Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Website Trojan


  • Please log in to reply
10 replies to this topic

#1 Rokowski

Rokowski

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 19 September 2013 - 09:00 AM

Hello!
Earlier this month i visited a website of some company wich does bicycles.Antivirus i am using didnt report anything ( Avast!) so i didnt really realize i was infected at that time.
So couple of days later i was browsing it on my dads pc and av he is using ( Sophos ) didnt wanted to acsess website and said site has autodownload Trojan.
Now when i try to go to that website from google or just via link google is telling me its suspicious and i should go there. I installed  mcafee safe web and here is its report https://www.siteadvisor.com/sites/http%3A//illbike.com/?pip=false&premium=false&client_uid=3102916830&client_ver=3.6.3.489&client_type=IEPlugin&suite=false&aff_id=0&locale=en_us&ui=1&os_ver=6.1.1.0&ref=safesearch

So later i scanned my pc with Kaspersky virus removal tool and Mbam wich didnt find anything suspicous. At the end i used Combofix wich delted some file from c:\users\appdata\inst.exe but im not sure that was it.

Im really afraid im still infected. I hope someone can help me.
 

 



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:42 PM

Posted 19 September 2013 - 04:19 PM

Hi Rokowski and welcome to BC.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.


Step 1

At the end i used Combofix wich delted some file from c:\users\appdata\inst.exe but im not sure that was it.

Please post the combofix.txt so i can take a look.
You will find it at:
C:\ComboFix.txt


Step 2
Note:
There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

If you are unsure what you're system bit type is..... click Here for help.

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    frst_zps6548371f.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
Requested combofix.txt (if you still have it)
both reports from FRST


Thanks.

BBPP6nz.png


#3 Rokowski

Rokowski
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 20 September 2013 - 09:26 AM

Hello StarBuck!
Thanks for you kind and fast reply.
Here are logs now:

Combofix:
 

ComboFix 13-09-17.01 - Rok 17-Sep-13  23:26:54.4.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3582.2616 [GMT 2:00]
Running from: c:\users\Rok\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rok\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Rok\AppData\Roaming\inst.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-17 to 2013-09-17  )))))))))))))))))))))))))))))))
.
.
2013-09-17 21:33 . 2013-09-17 21:33 -------- d-----w- c:\users\Rok\AppData\Local\temp
2013-09-17 21:33 . 2013-09-17 21:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-17 21:33 . 2013-09-17 21:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-17 18:55 . 2013-09-17 18:55 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{421B0DFE-07FB-4590-98A1-535F3A73664F}\offreg.dll
2013-09-17 16:11 . 2013-09-17 16:33 133208 ----a-w- c:\windows\system32\drivers\19370008.sys
2013-09-17 14:13 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{421B0DFE-07FB-4590-98A1-535F3A73664F}\mpengine.dll
2013-09-14 07:52 . 2013-09-09 13:29 36152 ----a-w- c:\windows\system32\uxtuneup.dll
2013-09-12 14:28 . 2013-08-10 03:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-09-09 19:05 . 2013-09-09 19:05 -------- d-----w- c:\users\Rok\AppData\Local\VS Revo Group
2013-09-09 19:05 . 2013-09-09 19:05 -------- d-----w- c:\programdata\VS Revo Group
2013-09-09 19:05 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-09-09 19:05 . 2013-09-09 19:05 -------- d-----w- c:\program files\VS Revo Group
2013-09-08 13:10 . 2013-09-09 13:29 36664 ----a-w- c:\windows\system32\TURegOpt.exe
2013-09-08 13:10 . 2013-09-09 13:29 25400 ----a-w- c:\windows\system32\authuitu.dll
2013-09-08 13:09 . 2013-09-08 13:09 -------- d-----w- c:\users\Rok\AppData\Roaming\TuneUp Software
2013-09-08 13:07 . 2013-09-14 07:52 -------- d-----w- c:\program files\TuneUp Utilities 2014
2013-09-08 13:05 . 2013-09-08 13:12 -------- d-----w- c:\programdata\TuneUp Software
2013-09-08 13:05 . 2013-09-08 13:20 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-09-08 13:05 . 2013-09-08 13:05 -------- d--h--w- c:\programdata\Common Files
2013-09-08 08:41 . 2013-09-08 08:41 388096 ----a-r- c:\users\Rok\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-09-07 07:36 . 2013-08-30 07:48 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-07 07:36 . 2013-08-30 07:48 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-07 07:36 . 2013-08-30 07:48 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-09-07 07:36 . 2013-08-30 07:48 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-07 07:36 . 2013-08-30 07:48 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-07 07:36 . 2013-08-30 07:48 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-07 07:36 . 2013-08-30 07:48 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-07 07:36 . 2013-08-30 07:48 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-07 07:35 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-09-06 13:59 . 2013-09-08 19:10 -------- d-----w- c:\users\Rok\AppData\Roaming\.minecraft
2013-09-05 19:48 . 2013-09-08 14:29 -------- d-----w- c:\users\Rok\AppData\Roaming\TS3Client
2013-09-05 19:44 . 2013-09-05 19:44 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-08-24 17:38 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-24 17:38 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-24 17:38 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-24 17:38 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-24 17:38 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-24 17:38 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-24 17:38 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-24 17:37 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-24 17:37 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-24 17:37 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-24 17:37 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-24 17:37 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-08 10:35 . 2013-06-02 17:22 47360 ----a-w- c:\users\Rok\AppData\Roaming\pcouffin.sys
2013-08-30 07:47 . 2013-05-24 20:20 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-25 16:42 . 2013-06-24 14:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-25 16:42 . 2013-06-24 14:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-07 02:22 . 2013-05-24 19:38 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-26 23:21 . 2013-07-26 23:21 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-07-18 12:17 . 2013-07-18 12:17 140664 ----a-r- c:\users\Rok\AppData\Roaming\Microsoft\Installer\{C67A3F9D-E55D-4288-B4EC-1B9863EFB288}\ShortcutUpdater_B4EEAB5A25624B9CB01E300A7199EE30.exe
2013-07-18 12:17 . 2013-07-18 12:17 140664 ----a-r- c:\users\Rok\AppData\Roaming\Microsoft\Installer\{C67A3F9D-E55D-4288-B4EC-1B9863EFB288}\ARPPRODUCTICON.exe
2013-07-13 21:24 . 2009-08-18 09:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2013-07-13 21:24 . 2009-08-18 09:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-07-13 18:27 . 2013-07-13 18:27 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-06-23 15:25 . 2013-06-23 15:25 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-23 15:25 . 2013-05-26 17:04 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-23 15:25 . 2013-05-26 17:04 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-05-21 11947080]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk]
backup=c:\windows\pss\CineForm Status.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]
2013-04-18 18:38 491840 ----a-w- c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]
2013-06-02 15:46 438272 ----a-w- c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2013-04-18 23:45 1090912 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-21 07:58 19875432 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-09-13 01:48 1814440 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-02-23 86544]
R3 bulkadi;Razer Megalodon DFU;c:\windows\system32\DRIVERS\bulkrazer.sys [2011-02-09 19968]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EagleXNt;EagleXNt; [x]
R3 esgiguard;esgiguard; [x]
R3 getbus;getbus; [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-07-26 31560]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-01-23 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-01-23 8576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-05-25 14848]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys [2013-05-17 33016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-05-25 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-05-25 27136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-24 1343400]
R4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2012-07-13 769432]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R4 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-07-08 4153184]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-06-03 242240]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [2013-04-18 574272]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [2013-09-09 1740600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-04-10 651848]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [2013-08-21 12320]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 14610597
*NewlyCreated* - 1669646DRV
*NewlyCreated* - 19370008
*NewlyCreated* - 85869485
*NewlyCreated* - UTIYODU4
*Deregistered* - utiyodu4
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-07 15:32 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-24 20:14]
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-24 20:14]
.
.
------- Supplementary Scan -------
.
IE: I&zvozi v Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 84.255.209.79 84.255.210.79
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_19370008.lnk - c:\users\Rok\AppData\Local\Temp\_uninst_19370008.bat
SafeBoot-69154496.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,e3,94,1f,
   be,3b,97,d8,0c,d0,f4,c8,9e,21,03,83,f2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:42,1d,a4,dc,a9,a5,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,97,82,2b,83,ba,ed,4e,a3,ff,01,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,97,82,2b,83,ba,ed,4e,a3,ff,01,\
.
[HKEY_USERS\S-1-5-21-3379918784-3529376713-1681369078-1001\Software\SecuROM\License information*]
"datasecu"=hex:e2,32,19,76,c3,9d,f2,18,0c,b8,00,76,88,73,ec,97,1e,52,26,96,89,
   22,7c,38,65,ca,be,84,e0,e1,78,71,73,18,c5,a2,f5,6f,22,23,12,eb,ed,47,b5,31,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-17  23:35:34
ComboFix-quarantined-files.txt  2013-09-17 21:35
ComboFix2.txt  2013-09-06 16:01
ComboFix3.txt  2013-07-12 07:34
ComboFix4.txt  2013-05-28 16:40
.
Pre-Run: 152,732,200,960 bytes free
Post-Run: 153,079,263,232 bytes free
.
- - End Of File - - 117870B95C4452A4D17D6A27E88AC01A
A36C5E4F47E84449FF07ED3517B43A31
 
 
 

frst.txt
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-09-2013 01
Ran by Rok (administrator) on ROK-PC on 20-09-2013 16:22:42
Running from C:\Nexon
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\Rok\jagexcache\jagexlauncher\bin\JagexLauncher.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11947080 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Policies\Explorer: [NoDrives] 0
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2B9B5945BB58CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 84.255.209.79 84.255.210.79
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0\McChPlg.dll (McAfee, Inc.)
CHR Plugin: (Advanced SystemCare 6) - C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\Plugin/ASCPlugin_Protect.dll (IObit)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Nokia Suite Enabler Plugin) - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (SiteAdvisor) - C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASC_GhromePlugin.crx
 
