Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random .exe files from same location asking for premission, I can't chouse no.


  • This topic is locked This topic is locked
41 replies to this topic

#1 Okami

Okami

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 16 September 2014 - 04:16 PM

I had gotten infected with this virus around 3 weeks ego together with some other viruses while installing some fake codec pack, after installing it it seemed very suspicious to me so I immediately restarted my PC in a safe mode and scanned it with my antivirus  IObit Advanced systemcare Ultimate 6 and my IObit Malware Fighter v2.4, both of them found some viruses and cleaned them. But after that I started having some problems, 3 different problems that is, First was that out of nowhere a window to save some files would open asking me to save some small files and it would show dozen of times after I click on cancel before dispiriting, second problem was that after turning my PC it would say that some DLL files ware unable to load (Witch I found out latter that those DLL files don't exist as part of windows or any program but are viruses infact). I will talk later about #3 problem in more detail as that is the one I am still having and the reason I am asking for help here. After googleing for those symptoms I found a solution for a first problem witch ware to use those Malware fighters adwcleaner 3.309, HitmanPro, JRT and mbam 2.0.2.1012 witch took care of first problem as well a second one. But a #3 problem is the one I didn't found anything about witch led me to ask for help here witch I had done about a 10 days ego in this topic, one of members of this forum Broni had tried to help me but we didn't found a way to completely get rid of this virus only to delay problems it causes for a few days after witch he redirected me in this sub-forum. As I expleined in that topic this is what is happening, a window pops out and random .exe files is asking me for permission to make changes to a computer and I can't press no, that is I can press it but it only leads to the same window poping up again immediately and I can't do anything else from it and can only manually restart a PC on a power button. The name of an .exe file changes from time to time but it's location stays the same C/users/username/appdata/roaming/microsoft/windows/ieupdate/ and publisher is always unknown, the name of the .exe file seems to always a name of some .exe that does exist in my PC on a different location for an example schtasks.exe, pcaui.exe. You can read everything that I tried up till now and it's logs in a first topic with a same name that I opened on this forum in a sub forum "Am I infected? what do i do?"

 

Here are the DDS logs attach.txt and dds.txt :

 

Attached File  attach.txt   7.03KB   4 downloads

Attached File  dds.txt   23.78KB   1 downloads

 

PS: I forgot to say in this thread I am using a win 7 64bit.



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:01 AM

Posted 20 September 2014 - 06:16 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi Okami,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Okami

Okami
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 20 September 2014 - 02:34 PM

Hi Toffee, thanks for helping me.

 

I have done as instructed true I have 1 question, you said to fallow your instructions closely and you didn't say that I need to press fix after scanning with FRST so I didn't even true I assume that I should, so was that a right thing to do or should I had press fix?

 

Another question that I have is that you said I shouldn't run any tools without being instructed, does this include auto protection/scanning of my antivirus?

 

Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Vuk (administrator) on PC on 20-09-2014 21:21:14
Running from C:\Users\Vuk\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe
(IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Ginger Software) C:\Program Files (x86)\Ginger\GingerClient.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Ginger Software) C:\Program Files (x86)\Ginger\GingerServices\GingerServices.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-09-01] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-06-25] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-06-23] (IObit)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-872594744-189992370-1365421600-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-872594744-189992370-1365421600-1000\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe [512384 2012-11-07] (IObit)
HKU\S-1-5-21-872594744-189992370-1365421600-1000\...\Run: [YgPack] => C:\Users\Vuk\AppData\Local\YgPack\tmp1F62.exe
HKU\S-1-5-21-872594744-189992370-1365421600-1000\...\Run: [Agworks Update] => regsvr32.exe C:\Users\Vuk\AppData\Local\Agworks\CdNetM32.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ginger.lnk
ShortcutTarget: Ginger.lnk -> C:\Windows\Installer\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}\GingerClientStartu_3C297780F1D34554B9F292E4DAC788DA.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pcaui.lnk
ShortcutTarget: pcaui.lnk -> C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\IEUpdate\pcaui.exe (No File)
ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.rs/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {B0C3CACF-547E-4DE2-B775-BDBA4962ECA9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
BHO: No Name -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Ginger Grammar & Spell Checker -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} ->  No File
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: ATLAS Toolbar -> {3C6301ED-0F78-4AF2-8150-D9C052361A8E} -> C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} ->  No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{51770A61-AE80-4E8B-B61E-1DDEF37FB8A1}: [NameServer] 192.168.1.20
 
