Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Steam problems(steamgurad.exe)


  • This topic is locked This topic is locked
10 replies to this topic

#1 v0lodymyr

v0lodymyr

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 25 August 2014 - 12:14 PM

Hey! So I got a PM on steam that had a link in it, of course me being me I didn't even bother to check it(stearncornminty, I mean really?) so I went on the site and put in my password and all that stuff, then a download poped up, it was for steamgurad.exe. And of course me being me again, I was just like oh it needs to be updated? Let's do it! So I clicked on the downloaded file to install it but then I got some pop up about framework not being up to date? Something like that. And then I just kept on trying to do it, same message. Then I decided that it would be a smart idea to check the link and I saw it! I started searching the internet for what it was and what should I do. Since then I've changed my password to 24 random letters on both my e-mail and steam account and deauthorized my steam account for other computers. But my steam account is the least of my worries, I'm worried that I downloaded some sort of a keylogger or just some nasty ass virus on my PC. Anyway, any help at all would be very appreciated. Thanks in advance! 

 

Volodymyr



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:55 PM

Posted 26 August 2014 - 03:19 AM

:welcome:

Hello v0lodymyr,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 v0lodymyr

v0lodymyr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 26 August 2014 - 03:52 AM

Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Java version out of Date! 
 Google Chrome 34.0.1847.131  
 Google Chrome update.dll..  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 

Okay the FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03

Ran by Ažbe (administrator) on PIMP-PC on 25-08-2014 20:33:31

Running from C:\Users\Ažbe\Downloads

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

() C:\Windows\Runservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(BitTorrent Inc.) C:\Users\Ažbe\AppData\Roaming\uTorrent\uTorrent.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Ažbe\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-02] (Advanced Micro Devices, Inc.)

HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21653096 2014-07-24] (Skype Technologies S.A.)

HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log

HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\Run: [uTorrent] => "C:\Users\A~be\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [159744 2014-06-14] (Voobly)

HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\Run: [reg_svr] => "C:\Windows\SysWoW64\regsvr32.exe" /s "C:\Users\A~be\AppData\Roaming\glister\nvm.dll"

HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\MountPoints2: {7c0caed5-d518-11e3-abbd-90e6ba1e0f2a} - G:\setup.exe /autorun

HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\MountPoints2: {f0bbcbc4-d38c-11e3-bcbb-806e6f6e6963} - E:\setup.exe /autorun

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.sea...193&lg=EN&cc=SI

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.sea...193&lg=EN&cc=SI

SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...193&lg=EN&cc=SI

SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...193&lg=EN&cc=SI

SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...193&lg=EN&cc=SI

SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.sea...193&lg=EN&cc=SI

BHO: CheapMe -> {02F66B2D-E9BC-0676-2CAE-B4D4D11E83E1} -> C:\ProgramData\CheapMe\L3eK4.x64.dll ()

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: CheapMe -> {02F66B2D-E9BC-0676-2CAE-B4D4D11E83E1} -> C:\ProgramData\CheapMe\L3eK4.dll ()

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 212.103.128.66 212.103.128.67

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

 

Chrome: 

=======

CHR HomePage: hxxp://websearch.searchsun.info/?pid=724&r=2014/05/06&hid=7256336004363963193&lg=EN&cc=SI

CHR StartupUrls: "hxxp://websearch.searchsun.info/?pid=724&r=2014/05/06&hid=7256336004363963193&lg=EN&cc=SI"

CHR DefaultSearchKeyword: websearch

CHR DefaultSearchProvider: WebSearch

CHR DefaultSearchURL: http://websearch.sea...193&lg=EN&cc=SI

CHR DefaultSuggestURL: http://localhost

CHR Extension: (Google Dokumenti) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]

CHR Extension: (Google Drive) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]

CHR Extension: (YouTube) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]

CHR Extension: (Iskanje Google) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]

CHR Extension: (AdBlock) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-24]

CHR Extension: (Google Denarnica) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]

CHR Extension: (Gmail) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 LicCtrlService; C:\Windows\runservice.exe [2560 2014-07-13] () [File not signed]

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)

S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)

S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)

S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-06] (Disc Soft Ltd)

S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1045608 2011-07-13] (Realtek Semiconductor Corporation                           )

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-25 20:32 - 2014-08-25 20:33 - 02103296 _____ (Farbar) C:\Users\Ažbe\Downloads\FRST64 (1).exe

2014-08-25 20:07 - 2014-08-25 20:07 - 00000000 ____D () C:\Users\Ažbe\Downloads\Microsoft.Windows.7.Professional.SLO.x86

2014-08-25 20:06 - 2014-08-25 20:06 - 00011654 _____ () C:\Users\Ažbe\Downloads\Microsoft.Windows.7.Professional.SLO.x86.torrent

2014-08-25 19:00 - 2014-08-25 19:04 - 00035612 _____ () C:\Users\Ažbe\Downloads\Addition.txt

2014-08-25 18:59 - 2014-08-25 20:33 - 00013336 _____ () C:\Users\Ažbe\Downloads\FRST.txt

2014-08-25 18:59 - 2014-08-25 20:33 - 00000000 ____D () C:\FRST

2014-08-25 18:58 - 2014-08-25 18:58 - 02103296 _____ (Farbar) C:\Users\Ažbe\Downloads\FRST64.exe

2014-08-25 18:51 - 2014-08-25 18:51 - 00854417 _____ () C:\Users\Ažbe\Downloads\SecurityCheck.exe

2014-08-25 18:51 - 2014-08-25 18:51 - 00602112 _____ (OldTimer Tools) C:\Users\Ažbe\Downloads\OTL.exe

2014-08-23 17:37 - 2014-08-25 17:35 - 00000052 _____ () C:\Users\Ažbe\Desktop\CODE.txt

2014-08-19 13:19 - 2014-08-19 13:19 - 00000004 _____ () C:\Users\Ažbe\AppData\Roaming\appdataFr2.bin

2014-08-17 10:35 - 2014-08-17 10:35 - 00000000 ____D () C:\Program Files (x86)\NetoCooupon

2014-08-17 10:35 - 2014-08-17 10:35 - 00000000 ____D () C:\Program Files (x86)\EnjoyCooupoonn

2014-08-17 10:35 - 2014-08-17 10:35 - 00000000 ____D () C:\Program Files (x86)\CouPEXteNsion

2014-08-17 10:35 - 2014-08-17 10:35 - 00000000 ____D () C:\Program Files (x86)\CheeapMe