========================== Services (Whitelisted) =================
 
R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [103112 2013-09-04] (McAfee, Inc.)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1740600 2013-09-09] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
R0 19370008; C:\Windows\System32\DRIVERS\19370008.sys [133208 2013-09-17] (Kaspersky Lab ZAO)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
S3 bulkadi; C:\Windows\System32\DRIVERS\bulkrazer.sys [19968 2011-02-09] (Windows ® Codename Longhorn DDK provider)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-06-03] (DT Soft Ltd)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2013-07-27] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [33016 2013-05-17] (Windows ® Win 7 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-05-26] (Duplex Secure Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
U3 a7f0mtav; C:\Windows\System32\Drivers\a7f0mtav.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Rok\AppData\Local\Temp\catchme.sys [x]
S3 EagleXNt; No ImagePath
S3 esgiguard; No ImagePath
S3 getbus; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-20 16:22 - 2013-09-20 16:22 - 00000000 ____D C:\FRST
2013-09-19 22:34 - 2013-09-19 22:34 - 00000068 _____ C:\Users\Rok\Desktop\▶ REVIVE UNBOXING - AARON KYRO - YouTube.url
2013-09-19 22:23 - 2013-09-19 22:23 - 00000068 _____ C:\Users\Rok\Desktop\▶ RuneScape- Enlightened Journey Quest Guide-Walkthrough - YouTube.url
2013-09-19 21:10 - 2013-09-19 21:10 - 00000068 _____ C:\Users\Rok\Desktop\RuneScape- Fairy Tale II- Cure A Queen Quest Guide - YouTube.url
2013-09-19 20:03 - 2013-09-19 20:03 - 00000000 _____ C:\Users\Rok\Desktop\New Text Document (2).txt
2013-09-18 16:25 - 2013-09-18 16:35 - 00000000 ____D C:\Program Files\McAfee
2013-09-18 16:25 - 2013-09-18 16:25 - 00000000 ____D C:\ProgramData\McAfee
2013-09-18 16:25 - 2013-09-18 16:25 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-09-18 16:23 - 2013-09-18 16:24 - 09627728 _____ C:\Users\Rok\Downloads\saSetup.exe
2013-09-17 23:24 - 2013-09-18 21:18 - 05128653 ____R (Swearware) C:\Users\Rok\Downloads\ComboFix.exe
2013-09-17 18:11 - 2013-09-17 18:33 - 00133208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\19370008.sys
2013-09-17 18:11 - 2013-09-17 18:11 - 00109664 _____ C:\Users\Rok\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-17 18:07 - 2013-09-17 18:11 - 184066144 _____ C:\Users\Rok\Downloads\setup_11.0.1.1245.x01_2013_09_17_18_33.exe
2013-09-17 17:01 - 2013-09-17 17:01 - 00000175 _____ C:\Users\Rok\Desktop\REZERVNI DELI za kolo Pony -- bolha.com.url
2013-09-17 17:01 - 2013-09-17 17:01 - 00000153 _____ C:\Users\Rok\Desktop\pony kolo------deli-po delih -- bolha.com.url
2013-09-16 21:08 - 2013-09-16 22:27 - 00000000 ____D C:\Users\Rok\Desktop\BAJK
2013-09-16 08:39 - 2013-09-20 16:11 - 00000831 _____ C:\Windows\setupact.log
2013-09-16 08:39 - 2013-09-19 15:32 - 00006380 _____ C:\Windows\PFRO.log
2013-09-16 08:39 - 2013-09-16 08:39 - 00000000 _____ C:\Windows\setuperr.log
2013-09-15 13:38 - 2013-09-15 13:38 - 00001234 _____ C:\Users\Public\Desktop\Uninstaller.lnk
2013-09-15 13:38 - 2013-09-15 13:38 - 00001222 _____ C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-09-15 13:38 - 2013-09-15 13:38 - 00001183 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2013-09-15 13:36 - 2013-09-15 13:36 - 23398360 _____ (IObit                                                       ) C:\Users\Rok\Downloads\asc-setup (2).exe
2013-09-14 21:07 - 2013-09-14 21:07 - 00000213 _____ C:\Users\Rok\Desktop\Team Fortress 2.url
2013-09-14 09:52 - 2013-09-09 15:29 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2013-09-14 00:09 - 2013-09-14 00:09 - 00000148 _____ C:\Users\Rok\Desktop\BSOD - Windows 7 - Possible Memory Issue- - Windows 7.url
2013-09-12 16:28 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 16:28 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 16:27 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 16:27 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 16:27 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 16:27 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 16:27 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 16:27 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 16:27 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 16:27 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 16:27 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 16:27 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 16:27 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 16:27 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 16:27 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 16:27 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 15:44 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 15:44 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 15:44 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 15:44 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 15:44 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 15:44 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 15:44 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 15:44 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 15:44 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 15:33 - 2013-09-11 15:35 - 117548912 _____ C:\Users\Rok\Downloads\GoProStudioPC-2.0.0.285.exe
2013-09-10 20:01 - 2013-09-13 21:13 - 00414120 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-10 19:54 - 2013-09-10 19:54 - 00347424 _____ (Microsoft Corporation) C:\Users\Rok\Downloads\MicrosoftFixit.HomeGroup.Run.exe
2013-09-09 22:01 - 2013-09-09 22:01 - 00000229 _____ C:\Users\Rok\Desktop\workout videos for men - YouTube.url
2013-09-09 22:00 - 2013-09-09 22:00 - 00000102 _____ C:\Users\Rok\Desktop\Vaje za moč in vzdržljivost - TRIGLAV, Zdravstvena zavarovalnica, d.d..url
2013-09-09 21:05 - 2013-09-09 21:05 - 00001234 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2013-09-09 21:05 - 2013-09-09 21:05 - 00000000 ____D C:\Users\Rok\AppData\Local\VS Revo Group
2013-09-09 21:05 - 2013-09-09 21:05 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-09-09 21:05 - 2013-09-09 21:05 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-09 21:05 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2013-09-09 21:00 - 2013-09-09 21:00 - 10031224 _____ (VS Revo Group                                               ) C:\Users\Rok\Downloads\RevoUninProSetup.exe
2013-09-09 20:07 - 2013-09-09 20:07 - 00000115 _____ C:\Users\Rok\Desktop\[Java] LinkedList - Data Structure (Classes Included).url
2013-09-08 15:10 - 2013-09-09 15:29 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2013-09-08 15:09 - 2013-09-08 15:09 - 00002159 _____ C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2013-09-08 15:09 - 2013-09-08 15:09 - 00002133 _____ C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2013-09-08 15:09 - 2013-09-08 15:09 - 00000000 ____D C:\Users\Rok\AppData\Roaming\TuneUp Software
2013-09-08 15:07 - 2013-09-14 09:52 - 00000000 ____D C:\Program Files\TuneUp Utilities 2014
2013-09-08 15:05 - 2013-09-08 15:20 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-09-08 15:05 - 2013-09-08 15:12 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-09-08 14:35 - 2013-09-08 14:37 - 32773544 _____ (TuneUp Software) C:\Users\Rok\Downloads\TuneUpUtilities2014_en-US.exe
2013-09-08 13:21 - 2013-09-08 13:21 - 47726592 _____ C:\Windows\system32\config\software.iobit
2013-09-08 12:59 - 2013-09-08 12:59 - 23398360 _____ (IObit                                                       ) C:\Users\Rok\Downloads\asc-setup (1).exe
2013-09-07 16:56 - 2013-09-07 16:56 - 02347384 _____ (ESET) C:\Users\Rok\Downloads\esetsmartinstaller_enu.exe
2013-09-07 16:46 - 2013-09-07 16:47 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Rok\Downloads\tdsskiller.exe
2013-09-07 09:36 - 2013-09-07 09:36 - 00002079 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-07 09:36 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-07 09:36 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-07 09:36 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-07 09:36 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-07 09:36 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-07 09:36 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-07 09:36 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-07 09:36 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-07 09:35 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-07 09:22 - 2013-09-07 09:24 - 104206768 _____ C:\Users\Rok\Downloads\vpsupd.exe
2013-09-07 09:20 - 2013-09-07 09:22 - 131918888 _____ C:\Users\Rok\Downloads\avast_free_antivirus_setup.exe
2013-09-07 09:19 - 2013-09-07 09:20 - 23398360 _____ (IObit                                                       ) C:\Users\Rok\Downloads\asc-setup.exe
2013-09-06 16:11 - 2013-09-15 18:04 - 00000167 _____ C:\Users\Rok\Desktop\MICE.txt
2013-09-06 15:59 - 2013-09-08 21:10 - 00000000 ____D C:\Users\Rok\AppData\Roaming\.minecraft
2013-09-06 15:58 - 2013-09-06 15:58 - 00675988 _____ C:\Users\Rok\Desktop\Minecraft.exe
2013-09-05 21:48 - 2013-09-08 16:29 - 00000000 ____D C:\Users\Rok\AppData\Roaming\TS3Client
2013-09-05 21:44 - 2013-09-05 21:44 - 00001124 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-09-05 21:44 - 2013-09-05 21:44 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-05 21:42 - 2013-09-05 21:42 - 33856880 _____ (TeamSpeak Systems GmbH) C:\Users\Rok\Downloads\TeamSpeak3-Client-win32-3.0.11.1.exe
2013-09-05 20:41 - 2013-09-05 20:41 - 00000056 _____ C:\Users\Rok\Desktop\VirusTotal - Free Online Virus, Malware and URL Scanner.url
2013-09-05 08:16 - 2013-09-05 08:16 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-05 08:14 - 2013-09-05 08:15 - 04454952 _____ (Piriform Ltd) C:\Users\Rok\Downloads\ccsetup405.exe
2013-09-03 19:52 - 2013-09-03 19:52 - 00013420 _____ C:\Users\Rok\Downloads\slo_rfs_zivljenjepis_01.odt
2013-09-01 21:09 - 2013-09-01 21:09 - 00000038 _____ C:\Users\Rok\Desktop\skatesesnMP4.MP4.sfl
2013-08-28 19:43 - 2013-08-28 19:43 - 00000068 _____ C:\Users\Rok\Desktop\Best RS Thieving Guide 1-99 Fast and Easy! - YouTube.url
2013-08-25 11:05 - 2013-08-25 11:05 - 00792704 _____ (AMD) C:\Users\Rok\Downloads\amddriverdownloader (2).exe
2013-08-24 22:12 - 2013-08-25 10:09 - 30732288 _____ C:\Windows\system32\config\components.iobit
2013-08-24 19:38 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-24 19:38 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-24 19:38 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-24 19:38 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-24 19:38 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-24 19:38 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-24 19:38 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-24 19:37 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-24 19:37 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-24 19:37 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-24 19:37 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-24 19:37 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
 
