human Revolution. Directors Cut
2015-09-09 13:25 - 2015-09-09 13:25 - 261744128 _____ C:\Users\Koutsiog\AppData\Roaming\Update.fg3
2015-09-09 13:25 - 2015-09-09 13:25 - 00000009 _____ C:\Users\Koutsiog\AppData\Roaming\update.dat
2015-09-08 22:11 - 2015-09-08 22:11 - 00000000 ____D C:\Users\Koutsiog\AppData\Local\Introversion
2015-09-06 17:02 - 2015-09-14 03:29 - 15513208 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-09-06 17:02 - 2015-09-14 03:29 - 12514824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-09-06 17:02 - 2015-08-25 21:46 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435582.dll
2015-09-06 17:02 - 2015-08-25 21:46 - 01558648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435582.dll
2015-09-04 13:03 - 2015-09-04 13:03 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\Sun
2015-09-04 13:03 - 2015-09-04 13:03 - 00000000 ____D C:\Users\Koutsiog\.oracle_jre_usage
2015-08-29 22:48 - 2015-08-29 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTL Faster Than Light
2015-08-27 21:03 - 2015-08-27 21:03 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-27 20:05 - 2015-08-27 20:05 - 00000000 ____D C:\ProgramData\IsolatedStorage
2015-08-27 20:03 - 2015-08-27 20:03 - 00000613 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Onikira - Demon Killer.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-26 20:07 - 2015-08-20 16:18 - 00000000 ____D C:\FRST
2015-09-26 19:51 - 2015-07-13 16:40 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-26 19:51 - 2015-07-13 16:40 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-26 19:51 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-26 19:50 - 2015-07-13 17:06 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-26 19:45 - 2014-11-06 03:48 - 00556286 _____ C:\Windows\system32\perfh008.dat
2015-09-26 19:45 - 2014-11-06 03:48 - 00093618 _____ C:\Windows\system32\perfc008.dat
2015-09-26 19:45 - 2014-11-06 03:29 - 00321754 _____ C:\Windows\system32\perfh005.dat
2015-09-26 19:45 - 2014-11-06 03:29 - 00051134 _____ C:\Windows\system32\perfc005.dat
2015-09-26 19:45 - 2014-03-18 13:03 - 01844068 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-26 19:40 - 2015-07-13 17:03 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\Skype
2015-09-26 19:40 - 2015-07-13 17:03 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\qBittorrent
2015-09-26 19:40 - 2015-07-13 15:56 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-26 19:39 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-26 18:59 - 2015-07-13 17:06 - 00000000 ___RD C:\Users\Koutsiog\Dropbox
2015-09-26 18:59 - 2015-07-13 16:40 - 00000000 ____D C:\Users\Koutsiog\AppData\Local\Dropbox
2015-09-26 18:58 - 2015-07-17 22:13 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-09-26 18:58 - 2015-07-17 22:13 - 00000000 ____D C:\Windows\system32\appraiser
2015-09-26 18:58 - 2014-03-18 12:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-26 18:58 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-26 18:58 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-26 18:58 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2015-09-26 18:58 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\setup
2015-09-26 18:58 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\en-GB
2015-09-26 18:58 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-26 18:58 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-09-26 18:58 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-09-26 18:58 - 2013-08-22 17:44 - 02645632 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-26 18:56 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-26 18:54 - 2015-07-13 16:26 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\vlc
2015-09-26 18:50 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-26 18:50 - 2013-08-22 18:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-26 18:50 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2015-09-26 18:11 - 2015-07-13 15:35 - 00000000 ____D C:\Users\Koutsiog\AppData\Local\VirtualStore
2015-09-26 16:43 - 2015-07-14 22:40 - 00000000 ____D C:\Users\Koutsiog\AppData\Local\Warframe
2015-09-26 14:57 - 2015-07-13 18:04 - 00000000 ____D C:\Users\Koutsiog\AppData\Local\CrashDumps
2015-09-26 14:51 - 2015-01-17 22:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-25 20:55 - 2015-07-13 16:53 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\DAEMON Tools Lite
2015-09-25 14:41 - 2015-01-17 23:03 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-25 13:50 - 2015-07-13 19:35 - 00000000 ____D C:\Program Files (x86)\Fraps
2015-09-25 13:50 - 2015-07-13 15:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-25 13:49 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-24 23:37 - 2015-07-13 16:57 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-24 17:46 - 2015-07-13 18:33 - 00000132 _____ C:\Users\Koutsiog\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-09-24 15:02 - 2015-07-13 21:21 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-09-23 20:01 - 2015-07-13 15:35 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-09-23 20:01 - 2015-07-13 15:35 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-23 16:00 - 2015-07-13 18:34 - 00000000 ____D C:\Users\Koutsiog\AppData\Roaming\TS3Client
2015-09-23 00:49 - 2015-07-13 15:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-22 16:55 - 2015-07-13 18:31 - 00000000 ____D C:\Users\Koutsiog\AppData\Local\dxhr
2015-09-20 18:37 - 2015-07-13 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-09-20 18:37 - 2015-07-13 19:23 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2015-09-20 18:36 - 2015-07-13 18:31 - 00000000 ____D C:\Users\Koutsiog\AppData\Local\Skyrim
2015-09-16 22:54 - 2015-07-19 20:57 - 00000000 ____D C:\Users\Koutsiog\AppData\Local\LOOT
2015-09-16 00:12 - 2015-07-17 21:02 - 00000000 ____D C:\Users\Koutsiog\AppData\Local\acquisition
2015-09-15 04:18 - 2015-07-17 22:18 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-15 04:18 - 2015-07-17 22:18 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 03:29 - 2015-01-17 23:02 - 03530608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-09-14 03:29 - 2015-01-17 23:02 - 03116160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-09-14 03:29 - 2015-01-17 23:02 - 00033079 _____ C:\Windows\system32\nvinfo.pb
2015-09-14 01:09 - 2015-01-17 23:03 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-09-14 01:09 - 2015-01-17 23:03 - 03496056 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-09-14 01:09 - 2015-01-17 23:03 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-09-14 01:09 - 2015-01-17 23:03 - 01062192 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-09-14 01:09 - 2015-01-17 23:03 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-09-14 01:09 - 2015-01-17 23:03 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-09-14 01:09 - 2015-01-17 23:03 - 00074872 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-09-14 01:09 - 2015-01-17 23:03 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-09-11 15:17 - 2015-01-17 23:03 - 05231082 _____ C:\Windows\system32\nvcoproc.bin
2015-09-11 11:14 - 2015-07-13 18:48 - 00000000 ____D C:\ProgramData\Steam
2015-09-10 17:13 - 2015-07-13 16:29 - 00000000 ____D C:\Program Files\Java
2015-09-10 17:13 - 2015-07-13 16:27 - 00000000 ____D C:\ProgramData\Oracle
2015-09-10 17:12 - 2015-07-13 17:32 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-10 15:22 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-10 12:10 - 2015-01-17 23:01 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-09 20:04 - 2015-07-13 18:06 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-09-06 16:55 - 2015-01-17 23:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-09-04 13:03 - 2015-07-13 16:29 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-09-04 13:03 - 2015-07-13 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-04 13:03 - 2015-07-13 15:35 - 00000000 ____D C:\Users\Koutsiog
2015-09-01 18:46 - 2015-07-24 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filtration
2015-09-01 18:46 - 2015-07-24 22:12 - 00000000 ____D C:\Program Files (x86)\Filtration
2015-09-01 14:22 - 2015-07-17 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acquisition
2015-09-01 14:22 - 2015-07-17 21:01 - 00000000 ____D C:\Program Files (x86)\Acquisition
2015-08-28 14:50 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\rescache
2015-08-27 03:37 - 2015-01-17 23:03 - 01423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-08-27 03:37 - 2015-01-17 23:03 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-08-27 03:36 - 2015-01-17 23:03 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-08-27 03:36 - 2015-01-17 23:03 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