FireFox:
========
FF ProfilePath: C:\Users\Vuk\AppData\Roaming\Mozilla\Firefox\Profiles\a8xvve9r.default-1402382154074
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll (Ginger Software)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Vuk\AppData\Roaming\Mozilla\Firefox\Profiles\a8xvve9r.default-1402382154074\searchplugins\yahoo_ff.xml
FF Extension: Ads Removal - C:\Users\Vuk\AppData\Roaming\Mozilla\Firefox\Profiles\a8xvve9r.default-1402382154074\Extensions\adremoveext@adremoveext.net [2014-08-22]
FF Extension: Gretech MKV Source Filter - C:\Users\Vuk\AppData\Roaming\Mozilla\Firefox\Profiles\a8xvve9r.default-1402382154074\Extensions\{97923CA2-5454-56C2-4D9A-275415920523} [2014-09-01]
FF Extension: Stylish - C:\Users\Vuk\AppData\Roaming\Mozilla\Firefox\Profiles\a8xvve9r.default-1402382154074\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-06-10]
FF Extension: Ginger - C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com [2014-09-18]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox.gingersoftware.com [2014-09-18]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.2.0.0.49.com [2014-09-18]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.2.0.0.57.com [2014-09-18]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.2.0.0.62.com [2014-09-18]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.com [2014-09-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [adapter@gingersoftware.com] - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com
FF Extension: Ginger - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com [2014-06-22]
FF HKCU\...\Firefox\Extensions: [adapter@gingersoftware.com] - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\Vuk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Vuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-08-25]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASC_GhromePluginFor6.crx [2013-01-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe [1051088 2012-12-13] (IObit)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [621008 2012-12-14] (IOBit)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GEST Service; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [80392 2008-07-11] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bdfsfltr; C:\Windows\system32\Drivers\bdfsfltr.sys [431176 2011-03-24] (BitDefender)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [23944 2010-04-06] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2010-04-06] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-01-29] (DT Soft Ltd)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-09-06] ()
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [35256 2011-08-26] ()
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27016 2010-04-06] (IVT Corporation.)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [329800 2011-11-21] (BitDefender S.R.L.)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-20 21:21 - 2014-09-20 21:21 - 00017937 _____ () C:\Users\Vuk\Downloads\FRST.txt
2014-09-20 21:20 - 2014-09-20 21:21 - 00000000 ____D () C:\FRST
2014-09-20 21:17 - 2014-09-20 21:17 - 02105856 _____ (Farbar) C:\Users\Vuk\Downloads\FRST64.exe
2014-09-18 22:36 - 2014-09-18 22:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 21:25 - 2014-09-15 21:26 - 00000000 ____D () C:\AdwCleaner
2014-09-14 17:05 - 2014-09-20 21:04 - 00000560 _____ () C:\Windows\setupact.log
2014-09-14 17:05 - 2014-09-18 21:11 - 00004006 _____ () C:\Windows\PFRO.log
2014-09-14 17:05 - 2014-09-14 17:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 22:12 - 2014-09-13 22:12 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Secunia PSI
2014-09-13 22:11 - 2014-09-13 22:11 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-09-13 22:08 - 2014-09-15 21:24 - 00000000 ____D () C:\Users\Vuk\Anti mailwares
2014-09-13 22:04 - 2014-09-13 22:04 - 00000741 _____ () C:\DelFix.txt
2014-09-13 22:00 - 2014-09-13 22:00 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-13 22:00 - 2014-09-13 22:00 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-13 22:00 - 2014-09-13 22:00 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-13 22:00 - 2014-09-13 22:00 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-13 22:00 - 2014-09-13 22:00 - 00000000 ____D () C:\Program Files\Java
2014-09-13 21:59 - 2014-09-13 21:59 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-13 21:59 - 2014-09-13 21:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-13 21:59 - 2014-09-13 21:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-13 21:59 - 2014-09-13 21:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-12 15:13 - 2014-09-12 16:29 - 00000000 ____D () C:\Program Files (x86)\Armored Warrior Iris
2014-09-12 09:10 - 2014-09-13 05:38 - 00000000 ____D () C:\Users\Vuk\AppData\Local\{E731A18A-5B3A-FD84-42B9-4B242294B289}
2014-09-09 10:08 - 2014-09-09 10:08 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 10:08 - 2014-09-09 10:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 10:08 - 2014-09-09 10:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 09:25 - 2014-09-16 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-09-09 09:25 - 2014-09-09 09:25 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-09-09 02:23 - 2014-09-09 02:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-08 03:19 - 2014-09-08 03:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-08 02:56 - 2014-09-20 21:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 02:56 - 2014-09-08 03:18 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-08 02:56 - 2014-09-08 02:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 02:56 - 2014-09-08 02:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-08 02:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-08 02:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-06 09:21 - 2014-09-06 09:24 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-09-06 09:21 - 2014-09-06 09:22 - 00000000 ____D () C:\Users\Vuk\Documents\RegRun2
2014-09-06 09:21 - 2014-09-06 09:21 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-09-06 09:21 - 2014-09-06 09:21 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-09-06 09:21 - 2014-09-06 09:21 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-09-06 09:00 - 2014-09-06 09:02 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-09-06 08:58 - 2014-09-06 08:58 - 00002672 _____ () C:\Windows\system32\.crusader
2014-09-06 08:49 - 2014-09-06 08:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-06 08:34 - 2014-09-06 08:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-06 08:22 - 2014-09-13 22:04 - 00000000 ____D () C:\Windows\ERUNT
2014-09-06 08:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-05 01:40 - 2014-09-06 08:47 - 00000000 ____D () C:\Users\Vuk\AppData\Roaming\Veodkee
2014-09-01 21:56 - 2014-09-01 21:56 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-09-01 21:56 - 2014-09-01 21:56 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-09-01 21:56 - 2014-09-01 21:56 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-09-01 21:55 - 2014-09-01 21:55 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-09-01 21:55 - 2014-09-01 21:55 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-09-01 21:55 - 2014-09-01 21:55 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 28685824 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 27907584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 24107520 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 23409152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 15376384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-09-01 21:54 - 2014-09-01 21:54 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 05442048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 04358656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-09-01 21:54 - 2014-09-01 21:54 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-09-01 21:54 - 2014-09-01 21:54 - 00848896 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00806912 _____ (AMD) C:\Windows\system32\coinst_14.100.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00723841 _____ () C:\Windows\system32\atiicdxx.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00638976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-09-01 21:54 - 2014-09-01 21:54 - 00580816 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-09-01 21:54 - 2014-09-01 21:54 - 00580816 _____ () C:\Windows\system32\atiapfxx.blb
2014-09-01 21:54 - 2014-09-01 21:54 - 00368128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-09-01 21:54 - 2014-09-01 21:54 - 00275124 _____ () C:\Windows\system32\ativvaxy_vi.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00274656 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-09-01 21:54 - 2014-09-01 21:54 - 00273712 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00234804 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00233008 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00231424 _____ () C:\Windows\system32\clinfo.exe
2014-09-01 21:54 - 2014-09-01 21:54 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00134192 _____ () C:\Windows\system32\ativce03.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00082128 _____ () C:\Windows\system32\ativce02.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-09-01 21:53 - 2014-09-01 21:53 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-09-01 21:53 - 2014-09-01 21:53 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-09-01 21:37 - 2014-09-01 21:37 - 00002850 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Vuk)
2014-09-01 20:05 - 2014-09-19 22:14 - 00000000 ____D () C:\Users\Vuk\HTC Weather
2014-09-01 19:05 - 2014-09-12 14:46 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Agworks
2014-09-01 18:55 - 2014-09-12 14:47 - 00000000 ____D () C:\Users\Vuk\AppData\Local\YgPack
2014-08-29 23:00 - 2014-08-30 07:38 - 00000000 ____D () C:\Program Files (x86)\Rugged Kingdom
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-20 21:21 - 2014-09-20 21:21 - 00017937 _____ () C:\Users\Vuk\Downloads\FRST.txt
2014-09-20 21:21 - 2014-09-20 21:20 - 00000000 ____D () C:\FRST
2014-09-20 21:17 - 2014-09-20 21:17 - 02105856 _____ (Farbar) C:\Users\Vuk\Downloads\FRST64.exe
2014-09-20 21:14 - 2014-09-08 02:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-20 21:09 - 2009-07-14 06:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 21:09 - 2009-07-14 06:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-20 21:04 - 2014-09-14 17:05 - 00000560 _____ () C:\Windows\setupact.log
2014-09-20 21:04 - 2014-02-20 05:54 - 00000125 _____ () C:\service.log
2014-09-20 21:04 - 2013-01-03 23:14 - 00000000 ____D () C:\Users\Vuk\AppData\Roaming\Media Player Classic
2014-09-20 21:04 - 2013-01-03 23:01 - 00000000 ____D () C:\Users\Vuk\AppData\Roaming\uTorrent
2014-09-20 21:04 - 2013-01-03 20:05 - 00020544 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-09-20 21:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-20 11:23 - 2013-01-04 04:27 - 01813942 _____ () C:\Windows\WindowsUpdate.log
2014-09-20 10:36 - 2013-01-13 21:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-19 22:14 - 2014-09-01 20:05 - 00000000 ____D () C:\Users\Vuk\HTC Weather
2014-09-19 21:02 - 2013-01-08 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-18 22:37 - 2014-09-18 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 21:14 - 2013-05-27 19:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 21:11 - 2014-09-14 17:05 - 00004006 _____ () C:\Windows\PFRO.log
2014-09-18 21:11 - 2013-01-03 23:08 - 00000000 ____D () C:\Users\Vuk\AppData\Roaming\Winamp
2014-09-16 06:42 - 2014-09-09 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-09-15 21:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2014-09-15 21:38 - 2009-07-14 07:13 - 00780868 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 21:26 - 2014-09-15 21:25 - 00000000 ____D () C:\AdwCleaner
2014-09-15 21:24 - 2014-09-13 22:08 - 00000000 ____D () C:\Users\Vuk\Anti mailwares
2014-09-14 17:05 - 2014-09-14 17:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 22:12 - 2014-09-13 22:12 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Secunia PSI
2014-09-13 22:11 - 2014-09-13 22:11 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-09-13 22:09 - 2013-01-03 19:50 - 00000000 ____D () C:\Users\Vuk
2014-09-13 22:04 - 2014-09-13 22:04 - 00000741 _____ () C:\DelFix.txt
2014-09-13 22:04 - 2014-09-06 08:22 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 22:00 - 2014-09-13 22:00 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-13 22:00 - 2014-09-13 22:00 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-13 22:00 - 2014-09-13 22:00 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-13 22:00 - 2014-09-13 22:00 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-13 22:00 - 2014-09-13 22:00 - 00000000 ____D () C:\Program Files\Java
2014-09-13 21:59 - 2014-09-13 21:59 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-13 21:59 - 2014-09-13 21:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-13 21:59 - 2014-09-13 21:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-13 21:59 - 2014-09-13 21:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 21:59 - 2013-10-07 00:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-13 21:41 - 2013-01-03 22:51 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Adobe
2014-09-13 21:40 - 2013-01-13 21:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-13 21:40 - 2013-01-12 17:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-13 21:40 - 2013-01-12 17:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-13 21:36 - 2013-01-03 20:41 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-13 05:38 - 2014-09-12 09:10 - 00000000 ____D () C:\Users\Vuk\AppData\Local\{E731A18A-5B3A-FD84-42B9-4B242294B289}
2014-09-12 16:29 - 2014-09-12 15:13 - 00000000 ____D () C:\Program Files (x86)\Armored Warrior Iris
2014-09-12 14:47 - 2014-09-01 18:55 - 00000000 ____D () C:\Users\Vuk\AppData\Local\YgPack
2014-09-12 14:46 - 2014-09-01 19:05 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Agworks
2014-09-09 10:08 - 2014-09-09 10:08 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 10:08 - 2014-09-09 10:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 10:08 - 2014-09-09 10:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 09:39 - 2013-05-16 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver
2014-09-09 09:25 - 2014-09-09 09:25 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-09-09 08:05 - 2013-11-22 11:19 - 00000000 ____D () C:\Users\Vuk\Cheat Engine 6.3
2014-09-09 08:05 - 2013-11-06 06:53 - 00000000 ____D () C:\Program Files (x86)\Agarest Generations of War
2014-09-09 08:05 - 2013-10-30 21:26 - 00000000 ____D () C:\Program Files (x86)\eMu3Ds
2014-09-09 08:05 - 2013-10-30 16:56 - 00000000 ____D () C:\Program Files (x86)\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst
2014-09-09 08:05 - 2013-05-16 13:43 - 00000000 ____D () C:\Program Files (x86)\B1 Free Archiver
2014-09-09 02:23 - 2014-09-09 02:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-08 03:27 - 2014-09-08 03:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-08 03:18 - 2014-09-08 02:56 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-08 02:56 - 2014-09-08 02:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 02:56 - 2014-09-08 02:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 09:24 - 2014-09-06 09:21 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-09-06 09:22 - 2014-09-06 09:21 - 00000000 ____D () C:\Users\Vuk\Documents\RegRun2
2014-09-06 09:21 - 2014-09-06 09:21 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-09-06 09:21 - 2014-09-06 09:21 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-09-06 09:21 - 2014-09-06 09:21 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-09-06 09:15 - 2013-04-10 12:39 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 09:02 - 2014-09-06 09:00 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-09-06 08:58 - 2014-09-06 08:58 - 00002672 _____ () C:\Windows\system32\.crusader
2014-09-06 08:58 - 2014-09-06 08:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-06 08:58 - 2013-11-29 18:34 - 00000000 __SHD () C:\Users\Vuk\AppData\Roaming\PC
2014-09-06 08:47 - 2014-09-05 01:40 - 00000000 ____D () C:\Users\Vuk\AppData\Roaming\Veodkee
2014-09-06 08:34 - 2014-09-06 08:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 07:32 - 2014-04-20 03:12 - 00000000 ____D () C:\Program Files (x86)\Agarest Zero
2014-09-05 05:33 - 2013-12-09 04:46 - 00000000 __SHD () C:\SteamClient
2014-09-01 21:56 - 2014-09-01 21:56 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-09-01 21:56 - 2014-09-01 21:56 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-09-01 21:56 - 2014-09-01 21:56 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-09-01 21:56 - 2014-08-08 01:32 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-09-01 21:56 - 2013-01-03 20:29 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-09-01 21:55 - 2014-09-01 21:55 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-09-01 21:55 - 2014-09-01 21:55 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-09-01 21:55 - 2014-09-01 21:55 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-09-01 21:55 - 2014-09-01 21:55 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 28685824 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 27907584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 24107520 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 23409152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 15376384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-09-01 21:54 - 2014-09-01 21:54 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 05442048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 04358656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-09-01 21:54 - 2014-09-01 21:54 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-09-01 21:54 - 2014-09-01 21:54 - 00848896 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00806912 _____ (AMD) C:\Windows\system32\coinst_14.100.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00723841 _____ () C:\Windows\system32\atiicdxx.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00638976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-09-01 21:54 - 2014-09-01 21:54 - 00580816 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-09-01 21:54 - 2014-09-01 21:54 - 00580816 _____ () C:\Windows\system32\atiapfxx.blb
2014-09-01 21:54 - 2014-09-01 21:54 - 00368128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-09-01 21:54 - 2014-09-01 21:54 - 00275124 _____ () C:\Windows\system32\ativvaxy_vi.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00274656 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-09-01 21:54 - 2014-09-01 21:54 - 00273712 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00234804 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00233008 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00231424 _____ () C:\Windows\system32\clinfo.exe
2014-09-01 21:54 - 2014-09-01 21:54 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00134192 _____ () C:\Windows\system32\ativce03.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00082128 _____ () C:\Windows\system32\ativce02.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-09-01 21:54 - 2014-08-08 01:29 - 10335208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-09-01 21:54 - 2014-08-08 01:29 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-09-01 21:54 - 2013-10-08 16:01 - 00099520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-09-01 21:54 - 2013-10-08 16:00 - 06799688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-09-01 21:54 - 2013-10-08 16:00 - 06796592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-09-01 21:54 - 2013-10-08 14:53 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-09-01 21:54 - 2013-10-08 14:52 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-09-01 21:54 - 2012-12-19 22:06 - 08866928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-09-01 21:54 - 2012-12-19 21:57 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-09-01 21:54 - 2012-12-19 21:33 - 01177600 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-09-01 21:54 - 2012-12-19 21:31 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-09-01 21:54 - 2012-09-28 03:43 - 01117184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-09-01 21:54 - 2012-09-28 03:41 - 01343272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-09-01 21:54 - 2012-09-28 03:31 - 07520200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-09-01 21:54 - 2012-09-28 03:25 - 08010968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-09-01 21:54 - 2012-09-28 03:11 - 00117584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-09-01 21:53 - 2014-09-01 21:53 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-09-01 21:53 - 2014-09-01 21:53 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-09-01 21:37 - 2014-09-01 21:37 - 00002850 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Vuk)
2014-09-01 20:09 - 2013-11-20 23:49 - 00000000 ____D () C:\Users\Vuk\Documents\ChessBase
2014-09-01 20:09 - 2013-11-20 23:49 - 00000000 ____D () C:\Users\Vuk\AppData\Local\ChessBase
2014-09-01 20:06 - 2013-03-31 19:37 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Stealth_Software
2014-08-30 07:57 - 2013-01-29 18:34 - 00000000 ____D () C:\Users\Vuk\AppData\Roaming\DAEMON Tools Lite
2014-08-30 07:38 - 2014-08-29 23:00 - 00000000 ____D () C:\Program Files (x86)\Rugged Kingdom
2014-08-29 19:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-25 18:55 - 2013-05-09 17:18 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Google
2014-08-25 06:53 - 2013-01-04 19:13 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 22:20 - 2013-01-11 16:45 - 00000000 ____D () C:\Users\Vuk\JDownloader
 
