Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Removal [Closed]


  • This topic is locked This topic is locked

#31
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello to you

you have to Right-mouse click JRT.exe and select Run as Administrator. Did you do this? :)
  • 0

Advertisements


#32
Georgekopa

Georgekopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Yes. A black window open for a second and then it close immediately! It's like it cannot open.
  • 0

#33
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
O.K I will get on to the programmer about this. Can you try once more but this time reboot the PC first, turn off Avast, make sure no other programs or browsers are open and try again. If this fails then leave the JRT scan and carry on with Step 6 and post the results minus JRT.txt :thumbsup:
  • 0

#34
Georgekopa

Georgekopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I did it but nothing again. Anyway,here is the other you asked from me!
OTL fix:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1720886877-3019773777-2494609800-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
Registry value HKEY_USERS\S-1-5-21-1720886877-3019773777-2494609800-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:Explorer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:SystemPropertiesPerformance.exe deleted successfully.
File move failed. D:\autorun.exe scheduled to be moved on reboot.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d5f2252-ec85-11e1-a33c-00235a765294}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d5f2252-ec85-11e1-a33c-00235a765294}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d5f2252-ec85-11e1-a33c-00235a765294}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d5f2252-ec85-11e1-a33c-00235a765294}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2891363f-d871-11e0-8d8b-00235a765294}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2891363f-d871-11e0-8d8b-00235a765294}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2891363f-d871-11e0-8d8b-00235a765294}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2891363f-d871-11e0-8d8b-00235a765294}\ not found.
File move failed. D:\autorun.exe scheduled to be moved on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk moved successfully.
C:\Users\Public\Desktop\Adobe Reader X.lnk moved successfully.
C:\Users\Kopas\Documents\Vuze Downloads\The.Smurfs.2.2013.HDRiP.READNFO.XViD-FANTA folder moved successfully.
C:\Users\Kopas\Documents\Vuze Downloads folder moved successfully.
C:\END moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Virtual DJ Pro Full - Atomix Productions not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{90140000-00BD-0408-0000-0000000FF1CE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90140000-00BD-0408-0000-0000000FF1CE}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kopas
->Temp folder emptied: 15189313 bytes
->Temporary Internet Files folder emptied: 12838216 bytes
->Java cache emptied: 15746 bytes
->FireFox cache emptied: 6100868 bytes
->Google Chrome cache emptied: 422853204 bytes
->Flash cache emptied: 727 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 144638306 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1030305 bytes

Total Files Cleaned = 575.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10142013_020057

Files\Folders moved on Reboot...
File\Folder D:\autorun.exe not found!
File\Folder D:\Autorun.inf not found!
C:\Users\Kopas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Kopas\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ADWcleaner:

# AdwCleaner v3.007 - Report created 14/10/2013 at 02:20:36
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kopas - KOPAS93
# Running from : C:\Users\Kopas\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v15.0.1 (el)

[ File : C:\Users\Kopas\AppData\Roaming\Mozilla\Firefox\Profiles\ecdm1b3x.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R2].txt - [1915 octets] - [14/10/2013 02:10:46]
AdwCleaner[R3].txt - [1001 octets] - [14/10/2013 02:19:11]
AdwCleaner[S1].txt - [1957 octets] - [14/10/2013 02:12:28]
AdwCleaner[S2].txt - [924 octets] - [14/10/2013 02:20:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [983 octets] ##########

OTL:

OTL logfile created on: 10/14/2013 10:54:11 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

