WatRemove usporio Net

WatRemove usporio Net

offline
  • Otalix 
  • Novi MyCity građanin
  • Pridružio: 26 Jan 2013
  • Poruke: 17

Pre 3 Dana je mi je istekla demo licenca (30dana) za Windows 7, skinuo sam WatRemove da namestim system(prvenstveno zbog pozadine i kljuca koji stalno iskace) Program je odradio svoje, system mi je ok, sve radi redovno, sem malog interneta koji se usporio jako.
Normalno: Ping 15 Download 5Mbps Upload 1Mbps
Sada: Ping 50-60 Download 1.30Mbps upload 0.33
Pokusao sma da resetujem ruter i modem, nista se nije promenilo.
Koristim Avast i Malwarebytes Anti-Malware ni ova dva programa nisu nista pronasla.

mycity.rs/must-login.png

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Gangula (administrator) on GANGULA-PC on 25-11-2014 17:05:06
Running from C:\Users\Gangula\Desktop
Loaded Profile: Gangula (Available profiles: Gangula)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Gainward Co.) C:\Program Files (x86)\EXPERTool\TBPANEL.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Gangula\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-15] (DeviceVM, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-21] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-3747377770-2376606467-2084939681-1000\...\Run: [GAINWARD] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2181744 2010-09-02] (Gainward Co.)
HKU\S-1-5-21-3747377770-2376606467-2084939681-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22059616 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3747377770-2376606467-2084939681-1000\...\Run: [uTorrent] => C:\Users\Gangula\AppData\Roaming\uTorrent\uTorrent.exe [1689168 2014-10-25] (BitTorrent Inc.)
HKU\S-1-5-21-3747377770-2376606467-2084939681-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3747377770-2376606467-2084939681-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gangula\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gangula\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gangula\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gangula\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gangula\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gangula\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gangula\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gangula\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3747377770-2376606467-2084939681-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKU\S-1-5-21-3747377770-2376606467-2084939681-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9362AEC73BF0CF01
HKU\S-1-5-21-3747377770-2376606467-2084939681-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKU\S-1-5-21-3747377770-2376606467-2084939681-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: HKU\S-1-5-21-3747377770-2376606467-2084939681-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-3747377770-2376606467-2084939681-1000 -> DefaultScope {13229B05-FA44-445f-B6F2-D7C8BF7B9B4F} URL = search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-3747377770-2376606467-2084939681-1000 -> {078A4D56-60F9-4c69-BD3C-89AA0E29B3CB} URL = google.com/custom?client=pub-3794288947.....=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3747377770-2376606467-2084939681-1000 -> {13229B05-FA44-445f-B6F2-D7C8BF7B9B4F} URL = search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-25]