2014-08-15 11:26 - 2014-08-17 14:15 - 00000000 ____D () C:\ProgramData\CheeapMe

2014-08-15 02:31 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-15 02:31 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-15 02:31 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-15 02:31 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-15 02:31 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-15 02:31 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-15 02:31 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-15 02:31 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-15 00:32 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-15 00:32 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-15 00:32 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-15 00:32 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-15 00:32 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-15 00:32 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-15 00:32 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-15 00:32 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-15 00:32 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-15 00:32 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-15 00:32 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-15 00:32 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-15 00:31 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-15 00:31 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-15 00:31 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-15 00:31 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-15 00:31 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-15 00:31 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-15 00:31 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-15 00:31 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-15 00:31 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-15 00:31 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-15 00:31 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-15 00:31 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-15 00:31 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-15 00:31 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-15 00:31 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-15 00:31 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-15 00:31 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-15 00:31 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-15 00:31 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-15 00:31 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-15 00:31 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-15 00:31 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-15 00:31 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-15 00:31 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-15 00:31 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-15 00:31 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-15 00:31 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-15 00:31 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-15 00:31 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-15 00:31 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-15 00:31 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-15 00:31 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-15 00:31 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-15 00:31 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-15 00:31 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-15 00:31 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-15 00:31 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-15 00:31 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-15 00:31 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-15 00:31 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-15 00:31 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-15 00:31 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-15 00:31 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-15 00:31 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-15 00:31 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-15 00:31 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-15 00:31 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-15 00:31 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-15 00:31 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-15 00:31 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-15 00:31 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-15 00:31 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-15 00:31 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-15 00:31 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-15 00:31 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-15 00:31 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-15 00:31 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-15 00:28 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-15 00:28 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-12 11:41 - 2014-08-12 11:41 - 00000219 _____ () C:\Users\Ažbe\Desktop\Counter-Strike Global Offensive.url

2014-08-12 10:45 - 2014-08-25 20:20 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-08-12 10:45 - 2014-08-12 10:45 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk

2014-08-12 10:45 - 2014-08-12 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2014-08-07 17:28 - 2014-08-07 17:28 - 00000000 ____D () C:\ProgramData\AdPunisher

2014-08-03 13:15 - 2014-08-03 13:16 - 00000000 ____D () C:\ProgramData\CheapMe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-25 20:33 - 2014-08-25 20:32 - 02103296 _____ (Farbar) C:\Users\Ažbe\Downloads\FRST64 (1).exe

2014-08-25 20:33 - 2014-08-25 18:59 - 00013336 _____ () C:\Users\Ažbe\Downloads\FRST.txt

2014-08-25 20:33 - 2014-08-25 18:59 - 00000000 ____D () C:\FRST

2014-08-25 20:33 - 2014-05-06 20:05 - 00000000 ____D () C:\Users\Ažbe\AppData\Roaming\uTorrent

2014-08-25 20:25 - 2014-05-04 19:14 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-25 20:20 - 2014-08-12 10:45 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-08-25 20:07 - 2014-08-25 20:07 - 00000000 ____D () C:\Users\Ažbe\Downloads\Microsoft.Windows.7.Professional.SLO.x86

2014-08-25 20:06 - 2014-08-25 20:06 - 00011654 _____ () C:\Users\Ažbe\Downloads\Microsoft.Windows.7.Professional.SLO.x86.torrent

2014-08-25 19:25 - 2014-05-04 19:14 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-25 19:04 - 2014-08-25 19:00 - 00035612 _____ () C:\Users\Ažbe\Downloads\Addition.txt

2014-08-25 18:58 - 2014-08-25 18:58 - 02103296 _____ (Farbar) C:\Users\Ažbe\Downloads\FRST64.exe

2014-08-25 18:51 - 2014-08-25 18:51 - 00854417 _____ () C:\Users\Ažbe\Downloads\SecurityCheck.exe

2014-08-25 18:51 - 2014-08-25 18:51 - 00602112 _____ (OldTimer Tools) C:\Users\Ažbe\Downloads\OTL.exe

2014-08-25 17:35 - 2014-08-23 17:37 - 00000052 _____ () C:\Users\Ažbe\Desktop\CODE.txt

2014-08-25 16:17 - 2014-05-05 23:19 - 00000000 ____D () C:\Users\Ažbe\AppData\Roaming\Skype

2014-08-25 12:07 - 2014-05-14 16:55 - 00000000 ____D () C:\Users\Ažbe\AppData\Roaming\.minecraft

2014-08-25 10:18 - 2014-06-16 16:38 - 00000000 ____D () C:\Users\Ažbe\AppData\Roaming\glister

2014-08-25 09:57 - 2014-05-09 13:19 - 00000000 ____D () C:\Users\Ažbe\AppData\Local\Adobe

2014-08-25 09:53 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-25 09:53 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-25 09:51 - 2014-05-04 15:10 - 01064824 _____ () C:\Windows\WindowsUpdate.log

2014-08-25 09:46 - 2014-07-13 21:04 - 00000521 ___SH () C:\Windows\SysWOW64\mmf.sys

2014-08-25 09:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-25 09:46 - 2009-07-14 06:51 - 00045242 _____ () C:\Windows\setupact.log

2014-08-25 09:46 - 2009-07-14 06:45 - 05060784 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-25 00:25 - 2014-07-13 20:05 - 00000000 ____D () C:\Users\Ažbe\AppData\Roaming\TS3Client

2014-08-23 11:23 - 2014-07-14 12:38 - 00000000 ____D () C:\Users\Ažbe\Documents\FIFA 14

2014-08-19 13:19 - 2014-08-19 13:19 - 00000004 _____ () C:\Users\Ažbe\AppData\Roaming\appdataFr2.bin

2014-08-18 00:42 - 2014-05-07 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-18 00:41 - 2014-05-07 15:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2014-08-17 14:15 - 2014-08-15 11:26 - 00000000 ____D () C:\ProgramData\CheeapMe

2014-08-17 14:15 - 2014-07-07 15:22 - 00000000 ____D () C:\ProgramData\EnjoyCooupoonn

2014-08-17 14:15 - 2014-06-30 15:34 - 00000000 ____D () C:\ProgramData\CouPEXteNsion

2014-08-17 14:15 - 2014-06-23 10:34 - 00000000 ____D () C:\ProgramData\NetoCooupon

2014-08-17 10:35 - 2014-08-17 10:35 - 00000000 ____D () C:\Program Files (x86)\NetoCooupon