5.94 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 64.99% Memory free
11.87 Gb Paging File | 9.41 Gb Available in Paging File | 79.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.57 Gb Total Space | 332.59 Gb Free Space | 57.29% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KOPAS93 | User Name: Kopas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/25 18:52:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopas\Desktop\OTL.exe
PRC - [2013/08/30 10:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 10:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/28 18:20:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/25 03:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kopas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/08/02 10:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/03/25 08:55:00 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\OrangeHRM\2.6.12.1\apache\bin\httpd.exe
PRC - [2011/03/25 08:54:42 | 008,133,120 | ---- | M] () -- C:\OrangeHRM\2.6.12.1\mysql\bin\mysqld.exe
PRC - [2009/10/29 14:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/10/23 06:34:56 | 000,200,488 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/10/22 05:53:42 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/10/07 10:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/09/30 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/24 05:37:56 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/09/24 05:37:44 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/09/23 17:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/09/10 16:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/09/10 16:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/09/05 11:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
PRC - [2009/09/05 11:17:52 | 003,567,616 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
PRC - [2009/09/05 11:17:50 | 004,191,232 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
PRC - [2009/09/05 11:17:40 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009/08/28 12:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/07 16:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 16:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/08/04 08:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/11 02:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 13:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/04 05:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2008/07/30 06:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007/04/20 16:55:58 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/13 03:19:33 | 013,584,776 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.9.900.117\pepflashplayer.dll
MOD - [2013/10/03 09:03:05 | 000,415,184 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
MOD - [2013/10/03 09:03:03 | 004,055,504 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 09:02:12 | 000,698,832 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 09:02:11 | 000,099,792 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 09:02:09 | 001,604,560 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/03/13 23:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Kopas\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/14 02:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Kopas\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2009/07/14 04:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/02/03 04:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008/07/30 06:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2006/01/06 15:51:00 | 000,266,303 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\magengin.dll
MOD - [2005/08/05 17:24:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\uPiApi.dll
MOD - [2004/12/14 13:00:00 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\fpxlib.dll
MOD - [2004/12/01 18:21:22 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\kgl.dll


========== Services (SafeList) ==========

SRV - [2013/09/24 17:22:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/28 18:20:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/09/12 14:21:54 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/03/25 08:55:00 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\OrangeHRM\2.6.12.1\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2011/03/25 08:54:42 | 008,133,120 | ---- | M] () [Auto | Running] -- C:\OrangeHRM\2.6.12.1\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/24 05:37:56 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/09/10 16:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/09/05 11:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009/08/28 12:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/07 16:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009/07/10 13:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV - [2009/10/22 05:54:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/12/31 04:38:25] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/26 06:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...14z195t4992d35n
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_elGR447
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: [email protected]:2.3
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.9
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kopas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kopas\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kopas\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/10/03 03:05:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/12 14:22:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/03 02:35:10 | 000,000,000 | ---D | M]

[2011/09/04 16:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\Extensions
[2013/09/25 18:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\Firefox\Profiles\ecdm1b3x.default\extensions
[2012/09/05 13:30:13 | 000,040,827 | ---- | M] () (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\firefox\profiles\ecdm1b3x.default\extensions\[email protected]
[2012/09/03 05:27:34 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\firefox\profiles\ecdm1b3x.default\extensions\[email protected]
[2012/12/13 18:43:21 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\firefox\profiles\ecdm1b3x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/09/12 14:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/12 14:22:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/25 06:02:51 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/25 06:02:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/25 06:02:51 | 000,000,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/25 06:02:51 | 000,001,219 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-el.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kopas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0\
CHR - Extension: Google Drive = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: \u0391\u03BD\u03B1\u03B6\u03AE\u03C4\u03B7\u03C3\u03B7 Google = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Tasks (by Google) = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\
CHR - Extension: AdBlock = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.4.0.2_0\
CHR - Extension: avast! Online Security = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Google Bookmarks Browser = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkffhdnihongjlhmapddfemaklefeila\0.8_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: RSS Feed Reader = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.0_0\

