Jump to content

Recommended Posts

I can't remove this Positive Finds Ads, I tried to scan using malware bytes (not premium version) and found no threats, then I tried adwcleaner, told me to restart computer but did not solve the problem, I reseted my google chrome and nothing, that ad appears in almost all websites (except youtube, gmail, etc), I can not get rid of it, also I do have adblock

 

1- http://i.imgur.com/PDVVRPH.png

2- http://i.imgur.com/Apjz3Zs.png

3- Sometimes I get redirected to this site (usually when i try to download something) http://i.imgur.com/vxGef2m.png

 

 

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Post those logs to next reply...

 

Kevin...

Link to post
Share on other sites

Hi firstly, I couldn't download Far Bar recovery scan tool, version was not compatible, http://i.imgur.com/sBV9HBV.png(notice the same ad is still there).

 

But I did download Rogue Killer (It is in portuguese so I'm not sure if that's what you want but that is the log, I think

 

RogueKiller V10.2.0.0 [Jan 19 2015] por Adlice Software
 
Sistema Operacional : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Iniciou : Modo normal
Usuário : VELOXSHOP [Administrador]
Modo : Escanear -- Data : 02/14/2015  17:23:34
 
¤¤¤ Processos : 0 ¤¤¤
 
¤¤¤ Registro : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Encontrado
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Encontrado
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Encontrado
 
¤¤¤ Tarefas : 0 ¤¤¤
 
¤¤¤ Arquivos : 0 ¤¤¤
 
¤¤¤ Arquivos de hosts : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Não carregado [0xc000036b]) ¤¤¤
 
¤¤¤ Navegadores : 0 ¤¤¤
 
¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] 533e882ee542d8795c2b791e14999cfb
[bSP] 7821ec408b46c5c18425a067465336ee : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953766 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Link to post
Share on other sites