2014-08-17 10:35 - 2014-08-17 10:35 - 00000000 ____D () C:\Program Files (x86)\EnjoyCooupoonn

2014-08-17 10:35 - 2014-08-17 10:35 - 00000000 ____D () C:\Program Files (x86)\CouPEXteNsion

2014-08-17 10:35 - 2014-08-17 10:35 - 00000000 ____D () C:\Program Files (x86)\CheeapMe

2014-08-17 10:35 - 2014-05-06 23:00 - 00000000 ____D () C:\ProgramData\6c8f883dde4702bc

2014-08-16 13:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-15 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-12 15:54 - 2014-06-14 09:36 - 00062548 _____ () C:\Windows\DirectX.log

2014-08-12 11:41 - 2014-08-12 11:41 - 00000219 _____ () C:\Users\Ažbe\Desktop\Counter-Strike Global Offensive.url

2014-08-12 11:41 - 2014-06-18 17:22 - 00000000 ____D () C:\Users\Ažbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2014-08-12 10:45 - 2014-08-12 10:45 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk

2014-08-12 10:45 - 2014-08-12 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2014-08-11 11:39 - 2014-05-10 22:36 - 00000132 _____ () C:\Users\Ažbe\AppData\Roaming\Adobe PNG Format CS6 Prefs

2014-08-11 01:04 - 2014-05-04 19:13 - 00111920 _____ () C:\Users\Ažbe\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-08 21:26 - 2014-05-05 23:19 - 00000000 ____D () C:\ProgramData\Skype

2014-08-07 17:28 - 2014-08-07 17:28 - 00000000 ____D () C:\ProgramData\AdPunisher

2014-08-03 13:16 - 2014-08-03 13:15 - 00000000 ____D () C:\ProgramData\CheapMe

2014-08-01 01:41 - 2014-08-15 00:31 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-01 01:16 - 2014-08-15 00:31 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

 

Some content of TEMP:

====================

C:\Users\Ažbe\AppData\Local\Temp\BackupSetup.exe

C:\Users\Ažbe\AppData\Local\Temp\devcon.exe

C:\Users\Ažbe\AppData\Local\Temp\LiveSupport_setup.exe

C:\Users\Ažbe\AppData\Local\Temp\ose00000.exe

C:\Users\Ažbe\AppData\Local\Temp\Uninstall.exe

C:\Users\Ažbe\AppData\Local\Temp\utt47B3.tmp.exe

C:\Users\Ažbe\AppData\Local\Temp\vcredist_x64.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-17 16:28

 

==================== End Of Log ============================

Okay the Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03

Ran by Ažbe at 2014-08-25 20:33:46

Running from C:\Users\Ažbe\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

"FIFA 14" (HKLM-x32\...\{6049054B-DB11-48E1-A583-9A565D5C8856}_is1) (Version: 1.4.0.0 - )

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden

Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden

Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)

Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden

AdPunisher (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - AdPunisher)

AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)

AMD DnD V1.0.19 (x32 Version: 1.0.19 - AMD) Hidden

ATI AVIVO64 Codecs (Version: 10.12.0.00202 - ATI Technologies Inc.) Hidden

bl (x32 Version: 1.0.0 - Your Company Name) Hidden

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Core Implementation (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center Graphics Full New (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center Graphics Light (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center HydraVision Full (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2013.0429.2313.39747 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

CCC Help Chinese Standard (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Chinese Traditional (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Czech (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Danish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Dutch (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help English (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Finnish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help French (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help German (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Greek (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Hungarian (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Italian (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Japanese (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Korean (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Norwegian (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Polish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Portuguese (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Russian (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Spanish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Swedish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Thai (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Turkish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

ccc-core-static (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

ccc-utility64 (Version: 2010.0202.2335.42270 - ATI) Hidden

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)

Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E17BF11-A72D-4DA8-BFAA-DD262C17C2DE}) (Version:  - Microsoft)

Fast Break Basketball (HKLM-x32\...\Fast Break Basketball_is1) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

HydraVision (x32 Version: 4.2.142.0 - ATI Technologies Inc.) Hidden

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Microsoft Access MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft DCF MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Excel MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Groove MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft InfoPath MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Lync MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Office OSM MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Office OSM UX MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Office Proofing (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2013 - hrvatski (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Office Shared 32-bit MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft OneNote MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Outlook MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft PowerPoint MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Publisher MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Word MUI (Slovenian) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

NBA 2K12 (HKLM-x32\...\{04E9B02B-4F85-4B73-B865-27B9B8B35877}) (Version: 1.0.0 - 2K Sports)

NBA 2K14 (HKLM-x32\...\{4FE0545A-1BF3-4B9B-A044-6E1EE719E197}) (Version: 1.0.0 - 2K Sports)

Orodja za preverjanje za Microsoft Office 2013 – slovenščina (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)

TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)

Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)

Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0016-0424-1000-0000000FF1CE}_Office15.PROPLUS_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)

Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0018-0424-1000-0000000FF1CE}_Office15.PROPLUS_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)

Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-001B-0424-1000-0000000FF1CE}_Office15.PROPLUS_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)

Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-00C1-0424-1000-0000000FF1CE}_Office15.PROPLUS_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)

Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)

Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)

Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-012B-0424-1000-0000000FF1CE}_Office15.PROPLUS_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)

Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0424-1000-0000000FF1CE}_Office15.PROPLUS_{268363D0-723B-49B3-9F60-464BE27DE4A7}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0424-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0424-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0424-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-006E-0424-1000-0000000FF1CE}_Office15.PROPLUS_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E12997A4-DAEC-4563-B330-F21EB71880D9}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.PROPLUS_{540B47E7-0F89-4CA1-8BFA-5CF377A963AF}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-041A-1000-0000000FF1CE}_Office15.PROPLUS_{E73C659A-389C-4DF0-9E11-3B1ED0116D78}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0424-1000-0000000FF1CE}_Office15.PROPLUS_{194D8383-F472-4016-985C-8DD938CCDC3A}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)

Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)

Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0424-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)

Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)

Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0424-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)

Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)

Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0424-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)

Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)

Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)

Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0424-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2013 (KB2883051) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E2C51083-2E10-4E61-8F36-E6308DD0FA94}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2013 (KB2883051) 64-Bit Edition (HKLM\...\{90150000-0018-0424-1000-0000000FF1CE}_Office15.PROPLUS_{E2C51083-2E10-4E61-8F36-E6308DD0FA94}) (Version:  - Microsoft)

Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)

Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0424-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0424-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)

Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)

Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)

Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-001A-0424-1000-0000000FF1CE}_Office15.PROPLUS_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)

Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-001B-0424-1000-0000000FF1CE}_Office15.PROPLUS_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)

Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-012B-0424-1000-0000000FF1CE}_Office15.PROPLUS_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)

Voobly (HKLM-x32\...\Voobly_is1) (Version: Voobly - Voobly)

WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

14-08-2014 09:07:35 Windows Update

15-08-2014 00:30:10 Windows Update

17-08-2014 22:39:17 Windows Update

21-08-2014 08:13:43 Windows Update

24-08-2014 09:07:12 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 04:34 - 2014-05-10 22:09 - 00001028 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1                   activate.adobe.com

127.0.0.1                   practivate.adobe.com

127.0.0.1                   lmlicenses.wip4.adobe.com

127.0.0.1                   lm.licenses.adobe.com

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {413C5774-CAF3-4C05-8E69-2837A1F3D8C7} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {6B1A9483-A503-4CF2-AFDC-28C135265D1B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {6C17162F-3540-4CD1-911B-6A58D9C1211E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04] (Google Inc.)

Task: {7D8CF514-6DB3-409C-97A7-AD51D76C3306} - System32\Tasks\AdobeAAMUpdater-1.0-PIMP-PC-Ažbe => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)

Task: {81A780C3-EC7B-4650-A025-6BF96E83EEA3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {AE2136E5-A222-46F0-90AD-FA0AED07FAC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-07-13 21:04 - 2014-07-13 21:04 - 00002560 _____ () C:\Windows\runservice.exe

2009-11-24 13:36 - 2009-11-24 13:36 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2014-06-14 08:54 - 2014-06-14 08:54 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2014-07-13 21:04 - 2014-07-13 21:04 - 00048640 _____ () C:\Windows\mmfs.dll

2014-08-12 10:50 - 2014-08-04 21:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll

2014-08-12 10:50 - 2014-08-04 21:15 - 00441856 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll

2014-08-12 10:50 - 2014-08-04 21:15 - 00332288 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll

2014-08-12 10:50 - 2014-08-04 21:15 - 00769024 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2014-08-12 10:50 - 2014-08-14 00:31 - 02144448 _____ () C:\Program Files (x86)\Steam\video.dll

2014-08-12 10:50 - 2014-08-04 21:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll

2014-08-12 10:50 - 2014-07-31 05:47 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll

2014-08-12 10:50 - 2014-08-14 00:30 - 00677056 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2014-08-12 10:50 - 2014-08-13 08:27 - 34587328 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2014-08-14 20:22 - 2014-08-13 08:27 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

2014-05-04 19:16 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll

2014-05-04 19:16 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll

2014-05-04 19:16 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll

2014-05-04 19:16 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll

2014-05-04 19:16 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll

2014-05-04 19:16 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll

2014-05-04 19:16 - 2014-04-24 02:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/25/2014 06:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: dreamweaver.exe, version: 12.0.0.5808, time stamp: 0x4f7617ae

Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86

Exception code: 0xe06d7363

Fault offset: 0x0000c42d

Faulting process id: 0x11e0

Faulting application start time: 0xdreamweaver.exe0

Faulting application path: dreamweaver.exe1

Faulting module path: dreamweaver.exe2

Report Id: dreamweaver.exe3

 

Error: (08/25/2014 09:56:40 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154

 

Error: (08/25/2014 09:47:40 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/24/2014 11:05:18 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154

 

Error: (08/24/2014 10:56:32 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/23/2014 10:33:59 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154

 

Error: (08/23/2014 10:25:05 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/22/2014 10:14:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154

 

Error: (08/22/2014 10:05:19 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/21/2014 10:09:49 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154

 

 

System errors:

=============

Error: (08/18/2014 11:12:20 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 10:56:07 on ‎18.‎8.‎2014 was unexpected.

 

Error: (08/14/2014 08:23:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Steam Client Service service failed to start due to the following error: 

%%1053

 

Error: (08/14/2014 08:23:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

 

Error: (08/12/2014 10:51:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Steam Client Service service failed to start due to the following error: 

%%1053

 

Error: (08/12/2014 10:51:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

 

Error: (08/12/2014 09:35:33 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 0:41:51 on ‎12.‎8.‎2014 was unexpected.

 

Error: (08/10/2014 10:44:25 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (08/08/2014 09:25:19 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 11:15:23 on ‎8.‎8.‎2014 was unexpected.

 

Error: (08/07/2014 03:51:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

 

Error: (07/17/2014 09:21:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Steam Client Service service failed to start due to the following error: 

%%1053

 

 

Microsoft Office Sessions:

=========================

Error: (08/25/2014 06:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: dreamweaver.exe12.0.0.58084f7617aeKERNELBASE.dll6.1.7601.1840953159a86e06d73630000c42d11e001cfc07f1f6d4d63C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exeC:\Windows\syswow64\KERNELBASE.dll6efedb3f-2c72-11e4-a592-90e6ba1e0f2a

 

Error: (08/25/2014 09:56:40 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154

 

Error: (08/25/2014 09:47:40 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/24/2014 11:05:18 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154

 

Error: (08/24/2014 10:56:32 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/23/2014 10:33:59 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154

 

Error: (08/23/2014 10:25:05 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/22/2014 10:14:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154

 

Error: (08/22/2014 10:05:19 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/21/2014 10:09:49 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418154

 

 

==================== Memory info =========================== 

 

Processor: AMD Phenom™ II X4 965 Processor

Percentage of memory in use: 26%

Total physical RAM: 8190.18 MB

Available physical RAM: 6002.14 MB

Total Pagefile: 16378.54 MB

Available Pagefile: 13900.9 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:244.14 GB) (Free:123.88 GB) NTFS

Drive d: () (Fixed) (Total:687.26 GB) (Free:679.19 GB) NTFS

Drive e: (NBA 2K12) (CDROM) (Total:7.09 GB) (Free:0 GB) UDF

Drive g: (rld-nba2k14) (CDROM) (Total:7.01 GB) (Free:0 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2BD2C32A)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=OF Extended)

 

==================== End Of Log ============================

 



#4 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:55 PM

Posted 26 August 2014 - 04:09 AM

Hello v0lodymyr,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


P2P - I see you have P2P software uTorrent installed on your machine.
  • Avoid P2P
  • Identity Theft and / or malware infection may happen, when P2P software is running on your computer.
  • Here you will find more information.
  • Please note:
    • If you think you're using a "safe" P2P program, only the program is safe, not the data.
    • You will share files from unsafe sources, and these may be infected.
    • Some bad guys use P2P filesharing as an important chanel to spread their wares.
    I would advice you, uninstall it now.
    You can do this via Start > Control Panel > Add Remove Programs (XP) or Start > Control Panel > Programs and Features (Vista / 7).