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kopas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Αποστολή εικόνας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Αποστολή σελίδας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.40.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31F62657-EF00-48AD-A936-418738277246}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/22 06:20:01 | 000,356,208 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2013/08/22 06:20:01 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{2891363f-d871-11e0-8d8b-00235a765294}\Shell - "" = AutoRun
O33 - MountPoints2\{2891363f-d871-11e0-8d8b-00235a765294}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2013/08/22 06:20:01 | 000,356,208 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/14 02:27:28 | 000,000,000 | ---D | C] -- C:\Users\Kopas\.jmc
[2013/10/14 02:27:17 | 000,000,000 | ---D | C] -- C:\Users\Kopas\.eclipse
[2013/10/14 02:25:46 | 001,032,220 | ---- | C] (Thisisu) -- C:\Users\Kopas\Desktop\JRT.exe
[2013/10/14 02:10:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/09 01:38:49 | 000,000,000 | ---D | C] -- C:\Users\Kopas\.swt
[2013/10/09 01:38:27 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\Azureus
[2013/10/08 18:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
[2013/10/03 03:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/10/03 03:05:17 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/03 03:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/10/03 02:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/03 02:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/03 02:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/29 19:46:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/27 19:08:09 | 000,000,000 | ---D | C] -- C:\Users\Kopas\Sony Arxeia
[2013/09/27 03:33:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2013/09/26 05:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2013/09/25 18:52:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kopas\Desktop\OTL.exe
[2013/09/25 18:47:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/25 05:25:59 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/09/25 05:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/09/24 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\Kopas\Podcasts
[2013/09/24 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\Kopas\Documents\Media Go
[2013/09/24 17:23:50 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Local\Sony
[2013/09/24 17:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2013/09/24 17:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2013/09/24 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Local\Downloaded Installations
[2013/09/24 17:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install
[2013/09/24 17:20:18 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\Sony
[2013/09/21 13:58:10 | 000,000,000 | ---D | C] -- C:\Windows\temp

========== Files - Modified Within 30 Days ==========

[2013/10/14 22:49:02 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/14 22:48:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/14 22:48:12 | 485,572,607 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/14 22:39:00 | 000,001,194 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000UA.job
[2013/10/14 22:18:35 | 000,001,184 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/14 22:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/14 21:25:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000UA.job
[2013/10/14 18:25:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000Core.job
[2013/10/14 16:39:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000Core.job
[2013/10/14 02:26:01 | 001,032,220 | ---- | M] (Thisisu) -- C:\Users\Kopas\Desktop\JRT.exe
[2013/10/14 02:18:50 | 001,048,960 | ---- | M] () -- C:\Users\Kopas\Desktop\AdwCleaner.exe
[2013/10/10 11:49:37 | 001,616,730 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/03 03:05:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/09/26 05:15:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/25 18:52:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopas\Desktop\OTL.exe
[2013/09/24 17:17:51 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

========== Files Created - No Company Name ==========

[2013/10/14 02:18:59 | 001,048,960 | ---- | C] () -- C:\Users\Kopas\Desktop\AdwCleaner.exe
[2013/10/03 03:05:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/09/26 05:15:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/24 17:22:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/31 18:11:51 | 000,000,654 | ---- | C] () -- C:\Windows\wininit.ini
[2013/02/28 22:55:12 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/02/09 14:54:30 | 000,000,004 | ---- | C] () -- C:\Users\Kopas\crt101
[2012/10/06 16:32:43 | 001,616,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/07 06:08:10 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/01/07 06:08:10 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini

========== ZeroAccess Check ==========

[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 05:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 04:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/10/20 22:43:23 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\AnvSoft
[2013/10/10 20:21:35 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\Azureus
[2012/03/10 17:24:38 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\BSW
[2012/09/25 01:14:03 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\DAEMON Tools Lite
[2013/10/14 22:50:17 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\Dropbox
[2013/10/14 01:59:11 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\DVDVideoSoft
[2011/09/01 11:07:31 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\EgisTec
[2011/09/20 17:48:47 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\GameConsole
[2012/10/06 16:44:37 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\IDoser
[2012/01/07 06:48:20 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\LG Electronics
[2011/09/04 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\LolClient
[2012/01/07 06:49:08 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\ooVoo Details
[2011/09/04 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\PowerCinema
[2011/09/04 16:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\SoftDMA
[2013/09/24 17:25:55 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\Sony
[2012/12/11 08:29:58 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\SPSSInc
[2011/09/01 10:37:47 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\ViquaSoft
[2011/09/20 17:17:32 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\xm1

< End of report >

The icon of Dj did not be removed from Control Panel!
  • 0

#35
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi :)

There appear to be some files missing that I need to locate. Could you run the following scan and post the results, thanks.