Ok here is the FRST log 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by VELOXSHOP (administrator) on VELOXSHOP-PC on 14-02-2015 20:54:40
Running from C:\Users\VELOXSHOP\Downloads
Loaded Profiles: VELOXSHOP (Available profiles: VELOXSHOP)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Português (Brasil)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKU\S-1-5-21-4035451636-1816254277-1355667989-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22058080 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-4035451636-1816254277-1355667989-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-4035451636-1816254277-1355667989-1000\...\MountPoints2: {afd7d74c-7acd-11e4-8f12-806e6f6e6963} - D:\Bin\ASSETUP.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [baiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-4035451636-1816254277-1355667989-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-4035451636-1816254277-1355667989-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
HKU\S-1-5-21-4035451636-1816254277-1355667989-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4035451636-1816254277-1355667989-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\VELOXSHOP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-20]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxp://www.gmail.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15]
CHR Extension: (Google Drive) - C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15]
CHR Extension: (YouTube) - C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15]
CHR Extension: (Pesquisa do Google) - C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15]
CHR Extension: (AdBlock) - C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-23]
CHR Extension: (Avast Online Security) - C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-20]
CHR Extension: (Google Wallet) - C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15]
CHR Extension: (Gmail) - C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15]
CHR HKLM-x32\...\Chrome\Extension: [bloohffpflacklbmnbocakipnknelpnf] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-20]
StartMenuInternet: Google Chrome - Chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-20] (AVAST Software)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-22] (Microsoft Corporation)
S2 9b784ed1; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.16\OptProMon.dll",ENT
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-20] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-14] ()
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-14 20:54 - 2015-02-14 20:54 - 02134528 _____ (Farbar) C:\Users\VELOXSHOP\Downloads\FRST64.exe
2015-02-14 20:54 - 2015-02-14 20:54 - 00016106 _____ () C:\Users\VELOXSHOP\Downloads\FRST.txt
2015-02-14 20:54 - 2015-02-14 20:54 - 00000000 ____D () C:\FRST
2015-02-14 18:31 - 2015-02-14 18:31 - 15431256 _____ () C:\Users\VELOXSHOP\Downloads\RogueKiller (1).exe
2015-02-14 17:40 - 2015-02-14 17:40 - 00272264 _____ () C:\Windows\Minidump\021415-34507-01.dmp
2015-02-14 17:20 - 2015-02-14 18:32 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-14 17:20 - 2015-02-14 17:20 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller
2015-02-14 17:20 - 2015-02-14 17:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-14 17:19 - 2015-02-14 17:19 - 15431256 _____ () C:\Users\VELOXSHOP\Downloads\RogueKiller.exe
2015-02-14 17:15 - 2015-02-14 17:15 - 01125888 _____ (Farbar) C:\Users\VELOXSHOP\Downloads\FRST.exe
2015-02-14 16:37 - 2015-02-14 16:37 - 00448512 _____ (OldTimer Tools) C:\Users\VELOXSHOP\Downloads\TFC.exe
2015-02-14 16:31 - 2015-02-14 18:41 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit
2015-02-14 16:31 - 2015-02-14 18:41 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-02-14 16:31 - 2015-02-14 16:31 - 02967032 _____ (Malwarebytes ) C:\Users\VELOXSHOP\Downloads\mbae-setup-1.05.1.1016.exe
2015-02-14 16:31 - 2015-02-14 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-02-14 16:31 - 2015-02-14 16:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-02-14 16:18 - 2015-02-14 16:18 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\VELOXSHOP\Downloads\SpyHunter-Installer.exe
2015-02-14 15:32 - 2015-02-14 15:32 - 02112512 _____ () C:\Users\VELOXSHOP\Downloads\AdwCleaner (4).exe
2015-02-14 15:11 - 2015-02-14 15:11 - 02112512 _____ () C:\Users\VELOXSHOP\Downloads\AdwCleaner (3).exe
2015-02-14 15:10 - 2015-02-14 15:10 - 02112512 _____ () C:\Users\VELOXSHOP\Downloads\AdwCleaner (2).exe
2015-02-14 15:02 - 2015-02-14 15:02 - 39739064 _____ (Microsoft Corporation) C:\Users\VELOXSHOP\Downloads\Windows-KB890830-x64-V5.21 (1).exe
2015-02-14 14:55 - 2015-01-29 17:49 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-14 14:54 - 2015-02-14 14:54 - 39739064 _____ (Microsoft Corporation) C:\Users\VELOXSHOP\Downloads\Windows-KB890830-x64-V5.21.exe
2015-02-14 14:22 - 2015-02-14 14:53 - 00000000 ____D () C:\Users\Todos os Usuários\Spybot - Search & Destroy
2015-02-14 14:22 - 2015-02-14 14:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-14 14:22 - 2015-02-14 14:22 - 00001262 _____ () C:\Users\VELOXSHOP\Desktop\Spybot - Search & Destroy.lnk
2015-02-14 14:22 - 2015-02-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-02-14 14:22 - 2015-02-14 14:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-02-14 14:21 - 2015-02-14 14:21 - 16409960 _____ (Safer Networking Limited ) C:\Users\VELOXSHOP\Downloads\spybotsd162.exe
2015-02-14 13:14 - 2015-02-14 13:14 - 00000000 _____ () C:\autoexec.bat
2015-02-14 13:12 - 2015-02-14 13:12 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\VELOXSHOP\Downloads\sh-remover.exe
2015-02-13 12:41 - 2015-02-13 12:41 - 02112512 _____ () C:\Users\VELOXSHOP\Downloads\AdwCleaner (1).exe
2015-02-13 01:17 - 2015-02-13 01:18 - 13555456 _____ (BlueStack Systems Inc.) C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native (5).exe
2015-02-13 01:01 - 2015-02-13 01:01 - 00272264 _____ () C:\Windows\Minidump\021315-40747-01.dmp
2015-02-12 19:16 - 2015-02-12 19:16 - 13555456 _____ (BlueStack Systems Inc.) C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native (4).exe
2015-02-12 19:16 - 2015-02-12 19:16 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-12 19:14 - 2015-02-12 19:14 - 01487613 _____ () C:\Users\VELOXSHOP\Downloads\Install_Flash_Player_9_ActiveX.zip
2015-02-12 19:00 - 2015-02-12 19:11 - 00000000 ____D () C:\Users\VELOXSHOP\AppData\Roaming\Nero
2015-02-12 19:00 - 2015-02-12 19:06 - 00000000 ____D () C:\Users\VELOXSHOP\AppData\Local\Nero
2015-02-12 19:00 - 2015-02-12 19:00 - 00000000 ____D () C:\Users\VELOXSHOP\AppData\Local\Nero_AG
2015-02-12 18:59 - 2015-02-12 18:59 - 00002109 _____ () C:\Users\Public\Desktop\Nero MediaHome.lnk
2015-02-12 18:59 - 2015-02-12 18:59 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2015-02-12 18:58 - 2015-02-12 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-02-12 18:58 - 2015-02-12 18:59 - 00000000 ____D () C:\Program Files (x86)\Nero
2015-02-12 18:57 - 2015-02-12 19:00 - 00000000 ____D () C:\Users\Todos os Usuários\Nero
2015-02-12 18:57 - 2015-02-12 19:00 - 00000000 ____D () C:\ProgramData\Nero
2015-02-12 18:56 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-02-12 18:56 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-02-12 18:55 - 2015-02-12 18:55 - 00000000 ____D () C:\Users\Todos os Usuários\Package Cache
2015-02-12 18:55 - 2015-02-12 18:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 18:33 - 2015-02-12 18:52 - 198916008 _____ (Nero AG) C:\Users\VELOXSHOP\Downloads\Nero_MediaHome-16.0.01700_free.exe
2015-02-11 14:03 - 2015-02-11 14:03 - 00025688 _____ () C:\Users\VELOXSHOP\Downloads\clickerHeroSave.txt
2015-02-11 13:01 - 2015-01-23 02:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 13:01 - 2015-01-23 02:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 13:01 - 2015-01-23 01:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 13:01 - 2015-01-23 01:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 11:18 - 2015-02-04 01:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 11:18 - 2015-02-04 01:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 11:18 - 2015-02-04 01:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 11:18 - 2015-02-04 01:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 11:18 - 2015-02-04 01:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 11:18 - 2015-02-04 01:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 11:18 - 2015-02-04 01:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 11:18 - 2015-01-27 21:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 11:18 - 2015-01-12 00:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 11:18 - 2015-01-12 00:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 11:18 - 2015-01-12 00:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 11:18 - 2015-01-12 00:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 11:18 - 2015-01-11 23:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 11:18 - 2015-01-11 23:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 11:17 - 2015-01-15 06:25 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 11:17 - 2015-01-15 06:25 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-10 11:17 - 2015-01-15 06:25 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 11:17 - 2015-01-15 06:25 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 11:17 - 2015-01-15 06:09 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-10 11:17 - 2015-01-15 06:09 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 11:17 - 2015-01-15 06:09 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 11:17 - 2015-01-15 06:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 11:17 - 2015-01-15 06:05 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 11:17 - 2015-01-15 02:22 - 00458832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 11:17 - 2015-01-14 03:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 11:17 - 2015-01-14 03:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 11:17 - 2015-01-13 01:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 11:17 - 2015-01-13 00:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 11:17 - 2015-01-12 01:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 11:17 - 2015-01-12 01:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 11:17 - 2015-01-12 01:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 11:17 - 2015-01-12 00:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 11:17 - 2015-01-12 00:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 11:17 - 2015-01-12 00:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 11:17 - 2015-01-12 00:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 11:17 - 2015-01-12 00:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 11:17 - 2015-01-12 00:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 11:17 - 2015-01-12 00:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 11:17 - 2015-01-12 00:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 