Files to move or delete:
====================
C:\Users\Vuk\unstopcp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-16 06:48
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Vuk at 2014-09-20 21:21:57
Running from C:\Users\Vuk\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Advanced SystemCare Ultimate (Enabled - Up to date) {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31395 - BitTorrent Inc.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced SystemCare Ultimate 6 (HKLM-x32\...\Advanced SystemCare Ultimate_is1) (Version: 6.0.0 - IObit)
AMD Accelerated Video Transcoding (Version: 13.15.100.31008 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81008.0920 - Advanced Micro Devices, Inc.) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATLAS Translation Standard V14.0 Trial Version (HKLM-x32\...\{6652750B-AA69-49B7-9D09-C0A28B6FFC9F}) (Version: 14.00.0000 - FUJITSU LIMITED)
B1 Free Archiver (HKLM-x32\...\B1FreeArchiver) (Version:  - )
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1008.0931.15229 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1008.932.15229 - Advanced Micro Devices, Inc.) Hidden
CDisplayEx 1.8 (HKLM-x32\...\CDisplayEx_is1) (Version:  - Henri Gourvest.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.1.0127 - DT Soft Ltd)
DAMN NFO Viewer 2.10.0031 RC3 (HKLM-x32\...\{DA5E6A2D-DEAA-4152-A43A-FDBDE29AA724}) (Version: 2.10.0031 - DAMN)
Delayed Shutdown 3.0 (HKLM-x32\...\Delayed Shutdown_is1) (Version:  - Alexander G Styopkin)
DeskSpace 1.5.4.4 Trial (HKCU\...\DeskSpace) (Version: 1.5.4.4 Trial - Otaku Software)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.4 - IObit)
Energy Saver Advance B8.0711.1 (HKLM-x32\...\{7ED169D4-5053-4166-93DF-53B12AE6C539}) (Version: 1.10.0000 - GIGABYTE)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Gasai Yuno by andrea_37 (HKLM-x32\...\{5bc611ba-e912-482d-9727-a12483d41377}_is1) (Version:  - k-rlitos.com)
Ginger (HKLM-x32\...\InstallShield_{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.5.89 - Ginger Software)
Ginger (x32 Version: 3.5.89 - Ginger Software) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.47.5133 - Gretech Corporation)
IcoFX 2.4 (HKLM-x32\...\IcoFX 2_is1) (Version:  - )
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.0 - IObit)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
JDownloader Packages (HKCU\...\JDownloader Packages) (Version:  - ) <==== ATTENTION
K-Lite Codec Pack 9.6.9 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.9 - )
Magic ISO Maker v5.4 (build 0247) (HKLM-x32\...\Magic ISO Maker v5.4 (build 0247)) (Version:  - )
Mahjong Gold (HKLM-x32\...\Mahjong Gold1.1) (Version: 1.1 - Foxy Games)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MeCab 0.996 (HKLM-x32\...\MeCab_is1) (Version: 0.996 - Taku Kudo)
MediaCoder 0.5.1 (HKLM-x32\...\MediaCoder) (Version: 0.5.1 - Stanley Huang)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 10.5.10100 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.2.10600.0.6 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.17400.8.2 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}) (Version: 9.12.0213 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}) (Version: 8.22.7.0 - Nokia)
PhotoFiltre (HKLM-x32\...\PhotoFiltre) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Shiro Deadman (HKLM-x32\...\{752e3e34-69a2-416a-8188-2b6af0fb3785}_is1) (Version:  - k-rlitos.com)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.2 - IObit)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version:  - )
The Walking Dead - Survival Instinct version 5.1 (HKLM-x32\...\{5FF2B4BB-9D81-4312-B574-DE26A738C6C6}_is1) (Version: 5.1 - Black_Box)
The Walking Dead © 3 version 1 (HKLM-x32\...\The Walking Dead © 3_is1) (Version: 1 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
Valkyrie Svia (HKLM-x32\...\ValkyrieSvia) (Version: English 1.0 - Mangagamer)
Vegas Pro 11.0 (HKLM-x32\...\{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}) (Version: 11.0.682 - Sony)
Visual MP3 Splitter & Joiner 6.1 (HKLM-x32\...\Visual MP3 Splitter & Joiner_is1) (Version:  - ManiacTools.com)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.8.9 - Shark007)
Winamp (HKLM-x32\...\Winamp) (Version: 5.551  - Nullsoft, Inc)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR arhiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinToFlash Suggestor (HKLM-x32\...\WinToFlash Suggestor) (Version: 1.2.5.0 - Think Tank Labs, LLC)
Xilisoft Video Converter Ultimate 6 (HKLM-x32\...\Xilisoft Video Converter Ultimate 6) (Version: 6.0.9.0806 - Xilisoft)
Yanderes By Luis_V8 (HKLM-x32\...\{e275386a-f8fd-418f-9925-9babef710079}_is1) (Version:  - k-rlitos.com)
YTD Video Downloader 4.7.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.2 - GreenTree Applications SRL)
Zero no Tsukaima (HKLM-x32\...\{1a357455-d9c6-494e-bd7c-56dfb3a357c4}_is1) (Version:  - k-rlitos.com)
Zetsuen no Tempest by andrea_3 (HKLM-x32\...\{3d73872b-e928-40c1-ad61-6c6e482106d9}_is1) (Version:  - k-rlitos.com)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
13-09-2014 20:04:29 End of disinfection
17-09-2014 07:01:27 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09AB2B5B-6794-4B05-8E7E-8FFDFD7BC095} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {336722CA-7874-418C-A431-83FD74D15FFD} - System32\Tasks\ASC6_AutoClean => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoSweep.exe [2012-09-19] (IObit)
Task: {46035D2B-2E6A-4C2D-940A-206B2AE9472A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-13] (Adobe Systems Incorporated)
Task: {54E851FF-F56C-499F-B49F-A45A1725999F} - System32\Tasks\{F1A7C197-93AB-43F4-BBE4-BF622227AB0B} => C:\Program Files (x86)\Runic Games\Torchlight\Torchlight.exe
Task: {557D10CC-BE66-4B9E-A987-9A5EDED96019} - System32\Tasks\{CF838D26-B979-4C54-8B5F-0F634B49BC6F} => C:\Program Files (x86)\Black_Box\Resident Evil 5\Launcher.exe
Task: {71A4BF50-2675-410F-8B65-AA56A6EE4B9E} - System32\Tasks\Driver Booster SkipUAC (Vuk) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)
Task: {75216A5E-1C00-4839-856A-CE2F36073FF2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {7CCF5F4E-8368-4FF0-B417-F78893AA29D1} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {ADCF6B48-E81E-42AC-9EDF-5F0EA4D7D1D6} - System32\Tasks\{B9D612B5-143F-4315-A5FF-AC645A051625} => C:\Program Files (x86)\Runic Games\Torchlight\Torchlight.exe
Task: {B01676B0-BDEE-4A24-B9C5-E705CE5B5E26} - System32\Tasks\{01F201EF-DBF7-431E-ADE1-BE89A454D22B} => C:\Users\Vuk\Downloads\New folder\WWP\wwp.exe
Task: {B0212EB3-B866-44AE-A349-88051BBC94CC} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-03] (IObit)
Task: {B6701CA0-2CE6-45C2-8E2A-26E6308F27F1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D77045DD-5D14-4C70-B3BA-95E35A527670} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe [2012-12-14] (IObit)
Task: {E3E36904-AABD-446C-A003-F2ADB018F4B9} - System32\Tasks\{D895F9CE-98BA-428E-A9AC-86B00B2D793B} => C:\Users\Vuk\Downloads\New folder\WWP\wwp.exe
Task: {FA3AFED4-ECF1-404D-AA84-AAB25C622F00} - System32\Tasks\{F2EA3E25-6EE2-486F-B2E7-12930C5E91F0} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-15] (Skype Technologies S.A.)
Task: {FBF7DD95-FB0B-47A0-A93A-3CFEECAE1BA6} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-10-01 21:34 - 2012-10-01 21:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-01 01:22 - 2014-09-01 01:22 - 02576896 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll
2014-09-09 09:53 - 2014-09-09 09:53 - 02162688 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll
2013-01-03 23:13 - 2005-06-07 13:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-01-03 22:17 - 2012-10-23 14:47 - 00160128 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCExtMenu_64.dll
2013-01-03 23:00 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2013-01-03 20:06 - 2008-07-11 20:00 - 00080392 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
2013-01-03 22:17 - 2012-04-14 16:41 - 00217944 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Antivirus\bdfltlib.dll
2013-01-03 22:17 - 2012-11-01 11:21 - 00350592 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madExcept_.bpl
2013-01-03 22:17 - 2012-11-01 11:21 - 00182656 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madBasic_.bpl
2013-01-03 22:17 - 2012-11-01 11:21 - 00050048 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madDisAsm_.bpl
2013-01-03 23:00 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2013-01-03 22:17 - 2012-09-05 19:55 - 00892288 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll
2013-01-03 20:06 - 2007-12-07 15:24 - 00117256 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver\ycc.dll
2014-08-08 01:12 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2014-08-08 01:12 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2014-08-08 01:12 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2014-08-08 01:12 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2013-01-03 22:13 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-08-08 01:12 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2013-01-03 22:13 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2013-01-03 22:17 - 2012-09-05 19:55 - 00516480 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\sqlite3.dll
2013-01-03 22:17 - 2012-10-15 11:53 - 01229696 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Scan.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk => C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DeskSpace => C:\Users\Vuk\AppData\Roaming\DeskSpace\deskspace.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SweetIM => 
MSCONFIG\startupreg: Sweetpacks Communicator => 
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: Yontoo Desktop => 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/20/2014 09:04:18 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (09/20/2014 11:23:28 AM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (09/20/2014 11:23:28 AM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (09/19/2014 09:57:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GSvr.exe, version: 0.0.0.0, time stamp: 0x48773c29
Faulting module name: GSvr.exe, version: 0.0.0.0, time stamp: 0x48773c29
Exception code: 0xc0000005
Fault offset: 0x000025e5
Faulting process id: 0x9f4
Faulting application start time: 0xGSvr.exe0
Faulting application path: GSvr.exe1
Faulting module path: GSvr.exe2
Report Id: GSvr.exe3
 