OTL Custom Scan

  • Right click the OTL icon and select Run as Administrator.
  • There are 8 None boxes please check all 8.
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    /md5start
    explorer.exe
    credssp.dll
    /md5stop

  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply

  • 0

#36
Georgekopa

Georgekopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi! Here they are:

OTL logfile created on: 10/17/2013 5:48:07 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

5.94 Gb Total Physical Memory | 3.64 Gb Available Physical Memory | 61.28% Memory free
11.87 Gb Paging File | 9.12 Gb Available in Paging File | 76.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.57 Gb Total Space | 328.47 Gb Free Space | 56.58% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KOPAS93 | User Name: Kopas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: CREDSSP.DLL >
[2010/11/20 15:18:24 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=4E5FE39C1076D115EC8BFCFE14D75B80 -- C:\Windows\SysWOW64\credssp.dll
[2010/11/20 15:18:24 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=4E5FE39C1076D115EC8BFCFE14D75B80 -- C:\Windows\winsxs\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.17514_none_c5bf9b5affd21ddc\credssp.dll
[2010/11/20 16:25:58 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=52D3D5E3586988D4D9E34ACAAC33105C -- C:\Windows\SysNative\credssp.dll
[2010/11/20 16:25:58 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=52D3D5E3586988D4D9E34ACAAC33105C -- C:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7601.17514_none_21de36deb82f8f12\credssp.dll
[2009/07/14 04:40:23 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=9301B8810B2DA4EB6AD55DB75FC1E339 -- C:\Windows\winsxs\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7600.16385_none_1fad2316bb410b78\credssp.dll
[2009/07/14 04:15:07 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=BF591B5C2CC38314518467E883AE37C5 -- C:\Windows\winsxs\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.1.7600.16385_none_c38e879302e39a42\credssp.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 09:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 08:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 08:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 09:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 15:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 09:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 09:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 08:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 16:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 09:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 08:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 04:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 09:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 09:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 09:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< End of report >
  • 0

#37
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there:)

Well the files are present so let's have a closer look. Run the Windows repair tool then the OTL scan. In OTL don't uncheck the Include 64bit Scans box, I have included this in the OTL instructions this time. :thumbsup:



1. Tweaking.com Windows Repair

  • Use this link to download Tweaking.com Windows Repair Click the Direct Download link and save to Desktop.
  • Run the installer, follow the prompts and the program will open.
  • Click on the Step 3: Optional tab and click Do It to run System File Checker. The CMD window will open and begin the scan.
  • Once complete, click the Step 4 tab and under System Restore click Create
  • Once complete, click the Start Repairs tab, then click Start
  • Click Unselect All then select the following from the image.

    Posted Image
  • On the right of the window check the Restart/Shutdown system when finished box an select Restart System
  • Now click start. Windows will restart, then move on to step 2.


2. OTL Custom Scan

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Include 64bit Scans
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
    HKEY_CURRENT_USER\Environment

  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply

I only need to see the OTL scan results :)
  • 0

#38
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Still with me? :)
  • 0

#39
Georgekopa

Georgekopa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello. Still with you! ;)

OTL logfile created on: 10/24/2013 12:02:50 AM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kopas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: Ελλάδα | Language: ELL | Date Format: d/M/yyyy