11:17 - 2015-01-12 00:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 11:17 - 2015-01-12 00:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 11:17 - 2015-01-12 00:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 11:17 - 2015-01-12 00:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 11:17 - 2015-01-12 00:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 11:17 - 2015-01-12 00:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 11:17 - 2015-01-12 00:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 11:17 - 2015-01-12 00:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 11:17 - 2015-01-12 00:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 11:17 - 2015-01-12 00:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 11:17 - 2015-01-12 00:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 11:17 - 2015-01-12 00:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 11:17 - 2015-01-11 23:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 11:17 - 2015-01-11 23:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 11:17 - 2015-01-11 23:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 11:17 - 2015-01-11 23:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 11:17 - 2015-01-11 23:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 11:17 - 2015-01-11 23:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 11:17 - 2015-01-11 23:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 11:17 - 2015-01-11 23:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 11:17 - 2015-01-11 23:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 11:17 - 2015-01-11 23:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 11:17 - 2015-01-11 23:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 11:17 - 2015-01-11 23:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 11:17 - 2015-01-11 23:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 11:17 - 2015-01-11 23:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 11:17 - 2015-01-11 23:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 11:17 - 2015-01-11 23:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 11:17 - 2015-01-11 23:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 11:17 - 2015-01-11 23:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 11:17 - 2015-01-11 23:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 11:17 - 2015-01-11 22:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 11:17 - 2015-01-11 22:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 11:16 - 2015-01-14 04:34 - 05553080 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 11:16 - 2015-01-14 04:25 - 03977656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 11:16 - 2015-01-14 04:25 - 03921848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 11:16 - 2015-01-09 00:05 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 11:16 - 2014-12-12 03:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 11:16 - 2014-12-12 03:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 11:16 - 2014-12-08 01:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 11:16 - 2014-12-08 00:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 11:16 - 2014-11-26 01:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 11:16 - 2014-11-26 01:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 11:16 - 2014-10-04 00:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-10 11:16 - 2014-10-03 23:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-10 11:16 - 2014-10-03 23:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-10 11:16 - 2014-07-07 00:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 11:16 - 2014-07-07 00:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 11:16 - 2014-07-06 23:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 11:16 - 2014-07-06 23:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-07 13:00 - 2015-02-07 13:00 - 00272208 _____ () C:\Windows\Minidump\020715-31839-01.dmp
2015-02-06 01:13 - 2015-02-06 01:13 - 00000561 _____ () C:\Users\VELOXSHOP\Documents\geoguessr.txt
2015-02-05 17:53 - 2015-02-05 17:53 - 00272208 _____ () C:\Windows\Minidump\020515-31902-01.dmp
2015-02-04 14:13 - 2015-02-04 14:13 - 13555456 _____ (BlueStack Systems Inc.) C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native (3).exe
2015-02-04 14:11 - 2015-02-04 14:11 - 13451872 _____ (BlueStack Systems Inc.) C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native_b (2).exe
2015-02-04 13:54 - 2015-02-04 13:54 - 00000000 ____D () C:\Windows\Sun
2015-02-04 13:53 - 2015-02-04 13:55 - 133812224 _____ () C:\Users\VELOXSHOP\Downloads\BlueStacks_HD_AppPlayerPro_setup_0.7.3.766_REL.msi
2015-02-04 13:50 - 2015-02-04 13:50 - 13555456 _____ (BlueStack Systems Inc.) C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native (2).exe
2015-02-04 13:46 - 2015-02-04 13:46 - 00639400 _____ (Oracle Corporation) C:\Users\VELOXSHOP\Downloads\chromeinstall-8u31 (2).exe
2015-02-04 13:35 - 2015-02-04 13:35 - 00639400 _____ (Oracle Corporation) C:\Users\VELOXSHOP\Downloads\chromeinstall-8u31 (1).exe
2015-02-04 13:35 - 2015-02-04 13:35 - 00003188 _____ () C:\Windows\System32\Tasks\{F0B7CB73-BB43-445C-A33E-35E91162EE75}
2015-02-04 13:29 - 2015-02-04 13:29 - 00639400 _____ (Oracle Corporation) C:\Users\VELOXSHOP\Downloads\chromeinstall-8u31.exe
2015-01-31 15:59 - 2009-03-17 20:53 - 134217728 _____ () C:\Users\VELOXSHOP\Documents\3541 - Pokemon Platinum Version (US)(XenoPhobia).nds
2015-01-31 15:59 - 2009-03-17 20:53 - 134217728 _____ () C:\Users\VELOXSHOP\Desktop\3541 - Pokemon Platinum Version (US)(XenoPhobia).nds
2015-01-31 15:53 - 2015-01-31 15:56 - 22852347 _____ () C:\Users\VELOXSHOP\Downloads\3541 - Pokemon Platinum Version (US)(XenoPhobia).7z
2015-01-31 14:16 - 2015-01-31 14:16 - 00021264 _____ () C:\Users\VELOXSHOP\Documents\clickerHeroSave 456.txt
2015-01-31 14:13 - 2015-01-31 14:13 - 00020608 _____ () C:\Users\VELOXSHOP\Documents\clickerHeroSave 3.txt
2015-01-30 01:17 - 2015-01-30 01:17 - 13451872 _____ (BlueStack Systems Inc.) C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native_b (1).exe
2015-01-27 15:18 - 2015-01-27 15:18 - 00326016 _____ () C:\Users\VELOXSHOP\Downloads\RadarUEZO.apk
2015-01-25 18:40 - 2015-02-04 12:35 - 00004864 _____ () C:\Users\VELOXSHOP\Desktop\desmume.ini
2015-01-25 18:40 - 2015-02-03 19:28 - 00000000 ____D () C:\Users\VELOXSHOP\Desktop\States
2015-01-25 18:40 - 2015-01-31 16:00 - 00000000 ____D () C:\Users\VELOXSHOP\Desktop\Battery
2015-01-25 18:40 - 2015-01-25 18:40 - 00000000 ____D () C:\Users\VELOXSHOP\Desktop\Roms
2015-01-25 18:40 - 2015-01-25 18:40 - 00000000 ____D () C:\Users\VELOXSHOP\Desktop\Cheats
2015-01-25 12:14 - 2013-11-27 21:20 - 01054208 _____ () C:\Users\VELOXSHOP\Desktop\DeSmuME_0.9.10_x86.exe
2015-01-25 12:11 - 2015-01-25 12:11 - 01374449 _____ () C:\Users\VELOXSHOP\Downloads\stockfish-5-win.zip
2015-01-24 23:46 - 2015-01-24 23:46 - 00000000 ____D () C:\Users\VELOXSHOP\Downloads\Pokemon_Diamond_centralderoms.com
2015-01-24 23:45 - 2015-01-24 23:46 - 27967675 _____ () C:\Users\VELOXSHOP\Downloads\Pokemon_Diamond_centralderoms.com.zip
2015-01-24 23:36 - 2015-01-24 23:47 - 00000000 ____D () C:\Users\VELOXSHOP\AppData\Local\DeSmuME
2015-01-24 23:36 - 2015-01-24 23:36 - 00000000 ____D () C:\Users\VELOXSHOP\AppData\Roaming\WinRAR
2015-01-24 23:35 - 2015-01-24 23:35 - 01096820 _____ () C:\Users\VELOXSHOP\Downloads\desmume-0.9.10-win32.zip
2015-01-24 23:34 - 2015-01-24 23:34 - 00738296 _____ (CoolROM) C:\Users\VELOXSHOP\Downloads\CR_Downloader_para_desmume.exe
2015-01-24 21:41 - 2015-01-24 21:41 - 00272208 _____ () C:\Windows\Minidump\012415-30045-01.dmp
2015-01-19 17:58 - 2015-01-19 17:58 - 13444288 _____ (BlueStack Systems Inc.) C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native (1).exe
2015-01-16 02:58 - 2015-01-16 02:58 - 22444851 _____ (Adobe Systems, Inc.) C:\Users\VELOXSHOP\Downloads\scgmd4-download_new.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-14 20:49 - 2014-11-14 11:43 - 01341358 _____ () C:\Windows\WindowsUpdate.log
2015-02-14 20:35 - 2014-11-15 09:30 - 00001074 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-14 18:48 - 2009-07-14 02:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-14 18:48 - 2009-07-14 02:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-14 18:46 - 2014-01-11 17:25 - 00703370 _____ () C:\Windows\system32\prfh0416.dat
2015-02-14 18:46 - 2014-01-11 17:25 - 00146156 _____ () C:\Windows\system32\prfc0416.dat
2015-02-14 18:46 - 2009-07-14 03:13 - 01628224 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-14 18:40 - 2014-11-15 09:30 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-14 18:40 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-14 18:40 - 2009-07-14 02:51 - 00036342 _____ () C:\Windows\setupact.log
2015-02-14 18:08 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\rescache
2015-02-14 17:40 - 2014-12-20 20:12 - 397367175 _____ () C:\Windows\MEMORY.DMP
2015-02-14 17:40 - 2014-12-20 20:12 - 00000000 ____D () C:\Windows\Minidump
2015-02-14 15:41 - 2014-12-27 12:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 15:35 - 2014-12-28 12:48 - 00000000 ____D () C:\AdwCleaner
2015-02-14 15:13 - 2014-12-20 16:59 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-14 15:12 - 2010-11-21 01:47 - 00186550 _____ () C:\Windows\PFRO.log
2015-02-14 13:14 - 2014-11-14 11:43 - 00000000 ____D () C:\Users\VELOXSHOP
2015-02-13 01:18 - 2014-12-21 11:28 - 00000000 ____D () C:\Users\Todos os Usuários\BlueStacksSetup
2015-02-13 01:18 - 2014-12-21 11:28 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-02-13 01:17 - 2014-11-14 13:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-12 18:59 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\Cursors
2015-02-12 18:47 - 2014-11-14 13:42 - 00000000 ____D () C:\Users\Todos os Usuários\Adobe
2015-02-12 18:47 - 2014-11-14 13:42 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-12 18:46 - 2014-12-26 19:59 - 00000000 ____D () C:\Users\VELOXSHOP\AppData\Local\Adobe
2015-02-12 18:46 - 2014-11-14 11:44 - 00000000 ____D () C:\Users\VELOXSHOP\AppData\Roaming\Adobe
2015-02-12 11:16 - 2009-07-14 03:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-11 12:33 - 2009-07-14 02:45 - 00414608 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 12:32 - 2014-12-25 12:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 12:32 - 2014-12-25 12:38 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 12:32 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-04 18:38 - 2014-12-30 21:48 - 00028680 _____ () C:\Users\VELOXSHOP\Documents\clickerHeroSave.txt
2015-02-04 14:13 - 2009-07-14 01:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-04 13:49 - 2014-12-22 18:20 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-04 13:47 - 2014-12-22 18:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-04 02:07 - 2014-11-14 14:38 - 00000000 ____D () C:\Users\VELOXSHOP\AppData\Roaming\Skype
2015-02-04 02:07 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\system32\NDF
 