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 v0lodymyr

v0lodymyr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 26 August 2014 - 04:41 AM

sdjw21.png

--------------------------------------------------

# AdwCleaner v3.308 - Report created 26/08/2014 at 11:38:11
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Ažbe - PIMP-PC
# Running from : C:\Users\Ažbe\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\ABE~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Ažbe\AppData\Roaming\LiveSupport.exe_log.txt
File Found : C:\Users\Ažbe\AppData\Roaming\regsvr32.exe_log.txt
Folder Found : C:\Program Files (x86)\CheeapMe
Folder Found : C:\Program Files (x86)\CouPEXteNsion
Folder Found : C:\Program Files (x86)\EnjoyCooupoonn
Folder Found : C:\Program Files (x86)\NetoCooupon
Folder Found : C:\Program Files (x86)\NextCouup
Folder Found : C:\Program Files (x86)\save anet
Folder Found : C:\Program Files (x86)\SeearCH-NewTab
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AppReady Software
Folder Found : C:\ProgramData\CheapMe
Folder Found : C:\ProgramData\CheeapMe
Folder Found : C:\ProgramData\CouPEXteNsion
Folder Found : C:\ProgramData\EnjoyCooupoonn
Folder Found : C:\ProgramData\NetoCooupon
Folder Found : C:\ProgramData\NextCouup
Folder Found : C:\ProgramData\save anet
Folder Found : C:\ProgramData\SeearCH-NewTab
Folder Found : C:\Users\ABE~1\AppData\Local\Temp\apn
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaacdoogjiofbhnpccibonpimbpjookp
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\finoacciifnhgkdhbbojbiggpphghnbl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\finoacciifnhgkdhbbojbiggpphghnbl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\finoacciifnhgkdhbbojbiggpphghnbl
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgeaaihfcfdbnndlocmobdidimleodo
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgeaaihfcfdbnndlocmobdidimleodo
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgeaaihfcfdbnndlocmobdidimleodo
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmghcgooofhplnmkbjhllifdghiglng
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmghcgooofhplnmkbjhllifdghiglng
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmghcgooofhplnmkbjhllifdghiglng
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgjkcooghklcohnhdmneonhlhalbnnci
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkmnioodiegmedbffhadddgibclpiah
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkmnioodiegmedbffhadddgibclpiah
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkmnioodiegmedbffhadddgibclpiah
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Ažbe\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Ažbe\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\finoacciifnhgkdhbbojbiggpphghnbl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\finoacciifnhgkdhbbojbiggpphghnbl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\finoacciifnhgkdhbbojbiggpphghnbl
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgeaaihfcfdbnndlocmobdidimleodo
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgeaaihfcfdbnndlocmobdidimleodo
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgeaaihfcfdbnndlocmobdidimleodo
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmghcgooofhplnmkbjhllifdghiglng
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmghcgooofhplnmkbjhllifdghiglng
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmghcgooofhplnmkbjhllifdghiglng
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkmnioodiegmedbffhadddgibclpiah
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkmnioodiegmedbffhadddgibclpiah
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkmnioodiegmedbffhadddgibclpiah
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\finoacciifnhgkdhbbojbiggpphghnbl
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\finoacciifnhgkdhbbojbiggpphghnbl
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\finoacciifnhgkdhbbojbiggpphghnbl
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgeaaihfcfdbnndlocmobdidimleodo
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgeaaihfcfdbnndlocmobdidimleodo
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgeaaihfcfdbnndlocmobdidimleodo
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmghcgooofhplnmkbjhllifdghiglng
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmghcgooofhplnmkbjhllifdghiglng
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmghcgooofhplnmkbjhllifdghiglng
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkmnioodiegmedbffhadddgibclpiah
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkmnioodiegmedbffhadddgibclpiah
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkkmnioodiegmedbffhadddgibclpiah
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\LiveSupport
Key Found : [x64] HKCU\Software\LiveSupport
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\CaheapMae.CaheapMae
Key Found : HKLM\SOFTWARE\Classes\CaheapMae.CaheapMae.5.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{151D2470-676A-29CB-C2DA-9C6F12F3B305}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26FDBC3C-04B2-DD05-09FB-4983875BAFEB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{434217CF-4BAA-9E3D-7B62-8106418576AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FECB66AF-C5E8-349F-1CBE-27C0699CDDA9}
Key Found : HKLM\SOFTWARE\Classes\CoUpExteansion.CoUpExteansion
Key Found : HKLM\SOFTWARE\Classes\CoUpExteansion.CoUpExteansion.1.3
Key Found : HKLM\SOFTWARE\Classes\EnjoyCouopoon.EnjoyCouopoon
Key Found : HKLM\SOFTWARE\Classes\EnjoyCouopoon.EnjoyCouopoon.3.4
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\NetOCCoupon.NetOCCoupon
Key Found : HKLM\SOFTWARE\Classes\NetOCCoupon.NetOCCoupon.6.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{151D2470-676A-29CB-C2DA-9C6F12F3B305}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{26FDBC3C-04B2-DD05-09FB-4983875BAFEB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{434217CF-4BAA-9E3D-7B62-8106418576AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FECB66AF-C5E8-349F-1CBE-27C0699CDDA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{151D2470-676A-29CB-C2DA-9C6F12F3B305}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{26FDBC3C-04B2-DD05-09FB-4983875BAFEB}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{434217CF-4BAA-9E3D-7B62-8106418576AE}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{FECB66AF-C5E8-349F-1CBE-27C0699CDDA9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Startup_urls] : hxxp://websearch.searchsun.info/?pid=724&r=2014/05/06&hid=7256336004363963193&lg=EN&cc=SI
Found [Homepage] : hxxp://websearch.searchsun.info/?pid=724&r=2014/05/06&hid=7256336004363963193&lg=EN&cc=SI
 
*************************
 
AdwCleaner[R0].txt - [10295 octets] - [26/08/2014 11:38:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10356 octets] ##########

--------------------------------------------------

I unistalled uTorrent as well


#6 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:55 PM

Posted 26 August 2014 - 05:20 AM

Hello v0lodymyr,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 v0lodymyr

v0lodymyr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 26 August 2014 - 06:39 AM