==================== One Month Modified Files and Folders =======
 
2013-09-20 16:22 - 2013-09-20 16:22 - 00000000 ____D C:\FRST
2013-09-20 16:21 - 2013-06-02 17:46 - 00000000 ____D C:\Nexon
2013-09-20 16:19 - 2013-06-10 11:48 - 00000024 _____ C:\Users\Rok\jagexappletviewer.preferences
2013-09-20 16:19 - 2009-07-14 06:34 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-20 16:19 - 2009-07-14 06:34 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-20 16:17 - 2013-06-09 22:11 - 00000042 _____ C:\Users\Rok\jagex_cl_runescape_LIVE.dat
2013-09-20 16:16 - 2013-05-24 21:33 - 01322622 _____ C:\Windows\WindowsUpdate.log
2013-09-20 16:11 - 2013-09-16 08:39 - 00000831 _____ C:\Windows\setupact.log
2013-09-20 16:11 - 2013-05-24 22:14 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-20 16:11 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 22:38 - 2013-05-25 21:54 - 00000000 ____D C:\Users\Rok\AppData\Roaming\Skype
2013-09-19 22:38 - 2013-05-25 15:55 - 00000000 ____D C:\Program Files\Steam
2013-09-19 22:34 - 2013-09-19 22:34 - 00000068 _____ C:\Users\Rok\Desktop\▶ REVIVE UNBOXING - AARON KYRO - YouTube.url
2013-09-19 22:31 - 2013-06-09 22:11 - 00000024 _____ C:\Users\Rok\random.dat
2013-09-19 22:25 - 2013-05-24 22:14 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-19 22:23 - 2013-09-19 22:23 - 00000068 _____ C:\Users\Rok\Desktop\▶ RuneScape- Enlightened Journey Quest Guide-Walkthrough - YouTube.url
2013-09-19 21:10 - 2013-09-19 21:10 - 00000068 _____ C:\Users\Rok\Desktop\RuneScape- Fairy Tale II- Cure A Queen Quest Guide - YouTube.url
2013-09-19 20:03 - 2013-09-19 20:03 - 00000000 _____ C:\Users\Rok\Desktop\New Text Document (2).txt
2013-09-19 19:45 - 2013-05-26 14:47 - 00000000 ____D C:\Users\Rok\AppData\Roaming\uTorrent
2013-09-19 18:28 - 2013-05-25 15:37 - 00000000 ____D C:\Users\Rok\AppData\Roaming\vlc
2013-09-19 15:32 - 2013-09-16 08:39 - 00006380 _____ C:\Windows\PFRO.log
2013-09-18 22:13 - 2013-09-18 22:13 - 00000105 _____ C:\Users\Rok\Desktop\Combofix- What Is Find3m Report- - Am I infected- What do I do-.url
2013-09-18 22:12 - 2013-09-18 22:12 - 00016109 _____ C:\ComboFix.txt
2013-09-18 22:12 - 2013-07-12 09:21 - 00000000 ____D C:\Qoobox
2013-09-18 22:11 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-09-18 21:18 - 2013-09-17 23:24 - 05128653 ____R (Swearware) C:\Users\Rok\Downloads\ComboFix.exe
2013-09-18 16:35 - 2013-09-18 16:25 - 00000000 ____D C:\Program Files\McAfee
2013-09-18 16:25 - 2013-09-18 16:25 - 00000000 ____D C:\ProgramData\McAfee
2013-09-18 16:25 - 2013-09-18 16:25 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-09-18 16:24 - 2013-09-18 16:23 - 09627728 _____ C:\Users\Rok\Downloads\saSetup.exe
2013-09-17 23:38 - 2013-06-24 11:44 - 00000000 ____D C:\Users\Rok\Desktop\RANDOM
2013-09-17 18:33 - 2013-09-17 18:11 - 00133208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\19370008.sys
2013-09-17 18:11 - 2013-09-17 18:11 - 00109664 _____ C:\Users\Rok\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-17 18:11 - 2013-09-17 18:07 - 184066144 _____ C:\Users\Rok\Downloads\setup_11.0.1.1245.x01_2013_09_17_18_33.exe
2013-09-17 17:01 - 2013-09-17 17:01 - 00000175 _____ C:\Users\Rok\Desktop\REZERVNI DELI za kolo Pony -- bolha.com.url
2013-09-17 17:01 - 2013-09-17 17:01 - 00000153 _____ C:\Users\Rok\Desktop\pony kolo------deli-po delih -- bolha.com.url
2013-09-16 22:27 - 2013-09-16 21:08 - 00000000 ____D C:\Users\Rok\Desktop\BAJK
2013-09-16 08:39 - 2013-09-16 08:39 - 00000000 _____ C:\Windows\setuperr.log
2013-09-15 21:46 - 2013-05-25 07:26 - 00000000 ____D C:\Windows\Panther
2013-09-15 18:04 - 2013-09-06 16:11 - 00000167 _____ C:\Users\Rok\Desktop\MICE.txt
2013-09-15 13:38 - 2013-09-15 13:38 - 00001234 _____ C:\Users\Public\Desktop\Uninstaller.lnk
2013-09-15 13:38 - 2013-09-15 13:38 - 00001222 _____ C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2013-09-15 13:38 - 2013-09-15 13:38 - 00001183 _____ C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2013-09-15 13:36 - 2013-09-15 13:36 - 23398360 _____ (IObit                                                       ) C:\Users\Rok\Downloads\asc-setup (2).exe
2013-09-14 21:42 - 2013-05-25 15:55 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-09-14 21:07 - 2013-09-14 21:07 - 00000213 _____ C:\Users\Rok\Desktop\Team Fortress 2.url
2013-09-14 21:07 - 2013-06-24 13:56 - 00000000 ____D C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-09-14 11:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-14 09:52 - 2013-09-08 15:07 - 00000000 ____D C:\Program Files\TuneUp Utilities 2014
2013-09-14 09:40 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-14 09:38 - 2013-05-24 21:33 - 00000000 ____D C:\Users\Rok\AppData\Local\VirtualStore
2013-09-14 00:09 - 2013-09-14 00:09 - 00000148 _____ C:\Users\Rok\Desktop\BSOD - Windows 7 - Possible Memory Issue- - Windows 7.url
2013-09-13 21:13 - 2013-09-10 20:01 - 00414120 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 16:29 - 2013-05-24 22:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 16:26 - 2013-07-12 08:12 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 16:22 - 2013-05-24 21:51 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 15:35 - 2013-09-11 15:33 - 117548912 _____ C:\Users\Rok\Downloads\GoProStudioPC-2.0.0.285.exe
2013-09-10 22:03 - 2013-06-01 00:13 - 00000000 ____D C:\Users\Rok\AppData\Local\PMB Files
2013-09-10 22:03 - 2013-06-01 00:13 - 00000000 ____D C:\ProgramData\PMB Files
2013-09-10 19:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-10 19:54 - 2013-09-10 19:54 - 00347424 _____ (Microsoft Corporation) C:\Users\Rok\Downloads\MicrosoftFixit.HomeGroup.Run.exe
2013-09-10 19:36 - 2013-09-10 19:36 - 00010240 ___SH C:\Users\Rok\Downloads\Thumbs.db
2013-09-09 22:01 - 2013-09-09 22:01 - 00000229 _____ C:\Users\Rok\Desktop\workout videos for men - YouTube.url
2013-09-09 22:00 - 2013-09-09 22:00 - 00000102 _____ C:\Users\Rok\Desktop\Vaje za moč in vzdržljivost - TRIGLAV, Zdravstvena zavarovalnica, d.d..url
2013-09-09 21:05 - 2013-09-09 21:05 - 00001234 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2013-09-09 21:05 - 2013-09-09 21:05 - 00000000 ____D C:\Users\Rok\AppData\Local\VS Revo Group
2013-09-09 21:05 - 2013-09-09 21:05 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-09-09 21:05 - 2013-09-09 21:05 - 00000000 ____D C:\Program Files\VS Revo Group
2013-09-09 21:00 - 2013-09-09 21:00 - 10031224 _____ (VS Revo Group                                               ) C:\Users\Rok\Downloads\RevoUninProSetup.exe
2013-09-09 20:07 - 2013-09-09 20:07 - 00000115 _____ C:\Users\Rok\Desktop\[Java] LinkedList - Data Structure (Classes Included).url
2013-09-09 15:29 - 2013-09-14 09:52 - 00036152 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2013-09-09 15:29 - 2013-09-08 15:10 - 00036664 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2013-09-09 15:29 - 2013-09-08 15:10 - 00025400 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2013-09-08 21:10 - 2013-09-06 15:59 - 00000000 ____D C:\Users\Rok\AppData\Roaming\.minecraft
2013-09-08 16:29 - 2013-09-05 21:48 - 00000000 ____D C:\Users\Rok\AppData\Roaming\TS3Client
2013-09-08 15:20 - 2013-09-08 15:05 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-09-08 15:20 - 2013-05-28 15:28 - 00000000 ____D C:\Users\Rok\AppData\Roaming\Sony
2013-09-08 15:20 - 2013-05-26 19:25 - 00000000 ____D C:\ProgramData\DriverGenius
2013-09-08 15:12 - 2013-09-08 15:05 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-09-08 15:09 - 2013-09-08 15:09 - 00002159 _____ C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2013-09-08 15:09 - 2013-09-08 15:09 - 00002133 _____ C:\Users\Public\Desktop\TuneUp Utilities 2014.lnk
2013-09-08 15:09 - 2013-09-08 15:09 - 00000000 ____D C:\Users\Rok\AppData\Roaming\TuneUp Software
2013-09-08 14:37 - 2013-09-08 14:35 - 32773544 _____ (TuneUp Software) C:\Users\Rok\Downloads\TuneUpUtilities2014_en-US.exe
2013-09-08 13:21 - 2013-09-08 13:21 - 47726592 _____ C:\Windows\system32\config\software.iobit
2013-09-08 12:59 - 2013-09-08 12:59 - 23398360 _____ (IObit                                                       ) C:\Users\Rok\Downloads\asc-setup (1).exe
2013-09-08 12:37 - 2013-06-24 16:02 - 00000000 ____D C:\ProgramData\HappyCloud
2013-09-08 12:35 - 2013-06-02 19:22 - 00047360 _____ (VSO Software) C:\Users\Rok\AppData\Roaming\pcouffin.sys
2013-09-08 12:35 - 2013-06-02 19:22 - 00007887 _____ C:\Users\Rok\AppData\Roaming\pcouffin.cat
2013-09-08 12:35 - 2013-06-02 19:22 - 00000055 _____ C:\Users\Rok\AppData\Roaming\pcouffin.log
2013-09-08 12:35 - 2013-06-02 19:22 - 00000000 ____D C:\Users\Rok\AppData\Roaming\Vso
2013-09-08 12:35 - 2013-06-02 19:22 - 00000000 ____D C:\Program Files\VSO
2013-09-08 10:41 - 2013-05-28 18:19 - 00002953 _____ C:\Users\Rok\Desktop\HiJackThis.lnk
2013-09-08 10:41 - 2013-05-28 18:19 - 00000000 ____D C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-09-07 17:44 - 2013-05-24 22:15 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-07 16:56 - 2013-09-07 16:56 - 02347384 _____ (ESET) C:\Users\Rok\Downloads\esetsmartinstaller_enu.exe
2013-09-07 16:47 - 2013-09-07 16:46 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Rok\Downloads\tdsskiller.exe
2013-09-07 09:39 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-09-07 09:36 - 2013-09-07 09:36 - 00002079 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-07 09:35 - 2013-05-24 22:19 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-07 09:35 - 2013-05-24 22:19 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-07 09:24 - 2013-09-07 09:22 - 104206768 _____ C:\Users\Rok\Downloads\vpsupd.exe
2013-09-07 09:22 - 2013-09-07 09:20 - 131918888 _____ C:\Users\Rok\Downloads\avast_free_antivirus_setup.exe
2013-09-07 09:20 - 2013-09-07 09:19 - 23398360 _____ (IObit                                                       ) C:\Users\Rok\Downloads\asc-setup.exe
2013-09-06 15:58 - 2013-09-06 15:58 - 00675988 _____ C:\Users\Rok\Desktop\Minecraft.exe
2013-09-05 21:44 - 2013-09-05 21:44 - 00001124 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2013-09-05 21:44 - 2013-09-05 21:44 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-05 21:42 - 2013-09-05 21:42 - 33856880 _____ (TeamSpeak Systems GmbH) C:\Users\Rok\Downloads\TeamSpeak3-Client-win32-3.0.11.1.exe
2013-09-05 20:41 - 2013-09-05 20:41 - 00000056 _____ C:\Users\Rok\Desktop\VirusTotal - Free Online Virus, Malware and URL Scanner.url
2013-09-05 08:16 - 2013-09-05 08:16 - 00000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-05 08:16 - 2013-06-15 14:33 - 00000000 ____D C:\Program Files\CCleaner
2013-09-05 08:15 - 2013-09-05 08:14 - 04454952 _____ (Piriform Ltd) C:\Users\Rok\Downloads\ccsetup405.exe
2013-09-03 19:52 - 2013-09-03 19:52 - 00013420 _____ C:\Users\Rok\Downloads\slo_rfs_zivljenjepis_01.odt
2013-09-01 21:09 - 2013-09-01 21:09 - 00000038 _____ C:\Users\Rok\Desktop\skatesesnMP4.MP4.sfl
2013-08-31 12:41 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-30 09:48 - 2013-09-07 09:36 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-07 09:36 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-07 09:36 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-07 09:36 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-07 09:36 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-07 09:36 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-07 09:36 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2013-09-07 09:36 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2013-09-07 09:35 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-30 09:47 - 2013-05-24 22:20 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-29 16:00 - 2013-05-25 21:57 - 00000000 ____D C:\Program Files\osu!
2013-08-28 21:47 - 2010-11-20 23:01 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-28 19:43 - 2013-08-28 19:43 - 00000068 _____ C:\Users\Rok\Desktop\Best RS Thieving Guide 1-99 Fast and Easy! - YouTube.url
2013-08-28 18:15 - 2013-07-23 00:12 - 00007608 _____ C:\Users\Rok\AppData\Local\Resmon.ResmonCfg
2013-08-27 23:42 - 2013-05-24 21:33 - 00000000 ____D C:\Users\Rok
2013-08-27 16:02 - 2013-06-10 11:49 - 00000042 _____ C:\Users\Rok\jagex_cl_oldschool_LIVE.dat
2013-08-25 18:42 - 2013-06-24 16:03 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-25 18:42 - 2013-06-24 16:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-25 11:12 - 2013-05-26 19:43 - 00000000 ____D C:\ProgramData\AMD
2013-08-25 11:12 - 2013-05-26 19:42 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-08-25 11:11 - 2013-05-26 19:39 - 00000000 ____D C:\Program Files\ATI Technologies
2013-08-25 11:05 - 2013-08-25 11:05 - 00792704 _____ (AMD) C:\Users\Rok\Downloads\amddriverdownloader (2).exe
2013-08-25 10:09 - 2013-08-24 22:12 - 30732288 _____ C:\Windows\system32\config\components.iobit
2013-08-24 21:53 - 2013-05-25 21:54 - 00000000 ___RD C:\Program Files\Skype
2013-08-24 21:53 - 2013-05-25 21:54 - 00000000 ____D C:\ProgramData\Skype
2013-08-24 21:46 - 2013-05-26 18:02 - 00000000 ____D C:\Users\Rok\AppData\Roaming\ImgBurn
2013-08-24 21:41 - 2013-05-26 18:01 - 00001815 _____ C:\Users\Public\Desktop\ImgBurn.lnk
 