Chrome:
=======
CHR HomePage: Default -> google.com/
CHR StartupUrls: Default -> "hxxp://www.google.rs/"
CHR Profile: C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google презентације) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-25]
CHR Extension: (My World) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\aemeppengemohiobmmjhfddbhcgkomhm [2014-10-25]
CHR Extension: (Angry Birds) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-10-25]
CHR Extension: (Google документи) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google диск) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (YouTube) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google претрага) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Dark Vibe) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2014-11-10]
CHR Extension: (Facebook Theme Creator) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnnffhckagcpoimngfooggeilkhlnnh [2014-10-25]
CHR Extension: (Avast SafePrice) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-10-30]
CHR Extension: (Google табеле) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-25]
CHR Extension: (Stylish) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-10-25]
CHR Extension: (Marvel Comics) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2014-10-25]
CHR Extension: (ButtonBass Dubstep Balls) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmjadonkmcblbkocpaaefjbceiijfdg [2014-10-25]
CHR Extension: (Google Play Music) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-10-25]
CHR Extension: (Adblock Super) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2014-10-25]
CHR Extension: (Little Alchemy) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-10-25]
CHR Extension: (Mixify) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjlbfglfefcmkmglakdocbgnggeieno [2014-10-25]
CHR Extension: (Google новчаник) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25]
CHR Extension: (Pipedrive CRM) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofakdmdcdjgmilfepadallikeeibfdm [2014-10-25]
CHR Extension: (Gmail) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-10] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-10] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-10] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-10] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-10] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-25] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-10-28] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 TBPanel; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 17:05 - 2014-11-25 17:05 - 00018136 _____ () C:\Users\Gangula\Desktop\FRST.txt
2014-11-25 17:04 - 2014-11-25 17:05 - 00000000 ____D () C:\FRST
2014-11-25 17:03 - 2014-11-25 17:04 - 02118144 _____ (Farbar) C:\Users\Gangula\Desktop\FRST64.exe
2014-11-25 15:22 - 2014-11-25 15:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 15:22 - 2014-11-25 15:22 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-25 15:22 - 2014-11-25 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-25 15:22 - 2014-11-25 15:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-25 15:22 - 2014-11-25 15:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-25 15:22 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-25 15:22 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-25 15:22 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 22:08 - 2014-11-25 15:16 - 00007603 _____ () C:\Users\Gangula\AppData\Local\Resmon.ResmonCfg
2014-11-24 21:59 - 2014-11-24 21:59 - 00000592 _____ () C:\Users\Gangula\AppData\Roaming\Network Monitor II_Settings.ini
2014-11-24 21:57 - 2014-11-24 21:57 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-11-24 21:40 - 2014-11-24 21:40 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-11-24 21:38 - 2014-11-12 21:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-24 21:37 - 2014-11-11 11:29 - 04100776 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-24 21:35 - 2014-11-17 23:18 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-24 21:35 - 2014-11-17 23:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-24 21:35 - 2014-11-17 23:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-24 21:35 - 2014-11-13 01:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 00989056 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-24 21:35 - 2014-11-13 01:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-24 21:22 - 2014-11-24 21:23 - 00000000 ____D () C:\Users\Gangula\AppData\Local\NVIDIA
2014-11-24 21:22 - 2014-11-24 21:22 - 00000000 ____D () C:\Users\Gangula\AppData\Local\NVIDIA Corporation
2014-11-24 21:22 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-24 21:22 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-11-24 21:22 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-24 21:22 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-11-24 21:22 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-24 21:22 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-11-24 21:21 - 2014-11-06 18:13 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-24 21:21 - 2014-11-06 18:13 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-24 21:21 - 2014-11-06 18:11 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-24 21:21 - 2014-11-06 18:11 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-24 21:21 - 2014-10-03 20:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-24 21:21 - 2014-10-03 20:23 - 00035144 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-11-24 21:21 - 2014-10-03 20:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-21 22:17 - 2014-11-21 22:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-11-20 11:01 - 2014-11-20 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-11-20 10:59 - 2014-11-20 10:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-11-20 10:58 - 2014-11-20 10:58 - 00000000 ____D () C:\Windows\PCHEALTH
2014-11-20 10:58 - 2014-11-20 10:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-11-20 10:56 - 2014-11-20 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2014-11-20 10:56 - 2014-11-20 10:56 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-11-20 10:56 - 2014-11-20 10:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-11-20 10:55 - 2014-11-20 11:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-20 10:55 - 2014-11-20 10:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-20 10:55 - 2014-11-20 10:55 - 00000000 ____D () C:\Users\Gangula\AppData\Local\Microsoft Help
2014-11-20 10:54 - 2014-11-20 10:54 - 00000000 __RHD () C:\MSOCache
2014-11-16 21:12 - 2014-11-16 21:12 - 00000000 ____D () C:\Users\Gangula\AppData\Local\CrashRpt
2014-11-16 20:09 - 2014-11-16 20:09 - 00757660 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-16 20:07 - 2009-11-25 11:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-16 20:07 - 2009-11-25 11:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-16 20:07 - 2009-11-25 11:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2014-11-16 20:07 - 2009-11-25 11:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2014-11-16 20:07 - 2009-11-25 11:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2014-11-16 20:07 - 2009-11-25 11:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2014-11-16 20:07 - 2009-11-25 11:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2014-11-16 20:07 - 2009-11-25 11:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2014-11-16 20:07 - 2009-11-25 11:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2014-11-16 20:07 - 2009-11-25 11:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2014-11-16 19:53 - 2014-11-16 21:06 - 00000257 _____ () C:\Users\Gangula\SciTE.session
2014-11-16 19:48 - 2014-11-16 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2014-11-16 19:48 - 2014-11-16 19:48 - 00000000 ____D () C:\Program Files (x86)\AutoIt3
2014-11-14 13:15 - 2014-11-18 11:36 - 00000000 ____D () C:\Users\Gangula\AppData\Roaming\AIMP
2014-11-14 13:14 - 2014-11-14 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP2
2014-11-14 13:14 - 2014-11-14 13:14 - 00000000 ____D () C:\Program Files (x86)\AIMP2