Error: (09/19/2014 09:02:56 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (09/18/2014 10:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GSvr.exe, version: 0.0.0.0, time stamp: 0x48773c29
Faulting module name: GSvr.exe, version: 0.0.0.0, time stamp: 0x48773c29
Exception code: 0xc0000005
Fault offset: 0x000025e5
Faulting process id: 0x9fc
Faulting application start time: 0xGSvr.exe0
Faulting application path: GSvr.exe1
Faulting module path: GSvr.exe2
Report Id: GSvr.exe3
 
Error: (09/18/2014 09:13:40 PM) (Source: MsiInstaller) (EventID: 1024) (User: PC)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (09/18/2014 09:11:37 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (09/16/2014 10:50:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GSvr.exe, version: 0.0.0.0, time stamp: 0x48773c29
Faulting module name: GSvr.exe, version: 0.0.0.0, time stamp: 0x48773c29
Exception code: 0xc0000005
Fault offset: 0x000025e5
Faulting process id: 0x9ec
Faulting application start time: 0xGSvr.exe0
Faulting application path: GSvr.exe1
Faulting module path: GSvr.exe2
Report Id: GSvr.exe3
 
Error: (09/16/2014 09:56:22 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
System errors:
=============
Error: (09/20/2014 09:04:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (09/19/2014 10:14:05 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "PC             :0" could not be registered on the interface with IP address 192.168.1.1.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.
 
