Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run regedit.exe and can't right click on folders and apps


  • This topic is locked This topic is locked
2 replies to this topic

#1 krotitel

krotitel

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 21 April 2015 - 07:45 AM

Hi to everyone,

 

I am sorry to bother you but I have encountered a real problem for me, since this morning I am actively working on getting rid of a nasty virus (I believe that the regedit problem is caused by it). I believe that I have got infected while downloading a pirated game which I regeret now. However, on windows startup an cmd.exe started automaticaly and opened a Firefox web page bizigames.org. I was not able to run regedit.exe nor I was able to run Ccleaner since then.

I used Adwcleaner as mentioned in this post: http://www.bleepingcomputer.com/forums/t/570652/firefox-opens-bizigamesorg-on-startup/ and tried to check all the results but it is possible that I missed some register keys and removed it.

 

CMD.exe no longer runs on startup and no web page opens, however I still cant manage my regedit.exe which bothered me more. Additionaly now I am not able to right-click any app on my desktop or any folder in my PC. I cant add the keys to registry since I am not able to manage regedit.exe. I am lost at this point and I do not want to do more harm by trying to solve the problem all by myself. I tried various solutions on how to get my regedit.exe working but none worked for me - when I try to launch regedit.exe nothing happens.

 

Thanks for any ideas

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Krotitel (administrator) on KROTITEL-PC on 21-04-2015 14:24:35
Running from C:\Users\Krotitel\Desktop\FRST64
Loaded Profiles: Krotitel & honza (Available profiles: Krotitel & honza)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Facebook Inc.) C:\Users\Krotitel\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-04-03] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-04-09] (NVIDIA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-21] (Avast Software s.r.o.)
HKLM-x32\...\Run: [ats] => C:\Windows\SysWOW64\asd\loadqm.exe noshow
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Run: [Facebook Update] => C:\Users\Krotitel\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-02] (Facebook Inc.)
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Run: [C3] => [X]
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Run: [uTorrent] => C:\Users\Krotitel\AppData\Roaming\uTorrent\uTorrent.exe [1442384 2015-03-26] (BitTorrent Inc.)
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\RunOnce: [Adobe Speed Launcher] => 1429617464
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\Explorer: [NoViewContextMenu] 1
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\Explorer: [NoFileUrl] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\Explorer: [NoSetTaskBar] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\Explorer: [Nosecuritytab] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\Explorer: [NoUpdateCheck] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\MountPoints2: G - G:\Startme.exe
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\MountPoints2: {34c1c56d-1a08-11e1-a0b4-f46d040ec162} - E:\m.exe
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\...\MountPoints2: {6b2b5374-a853-11e3-8ee7-f46d040ec162} - G:\Startme.exe
IFEO\avz.exe: [Debugger] svchost.exe
IFEO\CCleaner.exe: [Debugger] svchost.exe
IFEO\CCleaner64.exe: [Debugger] svchost.exe
IFEO\regedit.exe: [Debugger] svchost.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-21] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
CHR HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4158213011-1177296101-1875333924-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-21] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: No Name -> {169b75fe-bc90-40aa-9f02-23f499a2f94f} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-21] (Avast Software s.r.o.)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File [ ]
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Krotitel\AppData\Roaming\Mozilla\Firefox\Profiles\bwbn7y3v.default-1384444048698
FF DefaultSearchEngine: Seznam
FF DefaultSearchUrl: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: Seznam
FF SelectedSearchEngine: Seznam
FF Homepage: https://www.google.cz/
FF Keyword.URL: hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-09-23] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4158213011-1177296101-1875333924-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Krotitel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-4158213011-1177296101-1875333924-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Krotitel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-06] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Krotitel\AppData\Roaming\Mozilla\Firefox\Profiles\bwbn7y3v.default-1384444048698\searchplugins\seznam-avast.xml [2014-12-16]
FF Extension: Adblock Plus - C:\Users\Krotitel\AppData\Roaming\Mozilla\Firefox\Profiles\bwbn7y3v.default-1384444048698\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-04-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-10-06]