2014-11-13 20:03 - 2014-11-13 20:03 - 00000000 ____D () C:\Users\Gangula\.android
2014-11-13 19:37 - 2014-11-13 19:43 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-11-13 19:37 - 2014-11-13 19:37 - 00000000 ____D () C:\Users\Gangula\AppData\Local\Bluestacks
2014-11-13 19:37 - 2014-11-13 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-11-13 19:37 - 2014-11-13 19:37 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-11-13 19:37 - 2014-11-13 19:37 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-11-13 17:14 - 2014-11-13 17:14 - 00292400 _____ () C:\Windows\Minidump\111314-15210-01.dmp
2014-11-10 13:42 - 2014-11-10 13:42 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-11-10 13:42 - 2014-11-10 13:42 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-10 13:42 - 2014-11-10 13:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-10 13:42 - 2014-11-10 13:42 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-11-09 16:16 - 2014-11-09 16:16 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-11-09 16:11 - 2014-11-09 16:11 - 00000000 ____D () C:\Users\Gangula\Documents\SharpDevelop Projects
2014-11-09 16:09 - 2014-11-09 16:09 - 00000000 ____D () C:\Users\Gangula\AppData\Roaming\ICSharpCode
2014-11-09 00:57 - 2014-11-09 00:57 - 00292408 _____ () C:\Windows\Minidump\110914-15475-01.dmp
2014-11-08 09:40 - 2014-11-08 09:40 - 00000000 ____D () C:\Windows\Sun
2014-11-08 09:40 - 2014-11-08 09:40 - 00000000 ____D () C:\ProgramData\Sun
2014-11-08 09:40 - 2014-11-08 09:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-08 09:39 - 2014-11-08 09:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-08 09:39 - 2014-11-08 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-08 09:39 - 2014-11-08 09:39 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-07 20:54 - 2014-11-07 20:54 - 00292424 _____ () C:\Windows\Minidump\110714-14258-01.dmp
2014-11-03 22:20 - 2014-11-03 22:25 - 00000000 ____D () C:\Users\Gangula\AppData\Roaming\Curse Advertising
2014-11-03 22:20 - 2014-11-03 22:20 - 00000000 ____D () C:\Users\Gangula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2014-11-02 01:31 - 2014-11-02 01:31 - 00292432 _____ () C:\Windows\Minidump\110214-17440-01.dmp
2014-11-01 13:18 - 2014-11-01 14:06 - 00000000 ____D () C:\Users\Gangula\AppData\Roaming\AIMP3
2014-10-31 20:51 - 2014-10-31 20:51 - 00292432 _____ () C:\Windows\Minidump\103114-15428-01.dmp
2014-10-28 20:40 - 2014-10-28 20:40 - 00000000 ____D () C:\Users\Gangula\AppData\Roaming\WinRAR
2014-10-28 20:40 - 2014-10-28 20:40 - 00000000 ____D () C:\Users\Gangula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-28 20:40 - 2014-10-28 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-28 20:40 - 2014-10-28 20:40 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-26 15:48 - 2014-10-26 15:48 - 00292424 _____ () C:\Windows\Minidump\102614-22417-01.dmp
2014-10-26 03:13 - 2014-11-13 17:14 - 324853457 _____ () C:\Windows\MEMORY.DMP
2014-10-26 03:13 - 2014-11-13 17:14 - 00000000 ____D () C:\Windows\Minidump
2014-10-26 03:13 - 2014-10-26 03:13 - 00292424 _____ () C:\Windows\Minidump\102614-19437-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 17:04 - 2014-10-25 11:15 - 00000000 ____D () C:\Users\Gangula\AppData\Roaming\uTorrent
2014-11-25 17:00 - 2014-10-25 11:13 - 00000000 ____D () C:\Users\Gangula\AppData\Roaming\Skype
2014-11-25 16:35 - 2014-10-25 10:50 - 00229468 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 16:21 - 2014-10-25 11:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 15:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-25 15:50 - 2009-07-14 06:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 15:45 - 2014-10-25 11:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 15:45 - 2009-07-14 05:51 - 00024347 _____ () C:\Windows\setupact.log
2014-11-25 15:44 - 2014-10-25 11:00 - 00006402 _____ () C:\Windows\PFRO.log
2014-11-25 15:44 - 2014-10-25 10:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-25 15:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 21:40 - 2014-10-25 10:57 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-24 21:39 - 2014-10-25 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-24 21:39 - 2014-10-25 10:57 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-24 21:36 - 2014-10-25 10:57 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-24 21:13 - 2009-07-14 05:45 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-24 21:13 - 2009-07-14 05:45 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-24 21:13 - 2009-07-14 00:56 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2014-11-24 21:13 - 2009-07-14 00:52 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2014-11-24 21:13 - 2009-07-14 00:38 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-24 21:13 - 2009-07-14 00:36 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2014-11-24 21:13 - 2009-07-14 00:24 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-23 22:18 - 2014-10-25 11:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-22 08:52 - 2014-10-25 11:18 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-21 14:55 - 2014-10-25 11:21 - 00000000 ____D () C:\Users\Gangula\AppData\Roaming\BSplayer PRO
2014-11-21 10:45 - 2009-07-14 05:45 - 00416024 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-20 18:59 - 2014-10-25 11:09 - 00108840 _____ () C:\Users\Gangula\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-20 10:59 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-11-20 10:58 - 2009-07-14 08:46 - 00000000 ____D () C:\Windows\ShellNew
2014-11-20 10:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-20 10:55 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-11-19 21:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-11-16 19:53 - 2014-10-25 10:51 - 00000000 ____D () C:\Users\Gangula
2014-11-14 23:16 - 2014-10-25 11:10 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 23:16 - 2014-10-25 11:10 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 19:38 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-13 01:20 - 2014-10-25 10:57 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-13 01:20 - 2010-09-15 07:25 - 20986592 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-13 01:20 - 2010-09-15 07:25 - 18514616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-13 01:20 - 2010-09-15 07:25 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-13 01:20 - 2010-09-15 07:25 - 03262784 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-13 01:20 - 2010-09-15 07:25 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-12 22:56 - 2010-08-08 22:12 - 06897352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-12 22:56 - 2010-08-08 22:12 - 03534152 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-12 22:56 - 2010-08-08 22:12 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-12 22:56 - 2010-08-08 22:12 - 00934032 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-12 22:56 - 2010-08-08 22:12 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-12 22:56 - 2010-08-08 22:12 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-10 13:43 - 2014-10-25 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-10 13:42 - 2014-10-25 11:19 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-10 13:42 - 2014-10-25 11:19 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-10 13:42 - 2014-10-25 11:19 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-10 13:42 - 2014-10-25 11:19 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-10 13:42 - 2014-10-25 11:19 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-11-10 13:42 - 2014-10-25 11:19 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-10 13:42 - 2014-10-25 11:19 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-03 22:20 - 2014-10-25 11:09 - 00000000 ____D () C:\Users\Gangula\AppData\Local\Deployment
2014-11-01 13:18 - 2014-10-25 11:16 - 00000000 ____D () C:\Program Files (x86)\AIMP3
2014-10-28 11:34 - 2014-10-25 11:09 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-10-28 11:34 - 2014-10-25 11:09 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-10-28 11:33 - 2014-10-25 11:09 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys

Some content of TEMP:
====================
C:\Users\Gangula\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2iu77c.dll
C:\Users\Gangula\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Gangula\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Gangula\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Gangula\AppData\Local\Temp\nvStInst.exe
C:\Users\Gangula\AppData\Local\Temp\utt6070.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 12:23

==================== End Of Log ============================

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Arrow Korak 1

Idi u Start -> Control Panel -> Programs and Features i deinstaliraj sljedeće programe:

BlueStacks App Player
BlueStacks Notification Center
Browser Configuration Utility



Arrow Korak 2

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-15] (DeviceVM, Inc.)
URLSearchHook: HKU\S-1-5-21-3747377770-2376606467-2084939681-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: HKU\S-1-5-21-3747377770-2376606467-2084939681-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
CHR Extension: (Facebook Theme Creator) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnnffhckagcpoimngfooggeilkhlnnh [2014-10-25]
CHR Extension: (Avast SafePrice) - C:\Users\Gangula\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-10-30]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
C:\Program Files (x86)\BlueStacks
C:\Program Files (x86)\DeviceVM
C:\ProgramData\BlueStacksSetup
C:\Users\Gangula\AppData\Local\Bluestacks
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
C:\ProgramData\BlueStacks
EmptyTemp:


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).




Arrow Korak 3

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
u EULA prozoru klikni na I agree.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\AdwCleaner[S0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Napomena: Izvještaj ce takođe biti sačuvan na C:\Adwcleaner\AdwCleaner[S0].txt

offline
  • Otalix 
  • Novi MyCity građanin
  • Pridružio: 26 Jan 2013
  • Poruke: 17

Sve sam odradio:

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Kakvo je sada stanje?



Arrow

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

process;
startupall;
drivers-services-list;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.

offline
  • Otalix 
  • Novi MyCity građanin
  • Pridružio: 26 Jan 2013
  • Poruke: 17

Stanje je i dalje isto, odradio sam i ovo sa Zoek-om. Smile
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Ovo mi djeluje čisto.