Error: (09/19/2014 09:57:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GEST Service for program management. service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/19/2014 09:03:01 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "PC             :20" could not be registered on the interface with IP address 192.168.1.1.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.
 
Error: (09/19/2014 09:03:01 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{51770A61-AE80-4E8B-B61E-1DDEF37FB8A1} because another computer on the network has the same name.  The server could not start.
 
Error: (09/19/2014 09:02:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (09/19/2014 09:02:33 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "PC             :0" could not be registered on the interface with IP address 192.168.1.1.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.
 
Error: (09/18/2014 10:05:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GEST Service for program management. service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/18/2014 09:11:42 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "PC             :20" could not be registered on the interface with IP address 192.168.1.1.
The computer with the IP address 192.168.1.2 did not allow the name to be claimed by
this computer.
 
Error: (09/18/2014 09:11:42 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{51770A61-AE80-4E8B-B61E-1DDEF37FB8A1} because another computer on the network has the same name.  The server could not start.
 
 
Microsoft Office Sessions:
=========================
Error: (09/20/2014 09:04:18 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (09/20/2014 11:23:28 AM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (09/20/2014 11:23:28 AM) (Source: IMFservice) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (09/19/2014 09:57:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GSvr.exe0.0.0.048773c29GSvr.exe0.0.0.048773c29c0000005000025e59f401cfd43c4967448eC:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exeC:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe23cbfeff-4037-11e4-a322-001fd0a481de
 
Error: (09/19/2014 09:02:56 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (09/18/2014 10:05:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GSvr.exe0.0.0.048773c29GSvr.exe0.0.0.048773c29c0000005000025e59fc01cfd3745510aaccC:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exeC:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe33da0e69-3f6f-11e4-9dc3-001fd0a481de
 
Error: (09/18/2014 09:13:40 PM) (Source: MsiInstaller) (EventID: 1024) (User: PC)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
 
Error: (09/18/2014 09:11:37 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (09/16/2014 10:50:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GSvr.exe0.0.0.048773c29GSvr.exe0.0.0.048773c29c0000005000025e59ec01cfd1e841b81c3aC:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exeC:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe11eb5991-3de3-11e4-9bde-001fd0a481de
 
Error: (09/16/2014 09:56:22 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 35%
Total physical RAM: 4094.49 MB
Available physical RAM: 2643.64 MB
Total Pagefile: 8187.12 MB
Available Pagefile: 6395.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:262.84 GB) (Free:184.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:736.2 GB) (Free:46.08 GB) NTFS
Drive e: () (Fixed) (Total:195.31 GB) (Free:15.97 GB) NTFS
Drive g: () (Fixed) (Total:202.91 GB) (Free:17.08 GB) NTFS
Drive w: () (Fixed) (Total:1862.89 GB) (Free:436.37 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 92C91A01)
Partition 1: (Not Active) - (Size=736.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=OF Extended)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7D826B35)
Partition 1: (Active) - (Size=262.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=202.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Attached Files


Edited by xXToffeeXx, 20 September 2014 - 03:02 PM.


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:01 AM

Posted 21 September 2014 - 12:51 PM

Hi Okami,
 
No, you did it right. No need to press fix yet as I have not made a fix, but I will make one now to hopefully clean this up.
 
Keep your antivirus running and you can do scans with that if you want.
 
--------------
 
Is Advanced SystemCare Ultimate your antivirus?
 
--------------
 
Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
 
If you wish to keep it, please do not use it until your computer is cleaned.
 
--------------
 
We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

JDownloader Packages
McAfee Security Scan Plus

Additional instructions can be found here if needed.
 
--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKU\S-1-5-21-872594744-189992370-1365421600-1000\...\Run: [YgPack] => C:\Users\Vuk\AppData\Local\YgPack\tmp1F62.exe
C:\Users\Vuk\AppData\Local\YgPack
HKU\S-1-5-21-872594744-189992370-1365421600-1000\...\Run: [Agworks Update] => regsvr32.exe C:\Users\Vuk\AppData\Local\Agworks\CdNetM32.dll
C:\Users\Vuk\AppData\Local\Agworks
Startup: C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pcaui.lnk
ShortcutTarget: pcaui.lnk -> C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\IEUpdate\pcaui.exe (No File)
BHO: No Name -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} ->  No File
BHO-x32: Ginger Grammar & Spell Checker -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} ->  No File
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} ->  No File
FF Extension: Ads Removal - C:\Users\Vuk\AppData\Roaming\Mozilla\Firefox\Profiles\a8xvve9r.default-1402382154074\Extensions\adremoveext@adremoveext.net [2014-08-22]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
CHR Extension: (No Name) - C:\Users\Vuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-08-25]
2014-09-05 01:40 - 2014-09-06 08:47 - 00000000 ____D () C:\Users\Vuk\AppData\Roaming\Veodkee
C:\Users\Vuk\unstopcp.exe
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Okami

Okami
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 21 September 2014 - 02:10 PM

Both JDownloader Packages and McAfee Security Scan Plus existed in "Control Panel/Uninstall a Program" and I have removed both of them.

 

Yes IObit Advanced SystemCare Ultimate 6 is my antivirus.

 

I had done a fix with FRST as instructed (it didn't ask for restart), here is a log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Vuk at 2014-09-21 21:04:25 Run:1
Running from C:\Users\Vuk\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-872594744-189992370-1365421600-1000\...\Run: [YgPack] => C:\Users\Vuk\AppData\Local\YgPack\tmp1F62.exe
C:\Users\Vuk\AppData\Local\YgPack
HKU\S-1-5-21-872594744-189992370-1365421600-1000\...\Run: [Agworks Update] => regsvr32.exe C:\Users\Vuk\AppData\Local\Agworks\CdNetM32.dll
C:\Users\Vuk\AppData\Local\Agworks
Startup: C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pcaui.lnk
ShortcutTarget: pcaui.lnk -> C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\IEUpdate\pcaui.exe (No File)
BHO: No Name -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} ->  No File
BHO-x32: Ginger Grammar & Spell Checker -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} ->  No File
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} ->  No File
FF Extension: Ads Removal - C:\Users\Vuk\AppData\Roaming\Mozilla\Firefox\Profiles\a8xvve9r.default-1402382154074\Extensions\adremoveext@adremoveext.net [2014-08-22]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
CHR Extension: (No Name) - C:\Users\Vuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-08-25]
2014-09-05 01:40 - 2014-09-06 08:47 - 00000000 ____D () C:\Users\Vuk\AppData\Roaming\Veodkee
C:\Users\Vuk\unstopcp.exe
*****************

HKU\S-1-5-21-872594744-189992370-1365421600-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YgPack => value deleted successfully.
C:\Users\Vuk\AppData\Local\YgPack => Moved successfully.
HKU\S-1-5-21-872594744-189992370-1365421600-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Agworks Update => value deleted successfully.
C:\Users\Vuk\AppData\Local\Agworks => Moved successfully.
C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pcaui.lnk => Moved successfully.
C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\IEUpdate\pcaui.exe not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0877c1fc-19c6-4fe2-8e3d-699d8edb2964}" => Key deleted successfully.
"HKCR\CLSID\{0877c1fc-19c6-4fe2-8e3d-699d8edb2964}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0877c1fc-19c6-4fe2-8e3d-699d8edb2964}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0877c1fc-19c6-4fe2-8e3d-699d8edb2964}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}" => Key not found.
C:\Users\Vuk\AppData\Roaming\Mozilla\Firefox\Profiles\a8xvve9r.default-1402382154074\Extensions\adremoveext@adremoveext.net => Moved successfully.
C:\Program Files (x86)\IObit Apps Toolbar\FF not found.
C:\Users\Vuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen => Moved successfully.
C:\Users\Vuk\AppData\Roaming\Veodkee => Moved successfully.
C:\Users\Vuk\unstopcp.exe => Moved successfully.