Files to move or delete:
====================
C:\Users\Rok\jagex_cl_oldschool_LIVE.dat
C:\Users\Rok\jagex_cl_runescape_LIVE.dat
C:\Users\Rok\jagex_cl_runescape_LIVE1.dat
C:\Users\Rok\random.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-14 11:15
 
==================== End Of Log ============================

 

 

 

ADDITION.TXT:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-09-2013 01
Ran by Rok at 2013-09-20 16:23:39
Running from C:\Nexon
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
µTorrent (HKCU Version: 3.3.1.29938)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Advanced SystemCare 6 (Version: 6.4)
Application Profiles (Version: 2.0.4888.34279)
Audacity 2.0.3 (Version: 2.0.3)
avast! Free Antivirus (Version: 8.0.1497.0)
CCleaner (Version: 4.05)
DAEMON Tools Lite (Version: 4.47.1.0333)
DiRT 3 (Version: 1.0.0003.130)
Google Chrome (Version: 29.0.1547.66)
Google Update Helper (Version: 1.3.21.153)
GoPro CineForm Studio 1.3.2 (Version: 1.3.2)
Grand Theft Auto IV
HiJackThis (Version: 1.0.0)
ImgBurn (Version: 2.5.8.0)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
LAME v3.99.3 (for Windows)
League of Legends (Version: 1.3)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee SiteAdvisor (Version: 3.6.489)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE (Version: 3.1.186.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Slovenian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Slovenian) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (Slovenian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Slovenian) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Slovenian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Croatian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Slovenian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Slovenian) 2007 (Version: 12.0.4518.1039)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Slovenian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Slovenian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Slovenian) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero Burning ROM (Version: 12.5.5001)
Nero Burning ROM Help (CHM) (Version: 12.0.3000)
Nero BurningROM 12 (Version: 12.5.01100)
Nero ControlCenter (Version: 11.0.15600)
Nero ControlCenter Help (CHM) (Version: 12.0.12000)
Nero Core Components (Version: 11.0.20200)
Nero SharedVideoCodecs (Version: 1.0.12100.2.0)
Nero Update (Version: 11.0.11800.31.0)
Nokia Connectivity Cable Driver (Version: 7.1.172.0)
Nokia Suite (Version: 3.8.30.0)
NVIDIA PhysX v8.10.17 (Version: 8.10.17)
Octoshape add-in for Adobe Flash Player
OpenAL
osu! (Version: 0.0.0.0)
Pando Media Booster (Version: 2.6.0.9)
PC Connectivity Solution (Version: 12.0.109.0)
Posodobitev za Microsoft Office Excel 2007 Help (KB963678)
Posodobitev za Microsoft Office Powerpoint 2007 Help (KB963669)
Posodobitev za Microsoft Office Word 2007 Help (KB963665)
Prerequisite installer (Version: 12.0.0003)
Razer Megalodon Firmware Updater (Version: 2.12.02)
Realtek High Definition Audio Driver (Version: 6.0.1.6914)
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7)
RuneScape Launcher 1.2.3 (Version: 1.2.3)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.6 (Version: 6.6.106)
Steam (Version: 1.0.0.0)
Team Fortress 2
TeamSpeak 3 Client (Version: 3.0.11)
TeamViewer 8 (Version: 8.0.19617)
TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.110)
TuneUp Utilities 2014 (Version: 14.0.1000.110)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Vegas Pro 11.0 (Version: 11.0.510)
VLC media player 2.0.6 (Version: 2.0.6)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (Version: 03/07/2012 )
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
 