==================== Files in the root of some directories =======
 
2014-12-28 12:24 - 2014-12-28 12:24 - 0000227 _____ () C:\ProgramData\bc.ini
2014-12-03 07:34 - 2014-12-03 07:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\VELOXSHOP\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-14 18:00
 
==================== End Of Log ============================
Link to post
Share on other sites

Addition log: 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by VELOXSHOP at 2015-02-14 20:56:00
Running from C:\Users\VELOXSHOP\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Dropbox (HKU\S-1-5-21-4035451636-1816254277-1355667989-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Free Mouse Auto Clicker 3.4.5 (HKLM-x32\...\{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 10.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 16.0.1003 - Nero AG)
Nero MediaHome Free (HKLM-x32\...\{BB842C3B-B4B1-4586-BED1-C5F07ABB0E09}) (Version: 16.0.01700 - Nero AG)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Prerequisite installer (x32 Version: 16.0.0003 - Nero AG) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Skype™ 6.21 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Unity Web Player (HKU\S-1-5-21-4035451636-1816254277-1355667989-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4035451636-1816254277-1355667989-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VELOXSHOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4035451636-1816254277-1355667989-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VELOXSHOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4035451636-1816254277-1355667989-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VELOXSHOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4035451636-1816254277-1355667989-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VELOXSHOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4035451636-1816254277-1355667989-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VELOXSHOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4035451636-1816254277-1355667989-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VELOXSHOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4035451636-1816254277-1355667989-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VELOXSHOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4035451636-1816254277-1355667989-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VELOXSHOP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
01-02-2015 13:43:43 Windows Update
04-02-2015 13:55:32 Installed BlueStacks
04-02-2015 14:12:10 Removed BlueStacks
05-02-2015 18:05:41 Windows Update
09-02-2015 12:56:54 Windows Update
11-02-2015 02:03:19 Windows Update
11-02-2015 14:50:44 Windows Update
12-02-2015 18:55:24 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
12-02-2015 18:55:57 DirectX instalado
12-02-2015 18:56:17 DirectX instalado
12-02-2015 18:57:35 Installed Nero MediaHome Free.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 00:34 - 2015-02-14 18:39 - 00000768 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {108D6B97-8E31-4943-AD85-A124020FCE86} - \94A46359-5537-4201-BEFD-1EC63DFD0943 No Task File <==== ATTENTION
Task: {2296EFA7-EA98-47EC-B4B4-A1351077075F} - System32\Tasks\{F0B7CB73-BB43-445C-A33E-35E91162EE75} => pcalua.exe -a "C:\Users\VELOXSHOP\Downloads\chromeinstall-8u31 (1).exe" -d C:\Users\VELOXSHOP\Downloads
Task: {43E18722-8BC1-40C4-868A-241CA3658EA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {5911EFC8-2A21-4950-AFAE-27714BE1032A} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
Task: {68BAC2FF-0E94-43D4-9BDF-82729DCB3EEE} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-10-06] ()
Task: {A23158A5-52E5-45DB-BE74-5CF24BFBC059} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-07-21] (Nero AG)
Task: {D518CF3C-BCC9-4A0F-8D74-395FB6E685BF} - System32\Tasks\avastBCLRestartS-1-5-21-4035451636-1816254277-1355667989-1000 => Chrome.exe 
Task: {EE153A83-5433-42C4-BD67-2E4C428201CA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {F56858B7-EDE5-45D7-913B-A99BD848C38A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-20] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-12-03 07:26 - 2013-05-07 05:45 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-02-14 12:52 - 2015-02-14 12:52 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021401\algo.dll
2015-02-14 18:42 - 2015-02-14 18:42 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021402\algo.dll
2014-12-20 16:58 - 2014-12-20 16:58 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-20 16:43 - 2014-12-05 23:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-20 16:43 - 2014-12-05 23:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-03 07:26 - 2015-02-14 18:41 - 00027136 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-12-03 07:26 - 2013-05-07 05:45 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-12-20 16:43 - 2014-12-05 23:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2014-12-03 07:36 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-12-20 17:25 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-12-20 17:25 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4035451636-1816254277-1355667989-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\VELOXSHOP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-4035451636-1816254277-1355667989-500 - Administrator - Disabled)
Convidado (S-1-5-21-4035451636-1816254277-1355667989-501 - Limited - Disabled)
VELOXSHOP (S-1-5-21-4035451636-1816254277-1355667989-1000 - Administrator - Enabled) => C:\Users\VELOXSHOP
 
==================== Faulty Device Manager Devices =============
 
Name: Controlador USB (Universal Serial Bus)
Description: Controlador USB (Universal Serial Bus)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/14/2015 06:41:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/14/2015 05:41:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/14/2015 04:04:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/14/2015 03:37:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/14/2015 03:30:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/14/2015 03:14:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/14/2015 03:06:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/14/2015 03:06:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: svchost.exe_RpcEptMapper, versão: 6.1.7601.22137, carimbo de hora: 0x5080442a
Nome do módulo de falhas: unknown, versão: 0.0.0.0, carimbo de hora: 0x00000000
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000007798000a
Identificação do processo com falha: 0x300
Hora de início do aplicativo com falha: 0xsvchost.exe_RpcEptMapper0
Caminho do aplicativo com falha: svchost.exe_RpcEptMapper1
FCaminho do módulo de falhas: svchost.exe_RpcEptMapper2
Identificação do Relatório: svchost.exe_RpcEptMapper3
 
Error: (02/14/2015 02:05:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/13/2015 00:51:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (02/14/2015 06:41:57 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: padrão-computadorLocalAtivação{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}AUTORIDADE NTSERVIÇO LOCALS-1-5-19LocalHost (Usando LRPC)
 
Error: (02/14/2015 06:41:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Optimizer Pro Crash Monitor.
 
Error: (02/14/2015 06:39:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/14/2015 06:32:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys foi impedido de carregar devido a uma incompatibilidade com este sistema. Contate o fornecedor do software para obter uma versão compatível do driver.
 
Error: (02/14/2015 05:41:42 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: padrão-computadorLocalAtivação{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}AUTORIDADE NTSERVIÇO LOCALS-1-5-19LocalHost (Usando LRPC)
 
Error: (02/14/2015 05:41:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Optimizer Pro Crash Monitor.
 
Error: (02/14/2015 05:40:30 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff80003093c7c, 0xfffff880077acc90, 0x0000000000000000)C:\Windows\MEMORY.DMP021415-34507-01
 
Error: (02/14/2015 05:40:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento anterior do sistema em 17:38:04 às ‎14/‎02/‎2015 não era esperado.
 
Error: (02/14/2015 05:20:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys foi impedido de carregar devido a uma incompatibilidade com este sistema. Contate o fornecedor do software para obter uma versão compatível do driver.
 
Error: (02/14/2015 04:04:46 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: padrão-computadorLocalAtivação{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}AUTORIDADE NTSERVIÇO LOCALS-1-5-19LocalHost (Usando LRPC)
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G3220 @ 3.00GHz
Percentage of memory in use: 59%
Total physical RAM: 4033.97 MB
Available physical RAM: 1651.5 MB
Total Pagefile: 8066.13 MB
Available Pagefile: 5520.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:872.42 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 424CBFCC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

There are two security systems running with Anti-Virus components, that is very much counterproductive and will cause major issues for your system. One must be removed asap, the choice is yours which one to keep...

 

Avast removal tool is here: https://www.avast.com/uninstall-utility

 

MSE removal tool is here:   http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

 

Also Uninstall Spybot Search and Destroy via Programs and Features.

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Post those logs, let me know if any remaining issues or concerns..

 

Thanks,

 

Kevin...

 

 

 

Fixlist.txt

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 7 Ultimate x64

Ran by VELOXSHOP on 14/02/2015 at 22:26:34,62

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Users\VELOXSHOP\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"

Successfully deleted: [File] "C:\Users\VELOXSHOP\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\baidu security"

Successfully deleted: [Folder] "C:\Users\VELOXSHOP\AppData\Roaming\baidu security"

Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 14/02/2015 at 22:29:12,72

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)

Started On Sat Feb 14 14:55:50 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.3593.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 15:01:22 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)

Started On Sat Feb 14 22:33:31 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.3593.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 22:36:32 2015

 

 

Return code: 0 (0x0)
Link to post
Share on other sites

Here is the adwcleaner log by the way

 

# AdwCleaner v4.110 - Logfile created 14/02/2015 at 22:47:58
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : VELOXSHOP - VELOXSHOP-PC
# Running from : C:\Users\VELOXSHOP\Downloads\AdwCleaner (5).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [3674 bytes] - [28/12/2014 12:48:56]
AdwCleaner[R1].txt - [8525 bytes] - [13/02/2015 12:42:14]
AdwCleaner[R2].txt - [1767 bytes] - [14/02/2015 15:33:50]
AdwCleaner[R3].txt - [1682 bytes] - [14/02/2015 22:16:57]
AdwCleaner[R4].txt - [1800 bytes] - [14/02/2015 22:46:39]
AdwCleaner[s0].txt - [3980 bytes] - [28/12/2014 12:50:47]
AdwCleaner[s1].txt - [6981 bytes] - [13/02/2015 12:48:26]
AdwCleaner[s2].txt - [1841 bytes] - [14/02/2015 15:35:07]
AdwCleaner[s3].txt - [1756 bytes] - [14/02/2015 22:19:06]
AdwCleaner[s4].txt - [1735 bytes] - [14/02/2015 22:47:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [1794  bytes] ##########
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015

Ran by VELOXSHOP at 2015-02-14 23:21:14 Run:2

Running from C:\Users\VELOXSHOP\Desktop

Loaded Profiles: VELOXSHOP (Available profiles: VELOXSHOP)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

HKU\S-1-5-21-4035451636-1816254277-1355667989-1000\...\MountPoints2: {afd7d74c-7acd-11e4-8f12-806e6f6e6963} - D:\Bin\ASSETUP.exe

ShellIconOverlayIdentifiers: [baiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File

C:\Program Files (x86)\Baidu Security

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

S2 9b784ed1; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.16\OptProMon.dll",ENT

c:\Program Files (x86)\Optimizer Pro 3.16

S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]

S4 NVHDA; system32\drivers\nvhda64v.sys [X]

S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]

S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

C:\Users\VELOXSHOP\AppData\Local\Temp\dllnt_dump.dll

Task: {108D6B97-8E31-4943-AD85-A124020FCE86} - \94A46359-5537-4201-BEFD-1EC63DFD0943 No Task File <==== ATTENTION

Task: {5911EFC8-2A21-4950-AFAE-27714BE1032A} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION

EmptyTemp:

end

 

 

 

*****************

 

HKU\S-1-5-21-4035451636-1816254277-1355667989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afd7d74c-7acd-11e4-8f12-806e6f6e6963} => Key not found. 