==== End of Fixlog ====

Attached Files


Edited by Okami, 21 September 2014 - 02:13 PM.


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:01 AM

Posted 22 September 2014 - 10:15 AM

Hi Okami,
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • New FRST.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 Okami

Okami
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 22 September 2014 - 01:10 PM

Hi Toffee,

 

Here is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Vuk (administrator) on PC on 22-09-2014 19:59:27
Running from C:\Users\Vuk\Desktop
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe
(IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Ginger Software) C:\Program Files (x86)\Ginger\GingerClient.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Ginger Software) C:\Program Files (x86)\Ginger\GingerServices\GingerServices.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Stealth Software) C:\Users\Vuk\HTC Weather\HTCHome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-09-01] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-06-25] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-06-23] (IObit)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-872594744-189992370-1365421600-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-872594744-189992370-1365421600-1000\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe [512384 2012-11-07] (IObit)
HKU\S-1-5-21-872594744-189992370-1365421600-1000\...\Run: [] => regsvr32.exe C:\Users\Vuk\AppData\Local\Agworks\zlfweqspdyvj.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ginger.lnk
ShortcutTarget: Ginger.lnk -> C:\Windows\Installer\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}\GingerClientStartu_3C297780F1D34554B9F292E4DAC788DA.exe (Flexera Software LLC)
Startup: C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wimserv.lnk
ShortcutTarget: wimserv.lnk -> C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\IEUpdate\wimserv.exe (No File)
ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.rs/
http://www.google.rs/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {B0C3CACF-547E-4DE2-B775-BDBA4962ECA9} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: ATLAS Toolbar -> {3C6301ED-0F78-4AF2-8150-D9C052361A8E} -> C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{249DCF7E-7D70-4D54-B5A2-DCA51A5C2BC9}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{51770A61-AE80-4E8B-B61E-1DDEF37FB8A1}: [NameServer] 8.8.8.8,8.8.8.8,192.168.1.20
Tcpip\..\Interfaces\{86A3CD09-B87B-432E-A128-5E16A90DFA31}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Vuk\AppData\Roaming\Mozilla\Firefox\Profiles\a8xvve9r.default-1402382154074
FF Homepage: https://www.google.com/
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=407453&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll (Ginger Software)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Vuk\AppData\Roaming\Mozilla\Firefox\Profiles\a8xvve9r.default-1402382154074\searchplugins\yahoo_ff.xml
FF Extension: Gretech MKV Source Filter - C:\Users\Vuk\AppData\Roaming\Mozilla\Firefox\Profiles\a8xvve9r.default-1402382154074\Extensions\{97923CA2-5454-56C2-4D9A-275415920523} [2014-09-01]
FF Extension: Stylish - C:\Users\Vuk\AppData\Roaming\Mozilla\Firefox\Profiles\a8xvve9r.default-1402382154074\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-06-10]
FF Extension: Ginger - C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com [2014-09-18]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox.gingersoftware.com [2014-09-18]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.2.0.0.49.com [2014-09-18]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.2.0.0.57.com [2014-09-18]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.2.0.0.62.com [2014-09-18]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.com [2014-09-18]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [adapter@gingersoftware.com] - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com
FF Extension: Ginger - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com [2014-06-22]
FF HKCU\...\Firefox\Extensions: [adapter@gingersoftware.com] - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Vuk\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASC_GhromePluginFor6.crx [2013-01-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascsvc.exe [1051088 2012-12-13] (IObit)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [621008 2012-12-14] (IOBit)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GEST Service; C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [80392 2008-07-11] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 bdfsfltr; C:\Windows\system32\Drivers\bdfsfltr.sys [431176 2011-03-24] (BitDefender)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [23944 2010-04-06] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [30088 2010-04-06] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-01-29] (DT Soft Ltd)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-09-06] ()
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [35256 2011-08-26] ()
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27016 2010-04-06] (IVT Corporation.)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [329800 2011-11-21] (BitDefender S.R.L.)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 19:59 - 2014-09-22 19:59 - 00016914 _____ () C:\Users\Vuk\Desktop\FRST.txt
2014-09-22 19:53 - 2014-09-22 19:53 - 00001854 _____ () C:\Windows\PFRO.log
2014-09-22 19:53 - 2014-09-22 19:53 - 00000056 _____ () C:\Windows\setupact.log
2014-09-22 19:53 - 2014-09-22 19:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-21 22:56 - 2014-09-21 22:56 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-09-21 22:42 - 2014-09-21 22:42 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Agworks
2014-09-21 22:41 - 2014-09-21 22:41 - 00000000 ____D () C:\Users\Vuk\AppData\Local\YgPack
2014-09-21 17:16 - 2014-09-21 17:16 - 00000000 ____D () C:\Users\Vuk\AppData\Roaming\Weeceli
2014-09-20 21:20 - 2014-09-22 19:59 - 00000000 ____D () C:\FRST
2014-09-20 21:17 - 2014-09-20 21:17 - 02105856 _____ (Farbar) C:\Users\Vuk\Desktop\FRST64.exe
2014-09-18 22:36 - 2014-09-18 22:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 21:25 - 2014-09-15 21:26 - 00000000 ____D () C:\AdwCleaner
2014-09-13 22:12 - 2014-09-13 22:12 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Secunia PSI
2014-09-13 22:11 - 2014-09-13 22:11 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-09-13 22:08 - 2014-09-15 21:24 - 00000000 ____D () C:\Users\Vuk\Anti mailwares
2014-09-13 22:04 - 2014-09-13 22:04 - 00000741 _____ () C:\DelFix.txt
2014-09-13 22:00 - 2014-09-13 22:00 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-13 22:00 - 2014-09-13 22:00 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-13 22:00 - 2014-09-13 22:00 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-13 22:00 - 2014-09-13 22:00 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-13 22:00 - 2014-09-13 22:00 - 00000000 ____D () C:\Program Files\Java
2014-09-13 21:59 - 2014-09-13 21:59 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-13 21:59 - 2014-09-13 21:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-13 21:59 - 2014-09-13 21:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-13 21:59 - 2014-09-13 21:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-12 15:13 - 2014-09-12 16:29 - 00000000 ____D () C:\Program Files (x86)\Armored Warrior Iris
2014-09-12 09:10 - 2014-09-13 05:38 - 00000000 ____D () C:\Users\Vuk\AppData\Local\{E731A18A-5B3A-FD84-42B9-4B242294B289}
2014-09-09 10:08 - 2014-09-09 10:08 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 10:08 - 2014-09-09 10:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 10:08 - 2014-09-09 10:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 09:25 - 2014-09-16 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-09-09 09:25 - 2014-09-09 09:25 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-09-09 02:23 - 2014-09-09 02:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-08 03:19 - 2014-09-08 03:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-08 02:56 - 2014-09-21 17:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 02:56 - 2014-09-08 03:18 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-08 02:56 - 2014-09-08 02:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 02:56 - 2014-09-08 02:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-08 02:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-08 02:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-06 09:21 - 2014-09-06 09:24 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-09-06 09:21 - 2014-09-06 09:22 - 00000000 ____D () C:\Users\Vuk\Documents\RegRun2
2014-09-06 09:21 - 2014-09-06 09:21 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-09-06 09:21 - 2014-09-06 09:21 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-09-06 09:21 - 2014-09-06 09:21 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-09-06 09:00 - 2014-09-06 09:02 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-09-06 08:58 - 2014-09-06 08:58 - 00002672 _____ () C:\Windows\system32\.crusader
2014-09-06 08:49 - 2014-09-06 08:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-06 08:34 - 2014-09-06 08:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-06 08:22 - 2014-09-13 22:04 - 00000000 ____D () C:\Windows\ERUNT
2014-09-06 08:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-01 21:56 - 2014-09-01 21:56 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-09-01 21:56 - 2014-09-01 21:56 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-09-01 21:56 - 2014-09-01 21:56 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-09-01 21:55 - 2014-09-01 21:55 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-09-01 21:55 - 2014-09-01 21:55 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-09-01 21:55 - 2014-09-01 21:55 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 28685824 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 27907584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 24107520 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 23409152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 15376384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-09-01 21:54 - 2014-09-01 21:54 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 05442048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 04358656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-09-01 21:54 - 2014-09-01 21:54 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-09-01 21:54 - 2014-09-01 21:54 - 00848896 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00806912 _____ (AMD) C:\Windows\system32\coinst_14.100.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00723841 _____ () C:\Windows\system32\atiicdxx.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00638976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-09-01 21:54 - 2014-09-01 21:54 - 00580816 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-09-01 21:54 - 2014-09-01 21:54 - 00580816 _____ () C:\Windows\system32\atiapfxx.blb
2014-09-01 21:54 - 2014-09-01 21:54 - 00368128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-09-01 21:54 - 2014-09-01 21:54 - 00275124 _____ () C:\Windows\system32\ativvaxy_vi.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00274656 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-09-01 21:54 - 2014-09-01 21:54 - 00273712 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00234804 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00233008 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00231424 _____ () C:\Windows\system32\clinfo.exe
2014-09-01 21:54 - 2014-09-01 21:54 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00134192 _____ () C:\Windows\system32\ativce03.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00082128 _____ () C:\Windows\system32\ativce02.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-09-01 21:53 - 2014-09-01 21:53 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-09-01 21:53 - 2014-09-01 21:53 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-09-01 21:37 - 2014-09-01 21:37 - 00002850 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Vuk)
2014-09-01 20:05 - 2014-09-22 19:54 - 00000000 ____D () C:\Users\Vuk\HTC Weather
2014-08-29 23:00 - 2014-08-30 07:38 - 00000000 ____D () C:\Program Files (x86)\Rugged Kingdom