Chrome:
=======
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "https://www.seznam.cz/?clid=22668"
CHR Profile: C:\Users\Krotitel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Krotitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-14]
CHR Extension: (Avast Online Security) - C:\Users\Krotitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-14]
CHR Extension: (Skype Click to Call) - C:\Users\Krotitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-09-01]
CHR Extension: (Google Wallet) - C:\Users\Krotitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
CHR HKU\S-1-5-21-4158213011-1177296101-1875333924-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Krotitel\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-07-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-21] (Avast Software s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2015-01-08] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-06] (EasyAntiCheat Ltd)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-16] (Electronic Arts)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-21] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-21] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-21] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-21] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-21] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-21] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2011-11-28] (DT Soft Ltd)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-11-28] () [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
U3 ahyj0858; C:\Windows\System32\Drivers\ahyj0858.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
R3 cpuz134; \??\C:\Users\Krotitel\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-21 14:14 - 2015-04-21 14:14 - 00000344 _____ () C:\Windows\Tasks\ReimageUpdater.job
2015-04-21 14:13 - 2015-04-21 14:19 - 00000000 ____D () C:\Program Files\Reimage
2015-04-21 14:13 - 2015-04-21 14:14 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-04-21 14:12 - 2015-04-21 14:15 - 00000165 _____ () C:\Windows\Reimage.ini
2015-04-21 13:38 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-21 13:38 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-21 13:38 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-21 13:38 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-21 13:38 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-21 13:38 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-21 13:38 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-21 13:38 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-21 13:38 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-21 13:38 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-21 13:37 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-21 13:37 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-21 13:37 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-21 13:37 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-21 13:28 - 2015-04-21 13:28 - 00002159 _____ () C:\Users\Public\Desktop\Virus Effect Remover.lnk
2015-04-21 13:28 - 2015-04-21 13:28 - 00000000 ____D () C:\Users\Krotitel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virus Effect Remover
2015-04-21 13:28 - 2015-04-21 13:28 - 00000000 ____D () C:\Program Files (x86)\Virus Effect Remover
2015-04-21 13:24 - 2015-04-21 13:24 - 00000000 ____D () C:\Windows\XSxS
2015-04-21 13:24 - 2015-04-21 13:24 - 00000000 ____D () C:\Users\Krotitel\AppData\Local\Xenocode
2015-04-21 13:24 - 2015-04-21 13:24 - 00000000 ____D () C:\Program Files (x86)\Xenocode
2015-04-21 12:59 - 2015-04-21 12:59 - 00000464 __RSH () C:\Users\Krotitel\ntuser.pol
2015-04-21 12:33 - 2015-04-21 12:37 - 00000000 ____D () C:\AdwCleaner
2015-04-21 12:24 - 2015-04-21 14:24 - 00000000 ____D () C:\FRST
2015-04-21 12:23 - 2015-04-21 14:24 - 00000000 ____D () C:\Users\Krotitel\Desktop\FRST64
2015-04-21 12:06 - 2009-07-14 03:39 - 00427008 _____ (Microsoft Corporation) C:\Windows\oprava.exe
2015-04-21 11:07 - 2015-04-21 11:07 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-21 11:07 - 2015-04-21 11:07 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-21 02:51 - 2015-04-21 02:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 01:08 - 2015-04-21 08:43 - 00000000 __SHD () C:\Windows\SysWOW64\asd
2015-04-21 01:08 - 2015-04-21 01:08 - 00000076 _____ () C:\Windows\SysWOW64\mypath0079.dll
2015-04-21 01:08 - 2015-04-21 01:08 - 00000034 _____ () C:\Windows\SysWOW64\MTX0CI.dll
2015-04-21 01:08 - 2015-04-21 01:08 - 00000004 _____ () C:\Windows\SysWOW64\microday08.dll
2015-04-20 19:34 - 2015-04-20 19:34 - 00000000 ____D () C:\Users\Krotitel\Tracing
2015-04-19 11:32 - 2015-04-19 11:32 - 00001282 _____ () C:\Users\Krotitel\Desktop\Mortal Kombat X.lnk
2015-04-19 11:32 - 2015-04-19 11:32 - 00000000 ____D () C:\Users\Krotitel\AppData\Roaming\Mortal Kombat X
2015-04-19 11:32 - 2015-04-19 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mortal Kombat X
2015-04-19 10:56 - 2015-04-19 11:16 - 00000000 ____D () C:\Program Files (x86)\Mortal Kombat X
2015-04-17 00:02 - 2015-04-08 22:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-17 00:00 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-17 00:00 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-17 00:00 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-15 22:39 - 2015-04-15 22:39 - 00000000 ____D () C:\Users\Krotitel\AppData\Roaming\MK10
2015-04-10 22:56 - 2015-04-10 22:56 - 00000000 ____D () C:\Users\Krotitel\Documents\Electronic Arts
2015-04-10 22:56 - 2015-04-10 22:56 - 00000000 ____D () C:\Users\Krotitel\AppData\Local\Electronic Arts
2015-04-10 22:54 - 2015-04-10 22:54 - 00000000 ____D () C:\Users\Krotitel\Documents\Electrontic Arts