Preuzmi Malwarebytes Anti-Rootkit (MBAR) sa sledeceg linka i sacuvaj ga na Desktop.

Dvoklikom pokreni MBAR () na ikonicu programa:
- Klikni OK na sledecem prozoru da bi dozvolio raspakivanje u zaseban mbar folder na desktop-u;
- mbar.exe ce biti startovan. Na nekim sistemima to moze da potraje nekoliko dodatnih sekundi, te pricekati pokretanje.;
- U uvodnom prozoru klikni dugme Next ukoliko si saglasan;



• Na 'Update Database' prozoru klik na dugme Update da bi preuzeo sveze definicije. Kada se ispise poruka 'Success: Database was successfully updated' klik na dugme Next;
• Pod sekcijom 'Scan Targets' proveri da su sve opcije stiklirane, te klikni na dugme Scan;

Obavestenje: sa nekim infekcijama moze se desiti da se prikaze neka od sledecih poruka:
- 'Could not load protection driver' => u tom slucaju klikni OK.
- 'Could not load DDA driver' => klikni Yes na to obavestenje da bi dozvolio ucitavanje nakon restarta. Dozvoli restart i nastavi sa ostatkom instrukcija posle restarta.





>> Ukoliko malware nije detektovan, klik na Exit dugme da zatvoris program. U sledecu poruku postavi mbar-log-year-month-day (sat-minuti-sekundi).txt i system-log.txt izveštaje.

>> Ukoliko su infekcija/e pronadjene, proveriti da li je obelezena opcija 'Create Restore Point' i klikni na dugme Cleanup! da bi uklonili pretnje.
- Procedura uklanjanje malware-a (scheduled) ce biti zakazana po restartu, bice prikazano obavestenje u pop-up prozoru. Klikni dugme Yes i sistem bi trebao da se restartuje i da zavrsi proceduru ciscenja.



Obavestenje! samo ukoliko je RootKit detektovan: - postaraj se da pokrenes fixdamage.exe alat koji se nalazi u mbar folderu, \Plugins\fixdamage.exe:
- Dvoklikom pokreni fixdamage, u crnom prozoru koji se otvori (command prompt) ukucaj Y (Y stoji za Yes) da bi nastavio izvrsenje, pricekati da alat odradi sve popravke ...
- Kada vidis poruku 'press any key to exit' popravka je kompletirana. Pritisnuti bilo koju tipku na tastaturi da bi se prozor zatvorio. Restartovati sistem.





Sledeci izvestaji ce biti formirani u mbar folderu.
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Iskopiraj sadrzaj mbar log-a u poruku a system log okaci uz poruku koristeci opciju Prikači fajl.

offline
  • Otalix 
  • Novi MyCity građanin
  • Pridružio: 26 Jan 2013
  • Poruke: 17

Nakon sto sam kompjuter restartovao drugi put, internet se namestio, tako da nisam uopste skidao Malwarebytes Anti Rootkit.
Hvala na ukazanom trudu i velikoj brzini. Very Happy Smile

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otalix ::Nakon sto sam kompjuter restartovao drugi put, internet se namestio, tako da nisam uopste skidao Malwarebytes Anti Rootkit.
Hvala na ukazanom trudu i velikoj brzini. Very Happy Smile


Iako ovo nije bio problem do tvog račuanra već najvjerovatnije do tvog Internet provajdera, postavi mi traženi izvještaj.

Ko je trenutno na forumu
 

Ukupno su 1396 korisnika na forumu :: 57 registrovanih, 5 sakrivenih i 1334 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amaterSRB, Apok, Batinas, bojank, Boris90, Brana01, darkangel, DeerHunter, Dežurni pod palubom, Djokislav, dmdr, Dorcolac, drimer, Duh sa sekirom, Georgius, HogarStrashni, ikan, Ilija Cvorovic, Insan, kinez88, Klecaviks, kokodakalo, Kruger, Kubovac, kunktator, kybonacci, Litostroton, LUDI, Luka Blažević, Lukaaa, Lutvo_Redzepagic, milenko crazy north, mkukoleca, MrNo, nebkv, Nemanja.M, nemkea71, Neretva, oganj123, oldtimer, opt1, robert1979, royst33, ruger357, sap, sasa87, slonic_tonic, Srle993, stegonosa, StepskiVuk, suton, vathra, VJ, vukdra, yufighter, Zimbabwe, zlaya011