==================== Files in the root of some directories =======

2015-07-13 18:31 - 2013-03-06 10:11 - 0000184 _____ () C:\Users\Koutsiog\AppData\Roaming\008f0be5.dat
2015-07-13 18:33 - 2015-09-24 17:46 - 0000132 _____ () C:\Users\Koutsiog\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-08-13 15:41 - 2015-08-13 15:47 - 0047462 ___SH () C:\Users\Koutsiog\AppData\Roaming\d3dx10.exe
2015-07-13 18:33 - 2014-09-25 20:15 - 0000236 _____ () C:\Users\Koutsiog\AppData\Roaming\Recorder.ini
2015-09-09 13:25 - 2015-09-09 13:25 - 0000009 _____ () C:\Users\Koutsiog\AppData\Roaming\update.dat
2015-09-09 13:25 - 2015-09-09 13:25 - 261744128 _____ () C:\Users\Koutsiog\AppData\Roaming\Update.fg3
2015-07-13 18:31 - 2014-07-04 18:39 - 0005861 _____ () C:\Users\Koutsiog\AppData\Local\recently-used.xbel
2015-07-13 18:31 - 2014-04-28 19:02 - 0007591 _____ () C:\Users\Koutsiog\AppData\Local\Resmon.ResmonCfg
2015-07-13 18:48 - 2013-11-03 13:32 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-07-13 18:48 - 2009-06-16 13:25 - 0121512 ____R () C:\ProgramData\DeviceManager.xml.rc4
2015-07-13 18:48 - 2012-10-25 12:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Windows\Tasks\{928394A4-6836-45EF-A52B-0FAE47A29759}.job


Some files in TEMP:
====================
C:\Users\Koutsiog\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Koutsiog\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpv9w2.dll
C:\Users\Koutsiog\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw4cvw5.dll
C:\Users\Koutsiog\AppData\Local\Temp\DSETUP.dll
C:\Users\Koutsiog\AppData\Local\Temp\dsetup32.dll
C:\Users\Koutsiog\AppData\Local\Temp\DXSETUP.exe
C:\Users\Koutsiog\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Koutsiog\AppData\Local\Temp\sqlite3.dll
C:\Users\Koutsiog\AppData\Local\Temp\{EE9C6067-87FE-4EB9-AA30-302D4B7E573E}.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-25 10:22

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Koutsiog (2015-09-26 20:07:48)
Running from D:\Desktop
Windows 8.1 (X64) (2015-07-13 12:35:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1253574191-45192698-2028136428-500 - Administrator - Disabled)
Guest (S-1-5-21-1253574191-45192698-2028136428-501 - Limited - Disabled)
Koutsiog (S-1-5-21-1253574191-45192698-2028136428-1001 - Administrator - Enabled) => C:\Users\Koutsiog