2015-03-28 23:37 - 2015-03-28 23:37 - 00002496 _____ () C:\Users\Krotitel\Desktop\Play Game of Thrones Telltale.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-21 14:24 - 2011-10-05 21:32 - 01981069 _____ () C:\Windows\WindowsUpdate.log
2015-04-21 14:05 - 2009-07-14 06:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-21 14:05 - 2009-07-14 06:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-21 13:58 - 2012-06-12 19:47 - 00000000 ____D () C:\Users\Krotitel\AppData\Roaming\uTorrent
2015-04-21 13:56 - 2011-10-06 20:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-21 13:56 - 2009-07-14 06:51 - 00306175 _____ () C:\Windows\setupact.log
2015-04-21 13:55 - 2011-10-07 16:16 - 00385822 _____ () C:\Windows\PFRO.log
2015-04-21 13:54 - 2011-11-10 22:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-21 13:14 - 2015-02-17 18:07 - 00000000 ____D () C:\Users\Krotitel\AppData\Roaming\TS3Client
2015-04-21 12:59 - 2011-10-05 21:32 - 00000000 ____D () C:\Users\Krotitel
2015-04-21 12:08 - 2011-10-06 18:20 - 00000000 ____D () C:\Torrenty
2015-04-21 12:03 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-21 11:08 - 2012-09-24 12:00 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2015-04-21 11:07 - 2014-08-10 21:43 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-21 11:07 - 2014-08-10 21:43 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-21 11:07 - 2013-04-05 17:53 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-21 11:07 - 2013-04-05 17:53 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-21 11:07 - 2012-09-24 12:00 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-21 11:07 - 2011-10-06 22:14 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-21 11:07 - 2011-10-06 22:14 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-21 11:07 - 2011-10-06 22:14 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-21 09:44 - 2014-05-17 13:51 - 00000000 ____D () C:\Temp
2015-04-21 09:05 - 2012-05-15 17:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 04:34 - 2011-10-11 21:33 - 00000000 ____D () C:\Users\Krotitel\AppData\Roaming\Skype
2015-04-20 19:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-20 19:33 - 2011-10-11 21:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-20 19:33 - 2011-10-11 21:32 - 00000000 ____D () C:\ProgramData\Skype
2015-04-17 00:13 - 2014-05-30 00:33 - 00000000 ____D () C:\Users\Krotitel\AppData\Local\NVIDIA Corporation
2015-04-17 00:13 - 2014-05-30 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-17 00:13 - 2014-05-30 00:09 - 00000000 ____D () C:\Users\Krotitel\AppData\Local\NVIDIA
2015-04-17 00:13 - 2011-10-06 20:25 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-17 00:13 - 2011-10-06 20:25 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-17 00:13 - 2011-10-06 20:25 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-17 00:12 - 2014-07-31 18:13 - 00000000 ____D () C:\Users\honza\AppData\Local\NVIDIA Corporation
2015-04-16 21:56 - 2011-10-06 22:16 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-14 22:46 - 2014-12-12 20:57 - 00000000 ____D () C:\Program Files (x86)\S.T.A.L.K.E.R. Shadow of Chernobyl
2015-04-14 22:46 - 2013-09-21 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-04-14 22:46 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-14 22:40 - 2014-05-28 23:23 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-14 16:07 - 2011-11-01 23:32 - 00000000 ____D () C:\Users\Krotitel\Desktop\Moje tvorba
2015-04-13 14:09 - 2011-10-10 20:10 - 00000000 ____D () C:\Users\Krotitel\Desktop\Serialy
2015-04-10 22:55 - 2011-10-06 20:00 - 00673894 _____ () C:\Windows\DirectX.log
2015-04-09 02:58 - 2015-02-13 12:52 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-09 02:58 - 2011-10-06 20:25 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-09 02:58 - 2011-10-06 20:25 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-09 02:58 - 2011-10-06 20:25 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-09 02:58 - 2011-10-06 20:25 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-08 23:30 - 2011-11-05 23:52 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 23:30 - 2011-10-06 20:25 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 23:30 - 2011-10-06 20:25 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 23:30 - 2011-10-06 20:25 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 23:30 - 2011-10-06 20:25 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 23:30 - 2011-10-06 20:25 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 20:24 - 2014-10-05 11:02 - 00000000 ____D () C:\Users\Krotitel\Desktop\POLAC
2015-04-08 19:52 - 2012-12-01 18:50 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-05 10:16 - 2009-07-14 17:18 - 07049468 _____ () C:\Windows\system32\perfh005.dat
2015-04-05 10:16 - 2009-07-14 17:18 - 02318534 _____ () C:\Windows\system32\perfc005.dat
2015-04-05 10:16 - 2009-07-14 07:13 - 00006440 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-31 21:57 - 2009-07-14 04:34 - 00000780 _____ () C:\Windows\win.ini
2015-03-31 21:48 - 2012-03-19 11:57 - 00000000 ____D () C:\Users\Krotitel\AppData\Roaming\vlc
2015-03-28 23:55 - 2014-12-03 12:39 - 00000000 ____D () C:\Program Files (x86)\Game of Thrones A Telltale Games Series
2015-03-28 23:51 - 2012-04-25 11:00 - 00000000 ____D () C:\Users\Krotitel\Documents\Telltale Games
2015-03-28 22:45 - 2014-11-30 21:14 - 00000000 ____D () C:\Program Files (x86)\Tales from the Borderlands
2015-03-25 23:20 - 2011-12-11 12:41 - 00000000 ____D () C:\Users\Krotitel\Desktop\Filmy
2015-03-24 22:02 - 2014-10-01 13:31 - 00000000 ____D () C:\Users\Krotitel\Documents\Pavel Hrdina
2015-03-22 14:34 - 2011-11-29 12:39 - 00000000 ____D () C:\Users\Krotitel\AppData\Local\Nero