1.) ADW Cleaner

# AdwCleaner v3.308 - Report created 26/08/2014 at 13:36:34

# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Ažbe - PIMP-PC
# Running from : C:\Users\Ažbe\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10465 octets] - [26/08/2014 11:38:11]
AdwCleaner[R1].txt - [10526 octets] - [26/08/2014 13:18:47]
AdwCleaner[R2].txt - [776 octets] - [26/08/2014 13:36:34]
AdwCleaner[S0].txt - [10979 octets] - [26/08/2014 13:19:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [896 octets] ##########
 

2.) JTK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by A§be on tor 26.08.2014 at 13:28:13,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on tor 26.08.2014 at 13:35:41,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

3.) fARBAR

 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by Ažbe (administrator) on PIMP-PC on 26-08-2014 13:37:45
Running from C:\Users\Ažbe\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\Runservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Ažbe\Downloads\AdwCleaner.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-02] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21653096 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [159744 2014-06-14] (Voobly)
HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\Run: [reg_svr] => "C:\Windows\SysWoW64\regsvr32.exe" /s "C:\Users\A~be\AppData\Roaming\glister\nvm.dll"
HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\MountPoints2: {7c0caed5-d518-11e3-abbd-90e6ba1e0f2a} - G:\setup.exe /autorun
HKU\S-1-5-21-2815972157-483420265-2095535818-1000\...\MountPoints2: {f0bbcbc4-d38c-11e3-bcbb-806e6f6e6963} - E:\setup.exe /autorun
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: No Name -> {02F66B2D-E9BC-0676-2CAE-B4D4D11E83E1} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.103.128.66 212.103.128.67
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Dokumenti) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
CHR Extension: (Google Drive) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
CHR Extension: (YouTube) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Iskanje Google) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (AdBlock) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-24]
CHR Extension: (Google Denarnica) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\Ažbe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2014-07-13] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2012-03-08] (Broadcom Corporation)
S3 BFN7x64; C:\Windows\system32\drivers\Xeno7x64.sys [157288 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [178216 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [539176 2012-02-22] (Broadcom Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-06] (Disc Soft Ltd)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1045608 2011-07-13] (Realtek Semiconductor Corporation                           )
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-26 13:35 - 2014-08-26 13:35 - 00000628 _____ () C:\Users\Ažbe\Desktop\JRT.txt
2014-08-26 13:28 - 2014-08-26 13:28 - 00000000 ____D () C:\Windows\ERUNT
2014-08-26 13:27 - 2014-08-26 13:27 - 01016261 _____ (Thisisu) C:\Users\Ažbe\Downloads\JRT (1).exe
2014-08-26 13:18 - 2014-08-26 13:19 - 01016261 _____ (Thisisu) C:\Users\Ažbe\Downloads\JRT.exe
2014-08-26 11:38 - 2014-08-26 13:37 - 00000000 ____D () C:\AdwCleaner
2014-08-26 11:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-26 11:37 - 2014-08-26 11:37 - 01364531 _____ () C:\Users\Ažbe\Downloads\AdwCleaner.exe
2014-08-26 11:18 - 2014-08-26 11:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-26 11:15 - 2014-08-26 11:38 - 00000000 ____D () C:\Users\Ažbe\Desktop\mbar
2014-08-26 11:10 - 2014-08-26 11:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ažbe\Downloads\mbar-1.07.0.1012.exe
2014-08-26 10:31 - 2014-08-26 10:32 - 00854417 _____ () C:\Users\Ažbe\Downloads\SecurityCheck (1).exe
2014-08-25 23:42 - 2014-08-26 13:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 23:42 - 2014-08-26 11:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-25 23:42 - 2014-08-25 23:42 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-25 23:42 - 2014-08-25 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 23:42 - 2014-08-25 23:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-25 23:42 - 2014-08-25 23:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-25 23:42 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-25 23:42 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-25 23:40 - 2014-08-25 23:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ažbe\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-25 20:32 - 2014-08-25 20:33 - 02103296 _____ (Farbar) C:\Users\Ažbe\Downloads\FRST64 (1).exe
2014-08-25 20:07 - 2014-08-25 20:07 - 00000000 ____D () C:\Users\Ažbe\Downloads\Microsoft.Windows.7.Professional.SLO.x86
2014-08-25 20:06 - 2014-08-25 20:06 - 00011654 _____ () C:\Users\Ažbe\Downloads\Microsoft.Windows.7.Professional.SLO.x86.torrent
2014-08-25 19:00 - 2014-08-25 20:34 - 00035611 _____ () C:\Users\Ažbe\Downloads\Addition.txt
2014-08-25 18:59 - 2014-08-26 13:37 - 00012324 _____ () C:\Users\Ažbe\Downloads\FRST.txt
2014-08-25 18:59 - 2014-08-26 13:37 - 00000000 ____D () C:\FRST
2014-08-25 18:58 - 2014-08-25 18:58 - 02103296 _____ (Farbar) C:\Users\Ažbe\Downloads\FRST64.exe
2014-08-25 18:51 - 2014-08-25 18:51 - 00854417 _____ () C:\Users\Ažbe\Downloads\SecurityCheck.exe
2014-08-25 18:51 - 2014-08-25 18:51 - 00602112 _____ (OldTimer Tools) C:\Users\Ažbe\Downloads\OTL.exe
2014-08-23 17:37 - 2014-08-26 01:09 - 00000052 _____ () C:\Users\Ažbe\Desktop\CODE.txt
2014-08-19 13:19 - 2014-08-19 13:19 - 00000004 _____ () C:\Users\Ažbe\AppData\Roaming\appdataFr2.bin
2014-08-15 02:31 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 02:31 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 02:31 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 02:31 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 02:31 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 02:31 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 02:31 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 02:31 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 00:32 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 00:32 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 00:32 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 00:32 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 00:32 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 00:32 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 00:32 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 00:32 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 00:32 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 00:32 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 00:32 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 00:32 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 00:31 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 00:31 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 00:31 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 00:31 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 00:31 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 00:31 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 00:31 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 00:31 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 00:31 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 00:31 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 00:31 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 00:31 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 00:31 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 00:31 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 00:31 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 00:31 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 00:31 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 00:31 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 00:31 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 00:31 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 00:31 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 00:31 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 00:31 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 00:31 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 00:31 