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Acquisition version 0.3a (HKLM-x32\...\{53E25C0C-0305-47BB-9884-F0F202297AF4}_is1) (Version: 0.3a - )
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AltDrag (HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\AltDrag) (Version: 1.1 - Stefan Sundin)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.)
Boot Configure (HKLM-x32\...\{5563D674-6B02-43F4-B9D0-C2A944E84F3C}) (Version: 20.014.12127 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1412.2301 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Child of Light (HKLM-x32\...\Q2hpbGRvZkxpZ2h0_is1) (Version: 1 - )
Cities Skylines (HKLM-x32\...\Cities Skylines_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Cities Skylines After Dark (HKLM-x32\...\Cities Skylines After Dark_is1) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Crusader Kings II Way of Life (HKLM-x32\...\Crusader Kings II Way of Life_is1) (Version:  - )
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Deus Ex Human Revolution. Directors Cut version 1.0.0.0 (HKLM-x32\...\Deus Ex Human Revolution. Directors Cut_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1410.1301 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1410.1301 - Micro-Star International Co., Ltd.) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
ELAN Touchpad 11.13.11.4_X64_WHQL (HKLM\...\Elantech) (Version: 11.13.11.4 - ELAN Microelectronic Corp.)
f.lux (HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\Flux) (Version:  - )
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout New Vegas (HKLM-x32\...\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}_is1) (Version: 1.4.0.525 - Bethesda Softworks)
Filtration version 0.11 (HKLM-x32\...\{AD0C8642-110D-402E-ADF6-9DDC1908A8FC}_is1) (Version: 0.11 - Ben Wallis)
Fotoattēlu galerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FTL version 1.5.13 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.5.13 - Subset Games)
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GameRanger (HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\GameRanger) (Version:  - GameRanger Technologies)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Grey Goo (HKLM-x32\...\Grey Goo_is1) (Version:  - )
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel Extreme Tuning Utility (HKLM-x32\...\{c39ccdf6-4cad-48b9-87d8-00131589afca}) (Version: 5.2.0.14 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 5.2.0.14 - Intel Corporation) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.39.1003 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1434.2) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
Kerbal Space Program (HKLM-x32\...\1429864849_is1) (Version: 2.0.0.1 - GOG.com)
KLM (HKLM-x32\...\InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}) (Version: 1.0.1411.1101 - Application)
KLM (x32 Version: 1.0.1411.1101 - Application) Hidden
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
LibreOffice 4.4.4.3 (HKLM-x32\...\{5B6D82BB-CC1A-431E-8991-3E57855F99C5}) (Version: 4.4.4.3 - The Document Foundation)
Lichdom - Battlemage (HKLM-x32\...\1425906836_is1) (Version: 2.0.0.1 - GOG.com)
LOOT (HKLM-x32\...\LOOT) (Version: 0.7.1 - LOOT Development Team)
Magic Duels (HKLM-x32\...\Steam App 316010) (Version:  - Stainless Games Ltd.)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Magicka 2 v1.0 / RePack by Azaq (HKLM-x32\...\Magicka 2_is1) (Version:  - )
MAGIX MX Suite (HKLM-x32\...\MAGIX_{43136332-880B-458A-966C-900C18752B66}) (Version: 1.13.0.121 - MAGIX AG)
MAGIX MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MASSIVE CHALICE (HKLM-x32\...\TUFTU0lWRUNIQUxJQ0U=_is1) (Version: 1 - )
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1412.1801 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1412.1801 - Micro-Star International Co., Ltd.) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.60.5 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Onikira - Demon Killer (HKLM-x32\...\T25pa2lyYURlbW9uS2lsbGVy_is1) (Version: 1 - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Panda Devices Agent (x32 Version: 1.03.05 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.03.00.0000 - Panda Security) Hidden
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
Planetary Annihilation TITANS (HKLM-x32\...\Planetary Annihilation TITANS_is1) (Version:  - )
Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
qBittorrent 3.2.1 (HKLM-x32\...\qBittorrent) (Version: 3.2.1 - The qBittorrent project)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.46.1056 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.46.1056 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.46.1056 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.46.1056 - Qualcomm Atheros) Hidden
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Race The Sun (HKLM-x32\...\Steam App 253030) (Version:  - Flippfly LLC)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7388 - Realtek Semiconductor Corp.)
SCM (HKLM\...\{9BC0C4F3-ACBB-42DF-9559-93175E3B4095}) (Version: 13.014.11068 - Application)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Sims 4 Language Selection by BuZeR version final (HKLM-x32\...\{ED318F10-E516-4245-160F-6F13F508F71F}_is1) (Version: final - )
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 2.0.1412.1501 - Application)
Sizing Options (x32 Version: 2.0.1412.1501 - Application) Hidden
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.13.2948.1 - Hi-Rez Studios)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Stealth Inc 2 (HKLM-x32\...\Steam App 329380) (Version:  - Carbon)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
The Sims 4 Deluxe Edition version 1.10.57.1020 (HKLM-x32\...\The Sims 4 Deluxe Edition_is1) (Version: 1.10.57.1020 - Mr DJ)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\GOGPACKTHEWITCHER2EE_is1) (Version: 3.4.0.25 - GOG.com)
The Witcher 3 Wild Hunt v.1.0.8 (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version:  - )
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
To the Moon (HKLM-x32\...\To the Moon1.0) (Version: 1.0 - Foxy Games)
Transistor (HKLM-x32\...\Transistor_is1) (Version:  - )
TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )
Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Win10Pcap (HKLM-x32\...\{B5B58F8A-1984-4F3E-B400-235A6E005001}) (Version: 10.1.5001 - Daiyuu Nobori, University of Tsukuba, Japan)
WinDirStat 1.1.2 (HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\WinDirStat) (Version:  - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
Wireshark 1.12.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.7 - The Wireshark developer community, http://www.wireshark.org)
Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1253574191-45192698-2028136428-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