==================== Restore Points  =========================
 
17-09-2013 14:12:40 Windows Update
17-09-2013 16:12:32 Revo Uninstaller Pro's restore point - Sophos Virus Removal Tool
17-09-2013 16:18:23 Removed Sophos Virus Removal Tool.
20-09-2013 14:15:49 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 04:04 - 2013-09-18 22:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {25377470-C2C1-46CA-A8FA-00FBD7C08EDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.)
Task: {2C5EE580-88F5-4226-910D-D2263BD54A1E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {2F290596-5E34-43C8-8C2A-212AEC9001D7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {48ECB454-54E2-4A59-A640-BC9F8A38175A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {C8CC1842-9383-4390-98AD-6890C9649D0B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {C8CC9B01-2603-4726-BE2D-8DC658347161} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {D0A1017F-FCED-4F62-84F8-5C4C714F268E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2013-09-09] (TuneUp Software)
Task: {E34B14E9-5195-48F0-8BBC-A0CEDAE2D4F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-05-24] (Google Inc.)
Task: {EA646C81-861C-4062-817D-A4DB01B063B5} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-25 00:26 - 2012-06-09 19:20 - 00167936 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2009-07-14 02:03 - 2009-07-14 03:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\imaadp32.acm
2009-07-14 02:03 - 2009-07-14 03:14 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msg711.acm
2009-07-14 02:03 - 2009-07-14 03:14 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\msgsm32.acm
2009-07-14 02:03 - 2009-07-14 03:14 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\msadp32.acm
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2011-11-09 18:19 - 2011-11-09 18:19 - 00770384 _____ (Microsoft Corporation) C:\Users\Rok\jagexcache\jagexlauncher\bin\MSVCR100.dll
2011-11-10 17:35 - 2011-11-10 17:35 - 03198464 _____ () C:\Users\Rok\jagexcache\jagexlauncher\bin\jvm.dll
2011-11-09 18:22 - 2011-11-09 18:22 - 00033280 _____ (N/A) C:\Users\Rok\jagexcache\jagexlauncher\bin\verify.dll
2011-11-09 18:30 - 2011-11-09 18:30 - 00113664 _____ (N/A) C:\Users\Rok\jagexcache\jagexlauncher\bin\java.dll
2011-11-09 18:32 - 2011-11-09 18:32 - 00060416 _____ (N/A) C:\Users\Rok\jagexcache\jagexlauncher\bin\zip.dll
2011-11-10 10:17 - 2011-11-10 10:17 - 01157632 _____ (N/A) C:\Users\Rok\jagexcache\jagexlauncher\bin\awt.dll
2011-11-10 18:16 - 2011-11-10 18:16 - 00402944 _____ () C:\Users\Rok\jagexcache\jagexlauncher\bin\freetype.dll
2011-11-10 10:20 - 2011-11-10 10:20 - 00527872 _____ (N/A) C:\Users\Rok\jagexcache\jagexlauncher\bin\fontmanager.dll
2011-11-09 18:36 - 2011-11-09 18:36 - 00068608 _____ (N/A) C:\Users\Rok\jagexcache\jagexlauncher\bin\net.dll
2011-11-09 18:37 - 2011-11-09 18:37 - 00044032 _____ (N/A) C:\Users\Rok\jagexcache\jagexlauncher\bin\nio.dll
2013-06-10 11:48 - 2013-09-20 16:17 - 00066048 _____ () C:\.jagex_cache_32\browsercontrol.dll
2011-11-10 10:19 - 2011-11-10 10:19 - 00007680 _____ (N/A) C:\Users\Rok\jagexcache\jagexlauncher\bin\jawt.dll
2011-11-10 10:28 - 2011-11-10 10:28 - 00051200 _____ (N/A) C:\Users\Rok\jagexcache\jagexlauncher\bin\unpack.dll
2011-11-10 10:21 - 2011-11-10 10:21 - 00120320 _____ (N/A) C:\Users\Rok\jagexcache\jagexlauncher\bin\jpeg.dll
2011-11-09 18:51 - 2011-11-09 18:51 - 00024576 _____ (N/A) C:\Users\Rok\jagexcache\jagexlauncher\bin\jsound.dll
2011-11-09 18:51 - 2011-11-09 18:51 - 00021504 _____ (N/A) C:\Users\Rok\jagexcache\jagexlauncher\bin\jsoundds.dll
2013-06-09 22:11 - 2013-09-20 16:17 - 00147456 _____ () C:\Users\Rok\jagexcache\runescape\LIVE\jaclib.dll
2013-06-09 22:11 - 2013-09-20 16:17 - 00080896 _____ () C:\Users\Rok\jagexcache\runescape\LIVE\jagdx.dll
2013-09-07 17:44 - 2013-09-02 22:35 - 00709584 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-07 17:44 - 2013-09-02 22:35 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-07 17:44 - 2013-09-02 22:35 - 04053456 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-07 17:44 - 2013-09-02 22:35 - 00410576 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-07 17:44 - 2013-09-02 22:35 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-09-18 22:12 - 2013-09-18 22:12 - 00141240 _____ (McAfee, Inc.) C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0\McChPlg.dll
2013-09-19 15:36 - 2013-09-19 15:36 - 00577856 _____ (IObit) C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\Plugin\ASCPlugin_Protect.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/20/2013 04:13:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2013 03:34:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/18/2013 05:59:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/18/2013 05:56:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/18/2013 05:56:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/18/2013 04:53:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/18/2013 04:45:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/18/2013 04:37:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/18/2013 04:07:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/17/2013 08:54:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (09/19/2013 10:38:54 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/19/2013 10:38:32 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (09/19/2013 10:38:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (09/19/2013 07:16:08 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (09/18/2013 10:13:25 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/18/2013 10:11:05 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/18/2013 10:08:19 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/18/2013 10:04:12 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/18/2013 10:03:13 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/18/2013 06:52:19 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer EMIL
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F64DD749-6E54-4BCA-823F-8568955242A1}.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
Error: (09/03/2013 05:57:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 48%
Total physical RAM: 3582.49 MB
Available physical RAM: 1843 MB
Total Pagefile: 7163.27 MB
Available Pagefile: 4741.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:298.08 GB) (Free:136.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 93B993B9)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

What to do next? :)


Edited by Rokowski, 20 September 2013 - 09:38 AM.


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:42 PM

Posted 20 September 2013 - 04:29 PM

Hi Rokowski

Sorry for the late reply.
For some strange reason the notification went into my Junk folder.

Things don't look too bad so far.
A few things to address though:


P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Ares, uTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Recommendation.
We don't recommend the use of Registry Cleaners.
To be honest, they can cause more problems than they actually solve.
I would recommend that Advanced SystemCare 6 be removed. ( there is also the possibility that it may conflict with Avast)

TuneUp Utilities 2014
This program doesn't really do anything that your system can't do for you.
Most of the 'Tools' incorporated, are a part of Win7 anyway.


Step 1
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Step 2



Running from C:\Nexon

Please download the attached fixlist.txt file ( bottom of this post) and save it to the same directory as FRST.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


Step 3
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 7 Update 40 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 40".
  • Click the "Download JRE" button.
  • Accept the license agreement.
  • select 'Windows x86'offline from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
In your next reply, please submit:
FRST fix report
and let me know if any problems updating Java

Thanks.

Attached File  fixlist.txt   337bytes   15 downloads

BBPP6nz.png


#5 Rokowski

Rokowski
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 21 September 2013 - 07:10 AM

So here is log now.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-09-2013

Ran by Rok at 2013-09-21 14:07:14 Run:1
Running from C:\Nexon
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
S3 catchme; \??\C:\Users\Rok\AppData\Local\Temp\catchme.sys [x]
S3 EagleXNt; No ImagePath
S3 esgiguard; No ImagePath
S3 getbus; No ImagePath
C:\Users\Rok\jagex_cl_oldschool_LIVE.dat
C:\Users\Rok\jagex_cl_runescape_LIVE.dat
C:\Users\Rok\jagex_cl_runescape_LIVE1.dat
C:\Users\Rok\random.dat
Folder: C:\Windows\system32\FxsTmp
 
 
 
*****************
 
catchme => Service deleted successfully.
EagleXNt => Service deleted successfully.
esgiguard => Service deleted successfully.
getbus => Service deleted successfully.
C:\Users\Rok\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Rok\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Rok\jagex_cl_runescape_LIVE1.dat => Moved successfully.
C:\Users\Rok\random.dat => Moved successfully.
 
========================= Folder: C:\Windows\system32\FxsTmp ========================
 
 
====== End of Folder: ======
 
 
==== End of Fixlog ====

 

 

I uninstalled TuneUp and Adavance system care, and i would like to ask you if you can tell me where i can find tuneup options from microsoft on my pc??
I uninstalled java with Revo Uninstaller removed all components and installed offline version correctly.
 



#6 Rokowski

Rokowski
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 21 September 2013 - 08:06 AM

Btw, i would like to ask you one more thing, i know its not related to this but just if you know by any chance.
I took out of pc cpu box and cleaned it. And reatached everything nicely and slowly, and its working well just pc starts humming at one point and i dont think cpu is making noise.
I think it may be from HDD?
What do you think??



#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:42 PM

Posted 21 September 2013 - 09:05 AM

Hi Rokowski
 

i would like to ask you if you can tell me where i can find tuneup options from microsoft on my pc??

Take a look at this link:
http://www.tuneup-software.co.uk/products/tuneup-utilities/features/#c4006
it'll show you what is included with TuneUp.
Then you'll be able to see, amongst other things.....
You don't need an Uninstall Manager as you already use Revo.

You don't need a Disc Cleanup utility because Windows has this built in.
Click Start and type Cleanmgr in the search box.

You don't need a Drive Defrag utility as Windows7 is usually set to Defrag in the background by default.

You don't need a Disk Doctor as Windows has the Scan Disc utility built in.
Plus for really checking your hard drive you can always download a free Disc Checker from the Hard Drive manufacturers website.

There are more examples, so it's best to look through the lists on the link and compare with what is already available on the Operating System.
 

And reatached everything nicely and slowly, and its working well just pc starts humming at one point and i dont think cpu is making noise.
I think it may be from HDD?
What do you think??

Hard to say as this isn't really my field.
I take it that you didn't get this noise before?
How much did you remove from the case...... and have you checked it's all now securely installed again?

As i mentioned earlier, you can download a free Hard Drive checker from the manufacturers site.... do you know the make and model of the hard drive.
If not, this little program will get the info for you.

Download Speccy and save it to your desktop.
  • Double click the downloaded icon to run the installer
  • Vista and Win7 users right click and select 'run as Administrator'.
  • Follow the onscreen prompts
  • Make sure that 'Run Speccy' is ticked at the end and click Finish.
Your system will now be analyzed and the information will appear in the Speccy window once complete.

To view all the specific details, click on one of the headings on the left hand side.
.

I'd like to double check a couple of things now:
  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Otllatest.png

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
    .
  • Click the Run Scan button.

    runscan.png
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
Thanks

BBPP6nz.png


#8 Rokowski

Rokowski
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 21 September 2013 - 02:40 PM

Here is OTL.txt report:
 
 
 
OTL logfile created on: 21-Sep-13 9:26:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rok\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
 
3.50 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 58.83% Memory free
7.00 Gb Paging File | 5.21 Gb Available in Paging File | 74.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 134.02 Gb Free Space | 44.96% Space Free | Partition Type: NTFS
 