HKCR\CLSID\{afd7d74c-7acd-11e4-8f12-806e6f6e6963} => Key not found. 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock => Key not found. 

HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Key not found. 

"C:\Program Files (x86)\Baidu Security" => File/Directory not found.

HKLM\SOFTWARE\Policies\Google => Key not found. 

9b784ed1 => Service not found.

"c:\Program Files (x86)\Optimizer Pro 3.16" => File/Directory not found.

BprotectEx => Service not found.

NVHDA => Service not found.

nvlddmkm => Service not found.

PCFApiUtil => Service not found.

VGPU => Service not found.

"C:\Users\VELOXSHOP\AppData\Local\Temp\dllnt_dump.dll" => File/Directory not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{108D6B97-8E31-4943-AD85-A124020FCE86} => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\94A46359-5537-4201-BEFD-1EC63DFD0943 => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5911EFC8-2A21-4950-AFAE-27714BE1032A} => Key not found. 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633 => Key not found. 

EmptyTemp: => Removed 18.7 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 23:21:22 ====

Link to post
Share on other sites

That was the second run of Frst fix, what happened to the first log?

 

Which browser is affected with the ad issue?

 

Run 1: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-02-2015

Ran by VELOXSHOP at 2015-02-14 23:14:04 Run:1
Running from C:\Users\VELOXSHOP\Downloads
Loaded Profiles: VELOXSHOP (Available profiles: VELOXSHOP)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-4035451636-1816254277-1355667989-1000\...\MountPoints2: {afd7d74c-7acd-11e4-8f12-806e6f6e6963} - D:\Bin\ASSETUP.exe
ShellIconOverlayIdentifiers: [baiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
C:\Program Files (x86)\Baidu Security
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 9b784ed1; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.16\OptProMon.dll",ENT
c:\Program Files (x86)\Optimizer Pro 3.16
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\VELOXSHOP\AppData\Local\Temp\dllnt_dump.dll
Task: {108D6B97-8E31-4943-AD85-A124020FCE86} - \94A46359-5537-4201-BEFD-1EC63DFD0943 No Task File <==== ATTENTION
Task: {5911EFC8-2A21-4950-AFAE-27714BE1032A} - \060184C3-9766-46a0-B258-F4518A0B2633 No Task File <==== ATTENTION
EmptyTemp:
end
 
 
 
*****************
 
"HKU\S-1-5-21-4035451636-1816254277-1355667989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afd7d74c-7acd-11e4-8f12-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{afd7d74c-7acd-11e4-8f12-806e6f6e6963} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => Key deleted successfully.
"HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}" => Key deleted successfully.
"C:\Program Files (x86)\Baidu Security" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
9b784ed1 => Service deleted successfully.
"c:\Program Files (x86)\Optimizer Pro 3.16" => File/Directory not found.
BprotectEx => Service deleted successfully.
NVHDA => Service deleted successfully.
nvlddmkm => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\VELOXSHOP\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{108D6B97-8E31-4943-AD85-A124020FCE86}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{108D6B97-8E31-4943-AD85-A124020FCE86}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\94A46359-5537-4201-BEFD-1EC63DFD0943" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5911EFC8-2A21-4950-AFAE-27714BE1032A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5911EFC8-2A21-4950-AFAE-27714BE1032A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => Key deleted successfully.
EmptyTemp: => Removed 385.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 23:14:16 ====
 
Google chrome is affected
Link to post
Share on other sites

51a612a8b27e2-Zoek.pngScan with ZOEK

 

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 


Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

 

services_list;standardsearch;autoclean;emptyclsid;emptyfolderscheck;deletefirefoxlook;chromelook;CHRdefaults;

 

 


Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

 

Please include its content in your next reply. Don't forget to re-enable security software!

 

Let me know if the issue is cleared in Chrome...

Link to post
Share on other sites

Thank you so much! Problem solved! Here is the log

 

 
Zoek.exe v5.0.0.0 Updated 13-February-2015
Tool run by VELOXSHOP on 15/02/2015 at  0:09:44,77.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\VELOXSHOP\Downloads\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
15/02/2015 00:11:18 Zoek.exe System Restore Point Created Succesfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\NVIDIA Corporation deleted successfully
C:\Users\VELOXSHOP\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Running Processes ======================
 
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Users\VELOXSHOP\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\yvfnatfb deleted
C:\Users\VELOXSHOP\.android deleted
C:\install.exe deleted
C:\Users\VELOXSHOP\AppData\Roaming\GoldenGate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\VELOXSHOP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Windows\Installer\18f5de9.msi" deleted
 