24-09-2015 20:42:07 Installed DirectX
25-09-2015 21:17:24 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 16:25 - 2013-08-22 16:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {033B7EE5-37EC-42AE-8CB5-7D7E156270A1} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {14F00B17-2C76-40E1-BFC4-9D86D45AC21A} - \MalwarebytesUpdate -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1F0E40DB-8DB8-4C53-9137-89D81951448B} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {1FEF33F3-4D17-46BE-93CB-87036DDA5B2B} - \hrushpa -> No File <==== ATTENTION
Task: {228C821E-C750-41E5-9167-0C1AD52BAE00} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-12] (Microsoft Corporation)
Task: {281070B4-A46B-4711-9605-043B423048C6} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-03-11] (Intel Corporation)
Task: {282E87D6-0489-400E-932E-E05B1A9B6060} - \BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {2928E5F7-ED0F-4E96-B993-8FEF46E0722A} - \CCleaner -> No File <==== ATTENTION
Task: {3B01B583-2C78-4CD7-934D-3EE055C91A23} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {48BC906D-5B23-40B2-9CC5-093C0C144127} - System32\Tasks\{3EC91B69-433F-4BF3-B544-CB1ABA8B29CA} => pcalua.exe -a K:\G4WL\dotnetfx3_x64.exe -d K:\G4WL
Task: {603AA9D8-1BE2-44B9-B931-7D7F0A532E59} - \Optimize Start Menu Cache Files-S-1-5-21-1253574191-45192698-2028136428-500 -> No File <==== ATTENTION
Task: {6D0F7B9A-7BB7-4E48-BD1E-C6843CA9D400} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {91C75033-7036-4395-BBEC-D2963A661271} - \MSI_Dragon Gaming Center -> No File <==== ATTENTION
Task: {B31AB854-DBBA-447F-95D2-CE9D25F81436} - \SuperAS -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C6C98266-0210-49F5-9C5B-57445C840134} - \RMC -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D368E0A7-76A0-4CF5-B7B0-A53F8E348166} - \IntelMemoryDiagnostic -> No File <==== ATTENTION
Task: {D3DCA383-57FF-4F38-BFF3-DAD7B2D560B4} - \FRAPS -> No File <==== ATTENTION
Task: {D8594EE9-867C-4C02-9D76-DDC92D435996} - System32\Tasks\{928394A4-6836-45EF-A52B-0FAE47A29759} => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe [2015-07-28] (Panda Security, S.L.)
Task: {F17E3C40-C505-40CC-824B-88CD9685B789} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {F5BCFBEA-166A-4209-90BE-F3F81D19FB39} - System32\Tasks\{1924FBD4-1B4B-45DC-BFA3-20B6ADACA89B} => pcalua.exe -a K:\G4WL\dotnetfx3.exe -d K:\G4WL
Task: {FFBAD9E0-763C-4527-A615-BDBA8072AADF} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\hrushpa.job => C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\Windowsz.dll
Task: C:\Windows\Tasks\{928394A4-6836-45EF-A52B-0FAE47A29759}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-17 23:03 - 2015-09-14 01:09 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-15 23:13 - 2015-04-15 23:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-08-02 16:29 - 2015-08-02 16:29 - 14844416 _____ () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
2012-01-10 14:41 - 2015-08-26 21:56 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe
2014-08-18 22:40 - 2014-08-18 22:40 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-07-13 16:21 - 2010-11-10 20:38 - 00380928 _____ () C:\Program Files (x86)\Launchy\Launchy.exe
2013-04-12 20:23 - 2013-04-12 20:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-07-13 16:06 - 2015-08-27 03:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-13 15:59 - 2015-07-03 19:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-07-13 15:59 - 2015-07-03 19:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-07-13 15:59 - 2015-08-19 23:39 - 02413248 _____ () C:\Program Files (x86)\Steam\video.dll
2015-07-13 15:59 - 2015-07-03 19:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-07-13 15:59 - 2015-07-03 19:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-07-13 15:59 - 2014-12-02 00:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-07-13 15:59 - 2014-12-02 00:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-07-13 15:59 - 2014-12-02 00:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-07-13 15:59 - 2014-12-02 00:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-07-13 15:59 - 2014-12-02 00:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-07-13 15:59 - 2015-08-19 23:39 - 00704192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-24 14:05 - 2015-07-27 04:13 - 00171008 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-07-13 15:59 - 2015-07-03 19:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-07-13 16:21 - 2009-12-16 23:13 - 08314880 _____ () C:\Program Files (x86)\Launchy\QtGui4.dll
2015-07-13 16:21 - 2009-12-16 22:56 - 00712704 _____ () C:\Program Files (x86)\Launchy\QtNetwork4.dll
2015-07-13 16:21 - 2009-12-16 22:54 - 02236416 _____ () C:\Program Files (x86)\Launchy\QtCore4.dll
2015-07-13 16:21 - 2009-12-17 01:18 - 00233472 _____ () C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
2015-07-13 16:21 - 2010-11-10 20:39 - 00081920 _____ () C:\Program Files (x86)\Launchy\plugins\calcy.dll
2015-07-13 16:21 - 2010-11-10 20:39 - 00090112 _____ () C:\Program Files (x86)\Launchy\plugins\controly.dll
2015-07-13 16:21 - 2010-11-10 20:38 - 00024064 _____ () C:\Program Files (x86)\Launchy\plugins\gcalc.dll
2015-07-13 16:21 - 2010-11-10 20:38 - 00094208 _____ () C:\Program Files (x86)\Launchy\plugins\runner.dll
2015-07-13 16:21 - 2010-11-10 20:38 - 00057344 _____ () C:\Program Files (x86)\Launchy\plugins\verby.dll
2015-07-13 16:21 - 2010-11-10 20:38 - 00122880 _____ () C:\Program Files (x86)\Launchy\plugins\weby.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\skype.com -> hxxps://apps.skype.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1253574191-45192698-2028136428-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D3705640-9BE2-452E-9709-B84FF4039FCC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{47FA0291-5F8E-4E3C-B8C3-FFA3EA150C3E}] => (Allow) LPort=2869
FirewallRules: [{D5E09FDF-A598-42C9-9FB5-C9A1118C0DFD}] => (Allow) LPort=1900
FirewallRules: [{8B9E8743-E34E-4121-98A9-4D5E98676F38}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{473C74E7-C779-433B-BFAA-D18354992584}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{93726123-CB5A-4E25-8EF5-8E2C3671057B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3D48875C-4009-442E-8AF6-9EB360A103A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{9318540E-61AA-41EF-BF20-4BE7530F21B6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{A6B3177E-0693-46FE-8A0D-E528A07D14C7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{501B7286-8276-4459-BF26-28A9379A1A8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C4D9A321-9793-42BB-B454-05E6F27F090B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{23AB5DFF-C950-4909-9B79-27B28A1F8296}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0A7994E2-DBF0-4AFD-80CA-56114AE2EA89}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2104156D-7202-4AF2-9F63-0A3EBF1550F8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{84ACA989-5CC8-43DC-8D77-7369D40BAEB0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E1D16DAC-E4B8-4983-BE4F-431FF15345E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DF81715F-0A31-43C6-87DD-AFF6FE8FC3FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AFBDD19F-2ACF-4430-B7DD-D1B0CA130B51}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D660DC2B-7057-4D2F-839D-E455578A110F}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{00E62404-17E7-47C6-9B0F-9109B9426389}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{87224494-FD31-468E-8E1E-AB91E5154FFB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{01FC8AFE-F1BD-494B-AEC3-7335FFACEC4A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{288A0919-0028-4DD1-8E1C-508457AE1FBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{F3F79EDA-EA97-4EDB-B7A8-255A1900090A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [TCP Query