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 20:00 - 2014-09-22 19:59 - 00016914 _____ () C:\Users\Vuk\Desktop\FRST.txt
2014-09-22 19:59 - 2014-09-20 21:20 - 00000000 ____D () C:\FRST
2014-09-22 19:59 - 2009-07-14 06:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 19:59 - 2009-07-14 06:45 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 19:54 - 2014-09-01 20:05 - 00000000 ____D () C:\Users\Vuk\HTC Weather
2014-09-22 19:54 - 2014-02-20 05:54 - 00000125 _____ () C:\service.log
2014-09-22 19:54 - 2013-01-03 23:14 - 00000000 ____D () C:\Users\Vuk\AppData\Roaming\Media Player Classic
2014-09-22 19:54 - 2013-01-03 23:08 - 00000000 ____D () C:\Users\Vuk\AppData\Roaming\Winamp
2014-09-22 19:53 - 2014-09-22 19:53 - 00001854 _____ () C:\Windows\PFRO.log
2014-09-22 19:53 - 2014-09-22 19:53 - 00000056 _____ () C:\Windows\setupact.log
2014-09-22 19:53 - 2014-09-22 19:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-22 19:53 - 2013-01-03 20:05 - 00020544 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-09-22 19:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 06:36 - 2013-01-13 21:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 22:56 - 2014-09-21 22:56 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-09-21 22:42 - 2014-09-21 22:42 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Agworks
2014-09-21 22:41 - 2014-09-21 22:41 - 00000000 ____D () C:\Users\Vuk\AppData\Local\YgPack
2014-09-21 21:04 - 2013-01-03 19:50 - 00000000 ____D () C:\Users\Vuk
2014-09-21 17:50 - 2009-07-14 06:45 - 00000000 ____D () C:\Windows\Setup
2014-09-21 17:31 - 2014-09-08 02:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 17:16 - 2014-09-21 17:16 - 00000000 ____D () C:\Users\Vuk\AppData\Roaming\Weeceli
2014-09-20 21:17 - 2014-09-20 21:17 - 02105856 _____ (Farbar) C:\Users\Vuk\Desktop\FRST64.exe
2014-09-20 11:23 - 2013-01-04 04:27 - 01813942 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 21:02 - 2013-01-08 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-18 22:37 - 2014-09-18 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 21:14 - 2013-05-27 19:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 06:42 - 2014-09-09 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-09-15 21:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2014-09-15 21:38 - 2009-07-14 07:13 - 00780868 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 21:26 - 2014-09-15 21:25 - 00000000 ____D () C:\AdwCleaner
2014-09-15 21:24 - 2014-09-13 22:08 - 00000000 ____D () C:\Users\Vuk\Anti mailwares
2014-09-13 22:12 - 2014-09-13 22:12 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Secunia PSI
2014-09-13 22:11 - 2014-09-13 22:11 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-09-13 22:04 - 2014-09-13 22:04 - 00000741 _____ () C:\DelFix.txt
2014-09-13 22:04 - 2014-09-06 08:22 - 00000000 ____D () C:\Windows\ERUNT
2014-09-13 22:00 - 2014-09-13 22:00 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-13 22:00 - 2014-09-13 22:00 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-13 22:00 - 2014-09-13 22:00 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-13 22:00 - 2014-09-13 22:00 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-13 22:00 - 2014-09-13 22:00 - 00000000 ____D () C:\Program Files\Java
2014-09-13 21:59 - 2014-09-13 21:59 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-13 21:59 - 2014-09-13 21:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-13 21:59 - 2014-09-13 21:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-13 21:59 - 2014-09-13 21:59 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-13 21:59 - 2013-10-07 00:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-13 21:41 - 2013-01-03 22:51 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Adobe
2014-09-13 21:40 - 2013-01-13 21:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-13 21:40 - 2013-01-12 17:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-13 21:40 - 2013-01-12 17:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-13 21:36 - 2013-01-03 20:41 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-13 05:38 - 2014-09-12 09:10 - 00000000 ____D () C:\Users\Vuk\AppData\Local\{E731A18A-5B3A-FD84-42B9-4B242294B289}
2014-09-12 16:29 - 2014-09-12 15:13 - 00000000 ____D () C:\Program Files (x86)\Armored Warrior Iris
2014-09-09 10:08 - 2014-09-09 10:08 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-09 10:08 - 2014-09-09 10:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-09 10:08 - 2014-09-09 10:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 09:39 - 2013-05-16 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver
2014-09-09 09:25 - 2014-09-09 09:25 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-09-09 08:05 - 2013-11-22 11:19 - 00000000 ____D () C:\Users\Vuk\Cheat Engine 6.3
2014-09-09 08:05 - 2013-11-06 06:53 - 00000000 ____D () C:\Program Files (x86)\Agarest Generations of War
2014-09-09 08:05 - 2013-10-30 21:26 - 00000000 ____D () C:\Program Files (x86)\eMu3Ds
2014-09-09 08:05 - 2013-10-30 16:56 - 00000000 ____D () C:\Program Files (x86)\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst
2014-09-09 08:05 - 2013-05-16 13:43 - 00000000 ____D () C:\Program Files (x86)\B1 Free Archiver
2014-09-09 02:23 - 2014-09-09 02:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-08 03:27 - 2014-09-08 03:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-08 03:18 - 2014-09-08 02:56 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-08 02:56 - 2014-09-08 02:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 02:56 - 2014-09-08 02:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-06 09:24 - 2014-09-06 09:21 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-09-06 09:22 - 2014-09-06 09:21 - 00000000 ____D () C:\Users\Vuk\Documents\RegRun2
2014-09-06 09:21 - 2014-09-06 09:21 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-09-06 09:21 - 2014-09-06 09:21 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-09-06 09:21 - 2014-09-06 09:21 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-09-06 09:15 - 2013-04-10 12:39 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 09:02 - 2014-09-06 09:00 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-09-06 08:58 - 2014-09-06 08:58 - 00002672 _____ () C:\Windows\system32\.crusader
2014-09-06 08:58 - 2014-09-06 08:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-06 08:58 - 2013-11-29 18:34 - 00000000 __SHD () C:\Users\Vuk\AppData\Roaming\PC
2014-09-06 08:34 - 2014-09-06 08:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 07:32 - 2014-04-20 03:12 - 00000000 ____D () C:\Program Files (x86)\Agarest Zero
2014-09-05 05:33 - 2013-12-09 04:46 - 00000000 __SHD () C:\SteamClient
2014-09-01 21:56 - 2014-09-01 21:56 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-09-01 21:56 - 2014-09-01 21:56 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-09-01 21:56 - 2014-09-01 21:56 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-09-01 21:56 - 2014-08-08 01:32 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-09-01 21:56 - 2013-01-03 20:29 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-09-01 21:55 - 2014-09-01 21:55 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-09-01 21:55 - 2014-09-01 21:55 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-09-01 21:55 - 2014-09-01 21:55 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-09-01 21:55 - 2014-09-01 21:55 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-09-01 21:55 - 2014-09-01 21:55 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 28685824 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 27907584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 24107520 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 23409152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 15376384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-09-01 21:54 - 2014-09-01 21:54 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 05442048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 04358656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-09-01 21:54 - 2014-09-01 21:54 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-09-01 21:54 - 2014-09-01 21:54 - 00848896 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00806912 _____ (AMD) C:\Windows\system32\coinst_14.100.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00723841 _____ () C:\Windows\system32\atiicdxx.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00638976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-09-01 21:54 - 2014-09-01 21:54 - 00580816 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-09-01 21:54 - 2014-09-01 21:54 - 00580816 _____ () C:\Windows\system32\atiapfxx.blb
2014-09-01 21:54 - 2014-09-01 21:54 - 00368128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-09-01 21:54 - 2014-09-01 21:54 - 00275124 _____ () C:\Windows\system32\ativvaxy_vi.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00274656 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-09-01 21:54 - 2014-09-01 21:54 - 00273712 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00234804 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00233008 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00231424 _____ () C:\Windows\system32\clinfo.exe
2014-09-01 21:54 - 2014-09-01 21:54 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00134192 _____ () C:\Windows\system32\ativce03.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00082128 _____ () C:\Windows\system32\ativce02.dat
2014-09-01 21:54 - 2014-09-01 21:54 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-09-01 21:54 - 2014-09-01 21:54 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-09-01 21:54 - 2014-08-08 01:29 - 10335208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-09-01 21:54 - 2014-08-08 01:29 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-09-01 21:54 - 2013-10-08 16:01 - 00099520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-09-01 21:54 - 2013-10-08 16:00 - 06799688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-09-01 21:54 - 2013-10-08 16:00 - 06796592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-09-01 21:54 - 2013-10-08 14:53 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-09-01 21:54 - 2013-10-08 14:52 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-09-01 21:54 - 2012-12-19 22:06 - 08866928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-09-01 21:54 - 2012-12-19 21:57 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-09-01 21:54 - 2012-12-19 21:33 - 01177600 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-09-01 21:54 - 2012-12-19 21:31 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-09-01 21:54 - 2012-09-28 03:43 - 01117184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-09-01 21:54 - 2012-09-28 03:41 - 01343272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-09-01 21:54 - 2012-09-28 03:31 - 07520200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-09-01 21:54 - 2012-09-28 03:25 - 08010968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-09-01 21:54 - 2012-09-28 03:11 - 00117584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-09-01 21:53 - 2014-09-01 21:53 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-09-01 21:53 - 2014-09-01 21:53 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-09-01 21:37 - 2014-09-01 21:37 - 00002850 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Vuk)
2014-09-01 20:09 - 2013-11-20 23:49 - 00000000 ____D () C:\Users\Vuk\Documents\ChessBase
2014-09-01 20:09 - 2013-11-20 23:49 - 00000000 ____D () C:\Users\Vuk\AppData\Local\ChessBase
2014-09-01 20:06 - 2013-03-31 19:37 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Stealth_Software
2014-08-30 07:57 - 2013-01-29 18:34 - 00000000 ____D () C:\Users\Vuk\AppData\Roaming\DAEMON Tools Lite
2014-08-30 07:38 - 2014-08-29 23:00 - 00000000 ____D () C:\Program Files (x86)\Rugged Kingdom
2014-08-29 19:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-25 18:55 - 2013-05-09 17:18 - 00000000 ____D () C:\Users\Vuk\AppData\Local\Google
2014-08-25 06:53 - 2013-01-04 19:13 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 22:20 - 2013-01-11 16:45 - 00000000 ____D () C:\Users\Vuk\JDownloader