Computer Name: ROK-PC | User Name: Rok | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Rok\Desktop\OTL.scr (OldTimer Tools)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.66\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.66\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys File not found
DRV - (cpuz135) -- C:\Users\Rok\AppData\Local\Temp\cpuz135\cpuz135_x32.sys File not found
DRV - (19370008) -- C:\Windows\System32\drivers\19370008.sys (Kaspersky Lab ZAO)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (mbamchameleon) -- C:\Windows\System32\drivers\mbamchameleon.sys ()
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (RZMAELSTROMVADService) -- C:\Windows\System32\drivers\RzMaelstromVAD.sys (Windows ® Win 7 DDK provider)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (bulkadi) -- C:\Windows\System32\drivers\bulkrazer.sys (Windows ® Codename Longhorn DDK provider)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B 9B 59 45 BB 58 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013-09-18 16:35:27 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0\McChPlg.dll
CHR - plugin: Advanced SystemCare 6 (Enabled) = C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\Plugin/ASCPlugin_Protect.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameEU.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: SiteAdvisor = C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Rok\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013-09-18 22:11:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.255.209.79 84.255.210.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F64DD749-6E54-4BCA-823F-8568955242A1}: DhcpNameServer = 84.255.209.79 84.255.210.79
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk - C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe - (GoPro)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
MsConfig - StartUpReg: KPeerNexonEU - hkey= - key= - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
MsConfig - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-09-21 21:08:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rok\Desktop\OTL.scr
[2013-09-21 21:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013-09-21 21:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013-09-21 14:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-09-21 14:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013-09-21 14:16:32 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-09-21 14:16:27 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-09-21 14:16:27 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-09-21 14:16:27 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-09-21 14:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013-09-21 14:05:12 | 029,036,456 | ---- | C] (Oracle Corporation) -- C:\Users\Rok\Desktop\jre-7u40-windows-i586.exe
[2013-09-20 16:22:27 | 000,000,000 | ---D | C] -- C:\FRST
[2013-09-18 22:12:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013-09-18 22:12:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013-09-18 22:12:03 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Local\temp
[2013-09-18 16:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013-09-18 16:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013-09-18 16:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013-09-17 18:11:22 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\19370008.sys
[2013-09-16 21:08:44 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\BAJK
[2013-09-12 16:28:00 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-09-12 16:27:59 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-09-12 16:27:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-09-12 16:27:58 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-09-12 16:27:57 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-09-12 16:27:56 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-09-12 16:27:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-09-12 16:27:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-09-12 16:27:56 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-09-12 16:27:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-09-12 15:44:29 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013-09-12 15:44:27 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013-09-12 15:44:24 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013-09-12 15:44:24 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013-09-12 15:44:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013-09-12 15:44:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-09-12 15:44:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013-09-12 15:44:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-09-12 15:44:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013-09-12 15:44:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013-09-12 15:44:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-09-12 15:44:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013-09-12 15:44:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013-09-12 15:44:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013-09-12 15:44:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-09-12 15:44:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013-09-12 15:44:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-09-12 15:44:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013-09-12 15:44:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013-09-12 15:44:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013-09-12 15:44:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013-09-12 15:44:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013-09-12 15:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013-09-12 15:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013-09-12 15:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-09-12 15:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013-09-12 15:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013-09-12 15:44:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013-09-12 15:44:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013-09-12 15:44:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013-09-12 15:44:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013-09-12 15:44:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013-09-09 21:05:28 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Local\VS Revo Group
[2013-09-09 21:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013-09-09 21:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013-09-09 21:05:18 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2013-09-09 21:05:16 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013-09-08 15:09:23 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\TuneUp Software
[2013-09-08 15:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013-09-08 15:05:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013-09-08 15:05:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013-09-08 12:35:37 | 000,000,000 | ---D | C] -- C:\Users\Rok\Documents\PcSetup
[2013-09-07 09:36:15 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013-09-07 09:36:15 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013-09-07 09:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013-09-07 09:36:10 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013-09-07 09:36:09 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013-09-07 09:36:08 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013-09-07 09:36:02 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013-09-07 09:35:47 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-09-06 15:59:06 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\.minecraft
[2013-09-05 21:48:34 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\TS3Client
[2013-09-05 21:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013-09-05 21:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2013-09-05 08:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013-08-24 21:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013-08-24 19:38:00 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013-08-24 19:38:00 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013-08-24 19:37:56 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013-08-24 19:37:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013-06-02 19:22:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Rok\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013-09-21 21:25:04 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-09-21 21:08:37 | 000,031,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-09-21 21:08:37 | 000,031,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-09-21 21:08:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rok\Desktop\OTL.scr
[2013-09-21 21:07:19 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013-09-21 21:05:23 | 000,000,100 | ---- | M] () -- C:\Users\Rok\Desktop\www.tuneup-software.co.uk.url
[2013-09-21 21:01:05 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-09-21 21:00:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-09-21 21:00:48 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2013-09-21 16:24:37 | 000,000,024 | ---- | M] () -- C:\Users\Rok\random.dat
[2013-09-21 16:24:25 | 000,000,024 | ---- | M] () -- C:\Users\Rok\jagexappletviewer.preferences
[2013-09-21 16:23:57 | 000,000,042 | ---- | M] () -- C:\Users\Rok\jagex_cl_runescape_LIVE.dat
[2013-09-21 14:16:22 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-09-21 14:16:18 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-09-21 14:16:18 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-09-21 14:16:17 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-09-21 14:16:16 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013-09-21 14:16:16 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013-09-21 14:05:46 | 029,036,456 | ---- | M] (Oracle Corporation) -- C:\Users\Rok\Desktop\jre-7u40-windows-i586.exe
[2013-09-21 13:55:26 | 000,000,020 | ---- | M] () -- C:\Users\Rok\defogger_reenable
[2013-09-21 13:45:28 | 000,050,477 | ---- | M] () -- C:\Users\Rok\Desktop\Defogger.exe
[2013-09-19 21:10:05 | 000,000,068 | ---- | M] () -- C:\Users\Rok\Desktop\RuneScape- Fairy Tale II- Cure A Queen Quest Guide - YouTube.url
[2013-09-18 22:13:20 | 000,000,105 | ---- | M] () -- C:\Users\Rok\Desktop\Combofix- What Is Find3m Report- - Am I infected- What do I do-.url
[2013-09-18 22:11:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013-09-17 18:33:07 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\19370008.sys
[2013-09-17 17:01:50 | 000,000,153 | ---- | M] () -- C:\Users\Rok\Desktop\pony kolo------deli-po delih -- bolha.com.url
[2013-09-17 17:01:41 | 000,000,175 | ---- | M] () -- C:\Users\Rok\Desktop\REZERVNI DELI za kolo Pony -- bolha.com.url
[2013-09-14 21:07:59 | 000,000,213 | ---- | M] () -- C:\Users\Rok\Desktop\Team Fortress 2.url
[2013-09-14 00:09:23 | 000,000,148 | ---- | M] () -- C:\Users\Rok\Desktop\BSOD - Windows 7 - Possible Memory Issue- - Windows 7.url
[2013-09-13 23:26:57 | 000,042,261 | ---- | M] () -- C:\Users\Rok\Desktop\torcida-split.jpg
[2013-09-13 21:13:49 | 000,414,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-09-10 20:57:43 | 000,340,007 | ---- | M] () -- C:\Users\Rok\Desktop\gorensk.png
[2013-09-09 22:01:23 | 000,000,229 | ---- | M] () -- C:\Users\Rok\Desktop\workout videos for men - YouTube.url
[2013-09-09 22:00:13 | 000,000,102 | ---- | M] () -- C:\Users\Rok\Desktop\Vaje za moč in vzdržljivost - TRIGLAV, Zdravstvena zavarovalnica, d.d..url
[2013-09-09 21:05:20 | 000,001,258 | ---- | M] () -- C:\Users\Rok\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013-09-09 21:05:20 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013-09-09 20:07:29 | 000,000,115 | ---- | M] () -- C:\Users\Rok\Desktop\[Java] LinkedList - Data Structure (Classes Included).url
[2013-09-09 14:31:09 | 003,004,514 | ---- | M] () -- C:\Users\Rok\Desktop\82fm.png
[2013-09-08 14:13:39 | 003,032,406 | ---- | M] () -- C:\Users\Rok\Desktop\99WOODCUTTING.PNG
[2013-09-08 13:59:50 | 002,958,020 | ---- | M] () -- C:\Users\Rok\Desktop\zaadnimomenti.png
[2013-09-08 12:35:38 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Rok\AppData\Roaming\pcouffin.sys
[2013-09-08 12:35:38 | 000,007,887 | ---- | M] () -- C:\Users\Rok\AppData\Roaming\pcouffin.cat
[2013-09-08 12:35:38 | 000,001,144 | ---- | M] () -- C:\Users\Rok\AppData\Roaming\pcouffin.inf
[2013-09-08 10:41:51 | 000,002,953 | ---- | M] () -- C:\Users\Rok\Desktop\HiJackThis.lnk
[2013-09-07 17:44:17 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013-09-07 09:39:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013-09-07 09:36:15 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-09-06 15:58:47 | 000,675,988 | ---- | M] () -- C:\Users\Rok\Desktop\Minecraft.exe
[2013-09-05 21:44:35 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013-09-05 20:41:01 | 000,000,056 | ---- | M] () -- C:\Users\Rok\Desktop\VirusTotal - Free Online Virus, Malware and URL Scanner.url
[2013-09-05 08:16:24 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-09-01 21:09:07 | 000,000,038 | ---- | M] () -- C:\Users\Rok\Desktop\skatesesnMP4.MP4.sfl
[2013-08-30 09:48:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013-08-30 09:48:13 | 000,177,864 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013-08-30 09:48:13 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013-08-30 09:48:12 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013-08-30 09:48:12 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013-08-30 09:48:12 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013-08-30 09:48:11 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013-08-30 09:48:11 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013-08-30 09:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-08-30 09:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013-08-28 21:47:41 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-08-28 21:47:41 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-08-28 19:43:07 | 000,000,068 | ---- | M] () -- C:\Users\Rok\Desktop\Best RS Thieving Guide 1-99 Fast and Easy! - YouTube.url
[2013-08-28 18:15:13 | 000,007,608 | ---- | M] () -- C:\Users\Rok\AppData\Local\Resmon.ResmonCfg
[2013-08-26 08:17:41 | 000,152,025 | ---- | M] () -- C:\Users\Rok\Desktop\995497_523702184373194_1091200907_n.jpg
[2013-08-25 18:42:26 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-08-25 18:42:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-08-25 13:13:07 | 000,075,311 | ---- | M] () -- C:\Users\Rok\Desktop\split.png
[2013-08-24 21:41:30 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013-09-21 21:07:19 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013-09-21 21:05:23 | 000,000,100 | ---- | C] () -- C:\Users\Rok\Desktop\www.tuneup-software.co.uk.url
[2013-09-21 14:21:24 | 000,000,042 | ---- | C] () -- C:\Users\Rok\jagex_cl_runescape_LIVE.dat
[2013-09-21 14:21:24 | 000,000,024 | ---- | C] () -- C:\Users\Rok\random.dat
[2013-09-21 13:55:15 | 000,000,020 | ---- | C] () -- C:\Users\Rok\defogger_reenable
[2013-09-21 13:45:20 | 000,050,477 | ---- | C] () -- C:\Users\Rok\Desktop\Defogger.exe
[2013-09-19 21:10:05 | 000,000,068 | ---- | C] () -- C:\Users\Rok\Desktop\RuneScape- Fairy Tale II- Cure A Queen Quest Guide - YouTube.url
[2013-09-18 22:13:20 | 000,000,105 | ---- | C] () -- C:\Users\Rok\Desktop\Combofix- What Is Find3m Report- - Am I infected- What do I do-.url
[2013-09-17 17:01:50 | 000,000,153 | ---- | C] () -- C:\Users\Rok\Desktop\pony kolo------deli-po delih -- bolha.com.url
[2013-09-17 17:01:41 | 000,000,175 | ---- | C] () -- C:\Users\Rok\Desktop\REZERVNI DELI za kolo Pony -- bolha.com.url
[2013-09-14 21:07:59 | 000,000,213 | ---- | C] () -- C:\Users\Rok\Desktop\Team Fortress 2.url
[2013-09-14 00:09:23 | 000,000,148 | ---- | C] () -- C:\Users\Rok\Desktop\BSOD - Windows 7 - Possible Memory Issue- - Windows 7.url
[2013-09-13 23:26:57 | 000,042,261 | ---- | C] () -- C:\Users\Rok\Desktop\torcida-split.jpg
[2013-09-10 20:57:43 | 000,340,007 | ---- | C] () -- C:\Users\Rok\Desktop\gorensk.png
[2013-09-10 20:01:08 | 000,414,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-09-09 22:01:23 | 000,000,229 | ---- | C] () -- C:\Users\Rok\Desktop\workout videos for men - YouTube.url
[2013-09-09 22:00:13 | 000,000,102 | ---- | C] () -- C:\Users\Rok\Desktop\Vaje za moč in vzdržljivost - TRIGLAV, Zdravstvena zavarovalnica, d.d..url
[2013-09-09 21:05:20 | 000,001,258 | ---- | C] () -- C:\Users\Rok\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013-09-09 21:05:20 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013-09-09 20:07:29 | 000,000,115 | ---- | C] () -- C:\Users\Rok\Desktop\[Java] LinkedList - Data Structure (Classes Included).url
[2013-09-09 14:31:09 | 003,004,514 | ---- | C] () -- C:\Users\Rok\Desktop\82fm.png
[2013-09-08 14:13:39 | 003,032,406 | ---- | C] () -- C:\Users\Rok\Desktop\99WOODCUTTING.PNG
[2013-09-08 13:59:50 | 002,958,020 | ---- | C] () -- C:\Users\Rok\Desktop\zaadnimomenti.png
[2013-09-07 09:36:15 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-09-07 09:36:06 | 000,177,864 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013-09-07 09:36:03 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013-09-06 15:58:41 | 000,675,988 | ---- | C] () -- C:\Users\Rok\Desktop\Minecraft.exe
[2013-09-05 21:44:35 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2013-09-05 20:41:01 | 000,000,056 | ---- | C] () -- C:\Users\Rok\Desktop\VirusTotal - Free Online Virus, Malware and URL Scanner.url
[2013-09-05 08:16:24 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-09-01 21:09:07 | 000,000,038 | ---- | C] () -- C:\Users\Rok\Desktop\skatesesnMP4.MP4.sfl
[2013-08-28 19:43:07 | 000,000,068 | ---- | C] () -- C:\Users\Rok\Desktop\Best RS Thieving Guide 1-99 Fast and Easy! - YouTube.url
[2013-08-26 08:17:41 | 000,152,025 | ---- | C] () -- C:\Users\Rok\Desktop\995497_523702184373194_1091200907_n.jpg
[2013-08-25 10:30:57 | 000,075,311 | ---- | C] () -- C:\Users\Rok\Desktop\split.png
[2013-07-27 01:21:03 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013-07-23 00:12:21 | 000,007,608 | ---- | C] () -- C:\Users\Rok\AppData\Local\Resmon.ResmonCfg
[2013-07-20 17:07:35 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2013-07-20 17:07:35 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2013-07-20 17:03:19 | 005,479,244 | ---- | C] () -- C:\Windows\System32\drivers\rtvienna.dat
[2013-07-20 17:03:18 | 000,576,929 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013-07-18 14:44:04 | 000,260,580 | ---- | C] () -- C:\Windows\System32\temp.bin
[2013-07-14 22:41:51 | 000,000,440 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-07-12 09:22:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-07-12 09:22:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-07-12 09:22:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-07-12 09:22:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-07-12 09:22:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-06-28 10:54:47 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013-06-27 09:59:56 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013-06-27 09:59:56 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013-06-10 11:48:11 | 000,000,024 | ---- | C] () -- C:\Users\Rok\jagexappletviewer.preferences
[2013-06-02 19:22:32 | 000,007,887 | ---- | C] () -- C:\Users\Rok\AppData\Roaming\pcouffin.cat
[2013-06-02 19:22:31 | 000,001,144 | ---- | C] () -- C:\Users\Rok\AppData\Roaming\pcouffin.inf
[2013-05-25 06:29:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-11-16 16:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013-09-08 21:10:27 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\.minecraft
[2013-06-17 19:15:05 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\Audacity
[2013-06-15 14:37:38 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\DAEMON Tools Lite
[2013-05-25 19:29:33 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\DAEMON Tools Ultra
[2013-05-25 21:57:05 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\Downloaded Installations
[2013-07-19 23:10:41 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\Dropbox
[2013-07-10 19:00:51 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\GoPro
[2013-08-24 21:46:16 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\ImgBurn
[2013-07-20 16:58:20 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\IObit
[2013-06-01 14:02:08 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\LolClient
[2013-07-15 19:05:03 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\Nokia
[2013-07-15 19:00:50 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\PC Suite
[2013-05-28 16:30:39 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\Publish Providers
[2013-09-08 15:20:41 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\Sony
[2013-07-23 12:45:35 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\TeamViewer
[2013-06-24 15:59:04 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\TERA
[2013-09-08 16:29:14 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\TS3Client
[2013-09-21 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\TuneUp Software
[2013-09-08 12:35:40 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\Vso
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2009-06-10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010-11-20 23:29:06 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2013-05-25 07:26:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013-09-18 22:12:01 | 000,016,109 | ---- | M] () -- C:\ComboFix.txt
[2009-06-10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013-05-24 21:42:53 | 000,479,978 | RHS- | M] () -- C:\HDTQU
[2013-09-21 21:00:48 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2013-09-21 21:00:50 | 3756,515,328 | -HS- | M] () -- C:\pagefile.sys
[2013-09-07 16:47:59 | 000,003,390 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_07.09.2013_16.47.49_log.txt
[2013-09-07 16:51:57 | 000,818,376 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_07.09.2013_16.49.49_log.txt
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009-07-14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2010-11-20 23:29:21 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\*.exe /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\* >
[2009-07-14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013-09-02 22:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013-09-02 22:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013-09-02 22:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013-09-02 22:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013-08-10 05:59:24 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013-08-10 05:59:24 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013-08-10 05:59:24 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013-08-10 06:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013-08-10 06:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013-09-02 22:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013-09-02 22:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013-09-02 22:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013-09-02 22:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2013-08-10 05:59:24 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2013-08-10 05:59:24 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2013-08-10 05:59:24 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013-08-10 06:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013-08-10 06:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation)
 