User{D118C018-F8A7-45FD-9FF3-EAF2DBC3E023}D:\gog games\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\gog games\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{4F2B0121-5967-4879-9A6A-DF7260D754C9}D:\gog games\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\gog games\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [{B2F0AD89-BF02-4E96-9EE4-94DD9401E5E1}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{0A0D11DA-2B70-4323-A929-832DD1CFB9D3}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{E993AA94-24E5-4D82-A3E3-A9269D17C8D7}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{30580DBF-78AD-41E9-B25D-BB47EC906FAE}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2EBF7046-E2B8-426A-87E4-FF6DD93A0358}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{CEB26B55-5065-4346-8DB5-C6CA2809E019}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{9FE35A62-CAC1-4F15-91C2-93BD1BB37559}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{C05F6A3C-8927-4E1C-9667-E5881E6876C7}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{56EE0944-279A-4C37-8AC8-03F4E6BEA96E}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{3758D47D-A3B6-4302-A1F5-D581E2A354DA}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B398B5C2-2F6E-48BC-BF35-BE6D5553F0C1}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{D4E8BBC2-66F3-4B43-80E0-E9847E432436}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{4429F7A8-72FC-4C47-AB5C-D61984110010}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AE3B6715-CDBB-4DBF-9D1F-137B1E90581C}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{09CA014E-F2C0-44B1-85D5-24376A3B2F11}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{76690FC0-E672-436E-9015-F73E47DBADEB}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{663896DE-064E-4B86-9265-92542BE931C8}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{F1C7BD76-7329-4D9A-BBB1-FBACF57AC4F1}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{EF2D1EE0-DCE1-43FB-AC8B-9ABB91E04C6C}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{BB741072-0077-43AD-9AB5-B8D236ACA29B}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{69E1CBA7-35A5-4BE3-879A-B57FBF51799B}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{BC3FCA32-3968-4665-BAAE-522BE9BB3DB4}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [TCP Query User{2480C8C5-F815-4719-B7CB-52756B2FEA13}C:\users\koutsiog\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\koutsiog\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{320E45C0-C202-4B6B-93B6-16DF9369C822}C:\users\koutsiog\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\koutsiog\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{65097006-F6AA-4C19-A145-8F20E56E0749}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{21D8B22A-1BD9-4E81-8A7F-AF73950FBD35}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [TCP Query User{ED37914E-92DA-43C5-AB2D-BA63A7EDA844}D:\program files (x86)\steamgames\steamapps\common\sniper elite v2\bin\sniperelitev2.exe] => (Allow) D:\program files (x86)\steamgames\steamapps\common\sniper elite v2\bin\sniperelitev2.exe
FirewallRules: [UDP Query User{EEF9EB2E-8A1E-4487-823D-1D82EFB1F3A9}D:\program files (x86)\steamgames\steamapps\common\sniper elite v2\bin\sniperelitev2.exe] => (Allow) D:\program files (x86)\steamgames\steamapps\common\sniper elite v2\bin\sniperelitev2.exe
FirewallRules: [{374B9A80-D01F-4FD9-9A1C-A372539ECD82}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{EEF1A2F5-C541-4781-8695-BE4F544A5FBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CC1C12C9-317C-422D-9C04-C909DACEDE0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2C5D580B-5BED-4930-8524-9A04F30FC56F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B777ED23-5FB4-4AFE-B4CC-1916184F4EA8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{945DEB7F-F151-4B42-AF69-CA1F41589835}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{0A49F2CC-ECE1-49E8-8ADB-B3CA7C991B22}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{361C96D0-2F95-4C53-B54D-8AF7EDD24915}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7A017AAA-229E-45C6-AA53-B89A8ADFE27D}] => (Allow) D:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{D4F78317-8772-4586-8E32-449EBD5644CB}] => (Allow) D:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{5AAB3B75-4386-4785-A9C6-1B04AC4A2BF6}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8AC0FA43-4851-4237-955C-B18116A6F62D}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0A263978-439B-4356-B50B-5EAE46632FE2}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{54D7EA35-B08F-45AC-8E07-FB0F46EFFD3B}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [TCP Query User{D80FAA48-9330-4A73-B91F-0D2DF428C92C}D:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{45F6DD8C-76DD-428C-A04F-75BD48E4B0E3}D:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) D:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{98AC2F7B-0F22-44A4-8901-F5D3EE08ED16}D:\program files (x86)\planetary annihilation titans\bin_x64\server.exe] => (Allow) D:\program files (x86)\planetary annihilation titans\bin_x64\server.exe
FirewallRules: [UDP Query User{85ED600C-BD02-4E0F-9DCF-3D95D549A7DF}D:\program files (x86)\planetary annihilation titans\bin_x64\server.exe] => (Allow) D:\program files (x86)\planetary annihilation titans\bin_x64\server.exe
FirewallRules: [{0A3B96AD-5144-44CB-8DE5-A2BEF048FDFE}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{40C1B720-7AEA-4486-8896-463B8DDDF956}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Wargame Red Dragon\WarGame3.exe
FirewallRules: [{FD139C23-CD69-4EF9-B553-89A95FB1A1B1}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Stealth Inc 2\settings\settings.exe
FirewallRules: [{51445E53-DFA6-4330-86D2-32A1D4B220C9}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Stealth Inc 2\settings\settings.exe
FirewallRules: [{6467B7EA-8436-47DE-9F85-F6EB98B72568}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{2B9FFED7-A31E-4040-A242-1CA1A449F359}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{6679A8DE-08C9-4655-A35D-3FDB3DBCC813}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [{6D2E7962-33A5-4CEE-9586-D841066360D0}] => (Allow) D:\Program Files (x86)\SteamGames\steamapps\common\Metro 2033\metro2033.exe
FirewallRules: [TCP Query User{1EAC390A-ED8D-493B-8694-0E095B1CA33F}D:\program files (x86)\grey goo\instanceserverg.exe] => (Allow) D:\program files (x86)\grey goo\instanceserverg.exe
FirewallRules: [UDP Query User{36AE969D-E847-45FC-B93F-97EBACBEAB9D}D:\program files (x86)\grey goo\instanceserverg.exe] => (Allow) D:\program files (x86)\grey goo\instanceserverg.exe
FirewallRules: [TCP Query User{290E1D59-DE67-4FA3-AF25-CE4500EB046A}D:\program files (x86)\grey goo\goog.exe] => (Allow) D:\program files (x86)\grey goo\goog.exe
FirewallRules: [UDP Query User{98B772BC-FB98-4D38-9F37-242E9F1950D7}D:\program files (x86)\grey goo\goog.exe] => (Allow) D:\program files (x86)\grey goo\goog.exe
FirewallRules: [TCP Query User{0DA49117-FA5A-418F-9C43-A48800443EF2}D:\gog games\lichdom - battlemage\bin64\lichdombattlemage.exe] => (Allow) D:\gog games\lichdom - battlemage\bin64\lichdombattlemage.exe
FirewallRules: [UDP Query User{120FB94C-7A19-48DF-B881-75B590C3662D}D:\gog games\lichdom - battlemage\bin64\lichdombattlemage.exe] => (Allow) D:\gog games\lichdom - battlemage\bin64\lichdombattlemage.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2015 02:57:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Faulting module name: oftworks\Fallout 3\Fallout3.exe, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000138
Fault offset: 0x0009d4f2
Faulting process id: 0x1114
Faulting application start time: 0xFallout3.exe0
Faulting application path: Fallout3.exe1
Faulting module path: Fallout3.exe2
Report Id: Fallout3.exe3
Faulting package full name: Fallout3.exe4
Faulting package-relative application ID: Fallout3.exe5