==== System Specs ======================
 
Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4034 MB
CPU Info: Intel® Pentium® CPU G3220 @ 3.00GHz
CPU Speed: 2951,5 MHz
Sound Card: Alto-falantes (Realtek High Def | 
Realtek Digital Output (Realtek | 
Display Adapters: Standard VGA Graphics Adapter | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Monitor Genérico não PnP | 
Screen Resolution: 1600 X 1200 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller #2
CD / DVD Drives: 1x (D: | ) D: Optiarc DVD RW AD-7280S
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  931,4GB
Hard Disks - Free: C:  875,9GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 06/16/14 | _ASUS_ - 1072009
Time Zone: Hora oficial do Brasil
Motherboard *: ASUSTeK COMPUTER INC. H81M-A/BR
Country: Brasil 
Language: PTB 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Google Chrome 39.0.2171.95
Internet Explorer Version: 11.0.9600.17633 
Google Chrome version: 39.0.2171.95
Adobe Reader version: 11.0.10.32
Sun Java version: 1.8.0_31 (32-bit) 
Sun Java version: 1.8.0_31 (64-bit) 
Shockwave Player version: 12.1.4r154
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\VELOXS~1\AppData\Local\Temp ====
2015-02-15 02:07:52 17947503B7EAA0AF4914B4B6EFBC1A01 20480 ----a-w- C:\Users\VELOXSHOP\AppData\Local\Temp\DaS_21.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-02-12 20:56:37 83EBA442F07AAB8D6375D2EEC945C46C 1868128 ----a-w- C:\Windows\SysWOW64\d3dcsx_43.dll
2015-02-12 20:56:15 1C9B45E87528B8BB8CFA884EA0099A85 2106216 ----a-w- C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-02-11 15:01:26 4FD3763F3917201856B0CBCE310003EA 4300800 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2015-02-11 15:01:26 01BD2653F2185218837CF4A175617F8A 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2015-02-10 13:18:00 E1A4D24281526DDFEA418F729CDA9DC6 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2015-02-10 13:18:00 D87759889FE7BCAE4461439139E62BAA 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 13:18:00 B0F7BD3492C2D60A70F15AEADCE1E2A6 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 13:18:00 3B9EF1B8E154D202D32A7765E2F33554 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 13:17:59 94B1F7CE1AAA5542923E0AD63C4D0050 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 13:17:59 8FBC9680719ACDA9351B67D906C682F4 688640 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 13:17:59 8E8137569741D3693F88DDF94CC38C20 1307136 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2015-02-10 13:17:59 74EA6C792F57E453261DA210C1BCEB53 342712 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 13:17:59 6FA05244FD2E40A3DC08337146B3C425 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 13:17:59 61C74D794C14E9FC94D93F5F0F72A3F9 19740160 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2015-02-10 13:17:58 FD6AF61AF029B9BC2CF4EFF57CDD5821 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 13:17:58 5FB7E9786F70F4072663746072C9E6CE 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2015-02-10 13:17:58 47B26D89EF9973E2DD586D0C827F61A9 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 13:17:57 AD3F5926EC2C1F21FB45D1CDED6E2A47 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 13:17:57 9A91F9B5035F54C2D0BA92CF9B16EE34 2277888 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2015-02-10 13:17:57 55A84600EAAF8F1D3F0E6206E2EF6D48 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 13:17:57 28B2D3CB1B4306D476200D80AF7D87AD 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 13:17:56 EF05E63ACC834470A07A2E73D519B5FA 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 13:17:56 994E7459260D315573DD72783D1B78A7 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll
2015-02-10 13:17:56 78A1A938D51D4F83A772123B93EE1612 12829184 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2015-02-10 13:17:54 F285D499EC42969D963CA49EADA63218 1888256 ----a-w- C:\Windows\SysWOW64\wininet.dll
2015-02-10 13:17:54 9DEE691C8FDBC2DE6957F1AE873C78FC 503296 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2015-02-10 13:17:54 180168942E4A133C55E7BBF17DA3C142 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 13:17:53 6F10743069DFFC56DEE079204960844E 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll
2015-02-10 13:17:06 793F6658ED65839FDB2957A4884CB63C 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 13:17:01 F2334693B5A59FC028E3B140AD3C69A7 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2015-02-10 13:17:01 BB0B4E616AA519B749D20E19C48D8659 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 13:17:01 A8A5F532BC58817E2044BEA8F1DEAA59 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll
2015-02-10 13:17:01 883EC1F3386031037A86E5DCC5B881A9 342528 ----a-w- C:\Windows\SysWOW64\certcli.dll
2015-02-10 13:17:01 805EE29287BA305AEE6BFFDCF8E208D5 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2015-02-10 13:16:56 E365C7B3EBB96451D3C9DF6B6B6900C2 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll
2015-02-10 13:16:56 623E143F2DF17C0106A9988F5D7DC878 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 13:16:56 0C96A745A76C7DD75C5503E86D968E49 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll
2015-02-10 13:16:39 F5142E9A99F44F9CC19A8AF31761F7F9 3221504 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2015-02-10 13:16:38 B3AC14EA18DD0EE517703A86963AED18 131584 ----a-w- C:\Windows\SysWOW64\aaclient.dll
2015-02-10 13:16:36 A208DAC2932649CFF82A6A684D8BB1F6 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 13:16:34 B3BC38B886CA53C92D52EF724A9F0D45 308224 ----a-w- C:\Windows\SysWOW64\scesrv.dll
2015-02-10 13:16:28 BFCA109D2F65A57389E03D63B0F86EE3 3921848 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 13:16:28 4997B61D205698D53420B877B8F76622 3977656 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-02-14 16:55:42 400B56A4249178A36AD7800E4EC39288 116773704 ----a-w- C:\Windows\Sysnative\MRT.exe
2015-02-11 15:01:26 D363FBB2D0223956FF61ADBDBF5499B1 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2015-02-11 15:01:26 16ACAA0C01F31B39F39446188F6A3593 6041600 ----a-w- C:\Windows\Sysnative\jscript9.dll
2015-02-10 13:18:13 64EAD6C9D342E7E0CFCA3559FCBFDDAC 894976 ----a-w- C:\Windows\Sysnative\appraiser.dll
2015-02-10 13:18:13 5C09611AB8D508CC252BB2D5A069D1AC 1098752 ----a-w- C:\Windows\Sysnative\aeinv.dll
2015-02-10 13:18:13 47709F1B718859ED8AB5EA3EA3974BEB 609280 ----a-w- C:\Windows\Sysnative\generaltel.dll
2015-02-10 13:18:12 B5746809407BDEB18D9D4769CD9FF24E 414720 ----a-w- C:\Windows\Sysnative\devinv.dll
2015-02-10 13:18:12 7150E809474BBD4D4AD24B13FA2454E5 1239720 ----a-w- C:\Windows\Sysnative\aitstatic.exe
2015-02-10 13:18:12 5632EB9633EACCC323CEA2C03A0B4133 762368 ----a-w- C:\Windows\Sysnative\invagent.dll
2015-02-10 13:18:11 EF4FA1D31D146EA0C04D16E75FCA6BCF 192000 ----a-w- C:\Windows\Sysnative\aepic.dll
2015-02-10 13:18:11 7F2F9AACF457CE48CDDBD643FC53487C 227328 ----a-w- C:\Windows\Sysnative\aepdu.dll
2015-02-10 13:18:00 71EBA93C5322A52A7E177E03E1AE7161 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2015-02-10 13:18:00 01A314677CC80041A63ED109B56A76B0 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2015-02-10 13:17:59 F42B1DAAB5B7621341243878180446CD 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll
2015-02-10 13:17:59 92BD5080B81EDFA32B0CEE8B923D62C3 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2015-02-10 13:17:59 8076BB31004C1D763D5D4AEF9F0BDD4B 718848 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2015-02-10 13:17:59 68A2B96528F58D995882FBEB4D9658A5 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2015-02-10 13:17:57 CB2528D522FF1F5A7BF9B27D2FB250FF 1548288 ----a-w- C:\Windows\Sysnative\urlmon.dll
2015-02-10 13:17:57 2E4F8664B54426C2F5523665B279E984 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2015-02-10 13:17:57 1D824B5A200C284E1A546C2C50704471 389808 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2015-02-10 13:17:56 DF39C79DFC1C063493D2DB9B3237B29F 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2015-02-10 13:17:56 97F037E09A706ACDA681D740DEE16AE4 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2015-02-10 13:17:56 76DB5845E168173BBA2D3CCC4B363E42 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2015-02-10 13:17:55 7A388AFC6885D22F4D988EE9B8D1291A 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2015-02-10 13:17:55 512DD29CE6CDCB22EA615286DA7022E7 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll
2015-02-10 13:17:54 A7A3775B0014B165D75A00A1F632E4B5 2885632 ----a-w- C:\Windows\Sysnative\iertutil.dll
2015-02-10 13:17:54 15842FB41A3BF2A2F5071518B38C957A 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2015-02-10 13:17:53 D7922F3AC6BF1EA77240E0061D648174 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2015-02-10 13:17:53 A7814E76ED4ACE0694A83F6E4B6A7272 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2015-02-10 13:17:53 6916B0663357B183B120D1A4DD7DDAB0 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2015-02-10 13:17:52 E0F76B5B904E4F448641B2B506496351 14401024 ----a-w- C:\Windows\Sysnative\ieframe.dll
2015-02-10 13:17:52 CA3F410410DE9E5234217D33B9628224 633856 ----a-w- C:\Windows\Sysnative\ieui.dll
2015-02-10 13:17:52 A04F0C4A0B80C92F92E854E7157D6466 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2015-02-10 13:17:52 4CE68D160D80AF6C9FDB5C60BA087DA5 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2015-02-10 13:17:51 BF57C911895454A8874E9DFA5716C624 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll
2015-02-10 13:17:51 9DFE41A69DF70AAB75CB5BA8C1109EA2 2358272 ----a-w- C:\Windows\Sysnative\wininet.dll
2015-02-10 13:17:50 47162151E35EA0B7152B7C841FA21FDB 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2015-02-10 13:17:49 4701399F7BA312353ADE8225F6EB512B 199680 ----a-w- C:\Windows\Sysnative\msrating.dll
2015-02-10 13:17:48 CD726C899BD9A398E8420564A957320B 25056256 ----a-w- C:\Windows\Sysnative\mshtml.dll
2015-02-10 13:17:07 4861B9AF67E1B0154A55FDE4B3A61EB9 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll
2015-02-10 13:17:02 FA99BE8D6A333CE932D02EDDDFB7347B 341504 ----a-w- C:\Windows\Sysnative\schannel.dll
2015-02-10 13:17:02 C5B6AF95FD44B7DAB960E5BB72AC0AFB 1464832 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2015-02-10 13:17:02 5F02C5CA353735119E0CCC19C650A5A7 308224 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2015-02-10 13:17:01 5FDC0B350D80E33F014707A91732DB3C 463872 ----a-w- C:\Windows\Sysnative\certcli.dll
2015-02-10 13:16:56 E5AF792AB409F600D416CB257C84305D 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll
2015-02-10 13:16:56 7FC292D1527EDFEBA2576B6789DE6AB5 229376 ----a-w- C:\Windows\Sysnative\wintrust.dll
2015-02-10 13:16:56 19D511CC455C19DE1ADF60E6C39C85B6 187904 ----a-w- C:\Windows\Sysnative\cryptsvc.dll
2015-02-10 13:16:39 2A25F5ACA9DCAF9AE9570DED13A8E078 3722752 ----a-w- C:\Windows\Sysnative\mstscax.dll
2015-02-10 13:16:36 AE4FEDD98096C09A8A86E021FC5E9D67 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll
2015-02-10 13:16:34 FE72C89986E1BA32AD926A820491F23F 406528 ----a-w- C:\Windows\Sysnative\scesrv.dll
2015-02-10 13:16:29 12A78796FFF4D5B8B15A2BC4B13650A4 5553080 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2015-02-10 13:16:14 08DB65D499AFA984680BEF89444F94BB 3204608 ----a-w- C:\Windows\Sysnative\win32k.sys
====== C:\Windows\Sysnative\drivers =====
2015-02-14 19:20:04 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
2015-02-10 13:17:02 2E9685E8CF476571B07636DFC0789702 458832 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
====== C:\Windows\Tasks ======
2015-02-12 20:59:45 -------- d-----w- C:\Windows\Sysnative\Tasks\Nero
2015-02-04 15:35:55 3ECD0E1137EC85066F24072EFC15A149 3188 ----a-w- C:\Windows\Sysnative\Tasks\{F0B7CB73-BB43-445C-A33E-35E91162EE75}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-02-12 20:58:17 -------- d-----w- C:\PROGRA~2\Nero
2015-02-12 20:58:01 -------- d-----w- C:\PROGRA~2\COMMON~1\Nero
2015-02-04 15:48:19 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
======= C: =====
2015-02-15 00:12:18 2EFBBA1E36DF35C0169A111A3A245B75 15946 ----a-w- C:\FixitRegBackup.reg
2015-02-14 15:14:43 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
====== C:\Users\VELOXSHOP\AppData\Roaming ======
2015-02-15 01:17:30 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google
2015-02-12 21:00:54 -------- d-----w- C:\Users\VELOXSHOP\AppData\Local\Nero_AG
2015-02-12 21:00:41 -------- d-----w- C:\Users\VELOXSHOP\AppData\Roaming\Nero
2015-02-12 21:00:39 -------- d-----w- C:\Users\VELOXSHOP\AppData\Local\Nero
2015-01-25 01:36:48 -------- d-----w- C:\Users\VELOXSHOP\AppData\Local\DeSmuME
2015-01-25 01:36:00 -------- d-----w- C:\Users\VELOXSHOP\AppData\Roaming\WinRAR
====== C:\Users\VELOXSHOP ======
2015-02-15 00:32:25 68AF0DEBC5CDFD53095F22A300E1FF33 39739064 ----a-w- C:\Users\VELOXSHOP\Downloads\Windows-KB890830-x64-V5.21 (2).exe
2015-02-15 00:22:53 AF6E966D1F38287EF4D33B246CCC3A33 1388274 ----a-w- C:\Users\VELOXSHOP\Downloads\JRT.exe
2015-02-15 00:16:20 B5998562E394D9DB672D012D4E670790 2112512 ----a-w- C:\Users\VELOXSHOP\Downloads\AdwCleaner (5).exe
2015-02-14 22:54:24 0002920FE96698271362358ADDCA123C 2134528 ----a-w- C:\Users\VELOXSHOP\Desktop\FRST64.exe
2015-02-14 20:31:29 68CCB93315E8986024CE2621720E64F7 15431256 ----a-w- C:\Users\VELOXSHOP\Downloads\RogueKiller (1).exe
2015-02-14 19:20:00 -------- d-----w- C:\Users\TODOSO~1\RogueKiller
2015-02-14 19:20:00 -------- d-----w- C:\ProgramData\RogueKiller
2015-02-14 19:19:12 68CCB93315E8986024CE2621720E64F7 15431256 ----a-w- C:\Users\VELOXSHOP\Downloads\RogueKiller.exe
2015-02-14 19:15:08 83D58AD75481D73BA7A7D833DEBBCE50 1125888 ----a-w- C:\Users\VELOXSHOP\Downloads\FRST.exe
2015-02-14 18:37:45 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\VELOXSHOP\Downloads\TFC.exe
2015-02-14 18:31:12 361BF32FE4091A3F13B91A0910A495F4 2967032 ----a-w- C:\Users\VELOXSHOP\Downloads\mbae-setup-1.05.1.1016.exe
2015-02-14 18:18:31 B4CD9E8513C17C32224C70330A235296 3044736 ----a-w- C:\Users\VELOXSHOP\Downloads\SpyHunter-Installer.exe
2015-02-14 17:32:47 B5998562E394D9DB672D012D4E670790 2112512 ----a-w- C:\Users\VELOXSHOP\Downloads\AdwCleaner (4).exe
2015-02-14 17:11:07 B5998562E394D9DB672D012D4E670790 2112512 ----a-w- C:\Users\VELOXSHOP\Downloads\AdwCleaner (3).exe
2015-02-14 17:10:15 B5998562E394D9DB672D012D4E670790 2112512 ----a-w- C:\Users\VELOXSHOP\Downloads\AdwCleaner (2).exe
2015-02-14 17:02:03 68AF0DEBC5CDFD53095F22A300E1FF33 39739064 ----a-w- C:\Users\VELOXSHOP\Downloads\Windows-KB890830-x64-V5.21 (1).exe
2015-02-14 16:54:04 68AF0DEBC5CDFD53095F22A300E1FF33 39739064 ----a-w- C:\Users\VELOXSHOP\Downloads\Windows-KB890830-x64-V5.21.exe
2015-02-14 15:14:17 -------- d-----w- C:\Users\VELOXSHOP\Start Menu
2015-02-13 14:41:43 B5998562E394D9DB672D012D4E670790 2112512 ----a-w- C:\Users\VELOXSHOP\Downloads\AdwCleaner (1).exe
2015-02-13 03:17:40 C4E6DEFCF3AF95B573B5E79AC2FDC87D 13555456 ----a-w- C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native (5).exe
2015-02-12 21:16:38 C4E6DEFCF3AF95B573B5E79AC2FDC87D 13555456 ----a-w- C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native (4).exe
2015-02-12 20:58:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-02-12 20:57:50 -------- d-----w- C:\Users\TODOSO~1\Nero
2015-02-12 20:57:50 -------- d-----w- C:\ProgramData\Nero
2015-02-12 20:33:55 94ACE83A1D56D99BBC7FA03E754F01AE 198916008 ----a-w- C:\Users\VELOXSHOP\Downloads\Nero_MediaHome-16.0.01700_free.exe
2015-02-04 16:13:12 C4E6DEFCF3AF95B573B5E79AC2FDC87D 13555456 ----a-w- C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native (3).exe
2015-02-04 16:11:02 2EBB2993B2AD63D327BA90EF30D24AEB 13451872 ----a-w- C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native_b (2).exe
2015-02-04 15:50:18 C4E6DEFCF3AF95B573B5E79AC2FDC87D 13555456 ----a-w- C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native (2).exe
2015-02-04 15:46:46 6AF69BF32D84229FF9A8904AB8ED28D7 639400 ----a-w- C:\Users\VELOXSHOP\Downloads\chromeinstall-8u31 (2).exe
2015-02-04 15:35:38 6AF69BF32D84229FF9A8904AB8ED28D7 639400 ----a-w- C:\Users\VELOXSHOP\Downloads\chromeinstall-8u31 (1).exe
2015-02-04 15:29:47 6AF69BF32D84229FF9A8904AB8ED28D7 639400 ----a-w- C:\Users\VELOXSHOP\Downloads\chromeinstall-8u31.exe
 
====== C: exe-files ==
2015-02-15 02:23:56 1AAE8FC0B959E9B6EBBDA9A81C6384D3 7460944 ----a-w- C:\Program Files (x86)\Google\Update\Install\{C1346DCA-4E83-48C3-93B7-270EAEBBF14F}\40.0.2214.111_39.0.2171.95_chrome_updater.exe
2015-02-15 02:23:55 1AAE8FC0B959E9B6EBBDA9A81C6384D3 7460944 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.111\40.0.2214.111_39.0.2171.95_chrome_updater.exe
2015-02-15 02:07:52 17947503B7EAA0AF4914B4B6EFBC1A01 20480 ----a-w- C:\Users\VELOXSHOP\AppData\Local\Temp\DaS_21.exe
2015-02-15 01:17:39 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
2015-02-15 01:17:39 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
2015-02-15 01:17:39 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
2015-02-15 01:17:38 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
2015-02-15 01:17:33 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
2015-02-15 01:17:33 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
2015-02-15 01:17:32 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe
2015-02-15 01:17:32 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
2015-02-15 01:17:29 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Install\{C991B0FA-4217-4971-90B1-ECCF363A4C19}\GoogleUpdateSetup.exe
2015-02-15 01:17:29 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe
2015-02-15 00:32:25 68AF0DEBC5CDFD53095F22A300E1FF33 39739064 ----a-w- C:\Users\VELOXSHOP\Downloads\Windows-KB890830-x64-V5.21 (2).exe
2015-02-15 00:22:53 AF6E966D1F38287EF4D33B246CCC3A33 1388274 ----a-w- C:\Users\VELOXSHOP\Downloads\JRT.exe
2015-02-15 00:16:20 B5998562E394D9DB672D012D4E670790 2112512 ----a-w- C:\Users\VELOXSHOP\Downloads\AdwCleaner (5).exe
2015-02-14 22:54:24 0002920FE96698271362358ADDCA123C 2134528 ----a-w- C:\Users\VELOXSHOP\Desktop\FRST64.exe
2015-02-14 20:31:29 68CCB93315E8986024CE2621720E64F7 15431256 ----a-w- C:\Users\VELOXSHOP\Downloads\RogueKiller (1).exe
2015-02-14 19:19:12 68CCB93315E8986024CE2621720E64F7 15431256 ----a-w- C:\Users\VELOXSHOP\Downloads\RogueKiller.exe
2015-02-14 19:15:08 83D58AD75481D73BA7A7D833DEBBCE50 1125888 ----a-w- C:\Users\VELOXSHOP\Downloads\FRST.exe
2015-02-14 18:37:45 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\VELOXSHOP\Downloads\TFC.exe
2015-02-14 18:31:12 361BF32FE4091A3F13B91A0910A495F4 2967032 ----a-w- C:\Users\VELOXSHOP\Downloads\mbae-setup-1.05.1.1016.exe
2015-02-14 18:18:31 B4CD9E8513C17C32224C70330A235296 3044736 ----a-w- C:\Users\VELOXSHOP\Downloads\SpyHunter-Installer.exe
2015-02-14 17:32:47 B5998562E394D9DB672D012D4E670790 2112512 ----a-w- C:\Users\VELOXSHOP\Downloads\AdwCleaner (4).exe
2015-02-14 17:11:07 B5998562E394D9DB672D012D4E670790 2112512 ----a-w- C:\Users\VELOXSHOP\Downloads\AdwCleaner (3).exe
2015-02-14 17:10:15 B5998562E394D9DB672D012D4E670790 2112512 ----a-w- C:\Users\VELOXSHOP\Downloads\AdwCleaner (2).exe
2015-02-14 17:02:03 68AF0DEBC5CDFD53095F22A300E1FF33 39739064 ----a-w- C:\Users\VELOXSHOP\Downloads\Windows-KB890830-x64-V5.21 (1).exe
2015-02-14 16:55:42 400B56A4249178A36AD7800E4EC39288 116773704 ----a-w- C:\Windows\System32\MRT.exe
2015-02-14 16:54:04 68AF0DEBC5CDFD53095F22A300E1FF33 39739064 ----a-w- C:\Users\VELOXSHOP\Downloads\Windows-KB890830-x64-V5.21.exe
2015-02-13 14:41:43 B5998562E394D9DB672D012D4E670790 2112512 ----a-w- C:\Users\VELOXSHOP\Downloads\AdwCleaner (1).exe
2015-02-13 03:17:40 C4E6DEFCF3AF95B573B5E79AC2FDC87D 13555456 ----a-w- C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native (5).exe
2015-02-13 03:16:26 31657ADA786863B73FAC28E5BD0753AD 382168 ----a-w- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe
2015-02-13 03:16:26 31657ADA786863B73FAC28E5BD0753AD 382168 ----a-w- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe
2015-02-12 21:16:38 C4E6DEFCF3AF95B573B5E79AC2FDC87D 13555456 ----a-w- C:\Users\VELOXSHOP\Downloads\BlueStacks-SplitInstaller_native (4).exe
2015-02-12 20:33:55 94ACE83A1D56D99BBC7FA03E754F01AE 198916008 ----a-w- C:\Users\VELOXSHOP\Downloads\Nero_MediaHome-16.0.01700_free.exe
2015-02-10 13:18:12 7150E809474BBD4D4AD24B13FA2454E5 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-02-10 13:18:11 B62B7F2ACDEDF61F4DAA1FF2A6BB247A 67240 ----a-w- C:\Windows\System32\CompatTel\diagtrackrunner.exe
2015-02-10 13:18:11 8D06AAF1723B514C412187C5B8B67EEF 46752 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe
2015-02-10 13:18:11 4AC38FC4C6894B21698A99B9129B1EA4 161952 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
2015-02-10 13:18:00 01A314677CC80041A63ED109B56A76B0 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-02-10 13:17:59 D674809F9EC7D6A409F553C0DF91E825 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2015-02-10 13:17:59 8076BB31004C1D763D5D4AEF9F0BDD4B 718848 ----a-w- C:\Windows\System32\ie4uinit.exe
2015-02-10 13:17:58 4089C6F953C024E16BC2361F471864D7 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2015-02-10 13:17:57 8111C559DAD3A40200AE916874E7E62A 468992 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2015-02-10 13:17:57 363BC25BACB34E9D40441968B1B3D5BE 815288 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-02-10 13:17:57 28B2D3CB1B4306D476200D80AF7D87AD 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 13:17:56 97F037E09A706ACDA681D740DEE16AE4 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-10 13:17:55 3FB445C7BF7E342391FF3875413CCC33 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2015-02-10 13:17:54 2D4AB594AABBEBA938F36BA1BC71C3F6 813744 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2015-02-10 13:17:53 A7814E76ED4ACE0694A83F6E4B6A7272 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-02-10 13:16:29 12A78796FFF4D5B8B15A2BC4B13650A4 5553080 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-10 13:16:28 BFCA109D2F65A57389E03D63B0F86EE3 3921848 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 13:16:28 4997B61D205698D53420B877B8F76622 3977656 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
=== C: other files ==
2015-02-14 19:20:04 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-02-14 15:14:43 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
2015-02-12 21:14:12 9E4B80DB59D4A4D936225DFBF36E2BE2 1487613 ----a-w- C:\Users\VELOXSHOP\Downloads\Install_Flash_Player_9_ActiveX.zip
2015-02-10 13:17:02 2E9685E8CF476571B07636DFC0789702 458832 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-02-10 13:16:14 08DB65D499AFA984680BEF89444F94BB 3204608 ----a-w- C:\Windows\System32\win32k.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-4035451636-1816254277-1355667989-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"Malwarebytes Anti-Exploit"="C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15/11/2014 09:30]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15/11/2014 09:30]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\avastBCLRestartS-1-5-21-4035451636-1816254277-1355667989-1000" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\klcp_update" ["C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe"]
"C:\Windows\SysNative\tasks\Nero\Nero Info" [C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [27/01/2015 12:30]
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\VELOXSHOP\AppData\Roaming\Mozilla\Firefox\Profiles\z2dyu1o8.default
5950D438CD3DDF2DD50D9FA4E07A6C1C - C:\Users\VELOXSHOP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
12B7772C549B1A9A7AC2C0062F1582FF - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll - Shockwave for Director / Shockwave for Director
 
 
==== Chromium Look ======================
 
Google Chrome Version: 40.0.2214.111 (Up to date, latest Stable version: 40.0.2214.111)
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bloohffpflacklbmnbocakipnknelpnf - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[20/12/2014 16:58]
 
Google Docs - VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Avast Online Security - VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Fix ======================
 
C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Reset Google Chrome ======================
 
C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC05100 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC05100 deleted successfully
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\VELOXSHOP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H99OW3LR will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\VELOXSHOP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=28 folders=15 9591351 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\VELOXSHOP\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\VELOXS~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\VELOXSHOP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H99OW3LR" not found
 
==== EOF on 15/02/2015 at  0:43:29,10 ======================
Link to post
Share on other sites

@chithanh - Please refrain from posting to another users thread..

 

@Baitalon - Run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out....

 

Thank you,

 

Kevin...

 
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.