==================== Files in the root of some directories =======

2002-08-29 17:33 - 2002-08-29 17:33 - 0319488 ____R () C:\Users\Krotitel\AppData\Roaming\MafiaSetup.exe
2012-02-03 23:24 - 2013-01-20 18:13 - 0045270 _____ () C:\Users\Krotitel\AppData\Roaming\room_v3.dat
2015-02-08 18:55 - 2015-02-08 18:55 - 0016218 _____ () C:\Users\Krotitel\AppData\Local\recently-used.xbel
2014-06-02 20:05 - 2014-06-02 20:05 - 0007609 _____ () C:\Users\Krotitel\AppData\Local\Resmon.ResmonCfg
2011-10-12 07:18 - 2011-10-12 07:18 - 0000000 _____ () C:\Users\Krotitel\AppData\Local\{511AD738-F5B8-4F7B-8AC6-5289B54A9F24}

Files to move or delete:
====================
C:\Windows\Tasks\{DF746CBF-88CA-499D-9C93-65E948A46399}.job
C:\Windows\Tasks\{F2606CE2-0A8E-4EEC-850A-7E4401F63932}.job


Some content of TEMP:
====================
C:\Users\Krotitel\AppData\Local\Temp\26411uninstall.exe
C:\Users\Krotitel\AppData\Local\Temp\2jfuweif.exe
C:\Users\Krotitel\AppData\Local\Temp\ApnStub.exe
C:\Users\Krotitel\AppData\Local\Temp\bassmod.dll
C:\Users\Krotitel\AppData\Local\Temp\BitLord_1.01.exe
C:\Users\Krotitel\AppData\Local\Temp\CAMERA.EXE
C:\Users\Krotitel\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Krotitel\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Krotitel\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Krotitel\AppData\Local\Temp\FP_PL_PFS_INSTALLER-1.exe
C:\Users\Krotitel\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Krotitel\AppData\Local\Temp\htmlayout.dll
C:\Users\Krotitel\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Krotitel\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Krotitel\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Krotitel\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Krotitel\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Krotitel\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Krotitel\AppData\Local\Temp\libcurl-4.dll
C:\Users\Krotitel\AppData\Local\Temp\libeay32.dll
C:\Users\Krotitel\AppData\Local\Temp\MP3_Launcher_1_25_0_0.exe
C:\Users\Krotitel\AppData\Local\Temp\MP3_Launcher_1_27_0_0.exe
C:\Users\Krotitel\AppData\Local\Temp\MP3_Patch_Update_1_0_0_22.exe
C:\Users\Krotitel\AppData\Local\Temp\MP3_Patch_Update_1_0_0_28.exe
C:\Users\Krotitel\AppData\Local\Temp\msvcr80.dll
C:\Users\Krotitel\AppData\Local\Temp\Nexus%20Mod%20Manager-0.52.3.exe
C:\Users\Krotitel\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Krotitel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Krotitel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Krotitel\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Krotitel\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Krotitel\AppData\Local\Temp\nvStInst.exe
C:\Users\Krotitel\AppData\Local\Temp\ovisetup-19032015123734.exe