Error: (09/26/2015 02:54:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Faulting module name: oftworks\Fallout 3\Fallout3.exe, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000138
Fault offset: 0x0009d4f2
Faulting process id: 0xd34
Faulting application start time: 0xFallout3.exe0
Faulting application path: Fallout3.exe1
Faulting module path: Fallout3.exe2
Report Id: Fallout3.exe3
Faulting package full name: Fallout3.exe4
Faulting package-relative application ID: Fallout3.exe5

Error: (09/26/2015 02:54:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Faulting module name: oftworks\Fallout 3\Fallout3.exe, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000138
Fault offset: 0x0009d4f2
Faulting process id: 0x222c
Faulting application start time: 0xFallout3.exe0
Faulting application path: Fallout3.exe1
Faulting module path: Fallout3.exe2
Report Id: Fallout3.exe3
Faulting package full name: Fallout3.exe4
Faulting package-relative application ID: Fallout3.exe5

Error: (09/25/2015 01:55:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c116b1
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x14d4
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3
Faulting package full name: jucheck.exe4
Faulting package-relative application ID: jucheck.exe5

Error: (09/25/2015 01:50:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (09/25/2015 09:40:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/25/2015 09:40:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/25/2015 09:40:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/25/2015 08:46:41 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (09/24/2015 08:43:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: game.exe, version: 0.0.0.0, time stamp: 0x5540fa31
Faulting module name: OpenAL32.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000135
Fault offset: 0x0009d4f2
Faulting process id: 0x23e0
Faulting application start time: 0xgame.exe0
Faulting application path: game.exe1
Faulting module path: game.exe2
Report Id: game.exe3
Faulting package full name: game.exe4
Faulting package-relative application ID: game.exe5


System errors:
=============
Error: (09/26/2015 07:51:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft.WindowsReadingList.

Error: (09/26/2015 07:41:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The @(BrandName) service failed to start due to the following error:
%%1053

Error: (09/26/2015 07:41:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the @(BrandName) service to connect.

Error: (09/26/2015 07:39:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (09/26/2015 07:39:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (09/26/2015 07:39:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (09/26/2015 07:39:25 PM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (09/26/2015 07:39:24 PM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (09/26/2015 07:39:24 PM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (09/26/2015 07:39:24 PM) (Source: DCOM) (EventID: 10010) (User: MSI)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}


CodeIntegrity:
===================================
  Date: 2015-09-22 15:26:55.115
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-15 13:12:51.654
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-17 18:43:32.612
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-23 00:21:47.222
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-19 15:35:20.971
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-14 23:03:13.573
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-14 23:03:12.697
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-14 23:02:46.611
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-14 23:02:45.743
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-14 23:02:26.469
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 40%
Total physical RAM: 8109.81 MB
Available physical RAM: 4811.21 MB
Total Virtual: 11821.81 MB
Available Virtual: 8700.68 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:118.24 GB) (Free:41.91 GB) NTFS
Drive d: (Data) (Fixed) (Total:911.25 GB) (Free:375.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 70478F7B)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 70478F85)

Partition: GPT.

==================== End of Addition.txt ============================


Edited by Koutsiog, 27 September 2015 - 05:05 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 PM

Posted 27 September 2015 - 07:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\Run: [GalaxyClient] => [X]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Extension: Ads no more - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi [2015-07-13]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
S3 RTCore64; \??\D:\Program Files (x86)\RMClock\RTCore64.sys [X]
U3 fgrdypog; \??\C:\Users\Koutsiog\AppData\Local\Temp\fgrdypog.sys [X]
C:\Users\Koutsiog\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Koutsiog\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpv9w2.dll
C:\Users\Koutsiog\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw4cvw5.dll
C:\Users\Koutsiog\AppData\Local\Temp\DSETUP.dll
C:\Users\Koutsiog\AppData\Local\Temp\dsetup32.dll
C:\Users\Koutsiog\AppData\Local\Temp\DXSETUP.exe
C:\Users\Koutsiog\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Koutsiog\AppData\Local\Temp\sqlite3.dll
C:\Users\Koutsiog\AppData\Local\Temp\{EE9C6067-87FE-4EB9-AA30-302D4B7E573E}.exe
C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi
Task: {033B7EE5-37EC-42AE-8CB5-7D7E156270A1} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {14F00B17-2C76-40E1-BFC4-9D86D45AC21A} - \MalwarebytesUpdate -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1F0E40DB-8DB8-4C53-9137-89D81951448B} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {1FEF33F3-4D17-46BE-93CB-87036DDA5B2B} - \hrushpa -> No File <==== ATTENTION
Task: {282E87D6-0489-400E-932E-E05B1A9B6060} - \BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {2928E5F7-ED0F-4E96-B993-8FEF46E0722A} - \CCleaner -> No File <==== ATTENTION
Task: {3B01B583-2C78-4CD7-934D-3EE055C91A23} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {603AA9D8-1BE2-44B9-B931-7D7F0A532E59} - \Optimize Start Menu Cache Files-S-1-5-21-1253574191-45192698-2028136428-500 -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {91C75033-7036-4395-BBEC-D2963A661271} - \MSI_Dragon Gaming Center -> No File <==== ATTENTION
Task: {B31AB854-DBBA-447F-95D2-CE9D25F81436} - \SuperAS -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C6C98266-0210-49F5-9C5B-57445C840134} - \RMC -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D368E0A7-76A0-4CF5-B7B0-A53F8E348166} - \IntelMemoryDiagnostic -> No File <==== ATTENTION
Task: {D3DCA383-57FF-4F38-BFF3-DAD7B2D560B4} - \FRAPS -> No File <==== ATTENTION
Task: {F17E3C40-C505-40CC-824B-88CD9685B789} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {FFBAD9E0-763C-4527-A615-BDBA8072AADF} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists run this tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

How is the computer running now?

#3 Koutsiog

Koutsiog
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 27 September 2015 - 08:37 AM

Ran both tools, my action center icon is still locked at off and my windows defender service is still missing. I haven't found any of the CMD processes yet but they usually start randomly so I can't confidently say they're gone for good. My phone is connecting fine with my PC but as I said I don't know if that was caused by the malware or it was just a random issue. At this point I'm not even sure if I'm still infected with the malware or if I've managed to get rid of it and am just dealing with its aftermath.