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 00:31 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 00:31 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 00:31 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 00:31 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 00:31 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 00:31 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 00:31 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 00:31 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 00:31 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 00:31 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 00:31 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 00:31 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 00:31 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 00:31 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 00:31 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 00:31 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 00:31 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 00:31 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 00:31 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 00:31 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 00:31 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 00:31 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 00:31 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 00:31 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 00:31 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 00:31 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 00:31 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 00:31 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 00:31 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 00:31 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 00:31 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 00:31 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 00:28 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 00:28 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 11:41 - 2014-08-12 11:41 - 00000219 _____ () C:\Users\Ažbe\Desktop\Counter-Strike Global Offensive.url
2014-08-12 10:45 - 2014-08-26 12:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-12 10:45 - 2014-08-12 10:45 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-08-12 10:45 - 2014-08-12 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-07 17:28 - 2014-08-07 17:28 - 00000000 ____D () C:\ProgramData\AdPunisher
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-26 13:37 - 2014-08-26 11:38 - 00000000 ____D () C:\AdwCleaner
2014-08-26 13:37 - 2014-08-25 18:59 - 00012324 _____ () C:\Users\Ažbe\Downloads\FRST.txt
2014-08-26 13:37 - 2014-08-25 18:59 - 00000000 ____D () C:\FRST
2014-08-26 13:35 - 2014-08-26 13:35 - 00000628 _____ () C:\Users\Ažbe\Desktop\JRT.txt
2014-08-26 13:33 - 2014-08-25 23:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 13:32 - 2014-06-16 16:38 - 00000000 ____D () C:\Users\Ažbe\AppData\Roaming\glister
2014-08-26 13:29 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 13:29 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 13:28 - 2014-08-26 13:28 - 00000000 ____D () C:\Windows\ERUNT
2014-08-26 13:27 - 2014-08-26 13:27 - 01016261 _____ (Thisisu) C:\Users\Ažbe\Downloads\JRT (1).exe
2014-08-26 13:25 - 2014-05-04 19:14 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-26 13:25 - 2014-05-04 15:10 - 01171558 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 13:23 - 2009-07-14 06:45 - 05060784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 13:22 - 2014-05-05 23:19 - 00000000 ____D () C:\Users\Ažbe\AppData\Roaming\Skype
2014-08-26 13:21 - 2014-07-13 21:04 - 00000521 ___SH () C:\Windows\SysWOW64\mmf.sys
2014-08-26 13:21 - 2014-05-04 19:14 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-26 13:21 - 2010-11-21 05:47 - 00027472 _____ () C:\Windows\PFRO.log
2014-08-26 13:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-26 13:21 - 2009-07-14 06:51 - 00045354 _____ () C:\Windows\setupact.log
2014-08-26 13:19 - 2014-08-26 13:18 - 01016261 _____ (Thisisu) C:\Users\Ažbe\Downloads\JRT.exe
2014-08-26 12:10 - 2014-08-12 10:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-26 11:38 - 2014-08-26 11:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-26 11:38 - 2014-08-26 11:15 - 00000000 ____D () C:\Users\Ažbe\Desktop\mbar
2014-08-26 11:37 - 2014-08-26 11:37 - 01364531 _____ () C:\Users\Ažbe\Downloads\AdwCleaner.exe
2014-08-26 11:34 - 2014-06-14 09:21 - 00000000 ____D () C:\Program Files (x86)\2K Sports
2014-08-26 11:30 - 2014-06-14 09:32 - 00000000 ____D () C:\Users\Ažbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2K Sports
2014-08-26 11:30 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 11:15 - 2014-08-25 23:42 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-26 11:11 - 2014-08-26 11:10 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ažbe\Downloads\mbar-1.07.0.1012.exe
2014-08-26 11:10 - 2014-05-06 20:05 - 00000000 ____D () C:\Users\Ažbe\AppData\Roaming\uTorrent
2014-08-26 10:32 - 2014-08-26 10:31 - 00854417 _____ () C:\Users\Ažbe\Downloads\SecurityCheck (1).exe
2014-08-26 10:30 - 2014-05-09 13:19 - 00000000 ____D () C:\Users\Ažbe\AppData\Local\Adobe
2014-08-26 10:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2014-08-26 01:09 - 2014-08-23 17:37 - 00000052 _____ () C:\Users\Ažbe\Desktop\CODE.txt
2014-08-26 00:03 - 2009-07-14 07:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-25 23:56 - 2014-06-16 15:41 - 00000000 ____D () C:\ProgramData\Appday software
2014-08-25 23:42 - 2014-08-25 23:42 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-25 23:42 - 2014-08-25 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 23:42 - 2014-08-25 23:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-25 23:42 - 2014-08-25 23:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-25 23:41 - 2014-08-25 23:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ažbe\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-25 20:34 - 2014-08-25 19:00 - 00035611 _____ () C:\Users\Ažbe\Downloads\Addition.txt
2014-08-25 20:33 - 2014-08-25 20:32 - 02103296 _____ (Farbar) C:\Users\Ažbe\Downloads\FRST64 (1).exe
2014-08-25 20:07 - 2014-08-25 20:07 - 00000000 ____D () C:\Users\Ažbe\Downloads\Microsoft.Windows.7.Professional.SLO.x86
2014-08-25 20:06 - 2014-08-25 20:06 - 00011654 _____ () C:\Users\Ažbe\Downloads\Microsoft.Windows.7.Professional.SLO.x86.torrent
2014-08-25 18:58 - 2014-08-25 18:58 - 02103296 _____ (Farbar) C:\Users\Ažbe\Downloads\FRST64.exe
2014-08-25 18:51 - 2014-08-25 18:51 - 00854417 _____ () C:\Users\Ažbe\Downloads\SecurityCheck.exe
2014-08-25 18:51 - 2014-08-25 18:51 - 00602112 _____ (OldTimer Tools) C:\Users\Ažbe\Downloads\OTL.exe
2014-08-25 12:07 - 2014-05-14 16:55 - 00000000 ____D () C:\Users\Ažbe\AppData\Roaming\.minecraft
2014-08-25 00:25 - 2014-07-13 20:05 - 00000000 ____D () C:\Users\Ažbe\AppData\Roaming\TS3Client
2014-08-19 13:19 - 2014-08-19 13:19 - 00000004 _____ () C:\Users\Ažbe\AppData\Roaming\appdataFr2.bin
2014-08-18 00:42 - 2014-05-07 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-18 00:41 - 2014-05-07 15:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-17 10:35 - 2014-05-06 23:00 - 00000000 ____D () C:\ProgramData\6c8f883dde4702bc
2014-08-16 13:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-15 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-12 15:54 - 2014-06-14 09:36 - 00062548 _____ () C:\Windows\DirectX.log
2014-08-12 11:41 - 2014-08-12 11:41 - 00000219 _____ () C:\Users\Ažbe\Desktop\Counter-Strike Global Offensive.url
2014-08-12 11:41 - 2014-06-18 17:22 - 00000000 ____D () C:\Users\Ažbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-12 10:45 - 2014-08-12 10:45 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-08-12 10:45 - 2014-08-12 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-11 11:39 - 2014-05-10 22:36 - 00000132 _____ () C:\Users\Ažbe\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-08-11 01:04 - 2014-05-04 19:13 - 00111920 _____ () C:\Users\Ažbe\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-08 21:26 - 2014-05-05 23:19 - 00000000 ____D () C:\ProgramData\Skype
2014-08-07 17:28 - 2014-08-07 17:28 - 00000000 ____D () C:\ProgramData\AdPunisher
2014-08-01 01:41 - 2014-08-15 00:31 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-15 00:31 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
 