C:\Users\Krotitel\AppData\Local\Temp\pthreadGC2.dll
C:\Users\Krotitel\AppData\Local\Temp\Quarantine.exe
C:\Users\Krotitel\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Krotitel\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\Krotitel\AppData\Local\Temp\SimPack.exe
C:\Users\Krotitel\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Krotitel\AppData\Local\Temp\sqlite3.dll
C:\Users\Krotitel\AppData\Local\Temp\SRLDetectionLibrary7864474090444410190.dll
C:\Users\Krotitel\AppData\Local\Temp\ssleay32.dll
C:\Users\Krotitel\AppData\Local\Temp\tmp8F95.exe
C:\Users\Krotitel\AppData\Local\Temp\tmpCCC0.exe
C:\Users\Krotitel\AppData\Local\Temp\tmpE015.exe
C:\Users\Krotitel\AppData\Local\Temp\toolbar16527869.exe
C:\Users\Krotitel\AppData\Local\Temp\toolbar16531956.exe
C:\Users\Krotitel\AppData\Local\Temp\uninstall16577805.exe
C:\Users\Krotitel\AppData\Local\Temp\uninstall16577883.exe
C:\Users\Krotitel\AppData\Local\Temp\uninstall16577914.exe
C:\Users\Krotitel\AppData\Local\Temp\Uninstaller-2812.exe
C:\Users\Krotitel\AppData\Local\Temp\utt8BCC.tmp.exe
C:\Users\Krotitel\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Krotitel\AppData\Local\Temp\zlib1.dll
C:\Users\Krotitel\AppData\Local\Temp\_is2377.exe
C:\Users\Krotitel\AppData\Local\Temp\_is23B5.exe
C:\Users\Krotitel\AppData\Local\Temp\_is28DE.exe
C:\Users\Krotitel\AppData\Local\Temp\_is2922.exe
C:\Users\Krotitel\AppData\Local\Temp\_is2D76.exe
C:\Users\Krotitel\AppData\Local\Temp\_is3002.exe
C:\Users\Krotitel\AppData\Local\Temp\_is33AA.exe
C:\Users\Krotitel\AppData\Local\Temp\_is3DB8.exe
C:\Users\Krotitel\AppData\Local\Temp\_is44B4.exe
C:\Users\Krotitel\AppData\Local\Temp\_is5697.exe
C:\Users\Krotitel\AppData\Local\Temp\_is61ED.exe
C:\Users\Krotitel\AppData\Local\Temp\_is6286.exe
C:\Users\Krotitel\AppData\Local\Temp\_is75BD.exe
C:\Users\Krotitel\AppData\Local\Temp\_is778F.exe
C:\Users\Krotitel\AppData\Local\Temp\_is7E6F.exe
C:\Users\Krotitel\AppData\Local\Temp\_is9F79.exe
C:\Users\Krotitel\AppData\Local\Temp\_isB0D7.exe
C:\Users\Krotitel\AppData\Local\Temp\_isBF0E.exe
C:\Users\Krotitel\AppData\Local\Temp\_isC0A0.exe
C:\Users\Krotitel\AppData\Local\Temp\_isD670.exe
C:\Users\Krotitel\AppData\Local\Temp\_isF2C.exe
C:\Users\Krotitel\AppData\Local\Temp\_isFECB.exe
C:\Users\Krotitel\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-07 14:27

==================== End Of Log ============================


Edited by hamluis, 21 April 2015 - 09:37 AM.
Moved from Am I Infected to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 AM

Posted 26 April 2015 - 07:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/573927 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:18 AM

Posted 26 April 2015 - 08:14 AM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users