 

LOGS:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by Koutsiog (2015-09-27 16:14:51) Run:1
Running from D:\Desktop
Loaded Profiles: Koutsiog (Available Profiles: Koutsiog)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\...\Run: [GalaxyClient] => [X]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [No File]
FF Extension: Ads no more - C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi [2015-07-13]
S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
S3 RTCore64; \??\D:\Program Files (x86)\RMClock\RTCore64.sys [X]
U3 fgrdypog; \??\C:\Users\Koutsiog\AppData\Local\Temp\fgrdypog.sys [X]
C:\Users\Koutsiog\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Koutsiog\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpv9w2.dll
C:\Users\Koutsiog\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw4cvw5.dll
C:\Users\Koutsiog\AppData\Local\Temp\DSETUP.dll
C:\Users\Koutsiog\AppData\Local\Temp\dsetup32.dll
C:\Users\Koutsiog\AppData\Local\Temp\DXSETUP.exe
C:\Users\Koutsiog\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Koutsiog\AppData\Local\Temp\sqlite3.dll
C:\Users\Koutsiog\AppData\Local\Temp\{EE9C6067-87FE-4EB9-AA30-302D4B7E573E}.exe
C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi
Task: {033B7EE5-37EC-42AE-8CB5-7D7E156270A1} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {14F00B17-2C76-40E1-BFC4-9D86D45AC21A} - \MalwarebytesUpdate -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1F0E40DB-8DB8-4C53-9137-89D81951448B} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d -> No File <==== ATTENTION
Task: {1FEF33F3-4D17-46BE-93CB-87036DDA5B2B} - \hrushpa -> No File <==== ATTENTION
Task: {282E87D6-0489-400E-932E-E05B1A9B6060} - \BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {2928E5F7-ED0F-4E96-B993-8FEF46E0722A} - \CCleaner -> No File <==== ATTENTION
Task: {3B01B583-2C78-4CD7-934D-3EE055C91A23} - \ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon -> No File <==== ATTENTION
Task: {603AA9D8-1BE2-44B9-B931-7D7F0A532E59} - \Optimize Start Menu Cache Files-S-1-5-21-1253574191-45192698-2028136428-500 -> No File <==== ATTENTION
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {91C75033-7036-4395-BBEC-D2963A661271} - \MSI_Dragon Gaming Center -> No File <==== ATTENTION
Task: {B31AB854-DBBA-447F-95D2-CE9D25F81436} - \SuperAS -> No File <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C6C98266-0210-49F5-9C5B-57445C840134} - \RMC -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D368E0A7-76A0-4CF5-B7B0-A53F8E348166} - \IntelMemoryDiagnostic -> No File <==== ATTENTION
Task: {D3DCA383-57FF-4F38-BFF3-DAD7B2D560B4} - \FRAPS -> No File <==== ATTENTION
Task: {F17E3C40-C505-40CC-824B-88CD9685B789} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {FFBAD9E0-763C-4527-A615-BDBA8072AADF} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-1253574191-45192698-2028136428-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater" => key removed successfully
C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi => moved successfully
C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi => path removed successfully
WinDefend => service removed successfully
RTCore64 => service removed successfully
fgrdypog => service removed successfully
C:\Users\Koutsiog\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Koutsiog\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkpv9w2.dll => moved successfully
C:\Users\Koutsiog\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpw4cvw5.dll => moved successfully
C:\Users\Koutsiog\AppData\Local\Temp\DSETUP.dll => moved successfully
C:\Users\Koutsiog\AppData\Local\Temp\dsetup32.dll => moved successfully
C:\Users\Koutsiog\AppData\Local\Temp\DXSETUP.exe => moved successfully
C:\Users\Koutsiog\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Koutsiog\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\Koutsiog\AppData\Local\Temp\{EE9C6067-87FE-4EB9-AA30-302D4B7E573E}.exe => moved successfully
"C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a2}.xpi" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{033B7EE5-37EC-42AE-8CB5-7D7E156270A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{033B7EE5-37EC-42AE-8CB5-7D7E156270A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14F00B17-2C76-40E1-BFC4-9D86D45AC21A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14F00B17-2C76-40E1-BFC4-9D86D45AC21A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MalwarebytesUpdate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F0E40DB-8DB8-4C53-9137-89D81951448B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F0E40DB-8DB8-4C53-9137-89D81951448B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1FEF33F3-4D17-46BE-93CB-87036DDA5B2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FEF33F3-4D17-46BE-93CB-87036DDA5B2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hrushpa" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{282E87D6-0489-400E-932E-E05B1A9B6060}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{282E87D6-0489-400E-932E-E05B1A9B6060}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundConfigSurveyor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2928E5F7-ED0F-4E96-B993-8FEF46E0722A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2928E5F7-ED0F-4E96-B993-8FEF46E0722A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B01B583-2C78-4CD7-934D-3EE055C91A23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B01B583-2C78-4CD7-934D-3EE055C91A23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{603AA9D8-1BE2-44B9-B931-7D7F0A532E59}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{603AA9D8-1BE2-44B9-B931-7D7F0A532E59}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-1253574191-45192698-2028136428-500" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{91C75033-7036-4395-BBEC-D2963A661271}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91C75033-7036-4395-BBEC-D2963A661271}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MSI_Dragon Gaming Center" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B31AB854-DBBA-447F-95D2-CE9D25F81436}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B31AB854-DBBA-447F-95D2-CE9D25F81436}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperAS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6C98266-0210-49F5-9C5B-57445C840134}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6C98266-0210-49F5-9C5B-57445C840134}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RMC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D368E0A7-76A0-4CF5-B7B0-A53F8E348166}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D368E0A7-76A0-4CF5-B7B0-A53F8E348166}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelMemoryDiagnostic" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3DCA383-57FF-4F38-BFF3-DAD7B2D560B4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3DCA383-57FF-4F38-BFF3-DAD7B2D560B4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FRAPS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F17E3C40-C505-40CC-824B-88CD9685B789}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F17E3C40-C505-40CC-824B-88CD9685B789}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFBAD9E0-763C-4527-A615-BDBA8072AADF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFBAD9E0-763C-4527-A615-BDBA8072AADF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineUA" => key removed successfully
EmptyTemp: => 7 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 16:15:06 ====

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Zoek.exe v5.0.0.0 Updated 27-09-2015
Tool run by Koutsiog on ??? 27/09/2015 at 16:18:09,87.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