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 06:48

==================== End Of Log ============================

 

 

Attached Files


Edited by Okami, 22 September 2014 - 01:13 PM.


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:01 AM

Posted 23 September 2014 - 11:08 AM

Hi Okami,
 
Running a Blitzblank script:
Blitzblank is a powerful tool and care must be taken to follow the steps carefully. Please note the warning you will receive when the program is launched.

  • Download Blitzblank and save it your clean computer. Then transfer it over to the desktop of your infected computer using the USB.
  • Double click the blitzblank icon.
  • Click OK on the warning screen.
  • Click the Script tab.
  • Copy and paste the following inside the script window.
DeleteFolder:
C:\Users\Vuk\AppData\Local\Agworks
C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\IEUpdate
C:\Users\Vuk\AppData\Local\YgPack
C:\Users\Vuk\AppData\Roaming\Weeceli
DeleteFile:
C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wimserv.lnk
  • Click Execute Now.
  • Click OK on the warning window.
  • Click OK on the System reboot window.
  • You will see a black screen with writing on it indicating the actions being taken.
  • Locate the blitzblank.txt file located at C:\blitzblank.txt, and transfer it via your USB to your clean computer.
  • Post the entire contents of that log as a reply to this topic.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Blitzblank.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 Okami

Okami
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 23 September 2014 - 02:59 PM

When I click on execute now it gives me Syntax error: Syntax error in line 7, Invalid file patch.

 

Here's a screenshot:

 

image.jpg



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:01 AM

Posted 23 September 2014 - 03:07 PM

Hi Okami,
 
Lets try this script instead :

DeleteFolder:
C:\Users\Vuk\AppData\Local\Agworks
C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\IEUpdate
C:\Users\Vuk\AppData\Local\YgPack
C:\Users\Vuk\AppData\Roaming\Weeceli
DeleteFile:
"C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wimserv.lnk"

 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Blitzblank.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 Okami

Okami
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 23 September 2014 - 03:13 PM

Hi Toffee,

 

No changes with that script, it gives me a same error.

 

Should I try to run it in a safe mode?



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:01 AM

Posted 24 September 2014 - 11:10 AM

Hi Okami,
 
Seems that line is causing problems, I'll remove it. Sorry about this, try this script:

DeleteFolder:
C:\Users\Vuk\AppData\Local\Agworks
C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\IEUpdate
C:\Users\Vuk\AppData\Local\YgPack
C:\Users\Vuk\AppData\Roaming\Weeceli

 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Blitzblank.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 Okami

Okami
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 24 September 2014 - 02:48 PM

Hi Toffee,

 

Now it gives me a different error, after I press Ok for system will need to reboot it gives me Error: Failed to execute, please make sure that application was started as an administrator. And I am running it as an administrator. Here's a screenshot:

 

Untitled.jpg

 

 

I tried running it in a safe mode too, it's the same.

 

I also tried ruining every of the 4 scripts separately  like this:

 

DeleteFolder:
C:\Users\Vuk\AppData\Local\Agworks

 

but that didn't change anything ether.


Edited by Okami, 24 September 2014 - 02:52 PM.


#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:01 AM

Posted 25 September 2014 - 11:04 AM

Hi Okami,
 
Very odd. Lets try another tool instead then.

  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
Folders to delete:
C:\Users\Vuk\AppData\Local\Agworks
C:\Users\Vuk\AppData\Roaming\Microsoft\Windows\IEUpdate
C:\Users\Vuk\AppData\Local\YgPack
C:\Users\Vuk\AppData\Roaming\Weeceli
  • In the avenger window, click the Paste Script from Clipboard button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 Okami

Okami
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 25 September 2014 - 04:24 PM

Hi Toffee,

 

I have done it but no logs have been created. After PC reboot itself it turns up normally and no log have shown up, there is also no log in C:\ and I also tried searching for it using windows search typing avenger and avenger.txt but no logs have been found. I tried running it again and it was the same, it does everything till reboot normally but after it there are no any logs. Whoever there is a log called zjnba in a C:\ witch is a copy of a script created today, and there is also a log called service also created today that says:

Just before processing loop...
Type=60,Port=b2,BiosAddr=cfeeea10
Current=0.000000,Total=0.000000,MaxVid=1.250000,Rev=0x20
 

I have no idea if this is connected to avenger true.

 

Also I might add that Virus had become more "Active" as it needs less time to regenerate itself and it started pooping up multiple windows'es instead of just one, true scanning with Malwarebytes Anti-Malware still removes him temporarily. The last time was before I had run avanger.


Edited by Okami, 25 September 2014 - 04:32 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users