Some content of TEMP:
====================
C:\Users\Ažbe\AppData\Local\Temp\BackupSetup.exe
C:\Users\Ažbe\AppData\Local\Temp\devcon.exe
C:\Users\Ažbe\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Ažbe\AppData\Local\Temp\ose00000.exe
C:\Users\Ažbe\AppData\Local\Temp\Quarantine.exe
C:\Users\Ažbe\AppData\Local\Temp\utt47B3.tmp.exe
C:\Users\Ažbe\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 16:28
 
==================== End Of Log ============================
 
Okay so the ADW thing, I was writing this as JTK was doing it's think so it deleted the text I got after my PC restarded. I hope that this doesn't ruin anything. My browsers isn't poping up random ads anymore, but other than that my PC isn't running different..

Edited by v0lodymyr, 26 August 2014 - 06:40 AM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:55 PM

Posted 26 August 2014 - 07:13 AM

Hello v0lodymyr,
 

2014-08-25 20:06 - 2014-08-25 20:06 - 00011654 _____ () C:\Users\Ažbe\Downloads\Microsoft.Windows.7.Professional.SLO.x86.torrent
and log shows signs of pirated Adobe.

Do not use illegal software. Otherwise you'll get no help in the future in forums like BC!


---


1. Java
1.1 Uninstall old Java versions (if present):
  • Please go to Start > Control Panel > Programs and Features .
  • Locate all Java Updates
  • Uninstall them all.
1.2 Install latest Java 7 update. Click this link and click on the Free JAVA Download.

1.3 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are options in the window to clear the cache - Leave ALL Checked
  • Applications and Applets
  • Trace and log files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.
 

---


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 v0lodymyr

v0lodymyr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 26 August 2014 - 09:07 AM

Deleted Adobe and every torrent I downloaded. I also installed the newest Java.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 26.8.2014
Scan Time: 14:29:20
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.26.01
Rootkit Database: v2014.08.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: AA3be
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 330213
Time Elapsed: 8 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end
 
C:\$Recycle.Bin\S-1-5-21-2815972157-483420265-2095535818-1000\$ROAVPBA.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\All Users\InstallMate\{26CA2054-4AF6-4EBE-AC55-02D4FD2902A2}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\All Users\InstallMate\{6FFC2485-7BDB-4C6C-AE87-33F9B41F0673}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\InstallMate\{26CA2054-4AF6-4EBE-AC55-02D4FD2902A2}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined
C:\ProgramData\InstallMate\{6FFC2485-7BDB-4C6C-AE87-33F9B41F0673}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined
C:\Users\A?be\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IIUMB1DQ\8JWR8I5[1].exe a variant of Win32/AdWare.MultiPlug.R application cleaned by deleting - quarantined
C:\Users\A?be\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IIUMB1DQ\j6AiP[1].exe a variant of Win32/AdWare.MultiPlug.R application cleaned by deleting - quarantined
C:\Users\A?be\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IIUMB1DQ\tpq[1].exe a variant of Win32/SProtector.H potentially unwanted application deleted - quarantined
C:\Users\A?be\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH9TFU1I\6p0l[1].exe a variant of Win32/AdWare.MultiPlug.R application cleaned by deleting - quarantined
C:\Users\A?be\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH9TFU1I\agup[1].exe Win32/TrojanDownloader.Agent.AFD trojan cleaned by deleting - quarantined
C:\Users\A?be\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH9TFU1I\Kvep3UQK[1].exe a variant of Win32/AdWare.MultiPlug.R application cleaned by deleting - quarantined
C:\Users\A?be\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KH9TFU1I\w5M_4X[1].exe a variant of Win32/AdWare.MultiPlug.R application cleaned by deleting - quarantined
C:\Users\A?be\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFQ9AQZD\G[1].exe a variant of Win32/AdWare.MultiPlug.R application cleaned by deleting - quarantined
C:\Users\A?be\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFQ9AQZD\tpq[1].exe a variant of Win32/SProtector.H potentially unwanted application deleted - quarantined
C:\Users\A?be\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFQ9AQZD\wk3SNlKms[1].exe a variant of Win32/AdWare.MultiPlug.R application cleaned by deleting - quarantined
C:\Users\A?be\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VILMCRYR\agup[1].exe Win32/TrojanDownloader.Agent.AFD trojan cleaned by deleting - quarantined
C:\Users\A?be\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VILMCRYR\OptimizerPro[1].exe a variant of Win32/AdWare.SpeedingUpMyPC.L application cleaned by deleting - quarantined
C:\Users\A?be\AppData\Local\Temp\BackupSetup.exe MSIL/MyPCBackup.A potentially unwanted application deleted - quarantined
C:\Users\A?be\AppData\Local\Temp\DCCJLN.tmp Win32/TrojanDownloader.Agent.AFD trojan cleaned by deleting - quarantined
C:\Users\A?be\AppData\Local\Temp\HBHXLL.tmp Win32/TrojanDownloader.Agent.AFD trojan cleaned by deleting - quarantined

Edited by v0lodymyr, 26 August 2014 - 09:08 AM.


#10 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:55 PM

Posted 26 August 2014 - 09:34 AM

Hi v0lodymyr,

well done. :)

It Appears That Your Pc Is Now Clean!
 

***


Clean up:

Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
https://secunia.com/vulnerability_scanning/personal/


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:55 PM

Posted 27 August 2014 - 05:17 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users