27/9/2015 4:19:07 µµ Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\Koutsiog\AppData\Roaming\ms-drivers deleted successfully
C:\Users\Koutsiog\AppData\Roaming\QuickScan deleted successfully
C:\Users\Koutsiog\AppData\Roaming\Toribash deleted successfully
C:\Users\Koutsiog\AppData\Local\Axialis deleted successfully
C:\Users\Koutsiog\AppData\Local\EmieSiteList deleted successfully
C:\Users\Koutsiog\AppData\Local\EmieUserList deleted successfully
C:\Users\Koutsiog\AppData\Local\Razer deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_20152709_0426_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\TaglibHandler deleted
C:\Users\Koutsiog\AppData\Roaming\Recorder.ini deleted
C:\Windows\SysNative\config\systemprofile\AppData\Roaming\ETDCoInstaller.log deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\wininit.ini deleted
C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\extensions\firefox@ghostery.com.xpi deleted
C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\extensions\firefox@mega.co.nz.xpi deleted
C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\FVD Toolbar deleted
C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default\jetpack deleted
C:\Users\Koutsiog\AppData\Roaming\d3dx10.exe deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default
- Greek Spelling dictionary - %ProfilePath%\extensions\el-GR@dictionaries.addons.mozilla.org
- British English Dictionary Forked by Marco Pinto - %ProfilePath%\extensions\marcoagpinto@mail.telepac.pt
- Super Start - %ProfilePath%\extensions\superstart@enjoyfreeware.org
- OpenDownload - %ProfilePath%\extensions\{210249CE-F888-11DD-B868-4CB456D89593}
- iMacros for Firefox - %ProfilePath%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
- Add to Search Bar - %ProfilePath%\extensions\add-to-searchbox@maltekraus.de.xpi
- Element Hiding Helper for Adblock Plus - %ProfilePath%\extensions\elemhidehelper@adblockplus.org.xpi
- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi
- FireGestures - %ProfilePath%\extensions\firegestures@xuldev.org.xpi
- AutoPagerize - %ProfilePath%\extensions\jid0-tKjnEA5X3eBoP5HnqjBYQ4U3AcM@jetpack.xpi
- Enable Click to Play - %ProfilePath%\extensions\jid1-4Vy68XOTvAbEBQ@jetpack.xpi
- Google Similar Images - %ProfilePath%\extensions\nishan.naseer.googimagesearch@gmail.com.xpi
- Omnibar - %ProfilePath%\extensions\omnibar@ajitk.com.xpi
- Omnibar Plus - %ProfilePath%\extensions\omnibarplus@quicksaver.xpi
- Secure Login - %ProfilePath%\extensions\secureLogin@blueimp.net.xpi
- Thumbnail Zoom Plus - %ProfilePath%\extensions\thumbnailZoom@dadler.github.com.xpi
- Undetermined - %ProfilePath%\extensions\{00000f2a-7cde-4f20-83ed-434fcb420d71}.xpi
- All-in-One Sidebar - %ProfilePath%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
- Resurrect Pages - %ProfilePath%\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi
- LastTab - %ProfilePath%\extensions\{68E5DD30-A659-4987-99F9-EAF21F9D4140}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Koutsiog\AppData\Roaming\Mozilla\Firefox\Profiles\9wsrwxv1.default
1A62BB86D17B8DC0D4339BACC8D60635    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll -    Shockwave Flash


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://msi13.msn.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://msi13.msn.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{D5B7AE39-81EC-4406-A776-D46663AE7F27}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{D5B7AE39-81EC-4406-A776-D46663AE7F27} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Koutsiog\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Koutsiog\AppData\Local\Microsoft\Windows\INetCache\IE\65UAMB8G will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Koutsiog\AppData\Local\Mozilla\Firefox\Profiles\9wsrwxv1.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=65 folders=59 189568311 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Koutsiog\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Koutsiog\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Koutsiog\AppData\Local\Microsoft\Windows\INetCache\IE\65UAMB8G" not found

==== EOF on ??? 27/09/2015 at 16:28:27,48 ======================
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 PM

Posted 27 September 2015 - 09:18 AM

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#5 Koutsiog

Koutsiog
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 27 September 2015 - 09:23 AM

Farbar Service Scanner Version: 26-07-2015
Ran by Koutsiog (administrator) on 27-09-2015 at 17:22:54
Running from "C:\Users\Koutsiog\AppData\Local\Temp\mozOpenDownload"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 PM

Posted 27 September 2015 - 10:30 AM

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""


Restart the when completed.

You can delete the fixme.reg file when done.
===

Open this page.
http://download.bleepingcomputer.com/win-services/8/

Download this file WinDefend.reg to your Desktop.

Click the file and merge the information.
Accept the prompt.

Restart the computer normally.

How is it now?

#7 Koutsiog

Koutsiog
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 27 September 2015 - 10:47 AM

The windows defender service is back but defender is still dead, trying to start it from the service gives me "Error 2: The system cannot find the file specified"

Action center icon still locked off. UPDATE: it just appeared a few minutes after restarting, it seems to be working now.

 

Note: I don't really need windows defender, I'll be replacing it anyway because obviously it's not doing a good enough work, I just want to get it up and running as a confirmation that this malware is completely gone, if it isn't it will probably disable it again.


Edited by Koutsiog, 27 September 2015 - 11:08 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 PM

Posted 28 September 2015 - 06:50 AM

Panda is probably disabling Windows Defender.

Both cannot be run in real life.

p.s.
In Windows 8 the Microsoft Security Essential has been replaced by Windows Defender.

#9 Koutsiog

Koutsiog
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 28 September 2015 - 07:44 AM

I know panda will disable windows defender but right now it can't find the files at all, it seems defender has been completely deleted by the malware, not just disabled, and I'd like to get it back if possible.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 PM

Posted 28 September 2015 - 01:24 PM

Windows defender is part of the Window 8 programs.

Can it be hidden?

Check it out.
http://blogs.msdn.com/b/zxue/archive/2012/03/08/win8-howto-19-show-hidden-files-folders-and-drives.aspx

#11 Koutsiog

Koutsiog
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 28 September 2015 - 01:37 PM

I open the services window, locate windows defender service, click start and am greeted with this error message:

5339458135.png

What I take from this is that the windows defender files are missing, unless there is some other, less obvious explanation.

Either way, I'd like to restore windows defender to working condition.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 PM

Posted 29 September 2015 - 06:54 AM


Since the reg.fix did not solved your Windows Defender on your Windows 8 I can only suggest the following.

SFC Command - Run in Windows 8


===

If that fails

Possibly reset your PC.
Read this article and proceed if you can.
http://windows.microsoft.com/en-US/windows-8/restore-refresh-reset-pc

Before you do you can check with the Windows 8 forum experts.
http://www.bleepingcomputer.com/forums/f/209/windows-8-and-windows-81/

I will leave this topic open for 6 days. If you need to return please do.

Edited by nasdaq, 29 September 2015 - 06:56 AM.


#13 Koutsiog

Koutsiog
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 09 October 2015 - 12:18 PM

No luck with SFC I'm afraid, but thanks nonetheless for the attempt and for all the other help

You can close this thread, I don't need anything else, thanks again for all the help



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:46 PM

Posted 09 October 2015 - 01:24 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users