5.94 Gb Total Physical Memory | 3.63 Gb Available Physical Memory | 61.18% Memory free
11.87 Gb Paging File | 9.23 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.57 Gb Total Space | 331.06 Gb Free Space | 57.02% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KOPAS93 | User Name: Kopas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/25 18:52:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopas\Desktop\OTL.exe
PRC - [2013/08/30 10:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 10:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/28 18:20:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/25 03:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Kopas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/03/25 08:55:00 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\OrangeHRM\2.6.12.1\apache\bin\httpd.exe
PRC - [2011/03/25 08:54:42 | 008,133,120 | ---- | M] () -- C:\OrangeHRM\2.6.12.1\mysql\bin\mysqld.exe
PRC - [2009/10/29 14:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/10/23 06:34:56 | 000,200,488 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/10/22 05:53:42 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/10/07 10:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/09/30 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/24 05:37:56 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/09/24 05:37:44 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/09/23 17:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/09/10 16:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/09/10 16:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/09/05 11:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
PRC - [2009/09/05 11:17:40 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009/08/28 12:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/07 16:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 16:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/08/04 08:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/11 02:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 13:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/04 05:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2008/07/30 06:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007/04/20 16:55:58 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 03:02:43 | 000,415,184 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
MOD - [2013/10/09 03:02:41 | 004,055,504 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/09 03:01:50 | 000,698,832 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/09 03:01:49 | 000,099,792 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/09 03:01:47 | 001,604,560 | ---- | M] () -- C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/03/13 23:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Kopas\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/14 02:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Kopas\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2009/07/14 04:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/02/03 04:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008/07/30 06:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2006/01/06 15:51:00 | 000,266,303 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\magengin.dll
MOD - [2005/08/05 17:24:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\uPiApi.dll
MOD - [2004/12/14 13:00:00 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\fpxlib.dll
MOD - [2004/12/01 18:21:22 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\TotalMedia 3\kgl.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/30 10:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2011/12/01 10:48:54 | 000,018,944 | ---- | M] (Hercules®) [Auto | Running] -- C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
SRV:64bit: - [2009/11/11 17:33:44 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 23:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/10/30 03:54:02 | 000,788,000 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/10/03 05:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/04 05:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2005/09/23 04:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
SRV - [2013/09/24 17:22:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/28 18:20:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/09/12 14:21:54 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/03/25 08:55:00 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\OrangeHRM\2.6.12.1\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2011/03/25 08:54:42 | 008,133,120 | ---- | M] () [Auto | Running] -- C:\OrangeHRM\2.6.12.1\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 15:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 15:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/24 05:37:56 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/09/10 16:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/09/05 11:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009/08/28 12:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/07 16:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009/07/10 13:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/30 10:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/30 10:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/30 10:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/30 10:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/30 10:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/30 10:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/30 10:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/30 10:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/09/02 15:20:17 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/09/02 15:20:17 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/03/10 17:03:53 | 000,507,392 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)
DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/01 10:49:28 | 000,220,672 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJBulk.sys -- (Bulk)
DRV:64bit: - [2011/12/01 10:49:24 | 000,289,280 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV:64bit: - [2011/09/06 16:04:47 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/17 11:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/12/31 15:36:14 | 000,036,400 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2009/11/11 19:31:44 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/02 23:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/02 03:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/23 05:25:22 | 000,144,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/09/21 05:20:48 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/03 13:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/28 14:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 14:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/08/21 12:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/08/07 16:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/05 15:15:00 | 000,694,272 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ltn_stk7770P.sys -- (Ltn_stk7770P)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 07:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/29 05:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/24 13:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/07 11:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/02 14:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 14:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 14:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/19 16:59:00 | 000,014,848 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid)
DRV:64bit: - [2009/05/05 11:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 11:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/07 10:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/04/24 13:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma)
DRV - [2009/10/22 05:54:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/12/31 04:38:25] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/26 06:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...14z195t4992d35n
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_elGR447
IE - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: [email protected]:2.3
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.9
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kopas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kopas\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kopas\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/10/03 03:05:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/12 14:22:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/03 02:35:10 | 000,000,000 | ---D | M]