========== Files - Unicode (All) ==========
[2013-09-19 22:34:08 | 000,000,068 | ---- | M] ()(C:\Users\Rok\Desktop\? REVIVE UNBOXING - AARON KYRO - YouTube.url) -- C:\Users\Rok\Desktop\▶ REVIVE UNBOXING - AARON KYRO - YouTube.url
[2013-09-19 22:34:08 | 000,000,068 | ---- | C] ()(C:\Users\Rok\Desktop\? REVIVE UNBOXING - AARON KYRO - YouTube.url) -- C:\Users\Rok\Desktop\▶ REVIVE UNBOXING - AARON KYRO - YouTube.url
[2013-09-19 22:23:29 | 000,000,068 | ---- | M] ()(C:\Users\Rok\Desktop\? RuneScape- Enlightened Journey Quest Guide-Walkthrough - YouTube.url) -- C:\Users\Rok\Desktop\▶ RuneScape- Enlightened Journey Quest Guide-Walkthrough - YouTube.url
[2013-09-19 22:23:29 | 000,000,068 | ---- | C] ()(C:\Users\Rok\Desktop\? RuneScape- Enlightened Journey Quest Guide-Walkthrough - YouTube.url) -- C:\Users\Rok\Desktop\▶ RuneScape- Enlightened Journey Quest Guide-Walkthrough - YouTube.url
 
< End of report >
 
 
and extras.txt
 
OTL Extras logfile created on: 21-Sep-13 9:26:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rok\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
 
3.50 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 58.83% Memory free
7.00 Gb Paging File | 5.21 Gb Available in Paging File | 74.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 134.02 Gb Free Space | 44.96% Space Free | Partition Type: NTFS
 