[2011/09/04 16:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\Extensions
[2013/09/25 18:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\Firefox\Profiles\ecdm1b3x.default\extensions
[2012/09/05 13:30:13 | 000,040,827 | ---- | M] () (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\firefox\profiles\ecdm1b3x.default\extensions\[email protected]
[2012/09/03 05:27:34 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\firefox\profiles\ecdm1b3x.default\extensions\[email protected]
[2012/12/13 18:43:21 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Kopas\AppData\Roaming\mozilla\firefox\profiles\ecdm1b3x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/09/12 14:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/09/12 14:22:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/25 06:02:51 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/25 06:02:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/25 06:02:51 | 000,000,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/25 06:02:51 | 000,001,219 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-el.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kopas\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kopas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0\
CHR - Extension: Google Drive = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: \u0391\u03BD\u03B1\u03B6\u03AE\u03C4\u03B7\u03C3\u03B7 Google = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Tasks (by Google) = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\
CHR - Extension: AdBlock = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.4.0.2_0\
CHR - Extension: avast! Online Security = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Google Bookmarks Browser = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkffhdnihongjlhmapddfemaklefeila\0.8_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: RSS Feed Reader = C:\Users\Kopas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.0_0\

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1720886877-3019773777-2494609800-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Kopas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kopas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Αποστολή εικόνας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Αποστολή σελίδας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Αποστολή εικόνας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Αποστολή σελίδας στη συσκευή &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.40.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31F62657-EF00-48AD-A936-418738277246}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/22 06:20:01 | 000,356,208 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2013/08/22 06:20:01 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{2891363f-d871-11e0-8d8b-00235a765294}\Shell - "" = AutoRun
O33 - MountPoints2\{2891363f-d871-11e0-8d8b-00235a765294}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2013/08/22 06:20:01 | 000,356,208 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/20 16:18:05 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/10/20 16:16:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/10/20 16:09:21 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/10/20 15:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/10/20 15:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/10/15 22:56:49 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\uTorrent
[2013/10/14 02:27:28 | 000,000,000 | ---D | C] -- C:\Users\Kopas\.jmc
[2013/10/14 02:27:17 | 000,000,000 | ---D | C] -- C:\Users\Kopas\.eclipse
[2013/10/14 02:25:46 | 001,032,220 | ---- | C] (Thisisu) -- C:\Users\Kopas\Desktop\JRT.exe
[2013/10/14 02:10:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/09 01:38:49 | 000,000,000 | ---D | C] -- C:\Users\Kopas\.swt
[2013/10/09 01:38:27 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\Azureus
[2013/10/08 18:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/10/03 03:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/10/03 03:05:56 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/03 03:05:56 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/03 03:05:53 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/03 03:05:52 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/03 03:05:52 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/03 03:05:44 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/03 03:05:42 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/03 03:05:17 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/03 03:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/10/03 03:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/10/03 02:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/03 02:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/03 02:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/29 19:46:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/27 19:08:09 | 000,000,000 | ---D | C] -- C:\Users\Kopas\Sony Arxeia
[2013/09/27 03:33:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2013/09/26 15:06:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/09/26 05:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2013/09/25 18:52:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kopas\Desktop\OTL.exe
[2013/09/25 18:47:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/25 05:25:59 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/09/25 05:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/09/24 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\Kopas\Podcasts
[2013/09/24 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\Kopas\Documents\Media Go
[2013/09/24 17:23:50 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Local\Sony
[2013/09/24 17:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2013/09/24 17:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2013/09/24 17:22:57 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Local\Downloaded Installations
[2013/09/24 17:22:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/09/24 17:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install
[2013/09/24 17:20:18 | 000,000,000 | ---D | C] -- C:\Users\Kopas\AppData\Roaming\Sony