Computer Name: ROK-PC | User Name: Rok | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16784D5D-ABCC-4DB0-926F-E4D581C2EADC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4F4ADAD1-A6D4-4987-B2A0-D46916554788}" = lport=57450 | protocol=6 | dir=in | name=pando media booster | 
"{5616F198-1C7F-4D8D-BD9F-5C7A0C04DEDB}" = lport=57450 | protocol=17 | dir=in | name=pando media booster | 
"{59571616-F9A8-4E78-A03A-F06378539077}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5B74AB8D-A5A5-488C-8D97-EE4443E8C153}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6259694C-E025-4B7E-9299-78096F5457DC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6CD64E8F-1A46-4207-8FC9-CBBFA2651E28}" = lport=137 | protocol=17 | dir=in | app=system | 
"{820EF060-C4B2-471F-9414-48025B5D6DFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{86C647F7-7A5F-4B7D-8976-C4AFA5A570DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B034EAD9-25DE-47F7-A0AF-C926298E36C6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{B3C31366-7A9F-4423-8E87-802D0A8BD7E8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BC8F38B6-B72A-40CC-BDB5-AE1030493D2D}" = lport=57450 | protocol=17 | dir=in | name=pando media booster | 
"{CF28C702-2AF6-4554-AB0B-27794F0D055F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D490DD1A-ADC0-449C-AC64-70D6CF693CA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DB7D05F5-FF71-4A7A-A255-74BF30FD1B82}" = lport=57450 | protocol=6 | dir=in | name=pando media booster | 
"{DC06959C-BC4D-4F44-93A4-129DBF7E19CF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FDAA3EA1-E5F8-42CB-B97D-AA0B17908B97}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06CC9A49-8091-4C53-9741-36A6845C3F45}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | 
"{09855EB3-31FA-4B5D-9ADD-7EC354CF3D03}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{0DEE5757-E270-4B71-87D6-40704109C7B0}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{24458E63-EA9A-4E8B-9B1E-073C3E7237DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{32BB9689-F971-478D-A8CB-F99CEFD8246B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{382A2ED5-D249-41A3-B8F7-229EE96D5731}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{38783170-DBC0-4733-88CE-853150AB99E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{39668AF0-EF81-4076-8709-0456702051AE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe | 
"{6F98DA82-BE43-47AA-BA33-9D38D71F51D4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{72FED28E-1F19-455E-AFD3-8D7A092ECAD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{796E2158-A922-45C0-8198-B9C9D5DD624A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{818B2289-AD28-4645-B337-9DA63236AA11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9268DF57-3137-44C7-8FDE-A53E3148343A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{97013581-C56A-4C60-8149-4E07DB3E95E1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{A7619869-2AFF-41C4-A989-F296C677CF50}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{AB82D1EE-7966-4D63-8353-F66C5EB55DA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AE026D7D-EC4A-4077-B349-C08DB76F8D2F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B5597D3B-454D-4613-974C-D1B47F4CE715}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{B5D1B209-0EF9-4947-9787-41484A513057}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C5560AAB-67A0-4F12-82AB-D95CDA7CD362}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C5F8E92A-6AC3-4EFE-AAEC-687105A0A614}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{D037FC44-30DF-402D-81AC-D85D6B902918}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D6058353-4AB6-4FD8-BE5A-597C4FAB7E79}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{D9EE2472-20F5-43F3-8102-F289F9101F70}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{DF1CC0E6-9BD3-4539-86AC-ADE0337627B4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe | 
"{E2D4DD91-7CF4-4B4C-8E60-C9C7BC3D7641}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1065B018-B95E-4208-95D5-5FB2FFB92025}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{8145251D-9947-499D-B6D1-CBC1A4C26E48}C:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{C2185E77-141D-4AA9-9EB4-98A2284A9EF4}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{1F803093-D555-4132-9733-8AFC8AA3D347}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{281EA416-9C83-456A-B42C-415850E50A7C}C:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{B75E2BB6-BAEC-46A7-8130-0C60C6262E6A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08718B21-269F-11E1-9550-F04DA23A5C58}" = Vegas Pro 11.0
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B973521-269F-11E1-8ED3-F04DA23A5C58}" = MSVCRT Redists
"{0C808377-8C23-44ED-9016-05F42E6D4900}" = Nokia Suite
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{434D0FA0-AB8C-497F-B30A-7A1000038201}" = DiRT 3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{63059735-CA97-FDFB-0E7A-3B8D81572EFD}" = Application Profiles
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0424-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovenian) 2007
"{90120000-0015-0424-0000-0000000FF1CE}_PROPLUS_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0424-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovenian) 2007
"{90120000-0016-0424-0000-0000000FF1CE}_PROPLUS_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0424-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovenian) 2007
"{90120000-0018-0424-0000-0000000FF1CE}_PROPLUS_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0424-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovenian) 2007
"{90120000-0019-0424-0000-0000000FF1CE}_PROPLUS_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0424-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovenian) 2007
"{90120000-001A-0424-0000-0000000FF1CE}_PROPLUS_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0424-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovenian) 2007
"{90120000-001B-0424-0000-0000000FF1CE}_PROPLUS_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2007
"{90120000-001F-041A-0000-0000000FF1CE}_PROPLUS_{9DECF714-4963-48E2-924A-B9075485AF6B}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2007
"{90120000-001F-0424-0000-0000000FF1CE}_PROPLUS_{8FF4ED5D-9EA1-4EC5-8F10-767E1705310C}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0424-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovenian) 2007
"{90120000-0044-0424-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovenian) 2007
"{90120000-0044-0424-0000-0000000FF1CE}_PROPLUS_{DE6F6651-39D5-44FA-96FD-647D5B3A3093}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0424-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovenian) 2007
"{90120000-006E-0424-0000-0000000FF1CE}_PROPLUS_{455248D4-FBA8-4C55-AB56-3F209028D7B5}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C67A3F9D-E55D-4288-B4EC-1B9863EFB288}" = Razer Megalodon Firmware Updater
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CF508721-0E1E-4F99-A359-59E4EA8DAEC1}" = Nero Burning ROM
"{DCF34348-8673-4E60-97E5-1CBC0D7293AC}" = Nero BurningROM 12
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}" = RuneScape Launcher 1.2.3
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Google Chrome" = Google Chrome
"GoPro CineForm Studio" = GoPro CineForm Studio 1.3.2
"ImgBurn" = ImgBurn
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Nokia Suite" = Nokia Suite
"OpenAL" = OpenAL
"PROPLUS" = Microsoft Office Professional Plus 2007
"Speccy" = Speccy
"Steam App 12210" = Grand Theft Auto IV
"Steam App 440" = Team Fortress 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.6
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21-Sep-13 7:42:19 AM | Computer Name = Rok-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21-Sep-13 7:44:38 AM | Computer Name = Rok-PC | Source = VSS | ID = 8194
Description = 
 
Error - 21-Sep-13 7:58:06 AM | Computer Name = Rok-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21-Sep-13 8:10:51 AM | Computer Name = Rok-PC | Source = VSS | ID = 8194
Description = 
 
Error - 21-Sep-13 8:16:25 AM | Computer Name = Rok-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21-Sep-13 8:28:01 AM | Computer Name = Rok-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21-Sep-13 8:46:17 AM | Computer Name = Rok-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21-Sep-13 9:04:37 AM | Computer Name = Rok-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21-Sep-13 10:04:10 AM | Computer Name = Rok-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21-Sep-13 3:02:40 PM | Computer Name = Rok-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 03-Sep-13 11:57:00 AM | Computer Name = Rok-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 31-Aug-13 10:56:33 AM | Computer Name = Rok-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 31-Aug-13 12:44:39 PM | Computer Name = Rok-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 31-Aug-13 5:46:24 PM | Computer Name = Rok-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
 Client Service service to connect.
 
Error - 31-Aug-13 5:46:24 PM | Computer Name = Rok-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
 error:   %%1053
 
Error - 31-Aug-13 6:00:01 PM | Computer Name = Rok-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01-Sep-13 8:37:03 AM | Computer Name = Rok-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01-Sep-13 3:35:48 PM | Computer Name = Rok-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02-Sep-13 4:15:56 AM | Computer Name = Rok-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02-Sep-13 2:14:14 PM | Computer Name = Rok-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02-Sep-13 3:42:59 PM | Computer Name = Rok-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
 




Ps. found out the problem is caused by Motherboard not sure yet how to fix it.

Anywayz what to do next ? :))



#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:42 PM

Posted 21 September 2013 - 05:30 PM

Hi Rokowski
 

Ps. found out the problem is caused by Motherboard not sure yet how to fix it.

Thanks for letting me know.
I was going to suggest that you post in the Internal Hardware forum...... but i see you already have. :)

Not much to cleanup in the Otl report.

Double click on OTL to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )
:otl
DRV - (sptd) -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys File not found
DRV - (cpuz135) -- C:\Users\Rok\AppData\Local\Temp\cpuz135\cpuz135_x32.sys File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013-09-08 15:09:23 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\TuneUp Software
[2013-09-08 15:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013-09-08 15:05:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
[2013-07-20 16:58:20 | 000,000,000 | ---D | M] -- C:\Users\Rok\AppData\Roaming\IObit

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
  • Click the red Run Fix button.

    runfixbutton.png
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


In your next reply, please submit:
Otl fix report
and let me know how the system is running.
any problems?

Thanks.

BBPP6nz.png


#10 Rokowski

Rokowski
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 22 September 2013 - 08:10 AM

Fix ran without any problems.
Here's log:
 

All processes killed
========== OTL ==========
Service sptd stopped successfully!
Service sptd deleted successfully!
File  C:\Windows\\SystemRoot\System32\Drivers\sptd.sys File not found not found.
Error: No service named cpuz135 was found to stop!
Service\Driver key cpuz135 not found.
File  C:\Users\Rok\AppData\Local\Temp\cpuz135\cpuz135_x32.sys File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Rok\AppData\Roaming\TuneUp Software\TuneUp Utilities\CrashDumps folder moved successfully.
C:\Users\Rok\AppData\Roaming\TuneUp Software\TuneUp Utilities folder moved successfully.
C:\Users\Rok\AppData\Roaming\TuneUp Software folder moved successfully.
C:\ProgramData\TuneUp Software\TuneUp Utilities\Program Statistics folder moved successfully.
C:\ProgramData\TuneUp Software\TuneUp Utilities folder moved successfully.
C:\ProgramData\TuneUp Software folder moved successfully.
C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} folder moved successfully.
C:\Users\Rok\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Rok\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Rok\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\Rok\AppData\Roaming\IObit\Driver Booster\License folder moved successfully.
C:\Users\Rok\AppData\Roaming\IObit\Driver Booster folder moved successfully.
C:\Users\Rok\AppData\Roaming\IObit\Advanced SystemCare V6\Temp folder moved successfully.
C:\Users\Rok\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\Rok\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
C:\Users\Rok\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\Rok\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\Rok\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\Rok\AppData\Roaming\IObit folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rok\Desktop\cmd.bat deleted successfully.
C:\Users\Rok\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Rok
->Temp folder emptied: 2780337 bytes
->Temporary Internet Files folder emptied: 2533727 bytes
->Java cache emptied: 1 bytes
->Google Chrome cache emptied: 419890270 bytes
->Flash cache emptied: 1409504 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1640647 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 530514 bytes
RecycleBin emptied: 317454419 bytes
 
Total Files Cleaned = 712.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09222013_145327
 
Files\Folders moved on Reboot...
C:\Users\Rok\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

Pc is running good exept cpu is getting overheat since i accidently removed thermal paste while cleanning processor. >.<
Anything else i should do or am i clean now? :)



#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:42 PM

Posted 22 September 2013 - 11:35 AM

Pc is running good exept cpu is getting overheat since i accidently removed thermal paste while cleanning processor

Obviously this needs sorting fairly quickly.... constant overheating isn't a good thing.

Anything else i should do or am i clean now?

Things look good, but give the system a run for a day or two just to make sure.
If it's still running ok we'll finish off the cleaning process.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users