========== Files - Modified Within 30 Days ==========

[2013/10/23 23:39:50 | 000,001,194 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000UA.job
[2013/10/23 23:18:00 | 000,001,184 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/23 23:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/23 21:49:58 | 001,643,040 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/23 21:49:58 | 000,700,186 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/23 21:49:58 | 000,652,946 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013/10/23 21:49:58 | 000,139,860 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/23 21:49:58 | 000,128,910 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013/10/23 21:25:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000UA.job
[2013/10/23 18:25:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000Core.job
[2013/10/23 18:00:32 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720886877-3019773777-2494609800-1000Core.job
[2013/10/23 01:18:00 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/21 13:08:17 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/21 13:08:17 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/20 18:20:59 | 000,631,250 | ---- | M] () -- C:\Users\Kopas\Desktop\2nd-halfmarathon-ph32.jpg
[2013/10/20 16:21:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/20 16:21:21 | 485,572,607 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/20 16:11:01 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/10/20 15:28:29 | 000,002,167 | ---- | M] () -- C:\Users\Kopas\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/10/20 15:25:13 | 004,976,148 | ---- | M] () -- C:\Users\Kopas\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/10/16 00:10:47 | 000,000,379 | ---- | M] () -- C:\Users\Kopas\.drjava
[2013/10/15 23:58:39 | 012,292,205 | ---- | M] () -- C:\Users\Kopas\Desktop\drjava-stable-20130901-r5756.exe
[2013/10/14 02:26:01 | 001,032,220 | ---- | M] (Thisisu) -- C:\Users\Kopas\Desktop\JRT.exe
[2013/10/14 02:18:50 | 001,048,960 | ---- | M] () -- C:\Users\Kopas\Desktop\AdwCleaner.exe
[2013/10/11 17:31:10 | 000,421,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 11:49:37 | 001,616,730 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/03 03:05:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/09/26 05:15:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/26 05:15:22 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/09/25 18:52:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kopas\Desktop\OTL.exe
[2013/09/24 17:17:51 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

========== Files Created - No Company Name ==========

[2013/10/20 18:20:58 | 000,631,250 | ---- | C] () -- C:\Users\Kopas\Desktop\2nd-halfmarathon-ph32.jpg
[2013/10/20 15:28:29 | 000,002,167 | ---- | C] () -- C:\Users\Kopas\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/10/20 15:25:38 | 004,976,148 | ---- | C] () -- C:\Users\Kopas\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/10/16 00:07:21 | 000,000,379 | ---- | C] () -- C:\Users\Kopas\.drjava
[2013/10/15 23:58:09 | 012,292,205 | ---- | C] () -- C:\Users\Kopas\Desktop\drjava-stable-20130901-r5756.exe
[2013/10/14 02:18:59 | 001,048,960 | ---- | C] () -- C:\Users\Kopas\Desktop\AdwCleaner.exe
[2013/10/03 03:05:51 | 000,204,880 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/03 03:05:49 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/03 03:05:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/09/26 14:29:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/09/26 05:15:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/09/26 05:15:22 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/09/26 04:49:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/09/24 17:22:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/31 18:11:51 | 000,000,654 | ---- | C] () -- C:\Windows\wininit.ini
[2013/02/28 22:55:12 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/02/09 14:54:30 | 000,000,004 | ---- | C] () -- C:\Users\Kopas\crt101
[2012/10/06 16:32:43 | 001,616,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/07 06:08:10 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/01/07 06:08:10 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini

========== ZeroAccess Check ==========

[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 05:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 04:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/10/20 22:43:23 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\AnvSoft
[2013/10/10 20:21:35 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\Azureus
[2012/03/10 17:24:38 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\BSW
[2012/09/25 01:14:03 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\DAEMON Tools Lite
[2013/10/20 16:23:15 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\Dropbox
[2013/10/14 01:59:11 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\DVDVideoSoft
[2011/09/01 11:07:31 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\EgisTec
[2011/09/20 17:48:47 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\GameConsole
[2012/10/06 16:44:37 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\IDoser
[2012/01/07 06:48:20 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\LG Electronics
[2011/09/04 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\LolClient
[2012/01/07 06:49:08 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\ooVoo Details
[2011/09/04 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\PowerCinema
[2011/09/04 16:16:56 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\SoftDMA
[2013/09/24 17:25:55 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\Sony
[2012/12/11 08:29:58 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\SPSSInc
[2013/10/15 23:08:09 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\uTorrent
[2011/09/01 10:37:47 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\ViquaSoft
[2011/09/20 17:17:32 | 000,000,000 | ---D | M] -- C:\Users\Kopas\AppData\Roaming\xm1

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon >
"ReportBootOk" = 1
"Shell" = Explorer.exe,
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
"DefaultDomainName" =
"DefaultUserName" =
"Userinit" = C:\Windows\system32\userinit.exe,
"VMApplet" = /pagefile

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon >
"ReportBootOk" = 1
"Shell" = Explorer.exe,
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
"DefaultDomainName" =
"DefaultUserName" =
"Userinit" = C:\Windows\system32\userinit.exe,
"VMApplet" = /pagefile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders >
"SecurityProviders" = credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SaslProfiles]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest]

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment >
"ComSpec" = %SystemRoot%\system32\cmd.exe -- [2010/11/20 15:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation)
"FP_NO_HOST_CHECK" = NO
"NTIPath" = %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\;
"NUMBER_OF_PROCESSORS" = 8
"OS" = Windows_NT
"PATH" = Επιφάνεια εργασίας
"PATHEXT" = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"Pathtem" = %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64
"PROCESSOR_ARCHITECTURE" = AMD64
"PROCESSOR_IDENTIFIER" = Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
"PROCESSOR_LEVEL" = 6
"PROCESSOR_REVISION" = 1e05
"PSModulePath" = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ -- [2009/07/14 08:32:38 | 000,000,000 | ---D | M]
"TEMP" = %SystemRoot%\TEMP -- [2013/10/24 00:15:55 | 000,000,000 | ---D | M]
"TMP" = %SystemRoot%\TEMP -- [2013/10/24 00:15:55 | 000,000,000 | ---D | M]
"USERNAME" = SYSTEM
"VS80COMNTOOLS" = C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Tools\ -- [2013/09/27 03:32:44 | 000,000,000 | ---D | M]
"windir" = %SystemRoot% -- [2013/10/20 16:18:05 | 000,000,000 | ---D | M]

< HKEY_CURRENT_USER\Environment >
"TEMP" = %USERPROFILE%\AppData\Local\Temp -- [2013/10/24 00:21:13 | 000,000,000 | ---D | M]
"TMP" = %USERPROFILE%\AppData\Local\Temp -- [2013/10/24 00:21:13 | 000,000,000 | ---D | M]

< End of report >
  • 0

#40
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello there :)

We need to fix a registry entry that is causing Explorer.exe to not be found in the registry this is a security concern, did you set the PATH entry to Desktop?

We will also carry on checking for any leftovers :thumbsup:

After the following have been carried out how is the machine runnning?


1. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :REG
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
    "PATH"="%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64"
    "Pathtem"=-

    :COMMANDS
    [REBOOT]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


2. UPDATE AND RUN MALWAREBYTES

  • Open Malwarebytes select the Updates Tab - Select Check for Updates and click O.K
  • Once complete click the Scanner Tab and select Perform quick scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • If a reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs Tab then Open Log I need to see this.


3. ESET SCAN ONLY

You will need to disable your currently installed Anti-Virus, how to do so can be read here.


IMPORTANT - Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu, Quick Launch Bar or the Taskbar and select Run as Administrator. For Taskbar right click IE then right click the IE icon that appears.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Now use this link to run an online scan with the ESET Online Scanner

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Uncheck the Remove Found Threats box. I want to check the results first as ESET may remove a false positive :)
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you copy the logfile
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste the log in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

4. OTL Custom Scan

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Include 64bit Scans
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply

Things I want to see in your next post.

  • OTL fix.txt
  • Malwarebytes results
  • ESET results
  • OTL.txt

  • 0

Advertisements


#41
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Checking in time, all O.K?
  • 0

#42
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP