Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with AutoConfigUrl Hijacker


  • This topic is locked This topic is locked
112 replies to this topic

#1 Nevidljiva

Nevidljiva

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 19 May 2016 - 02:59 PM

My computer is infected with AutoConfigUrl hijacker. It keeps appearing in windows registry and deleting it with programs like malwarebytes, adware cleaner,junkware removal tool,combofix or manually from the registry doesn`t help because it keeps popping out again in several places in registry. Malwarebytes usually shows this ijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-3780152140-139227125-843777247-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://un-stop.biz/wpad.dat?43b878b802320dcaf85ee48a509fcecd8956881, , [893795428e0bd26438fa39970ef5946c] but this hijacker also appears in HKCU. I receive a lot of pop ups while surfing. I get redirected to pages with ads, search provider in Chrome changes, etc. Reseting browsers didn1t solve the problem.
 
This is log from Farbar recovery tool
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-05-2016
Ran by Irina.islambegovic (administrator) on DAMIRCORIC-PC (19-05-2016 21:40:15)
Running from C:\Users\Irina.islambegovic\Desktop
Loaded Profiles: Irina.islambegovic (Available Profiles: Irina.islambegovic)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\A2SERVICE.EXE
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12119872 2016-03-14] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [311680 2010-03-12] (Kaspersky Lab)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun_KL_notset] 1
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\kloehk.dll [13056 2015-11-10] (Kaspersky Lab ZAO)
AppInit_DLLs:  C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\adialhk.dll [85080 2015-11-10] (Kaspersky Lab ZAO)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-04-17]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{79B404E9-B2A7-4BCE-84D8-A5D620E6BC2C}: [NameServer] 8.8.8.8 4.2.2.2
Tcpip\..\Interfaces\{EC8FC67A-BF14-4898-AD28-96D70C9B92C8}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F948AFAD-F299-47D3-AB67-A29E491A8C94}: [DhcpNameServer] 10.215.131.3
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3780152140-139227125-843777247-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3780152140-139227125-843777247-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3780152140-139227125-843777247-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
HKU\S-1-5-21-3780152140-139227125-843777247-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE09&ocid=UE09DHP
SearchScopes: HKU\S-1-5-21-3780152140-139227125-843777247-1003 -> DefaultScope {1FF4F776-C4BD-468B-9072-F0F694295B3F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3780152140-139227125-843777247-1003 -> {1FF4F776-C4BD-468B-9072-F0F694295B3F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-18] (Oracle Corporation)
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-05-02] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-18] (Oracle Corporation)
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Shopping%20Blocks/Images/stg_drm.ocx
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Shopping%20Blocks/Images/armhelper.ocx
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-15] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-02] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-15] (Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-19]
CHR Extension: (Google Docs) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-19]
CHR Extension: (Google Drive) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-19]
CHR Extension: (YouTube) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-19]
CHR Extension: (Google Sheets) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-19]
CHR Extension: (Google Docs Offline) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-19]
CHR Extension: (Gmail) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-19]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [7534152 2016-04-26] (Emsisoft Ltd)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [311680 2010-03-12] (Kaspersky Lab)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2013936 2016-05-02] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
S2 ICM_UpdaterService; C:\Program Files\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [204883 2011-03-18] () [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1590560 2012-05-17] (Microsoft Corp.)
R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [2342008 2012-07-19] (Validity Sensors, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [104416 2016-04-07] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-04-15] ()
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [99968 2014-11-10] (Gemalto)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [15640 2012-03-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [349976 2012-03-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-03-27] (Intel Corporation)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [126480 2009-11-12] (Kaspersky Lab)
R3 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [24848 2009-09-03] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [233560 2015-11-10] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [22104 2015-11-10] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv.sys [1552736 2015-06-16] (Sunplus)
S3 catchme; \??\C:\Users\IRINA~1.ISL\AppData\Local\Temp\catchme.sys [X]
S3 DMRedirect; \??\C:\Windows\system32\drivers\DMRedirect.sys [X]
S3 eapihdrv; \??\C:\Users\IRINA~1.ISL\AppData\Local\Temp\ehdrv.sys [X]
S3 esgiguard; \??\D:\SpyHunter 4.21.10.4585 Portable by wood\esgiguard.sys [X]
S3 MBAMSwissArmy; no ImagePath
U3 PROCEXP113; no ImagePath
S3 STHDA; system32\DRIVERS\stwrt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-19 21:40 - 2016-05-19 21:40 - 00014747 _____ C:\Users\Irina.islambegovic\Desktop\FRST.txt
2016-05-19 21:39 - 2016-05-19 21:39 - 01732608 _____ (Farbar) C:\Users\Irina.islambegovic\Desktop\FRST.exe
2016-05-19 21:34 - 2016-05-19 21:34 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-19 21:34 - 2016-05-19 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-19 21:34 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-19 21:34 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-19 21:34 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-19 21:33 - 2016-05-19 21:33 - 22851472 _____ (Malwarebytes ) C:\Users\Irina.islambegovic\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-19 21:31 - 2016-05-19 21:31 - 00000000 ____D C:\ComboFix
2016-05-19 18:27 - 2016-05-19 18:27 - 00001294 _____ C:\Users\Irina.islambegovic\Desktop\t.txt
2016-05-19 17:41 - 2016-05-19 17:41 - 02953520 _____ (AVAST Software) C:\Users\Irina.islambegovic\Downloads\avast-browser-cleanup (1).exe
2016-05-18 20:07 - 2016-05-18 20:07 - 00028784 _____ C:\ComboFix.txt
2016-05-18 19:36 - 2016-05-18 19:37 - 05659526 ____R (Swearware) C:\Users\Irina.islambegovic\Desktop\ComboFix.exe
2016-05-18 19:26 - 2016-05-18 19:26 - 01610816 _____ (Malwarebytes) C:\Users\Irina.islambegovic\Desktop\JRT.exe
2016-05-18 18:37 - 2016-05-18 19:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-05-18 18:34 - 2016-05-18 18:34 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Irina.islambegovic\Desktop\mbar-1.09.3.1001.exe
2016-05-18 16:45 - 2016-05-18 16:45 - 03651136 _____ C:\Users\Irina.islambegovic\Desktop\adwcleaner_5.117 (1).exe
2016-05-18 16:08 - 2016-05-19 21:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-18 16:08 - 2016-05-18 16:08 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-18 16:08 - 2016-05-18 16:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-18 15:56 - 2016-05-18 15:56 - 00000000 ____D C:\Program Files\Common Files\Java
2016-05-18 15:55 - 2016-05-18 15:55 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-05-18 15:55 - 2016-05-18 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-17 14:58 - 2016-05-18 15:37 - 00000000 ____D C:\ProgramData\Sophos
2016-05-16 23:37 - 2016-05-17 22:26 - 00000000 ____D C:\ProgramData\Emsisoft
2016-05-16 23:10 - 2016-05-16 23:10 - 00001049 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-05-16 23:10 - 2016-05-16 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-05-16 23:09 - 2016-05-19 21:23 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-05-16 22:58 - 2016-05-18 15:38 - 00000000 ____D C:\Program Files\Reason
2016-05-16 22:49 - 2016-05-16 22:49 - 02953520 _____ (AVAST Software) C:\Users\Irina.islambegovic\Downloads\avast-browser-cleanup.exe
2016-05-16 22:41 - 2016-05-16 22:41 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\Autoruns (1)
2016-05-16 22:39 - 2016-05-16 22:39 - 00615478 _____ C:\Users\Irina.islambegovic\Downloads\Autoruns (1).zip
2016-05-15 22:08 - 2016-05-15 22:08 - 03651136 _____ C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.117.exe
2016-05-14 16:50 - 2016-05-14 16:50 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Local\TempOfficeC2R78F5775B-19EC-4411-8574-D8E5CA668400
2016-05-12 13:10 - 2016-05-12 13:10 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\New folder (4)
2016-05-12 13:09 - 2016-05-12 13:09 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\New folder (3)
2016-05-12 13:09 - 2016-05-12 13:09 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\New folder (2)
2016-05-12 13:09 - 2016-05-12 13:09 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\New folder
2016-05-12 13:03 - 2016-05-12 13:08 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\Wedding_Salon_2_ENG_final
2016-05-11 17:12 - 2016-05-11 17:12 - 00433587 _____ C:\Users\Irina.islambegovic\AppData\Local\census.cache
2016-05-11 17:11 - 2016-05-11 17:11 - 00426151 _____ C:\Users\Irina.islambegovic\AppData\Local\ars.cache
2016-05-11 14:27 - 2016-05-11 16:55 - 00000010 _____ C:\Users\Irina.islambegovic\AppData\Local\sponge.last.runtime.cache
2016-05-11 14:20 - 2016-05-11 14:21 - 00000000 ____D C:\ProgramData\Trend Micro
2016-05-11 14:14 - 2016-05-11 14:14 - 00000036 _____ C:\Users\Irina.islambegovic\AppData\Local\housecall.guid.cache
2016-05-11 14:14 - 2015-12-24 15:03 - 00305928 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-05-11 09:42 - 2016-05-11 09:42 - 00000000 _____ C:\Users\Irina.islambegovic\AppData\Local\{3A4D47EA-AD4B-426B-81A2-7C90FEB86AA9}
2016-05-11 09:34 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 09:34 - 2016-04-09 08:54 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 09:34 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 09:34 - 2016-04-09 07:40 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 09:34 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 09:34 - 2016-04-06 12:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 09:34 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 09:33 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 09:33 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 09:33 - 2016-04-23 06:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 09:33 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 09:33 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 09:33 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 09:33 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 09:33 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 09:33 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 09:33 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 09:33 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 09:33 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 09:33 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 09:33 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 09:33 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 09:33 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 09:33 - 2016-04-23 05:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 09:33 - 2016-04-23 05:53 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 09:33 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 09:33 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 09:33 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 09:33 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 09:33 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 09:33 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 09:33 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 09:33 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 09:33 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 09:33 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 09:33 - 2016-04-23 05:31 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 09:33 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 09:33 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 09:33 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 09:33 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 09:33 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 09:33 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 09:33 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-05-11 09:33 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 09:33 - 2016-04-09 08:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 09:33 - 2016-04-09 08:59 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 09:33 - 2016-04-09 08:57 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 09:33 - 2016-04-09 07:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 09:33 - 2016-04-09 07:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 09:33 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 09:33 - 2016-04-09 07:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 09:33 - 2016-04-09 07:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 09:33 - 2016-04-09 07:40 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 09:33 - 2016-04-09 07:38 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 09:33 - 2016-04-09 07:38 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 09:33 - 2016-04-09 07:38 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 09:33 - 2016-04-09 07:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 09:33 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 09:33 - 2016-04-09 07:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 09:33 - 2016-04-09 07:37 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 09:32 - 2016-04-09 08:59 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 09:32 - 2016-04-09 08:59 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 09:32 - 2016-04-09 08:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-10 21:31 - 2016-05-10 21:31 - 03640384 _____ C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.116 (1).exe
2016-05-10 20:52 - 2016-05-10 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-05-10 20:41 - 2016-05-19 20:52 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-05-10 20:41 - 2016-05-14 15:25 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-05-10 11:23 - 2016-05-18 19:30 - 00002071 _____ C:\Users\Irina.islambegovic\Desktop\JRT.txt
2016-05-09 21:57 - 2016-05-09 21:57 - 00001970 _____ C:\Users\Irina.islambegovic\Desktop\AdwCleaner 9.5.txt
2016-05-09 21:54 - 2016-05-09 21:55 - 03640384 _____ C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.116.exe
2016-05-09 17:39 - 2016-05-09 17:39 - 00000000 ____D C:\KVRT_Data
2016-05-08 16:40 - 2016-05-08 16:40 - 00005192 _____ C:\Users\Irina.islambegovic\Desktop\ned.txt
2016-05-08 16:15 - 2016-05-08 16:15 - 00615478 _____ C:\Users\Irina.islambegovic\Downloads\Autoruns.zip
2016-05-08 16:15 - 2016-05-08 16:15 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\Autoruns
2016-05-08 15:58 - 2016-05-08 15:58 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-08 15:58 - 2016-05-08 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-05-08 15:58 - 2016-05-08 15:58 - 00000000 ____D C:\Program Files\CCleaner
2016-05-07 12:36 - 2016-05-17 14:20 - 00001230 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-05-07 12:36 - 2016-05-17 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-05-07 12:36 - 2016-05-07 12:36 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Local\VS Revo Group
2016-05-07 12:36 - 2016-05-07 12:36 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-05-07 12:36 - 2016-05-07 12:36 - 00000000 ____D C:\Program Files\VS Revo Group
2016-05-07 12:36 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-05-05 22:00 - 2016-05-05 22:00 - 00001819 _____ C:\Users\Irina.islambegovic\Desktop\ex.txt
2016-05-05 20:44 - 2016-05-05 20:44 - 00001292 _____ C:\Users\Irina.islambegovic\Desktop\m.txt
2016-05-05 10:15 - 2016-05-05 10:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-05-04 23:43 - 2016-05-04 23:43 - 00001235 _____ C:\Users\Irina.islambegovic\Desktop\RegHunter.lnk
2016-05-04 23:43 - 2016-05-04 23:43 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2016-05-04 23:43 - 2016-05-04 23:43 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Roaming\Enigma Software Group
2016-05-04 23:43 - 2016-05-04 23:43 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-05-04 18:40 - 2016-05-04 19:33 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Local\VirtualStore
2016-05-04 16:01 - 2016-05-04 16:01 - 00004230 _____ C:\Users\Irina.islambegovic\Desktop\rk.txt
2016-05-03 23:21 - 2016-05-03 23:21 - 00005408 _____ C:\Users\Irina.islambegovic\Desktop\rkiller.txt
2016-05-03 22:56 - 2016-05-18 15:06 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-03 22:55 - 2016-05-16 20:35 - 00001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-05-03 22:55 - 2016-05-16 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-05-03 22:55 - 2016-05-16 20:35 - 00000000 ____D C:\Program Files\RogueKiller
2016-05-03 22:55 - 2016-05-03 23:41 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-03 22:39 - 2016-05-13 09:45 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-03 22:39 - 2016-05-13 09:45 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-03 21:51 - 2016-05-03 21:51 - 00000244 _____ C:\Users\Irina.islambegovic\Desktop\tr.txt
2016-05-03 19:53 - 2016-05-03 19:53 - 00000840 _____ C:\Users\Irina.islambegovic\Desktop\danas.txt
2016-05-02 18:52 - 2016-05-14 22:08 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\LocalLow\uTorrent
2016-05-01 12:27 - 2016-05-01 12:27 - 03581504 _____ C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.114 (1).exe
2016-04-29 18:29 - 2016-04-29 18:30 - 03581504 _____ C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.114.exe
2016-04-29 14:01 - 2016-04-29 14:01 - 00000000 ____D C:\Program Files\ESET
2016-04-29 13:45 - 2016-04-29 13:45 - 00001860 _____ C:\Users\Irina.islambegovic\Desktop\exterminate-it-log 2016-04-29 12-24-40.txt
2016-04-29 13:40 - 2016-05-12 23:31 - 00030447 _____ C:\Users\Irina.islambegovic\Downloads\Addition.txt
2016-04-29 13:31 - 2016-05-19 21:40 - 00000000 ____D C:\FRST
2016-04-29 11:46 - 2016-04-29 11:46 - 00006111 _____ C:\Users\Irina.islambegovic\Desktop\exterminate-it-log 2016-04-29 11-27-53.txt
2016-04-29 11:27 - 2016-05-18 18:10 - 00000000 ____D C:\Program Files\Exterminate It!
2016-04-29 11:27 - 2016-04-29 11:27 - 00001039 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2016-04-29 11:27 - 2016-04-29 11:27 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Roaming\Curiolab
2016-04-29 11:27 - 2016-04-29 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2016-04-28 21:15 - 2016-05-05 10:27 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\LocalLow\Unity
2016-04-28 21:15 - 2016-05-05 10:27 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Local\Unity
2016-04-28 10:15 - 2016-04-28 10:42 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-27 21:53 - 2016-05-14 14:39 - 00001240 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2016-04-27 21:53 - 2016-04-27 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2016-04-27 21:53 - 2016-04-27 21:53 - 00000000 ____D C:\Program Files\Panda Security
2016-04-27 21:53 - 2015-09-14 13:03 - 00038520 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2016-04-26 22:35 - 2016-04-26 22:35 - 03580480 _____ C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.113.exe
2016-04-26 14:27 - 2016-04-26 14:27 - 00000000 ____D C:\ProgramData\InstallMachine
2016-04-26 14:18 - 2016-04-26 14:23 - 414656116 _____ C:\Users\Irina.islambegovic\Downloads\amac_delicioushc.dmg
2016-04-25 12:04 - 2016-05-16 11:26 - 00015185 _____ C:\Users\Irina.islambegovic\Documents\Putovanja,praznici.xlsx
2016-04-24 14:37 - 2016-04-24 14:37 - 00000000 ____D C:\MATS
2016-04-23 22:52 - 2016-04-24 14:39 - 00000000 ____D C:\Windows\system32\appmgmt
2016-04-22 11:41 - 2016-04-22 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2016-04-21 16:37 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-04-21 16:37 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-04-21 16:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-04-21 16:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-04-21 16:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-04-21 16:37 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-04-21 16:37 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-04-21 16:37 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-04-21 16:32 - 2016-05-18 20:07 - 00000000 ____D C:\Qoobox
2016-04-21 16:31 - 2016-05-18 19:53 - 00000000 ____D C:\Windows\erdnt
2016-04-21 16:30 - 2016-04-21 16:30 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Roaming\LavasoftStatistics
2016-04-21 16:28 - 2016-04-21 16:28 - 00000000 ____D C:\ProgramData\Lavasoft
2016-04-21 16:28 - 2016-04-21 16:28 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-04-21 16:27 - 2016-04-21 16:28 - 02085168 _____ C:\Users\Irina.islambegovic\Downloads\Adaware_Installer.exe
2016-04-19 14:00 - 2016-05-05 10:00 - 00000000 ____D C:\Program Files\Camp Funshine - Carrie the Caregiver 3
2016-04-19 14:00 - 2016-04-19 14:00 - 00000000 ____D C:\Windows\Camp Funshine - Carrie the Caregiver 3
2016-04-19 12:22 - 2016-04-19 12:22 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\Interaktivni zadaci CD4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-19 21:34 - 2016-03-15 22:02 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-19 21:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-05-19 21:10 - 2009-07-14 06:34 - 00032416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-19 21:10 - 2009-07-14 06:34 - 00032416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-19 20:56 - 2015-11-10 12:36 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-05-19 20:56 - 2015-11-10 12:30 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-05-19 20:56 - 2013-02-25 09:25 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-19 20:55 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-19 20:43 - 2013-02-25 09:25 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-19 17:58 - 2015-12-12 18:33 - 00000000 ____D C:\AdwCleaner
2016-05-18 22:27 - 2016-01-02 23:00 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Roaming\vlc
2016-05-18 19:59 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2016-05-18 19:54 - 2009-07-14 04:03 - 68943872 _____ C:\Windows\system32\config\software.bak
2016-05-18 19:54 - 2009-07-14 04:03 - 21757952 _____ C:\Windows\system32\config\system.bak
2016-05-18 19:54 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\default.bak
2016-05-18 19:54 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-05-18 19:54 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\sam.bak
2016-05-18 16:07 - 2015-11-11 18:04 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Local\Adobe
2016-05-18 15:57 - 2015-11-20 22:30 - 00000000 ____D C:\ProgramData\Oracle
2016-05-18 15:54 - 2015-11-20 22:30 - 00000000 ____D C:\Program Files\Java
2016-05-16 22:31 - 2013-08-26 11:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-16 22:30 - 2013-01-15 14:17 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-05-16 22:30 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-16 22:28 - 2013-01-15 14:15 - 00000000 ____D C:\Program Files\Microsoft Office
2016-05-16 21:51 - 2016-04-16 21:12 - 00000008 __RSH C:\Users\Irina.islambegovic\ntuser.pol
2016-05-16 21:51 - 2015-11-09 10:22 - 00000000 ____D C:\Users\Irina.islambegovic
2016-05-16 20:22 - 2016-03-31 11:29 - 00000000 ___RD C:\Users\Irina.islambegovic\OneDrive
2016-05-16 20:10 - 2009-07-14 04:37 - 00000000 ____D C:\PerfLogs
2016-05-16 20:07 - 2015-11-09 11:41 - 00000000 ____D C:\Windows\pss
2016-05-15 23:27 - 2015-11-09 10:24 - 00000000 ____D C:\Users\Irina.islambegovic\Tracing
2016-05-14 12:31 - 2009-07-14 06:53 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-13 16:01 - 2015-06-17 11:14 - 00000000 ____D C:\Windows\rescache
2016-05-13 11:28 - 2015-11-09 19:35 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Roaming\Skype
2016-05-13 11:24 - 2014-09-23 22:00 - 00000000 ___RD C:\Program Files\Skype
2016-05-13 11:24 - 2013-01-15 16:09 - 00000000 ____D C:\ProgramData\Skype
2016-05-11 23:21 - 2014-12-11 17:23 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-11 22:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2016-05-11 16:52 - 2010-11-20 23:01 - 00785794 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-11 16:34 - 2010-11-21 02:23 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 14:23 - 2013-08-01 08:48 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 14:10 - 2013-01-15 15:36 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-10 23:09 - 2015-12-18 20:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-09 17:15 - 2015-12-18 21:53 - 00000000 ____D C:\Program Files\MyPlayCity.com
2016-05-09 13:23 - 2016-02-15 15:33 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\Mid-term report
2016-05-09 10:49 - 2015-12-04 12:15 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\arhiva
2016-05-08 18:08 - 2016-02-16 16:48 - 00021259 _____ C:\Users\Irina.islambegovic\Documents\Packing List Macedonia.xlsx
2016-05-08 16:03 - 2013-12-16 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-05-08 16:03 - 2013-01-30 13:41 - 00000000 ____D C:\Windows\Minidump
2016-05-08 16:03 - 2013-01-15 23:06 - 00000000 ____D C:\Windows\Panther
2016-05-08 07:10 - 2016-03-31 11:29 - 00002200 _____ C:\Users\Irina.islambegovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-05-06 20:38 - 2015-04-05 16:46 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-04 00:33 - 2015-11-09 10:23 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Local\Google
2016-05-03 22:39 - 2013-02-25 09:25 - 00000000 ____D C:\Program Files\Google
2016-05-03 18:51 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2016-05-03 18:03 - 2015-11-20 22:30 - 00000000 ____D C:\Users\Irina.islambegovic\.oracle_jre_usage
2016-05-03 17:50 - 2013-01-15 14:17 - 00000000 ____D C:\Windows\PCHEALTH
2016-04-29 17:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2016-04-28 21:18 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\addins
2016-04-27 23:45 - 2016-02-15 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping Blocks
2016-04-27 23:45 - 2015-12-31 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2016-04-27 23:45 - 2015-12-25 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-04-27 23:45 - 2015-12-23 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2
2016-04-26 14:34 - 2015-11-27 17:50 - 00000000 ____D C:\BigFishCache
2016-04-24 14:39 - 2013-01-15 15:37 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-04-24 14:37 - 2015-11-27 02:07 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-04-24 14:36 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2016-04-21 15:05 - 2013-01-15 15:24 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2015-11-09 21:02 - 2015-11-09 21:02 - 2837704 _____ (ESET) C:\Program Files\eset_smart_security_live_installer.exe
2015-12-31 11:10 - 2015-12-31 11:10 - 0005120 _____ () C:\Users\Irina.islambegovic\AppData\Roaming\GiftBag.db
2016-05-11 17:11 - 2016-05-11 17:11 - 0426151 _____ () C:\Users\Irina.islambegovic\AppData\Local\ars.cache
2016-05-11 17:12 - 2016-05-11 17:12 - 0433587 _____ () C:\Users\Irina.islambegovic\AppData\Local\census.cache
2016-05-11 14:14 - 2016-05-11 14:14 - 0000036 _____ () C:\Users\Irina.islambegovic\AppData\Local\housecall.guid.cache
2016-05-11 14:27 - 2016-05-11 16:55 - 0000010 _____ () C:\Users\Irina.islambegovic\AppData\Local\sponge.last.runtime.cache
2016-05-11 09:42 - 2016-05-11 09:42 - 0000000 _____ () C:\Users\Irina.islambegovic\AppData\Local\{3A4D47EA-AD4B-426B-81A2-7C90FEB86AA9}
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-18 14:44
 
==================== End of FRST.txt ============================Attached File  Addition.txt   24.29KB   7 downloads
Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-05-2016
Ran by Irina.islambegovic (2016-05-19 21:40:53)
Running from C:\Users\Irina.islambegovic\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2013-01-15 12:12:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3780152140-139227125-843777247-500 - Administrator - Disabled)
Guest (S-1-5-21-3780152140-139227125-843777247-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3780152140-139227125-843777247-1002 - Limited - Enabled)
Irina.islambegovic (S-1-5-21-3780152140-139227125-843777247-1003 - Administrator - Enabled) => C:\Users\Irina.islambegovic

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Up to date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
FW: Kaspersky Anti-Virus (Enabled) {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Cisco AnyConnect VPN Client (HKLM\...\{F4C6DD02-8ACA-4354-BA36-9FFC3B767E73}) (Version: 2.5.2014 - Cisco Systems, Inc.)
Cisco AnyConnect VPN Client Start Before Login Components (HKLM\...\{AE2F53E7-290C-47FD-AFE3-A1EE4EE87B42}) (Version: 2.4.1012 - Cisco Systems, Inc.)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Duplicati (HKLM\...\{52049833-14D0-4DDE-98FE-467156FF32D1}) (Version: 1.3.0.1066 - HexaD)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.7 - Emsisoft Ltd.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Exterminate It! (HKLM\...\Exterminate It!) (Version: 2.12.04.28 - CURIOLAB S.M.B.A.)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Free VPN version 3.2 (HKLM\...\{05A4243F-4ADC-416C-A21A-91613A87577E}_is1) (Version: 3.2 - VPNMaster, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{C35A147C-5037-443A-9BF8-A5E7C2154CE4}) (Version: 5.1.7.1 - Hewlett-Packard Company)
HP HD Webcam [Fixed] (HKLM\...\Sunplus SPUVCb) (Version: 3.4.8.54 - SunplusIT)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Kaspersky Anti-Virus 6.0 for Windows Workstations (HKLM\...\{8F023021-A7EB-45D3-9269-D65264C81729}) (Version: 6.0.4.1424 - Kaspersky Lab)
Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4498 - Microsoft Corporation)
Microsoft Lync 2013 (HKLM\...\Office15.LYNC) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3780152140-139227125-843777247-1003\...\OneDriveSetup.exe) (Version: 17.3.6386.0412 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.6868.2062 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{C89AD07D-CAA0-4BF2-A2E8-A851B71FD698}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2012 PowerPivot for Excel 32-bit (HKLM\...\{4CFC749F-E178-42C7-8095-796C5814C9C3}) (Version: 11.1.3129.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MPC-HC 1.6.7.7114 (9eb64ec) (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.7.7114 - MPC-HC Team)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6828.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6828.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6828.1016 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.8 - Panda Security)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.58.411.2012 - Realtek)
RegHunter (HKLM\...\RegHunter) (Version: 2.0.24.1985 - Enigma Software Group, LLC)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Samsung Networking Wizard (HKLM\...\{0C485220-4029-48E7-9F27-965DA4A78D5E}) (Version: 1.1.11123.1 - Samsung Electronics Co., Ltd. )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-012C-0000-0000-0000000FF1CE}_Office15.LYNC_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.23 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.LYNC_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{F83E415D-074E-4DAB-A623-5B3ABF9F3094}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinRAR 5.30 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EE}) (Version: 20.0.11659 - WinZip Computing, S.L. )
Yawcam 0.4.2 (HKLM\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Irina.islambegovic\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuthLib.dll ()
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D58F547-602D-4803-A7E5-B7443774FFEB} - System32\Tasks\UninstallMonitor => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Task: {0F003F31-BD5B-4E7F-A782-30F23D2A5665} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {168FEE9E-A703-480C-B0DD-15488BF283A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1A05C2C6-05AE-44E9-B3CC-D8842CC2CC2C} - System32\Tasks\{B53E267F-2E54-475C-BEA9-4B9C6E8EAFB0} => pcalua.exe -a "C:\Program Files\SAMSUNG\USB Drivers\Uninstall.exe"
Task: {31CA6EA9-20FA-4826-AA57-B78B18ACCD13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4F4EF731-A21C-499A-A949-0FF699977893} - System32\Tasks\{F197AEDE-46F6-4001-A6B7-F9792C7F65C6} => pcalua.exe -a C:\Users\IRINA~1.ISL\AppData\Local\Temp\jre-8u73-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
Task: {5B54EB6C-5F24-4475-A7E2-06ACE9926886} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-02] (Microsoft Corporation)
Task: {5CB1EDC8-E2DE-42B9-AD40-0654582096E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-18] (Adobe Systems Incorporated)
Task: {76C8AE26-E78D-451D-8DE9-F00F5207A12B} - System32\Tasks\{B0687340-306A-40F9-9FFA-EF56BB9F7B4A} => pcalua.exe -a C:\Users\IRINA~1.ISL\AppData\Local\Temp\jre-8u71-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
Task: {790092AE-5D01-4E83-8B1B-B0C8D249D869} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-02] (Microsoft Corporation)
Task: {8158CD27-386A-4A21-A19A-9F16ECFE7F89} - System32\Tasks\{ABB96D5C-1B10-41AD-B9D9-C7409C20F2EA} => pcalua.exe -a "C:\Program Files\HDvid Codec V1\Uninstall.exe" -c /fromcontrolpanel=1
Task: {B361A736-EFF6-4565-859D-AEDC4AC4D33A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {C4D3ED96-7B2F-4E05-8294-92A84B028549} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {C59F0A96-A123-412B-B6ED-E4AFE170132E} - System32\Tasks\{F28CF13C-A7D5-4DA7-92E8-CC3B1C19D775} => pcalua.exe -a C:\Users\IRINA~1.ISL\AppData\Local\Temp\jre-8u77-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
Task: {CA4143EB-594E-4BCF-8117-32D076E89D92} - System32\Tasks\{8755A6DD-C010-4842-8236-C1A8DD3E2786} => pcalua.exe -a "D:\Burger Bustle 2 Ellie's Organics Setup.exe" -d D:\
Task: {D6021BFE-43B5-43D0-9D57-0F826922ADCD} - System32\Tasks\{78C84979-E88C-4109-A374-828D708C1BEB} => pcalua.exe -a "C:\Windows\Club Paradise\uninstall.exe" -c "/U:C:\Program Files\Club Paradise\Uninstall\uninstall.xml"
Task: {DB5AE5FC-9762-4606-BC9E-7EBA2B6738D9} - System32\Tasks\{1429B858-A96F-4985-ACAD-1A08DA38AC8B} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.21.0.104/en/abandoninstall?page=tsPlugin
Task: {E83DF00B-2077-4452-BF0E-905B61725EAD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {FE87AF6C-DC84-40D2-8A27-0F8F8D4C1183} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-11 15:06 - 2013-04-01 18:15 - 00176128 _____ () C:\Windows\System32\HP2014LM.DLL
2016-03-11 15:07 - 2013-04-01 18:15 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP2014PP.dll
2010-03-12 20:29 - 2010-03-12 20:29 - 00026712 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\volenum.ppl
2016-05-08 07:10 - 2016-05-08 07:10 - 00679624 _____ () C:\Users\Irina.islambegovic\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-10-10 06:32 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4B244549 [278]
AlternateDataStreams: C:\ProgramData\TEMP:8886182C [108]
AlternateDataStreams: C:\ProgramData\TEMP:8CCDAB14 [132]
AlternateDataStreams: C:\ProgramData\TEMP:9D5BB34A [122]
AlternateDataStreams: C:\ProgramData\TEMP:F0F9D08A [136]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2016-05-18 19:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3780152140-139227125-843777247-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Irina.islambegovic\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Duplicati.lnk => C:\Windows\pss\Duplicati.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Notifier.lnk => C:\Windows\pss\Update Notifier.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: PrnStatusMX => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{33E814CC-E87E-4169-9EE0-F2D505B7FE37}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe
FirewallRules: [UDP Query User{ACA6F91B-5EC9-4BAB-8BFD-0EB2BD9C5AFD}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe
FirewallRules: [{C235CDA7-1800-4CF3-B379-40CB7D5011BD}] => (Block) C:\program files\microsoft office\office15\lync.exe
FirewallRules: [{8313CA95-42A3-4FD2-BF9C-8041DFEA8193}] => (Block) C:\program files\microsoft office\office15\lync.exe

==================== Restore Points =========================

17-05-2016 09:02:22 Windows Update
17-05-2016 11:58:50 JRT Pre-Junkware Removal
17-05-2016 14:21:24 Revo Uninstaller Pro's restore point - Wedding_Salon_2_ENG_final
17-05-2016 14:23:47 Revo Uninstaller Pro's restore point - Delicious 9 - Emilys Honeymoon Cruise (Www.ApunKaGames.Net)
17-05-2016 14:24:58 Revo Uninstaller Pro's restore point - Bistro.Boulevard.v1.0.Cracked-F4CG
17-05-2016 14:25:53 Revo Uninstaller Pro's restore point - Fabulous - Angelas Fashion Fever Deluxe
17-05-2016 14:28:44 Revo Uninstaller Pro's restore point - com.gamehouse.acid
17-05-2016 14:29:55 Revo Uninstaller Pro's restore point - GameHouse
17-05-2016 14:31:17 Revo Uninstaller Pro's restore point - PlayFirst
17-05-2016 14:32:40 Revo Uninstaller Pro's restore point - SugarGames
17-05-2016 14:56:19 Installed Sophos Virus Removal Tool.
18-05-2016 15:36:20 Removed Sophos Virus Removal Tool.
18-05-2016 15:39:22 Removed Java 8 Update 77
18-05-2016 19:27:11 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 37%
Total physical RAM: 2957.73 MB
Available physical RAM: 1850.26 MB
Total Virtual: 5913.79 MB
Available Virtual: 4321.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:307.91 GB) (Free:234.74 GB) NTFS
Drive d: () (Fixed) (Total:390.62 GB) (Free:390.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 96259DBF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=307.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by Oh My!, 20 May 2016 - 08:39 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:23 AM

Posted 20 May 2016 - 08:48 AM

Greetings Nevidljiva and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

If you have a wireless router please tell me the model number.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can uninstall the program(s) via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Emsisoft Anti-Malware
Kaspersky Anti-Virus


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3780152140-139227125-843777247-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [No File]
S3 catchme; \??\C:\Users\IRINA~1.ISL\AppData\Local\Temp\catchme.sys [X]
S3 DMRedirect; \??\C:\Windows\system32\drivers\DMRedirect.sys [X]
S3 eapihdrv; \??\C:\Users\IRINA~1.ISL\AppData\Local\Temp\ehdrv.sys [X]
S3 esgiguard; \??\D:\SpyHunter 4.21.10.4585 Portable by wood\esgiguard.sys [X]
S3 MBAMSwissArmy; no ImagePath
U3 PROCEXP113; no ImagePath
S3 STHDA; system32\DRIVERS\stwrt.sys [X]
2016-05-14 16:50 - 2016-05-14 16:50 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Local\TempOfficeC2R78F5775B-19EC-4411-8574-D8E5CA668400
2016-05-11 09:42 - 2016-05-11 09:42 - 00000000 _____ C:\Users\Irina.islambegovic\AppData\Local\{3A4D47EA-AD4B-426B-81A2-7C90FEB86AA9}
2016-05-11 09:42 - 2016-05-11 09:42 - 0000000 _____ () C:\Users\Irina.islambegovic\AppData\Local\{3A4D47EA-AD4B-426B-81A2-7C90FEB86AA9}
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4B244549 [278]
AlternateDataStreams: C:\ProgramData\TEMP:8886182C [108]
AlternateDataStreams: C:\ProgramData\TEMP:8CCDAB14 [132]
AlternateDataStreams: C:\ProgramData\TEMP:9D5BB34A [122]
AlternateDataStreams: C:\ProgramData\TEMP:F0F9D08A [136]
CMD: type "C:\ComboFix.txt"
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Router information?
  • Fixlog
  • MTB report
  • System Summary Information
  • Update on computer behavior

Edited by Oh My!, 20 May 2016 - 08:50 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Nevidljiva

Nevidljiva
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 20 May 2016 - 10:05 AM

Dear Gary

 

Thank you for your quick reply. You can call me Irina. I uninstalled Emsisoft Anti-Malware. It did cause some problems with Kaspersky antivirus.

 

Number of my ADSL router is FC177H82E9B00768

 

After I did all the steps from your post I opened google chrome and the home page was changed to foryourweb.net so I guess the problem still persists.Attached File  Summary.zip   67.29KB   2 downloads Below are logs that you requested and Summary is in attachment.

 

Fixlog.txt log

 

Fix result of Farbar Recovery Scan Tool (x86) Version:19-05-2016
Ran by Irina.islambegovic (2016-05-20 16:30:12) Run:1
Running from C:\Users\Irina.islambegovic\Desktop
Loaded Profiles: Irina.islambegovic (Available Profiles: Irina.islambegovic)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3780152140-139227125-843777247-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [No File]
S3 catchme; \??\C:\Users\IRINA~1.ISL\AppData\Local\Temp\catchme.sys [X]
S3 DMRedirect; \??\C:\Windows\system32\drivers\DMRedirect.sys [X]
S3 eapihdrv; \??\C:\Users\IRINA~1.ISL\AppData\Local\Temp\ehdrv.sys [X]
S3 esgiguard; \??\D:\SpyHunter 4.21.10.4585 Portable by wood\esgiguard.sys [X]
S3 MBAMSwissArmy; no ImagePath
U3 PROCEXP113; no ImagePath
S3 STHDA; system32\DRIVERS\stwrt.sys [X]
2016-05-14 16:50 - 2016-05-14 16:50 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Local\TempOfficeC2R78F5775B-19EC-4411-8574-D8E5CA668400
2016-05-11 09:42 - 2016-05-11 09:42 - 00000000 _____ C:\Users\Irina.islambegovic\AppData\Local\{3A4D47EA-AD4B-426B-81A2-7C90FEB86AA9}
2016-05-11 09:42 - 2016-05-11 09:42 - 0000000 _____ () C:\Users\Irina.islambegovic\AppData\Local\{3A4D47EA-AD4B-426B-81A2-7C90FEB86AA9}
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:4B244549 [278]
AlternateDataStreams: C:\ProgramData\TEMP:8886182C [108]
AlternateDataStreams: C:\ProgramData\TEMP:8CCDAB14 [132]
AlternateDataStreams: C:\ProgramData\TEMP:9D5BB34A [122]
AlternateDataStreams: C:\ProgramData\TEMP:F0F9D08A [136]
CMD: type "C:\ComboFix.txt"
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => key removed successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found. 
"HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin" => key removed successfully.
catchme => service not found.
DMRedirect => service removed successfully.
eapihdrv => service not found.
esgiguard => service removed successfully.
MBAMSwissArmy => service removed successfully.
PROCEXP113 => service removed successfully.
STHDA => service removed successfully.
C:\Users\Irina.islambegovic\AppData\Local\TempOfficeC2R78F5775B-19EC-4411-8574-D8E5CA668400 => moved successfully
C:\Users\Irina.islambegovic\AppData\Local\{3A4D47EA-AD4B-426B-81A2-7C90FEB86AA9} => moved successfully
"C:\Users\Irina.islambegovic\AppData\Local\{3A4D47EA-AD4B-426B-81A2-7C90FEB86AA9}" => not found.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => key removed successfully.
"HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => key removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully..
C:\ProgramData\TEMP => ":4B244549" ADS removed successfully..
C:\ProgramData\TEMP => ":8886182C" ADS removed successfully..
C:\ProgramData\TEMP => ":8CCDAB14" ADS removed successfully..
C:\ProgramData\TEMP => ":9D5BB34A" ADS removed successfully..
C:\ProgramData\TEMP => ":F0F9D08A" ADS removed successfully..
 
=========  type "C:\ComboFix.txt" =========
 
ComboFix 16-05-18.01 - Irina.islambegovic 18.05.2016  19:43:44.3.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1250.387.1033.18.2958.1887 [GMT 2:00]
Running from: c:\users\Irina.islambegovic\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Emsisoft Anti-Malware *Disabled/Updated* {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Irina.islambegovic\AppData\Local\assembly\tmp
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2016-04-18 to 2016-05-18  )))))))))))))))))))))))))))))))
.
.
2016-05-18 17:53 . 2016-05-18 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-18 16:37 . 2016-05-18 17:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2016-05-18 14:08 . 2016-05-18 14:08 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-05-18 14:08 . 2016-05-18 14:08 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-05-18 13:56 . 2016-05-18 13:56 -------- d-----w- c:\program files\Common Files\Java
2016-05-18 13:55 . 2016-05-18 13:55 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-05-17 12:58 . 2016-05-18 13:37 -------- d-----w- c:\programdata\Sophos
2016-05-16 21:37 . 2016-05-17 20:26 -------- d-----w- c:\programdata\Emsisoft
2016-05-16 21:09 . 2016-05-18 17:56 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2016-05-16 20:58 . 2016-05-18 13:38 -------- d-----w- c:\program files\Reason
2016-05-16 18:05 . 2016-05-16 18:06 -------- d-----w- c:\users\Irina.islambegovic\AppData\Local\Diagnostics
2016-05-14 14:50 . 2016-05-14 14:50 -------- d-----w- c:\users\Irina.islambegovic\AppData\Local\TempOfficeC2R78F5775B-19EC-4411-8574-D8E5CA668400
2016-05-11 12:20 . 2016-05-11 12:21 -------- d-----w- c:\programdata\Trend Micro
2016-05-11 12:14 . 2015-12-24 13:03 305928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2016-05-11 07:33 . 2016-04-23 04:14 38400 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2016-05-11 07:32 . 2016-04-09 06:59 730344 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2016-05-11 07:32 . 2016-04-09 06:59 218856 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2016-05-11 07:32 . 2016-04-09 06:54 107520 ----a-w- c:\windows\system32\cdd.dll
2016-05-10 18:41 . 2016-05-18 17:33 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2016-05-10 18:41 . 2016-05-14 13:25 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2016-05-10 18:26 . 2016-05-18 15:49 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-10 18:17 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-10 18:17 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-10 18:17 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-09 15:39 . 2016-05-09 15:39 -------- d-----w- C:\KVRT_Data
2016-05-08 13:58 . 2016-05-08 13:58 -------- d-----w- c:\program files\CCleaner
2016-05-07 13:16 . 2016-05-18 17:59 -------- d-----w- c:\users\Irina.islambegovic\AppData\Local\temp
2016-05-07 10:36 . 2016-05-07 10:36 -------- d-----w- c:\users\Irina.islambegovic\AppData\Local\VS Revo Group
2016-05-07 10:36 . 2016-05-07 10:36 -------- d-----w- c:\programdata\VS Revo Group
2016-05-07 10:36 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2016-05-07 10:36 . 2016-05-07 10:36 -------- d-----w- c:\program files\VS Revo Group
2016-05-05 08:15 . 2016-05-05 08:15 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-05-04 21:43 . 2016-05-04 21:43 -------- d-----w- c:\users\Irina.islambegovic\AppData\Roaming\Enigma Software Group
2016-05-04 21:43 . 2016-05-04 21:43 -------- d-----w- c:\program files\Enigma Software Group
2016-05-04 16:40 . 2016-05-04 17:33 -------- d-----w- c:\users\Irina.islambegovic\AppData\Local\VirtualStore
2016-05-03 20:56 . 2016-05-18 13:06 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-05-03 20:55 . 2016-05-16 18:35 -------- d-----w- c:\program files\RogueKiller
2016-05-03 20:55 . 2016-05-03 21:41 -------- d-----w- c:\programdata\RogueKiller
2016-05-03 14:41 . 2016-05-03 14:41 225976 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2016-05-02 08:37 . 2016-05-02 08:37 211152 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2016-05-02 08:36 . 2016-05-02 08:36 369944 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2016-05-02 08:36 . 2016-05-02 08:36 24824 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2016-04-29 12:01 . 2016-04-29 12:01 -------- d-----w- c:\program files\ESET
2016-04-29 11:31 . 2016-05-12 21:35 -------- d-----w- C:\FRST
2016-04-29 09:27 . 2016-04-29 09:27 -------- d-----w- c:\users\Irina.islambegovic\AppData\Roaming\Curiolab
2016-04-29 09:27 . 2016-05-18 16:10 -------- d-----w- c:\program files\Exterminate It!
2016-04-28 19:15 . 2016-05-05 08:27 -------- d-----w- c:\users\Irina.islambegovic\AppData\Local\Unity
2016-04-28 08:15 . 2016-04-28 08:42 -------- d-----w- c:\programdata\HitmanPro
2016-04-27 19:53 . 2015-09-14 11:03 38520 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2016-04-27 19:53 . 2016-04-27 19:53 -------- d-----w- c:\program files\Panda Security
2016-04-26 12:27 . 2016-04-26 12:27 -------- d-----w- c:\programdata\InstallMachine
2016-04-24 12:37 . 2016-04-24 12:37 -------- d-----w- C:\MATS
2016-04-21 14:30 . 2016-04-21 14:30 -------- d-----w- c:\users\Irina.islambegovic\AppData\Roaming\LavasoftStatistics
2016-04-21 14:28 . 2016-04-21 14:28 -------- d-----w- c:\program files\Common Files\Lavasoft
2016-04-21 14:28 . 2016-04-21 14:28 -------- d-----w- c:\programdata\Lavasoft
2016-04-19 12:00 . 2016-05-05 08:00 -------- d-----w- c:\program files\Camp Funshine - Carrie the Caregiver 3
2016-04-19 12:00 . 2016-04-19 12:00 -------- d-----w- c:\windows\Camp Funshine - Carrie the Caregiver 3
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-18 17:54 . 2016-05-18 17:54 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94BCF6DF-5474-4899-AC60-D62735C1D69D}\offreg.3940.dll
2016-05-18 13:06 . 2016-05-18 13:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94BCF6DF-5474-4899-AC60-D62735C1D69D}\offreg.2836.dll
2016-05-18 08:55 . 2016-05-18 08:55 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94BCF6DF-5474-4899-AC60-D62735C1D69D}\offreg.2828.dll
2016-05-17 19:16 . 2016-05-17 19:16 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94BCF6DF-5474-4899-AC60-D62735C1D69D}\offreg.2684.dll
2016-05-17 12:41 . 2016-05-17 12:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94BCF6DF-5474-4899-AC60-D62735C1D69D}\offreg.1320.dll
2016-05-02 12:18 . 2016-03-14 12:54 2405656 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-04-26 08:25 . 2016-05-17 07:03 9317056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94BCF6DF-5474-4899-AC60-D62735C1D69D}\mpengine.dll
2016-04-21 13:05 . 2013-01-15 13:24 374944 ------w- c:\windows\system32\MpSigStub.exe
2016-04-08 18:01 . 2016-04-08 18:01 5338816 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2016-04-04 17:54 . 2016-04-09 16:56 34024 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-04 17:42 . 2016-04-09 16:56 957952 ----a-w- c:\windows\system32\aeinv.dll
2016-04-02 13:07 . 2016-04-09 16:56 1218048 ----a-w- c:\windows\system32\appraiser.dll
2016-03-27 08:21 . 2016-03-27 08:21 446792 ----a-w- c:\windows\system32\slprop32.dll
2016-03-27 08:21 . 2016-03-27 08:21 371200 ----a-w- c:\windows\system32\slapoi32.dll
2016-03-27 08:21 . 2016-03-27 08:21 29184 ----a-w- c:\windows\system32\suhlp.exe
2016-03-27 08:21 . 2016-03-27 08:21 214856 ----a-w- c:\windows\system32\slmaxv32.dll
2016-03-27 08:21 . 2016-03-27 08:21 208200 ----a-w- c:\windows\system32\sluapo32.dll
2016-03-27 08:21 . 2016-03-27 08:21 182088 ----a-w- c:\windows\system32\slviq32.dll
2016-03-27 08:21 . 2016-03-27 08:21 169800 ----a-w- c:\windows\system32\slhlim32.dll
2016-03-27 08:21 . 2016-03-27 08:21 169800 ----a-w- c:\windows\system32\slcshp32.dll
2016-03-27 08:21 . 2016-03-27 08:21 157512 ----a-w- c:\windows\system32\slcc3d32.dll
2016-03-27 08:21 . 2016-03-27 08:21 153416 ----a-w- c:\windows\system32\slvipp32.dll
2016-03-27 08:21 . 2016-03-27 08:21 153416 ----a-w- c:\windows\system32\slinit32.dll
2016-03-27 08:21 . 2016-03-27 08:21 153416 ----a-w- c:\windows\system32\slh36032.dll
2016-03-27 08:21 . 2016-03-27 08:21 145224 ----a-w- c:\windows\system32\sltshd32.dll
2016-03-27 08:21 . 2016-03-27 08:21 137032 ----a-w- c:\windows\system32\slcsii32.dll
2016-03-27 08:21 . 2016-03-27 08:21 132936 ----a-w- c:\windows\system32\slgeq32.dll
2016-03-27 08:21 . 2016-03-27 08:21 7675904 ----a-w- c:\windows\system32\IDTNHP.dll
2016-03-27 08:21 . 2016-03-27 08:21 6662144 ----a-w- c:\windows\system32\IDTNGUI.exe
2016-03-27 08:21 . 2016-03-27 08:21 250368 ----a-w- c:\windows\system32\IDTNJ.exe
2016-03-27 08:21 . 2016-03-27 08:21 2208768 ----a-w- c:\windows\system32\IDTNX.dll
2016-03-23 14:02 . 2016-04-09 16:56 177664 ----a-w- c:\windows\system32\aepic.dll
2016-03-17 22:30 . 2016-04-13 08:41 171008 ----a-w- c:\windows\system32\winsrv.dll
2016-03-17 22:28 . 2016-04-13 08:41 1414144 ----a-w- c:\windows\system32\ole32.dll
2016-03-17 22:26 . 2016-04-13 08:41 294400 ----a-w- c:\windows\system32\KernelBase.dll
2016-03-17 22:24 . 2016-04-13 08:41 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-17 22:24 . 2016-04-13 08:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-17 21:36 . 2016-04-13 08:41 271360 ----a-w- c:\windows\system32\conhost.exe
2016-03-17 21:29 . 2016-04-13 08:41 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-17 21:29 . 2016-04-13 08:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-17 21:29 . 2016-04-13 08:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-17 21:29 . 2016-04-13 08:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-17 18:04 . 2016-04-09 16:56 65536 ----a-w- c:\windows\system32\acmigration.dll
2016-03-17 18:04 . 2016-04-09 16:56 560640 ----a-w- c:\windows\system32\generaltel.dll
2016-03-17 18:04 . 2016-04-09 16:56 424960 ----a-w- c:\windows\system32\devinv.dll
2016-03-17 18:04 . 2016-04-09 16:56 232960 ----a-w- c:\windows\system32\invagent.dll
2016-03-16 18:28 . 2016-04-13 08:41 111616 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-16 18:28 . 2016-04-13 08:41 176128 ----a-w- c:\windows\system32\msorcl32.dll
2016-03-15 23:53 . 2016-04-13 08:40 60416 ----a-w- c:\windows\system32\samlib.dll
2016-03-15 23:53 . 2016-04-13 08:40 566272 ----a-w- c:\windows\system32\samsrv.dll
2016-03-06 18:38 . 2016-04-13 08:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-03-06 18:38 . 2016-04-13 08:40 1240576 ----a-w- c:\windows\system32\msxml3.dll
2016-02-28 04:01 . 2016-02-28 04:01 85232 ----a-w- c:\windows\system32\vcruntime140.dll
2016-02-28 04:01 . 2016-02-28 04:01 439536 ----a-w- c:\windows\system32\msvcp140.dll
2016-02-28 04:01 . 2016-02-28 04:01 267008 ----a-w- c:\windows\system32\vccorlib140.dll
2016-02-28 04:01 . 2016-02-28 04:01 243480 ----a-w- c:\windows\system32\concrt140.dll
2015-11-09 19:02 . 2015-11-09 19:02 2837704 ----a-w- c:\program files\eset_smart_security_live_installer.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-05-08 05:10 1602248 ----a-w- c:\users\Irina.islambegovic\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-05-08 05:10 1602248 ----a-w- c:\users\Irina.islambegovic\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-05-08 05:10 1602248 ----a-w- c:\users\Irina.islambegovic\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-05-08 05:10 1602248 ----a-w- c:\users\Irina.islambegovic\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-05-08 05:10 1602248 ----a-w- c:\users\Irina.islambegovic\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2016-03-14 12119872]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-06-01 157104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-06-01 192432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-06-01 201136]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]
"Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2016-04-15 2623456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FAH.lnk - c:\program files\WinZip\FAHConsole.exe [2015-10-27 454880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0FO\kloehk.dll c:\progra~1\KASPER~1\KASPER~1.0FO\adialhk.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ   kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Duplicati.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati.lnk
backup=c:\windows\pss\Duplicati.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Notifier.lnk]
backup=c:\windows\pss\Update Notifier.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk]
backup=c:\windows\pss\WinZip Preloader.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-09-13 18:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnStatusMX]
2012-07-04 14:43 1077248 ----a-w- c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2016-04-01 00:16 596504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 ICM_UpdaterService;ICM_UpdaterService Disp;c:\program files\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [2011-03-18 204883]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-03-23 327808]
R3 DMRedirect;DMRedirect;c:\windows\system32\drivers\DMRedirect.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 eapihdrv;eapihdrv;c:\users\IRINA~1.ISL\AppData\Local\Temp\ehdrv.sys [x]
R3 esgiguard;esgiguard;d:\spyhunter 4.21.10.4585 portable by wood\esgiguard.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\DRIVERS\GemCCID.sys [2014-11-10 99968]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-04-23 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-08-17 8576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-04-11 543336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-15 1343400]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 15640]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2016-05-18 170200]
S1 epp;epp;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys [2016-04-07 104416]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [2016-04-15 50016]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2015-11-10 22104]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2016-03-10 126336]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2016-04-26 7534152]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-05-02 2013936]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-09-07 30528]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [2016-04-15 742368]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-05-17 1590560]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2012-07-19 2342008]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-12-20 602872]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2014-08-26 364504]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 349976]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 792856]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2015-12-05 148720]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2009-09-03 24848]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv.sys [2015-06-16 1552736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ   DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 07:43 1186968 ----a-w- c:\program files\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-05-03 14:41 287416 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-18 14:08]
.
2016-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-25 19:10]
.
2016-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-25 19:10]
.
.
------- Supplementary Scan -------
.
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
TCP: Interfaces\{EC8FC67A-BF14-4898-AD28-96D70C9B92C8}: NameServer = 8.8.8.8 8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\Office16\MSOSB.DLL
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\WinZip\FAHWindow32.exe
c:\windows\system32\GWX\GWX.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2016-05-18  20:07:18 - machine was rebooted
ComboFix-quarantined-files.txt  2016-05-18 18:07
ComboFix2.txt  2016-05-07 13:16
ComboFix3.txt  2016-04-21 14:55
.
Pre-Run: 246.980.829.184 bytes free
Post-Run: 246.136.950.784 bytes free
.
- - End Of File - - 46A6AD50D9CBB993B8660848660CC997
A36C5E4F47E84449FF07ED3517B43A31
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 16:31:01 ====

 

MTB.txt log

 

MiniToolBox by Farbar  Version: 07-02-2016 01

Ran by Irina.islambegovic (administrator) on 20-05-2016 at 16:40:48
Running from "C:\Users\Irina.islambegovic\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Model: HP ProBook 4540s Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Cisco AnyConnect VPN Virtual Miniport Adapter for Windows = Local Area Connection 2 (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 4 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : damircoric-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
PPP adapter l2:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : l2
   Physical Address. . . . . . . . . : 
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 178.77.51.184(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : B4-B5-2F-77-C6-BC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6cbb:5e6b:2d68:571e%21(Preferred) 
   Autoconfiguration IPv4 Address. . : 169.254.87.30(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 682931503
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-87-01-3E-20-68-9D-1A-58-B4
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wireless Network Connection 4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #3
   Physical Address. . . . . . . . . : 22-68-9D-1A-58-B4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 20-68-9D-1A-58-B4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 20-68-9D-1A-BA-52
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter 6TO4 Adapter:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:b24d:33b8::b24d:33b8(Preferred) 
   Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
                                       2002:c058:6301::1
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{C8128AEF-2D98-47A9-8D73-854609F4456A}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{EC8FC67A-BF14-4898-AD28-96D70C9B92C8}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{C6AAE434-4138-4E95-878E-327081268AEF}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.domain.name:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{F3788C08-4EF3-4DE5-96EA-79B23AC8F3B4}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    google.com
Addresses:  2a00:1450:400d:807::200e
 217.75.205.181
 217.75.205.174
 217.75.205.185
 217.75.205.163
 217.75.205.177
 217.75.205.144
 217.75.205.187
 217.75.205.152
 217.75.205.148
 217.75.205.165
 217.75.205.159
 217.75.205.154
 217.75.205.176
 217.75.205.155
 217.75.205.166
 217.75.205.170
 
 
Pinging google.com [217.75.205.181] with 32 bytes of data:
Reply from 217.75.205.181: bytes=32 time=13ms TTL=61
Reply from 217.75.205.181: bytes=32 time=12ms TTL=61
 
Ping statistics for 217.75.205.181:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 13ms, Average = 12ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=163ms TTL=53
Reply from 98.139.183.24: bytes=32 time=163ms TTL=53
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 163ms, Maximum = 163ms, Average = 163ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 44...........................l2
 21...b4 b5 2f 77 c6 bc ......Realtek PCIe GBE Family Controller
 18...22 68 9d 1a 58 b4 ......Microsoft Virtual WiFi Miniport Adapter #3
 17...20 68 9d 1a 58 b4 ......Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
 12...20 68 9d 1a ba 52 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         On-link     178.77.51.184     21
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
      169.254.0.0      255.255.0.0         On-link     169.254.87.30   4501
    169.254.87.30  255.255.255.255         On-link     169.254.87.30   4501
  169.254.255.255  255.255.255.255         On-link     169.254.87.30   4501
    178.77.51.184  255.255.255.255         On-link     178.77.51.184    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link     169.254.87.30   4502
        224.0.0.0        240.0.0.0         On-link     178.77.51.184     21
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link     169.254.87.30   4501
  255.255.255.255  255.255.255.255         On-link     178.77.51.184    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 19   1072 ::/0                     2002:c058:6301::c058:6301
 19   1071 ::/0                     2002:c058:6301::1
  1    306 ::1/128                  On-link
 19   1025 2002::/16                On-link
 19    281 2002:b24d:33b8::b24d:33b8/128
                                    On-link
 21    276 fe80::/64                On-link
 21    276 fe80::6cbb:5e6b:2d68:571e/128
                                    On-link
  1    306 ff00::/8                 On-link
 21    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
 
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
 
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
 
Catalog5 05 C:\Windows\System32\mswsock.dll [231424] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
 
Catalog5 07 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
 
**** End of log ****
 
 


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:23 AM

Posted 20 May 2016 - 10:18 AM

Thanks,

That is not a model number, as far as I can tell. Who is the manufacturer and is there other information that may look like a model number?

Do your recognize this?

Bosnia And Herzegovina Sarajevo Logosoft Information Engineering And Internet Providing

Please do this.

===================================================

Resetting Winsock in Windows 7/Vista

--------------------
  • Click Start, type cmd, right click on cmd above and select Run as administrator
  • Copy the following command, right-click in the open command prompt window and select Paste

netsh int ip reset c:\resetlog.txt

  • Press Enter
  • Rerun MiniToolBox and post the results
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Router information?
  • Do you recognize?
  • MTB.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Nevidljiva

Nevidljiva
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 20 May 2016 - 10:42 AM

I don`t have any information about router besides Paadigm technology inc and sticker with name of my internet provider Logosoft. Yes I recognize Logoft it is my internet provider. There is a strange new toolbar below my bookmark bar in Chrome and I got redirected to playbar.net and safefinder when trying to search or open something on the net.This happened before also.
 
MBT log
 
MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Irina.islambegovic (administrator) on 20-05-2016 at 17:36:45
Running from "C:\Users\Irina.islambegovic\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Model: HP ProBook 4540s Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Cisco AnyConnect VPN Virtual Miniport Adapter for Windows = Local Area Connection 2 (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 4 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : damircoric-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
PPP adapter l2:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : l2
   Physical Address. . . . . . . . . : 
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 178.77.33.74(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : B4-B5-2F-77-C6-BC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6cbb:5e6b:2d68:571e%21(Preferred) 
   Autoconfiguration IPv4 Address. . : 169.254.87.30(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 682931503
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-87-01-3E-20-68-9D-1A-58-B4
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Wireless LAN adapter Wireless Network Connection 4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #3
   Physical Address. . . . . . . . . : 22-68-9D-1A-58-B4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.name
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 20-68-9D-1A-58-B4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 20-68-9D-1A-BA-52
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter 6TO4 Adapter:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:b24d:214a::b24d:214a(Preferred) 
   Default Gateway . . . . . . . . . : 2002:c058:6301::1
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{C8128AEF-2D98-47A9-8D73-854609F4456A}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{EC8FC67A-BF14-4898-AD28-96D70C9B92C8}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{C6AAE434-4138-4E95-878E-327081268AEF}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.domain.name:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{F3788C08-4EF3-4DE5-96EA-79B23AC8F3B4}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    google.com
Addresses:  2a00:1450:4014:80a::200e
 217.75.205.152
 217.75.205.187
 217.75.205.181
 217.75.205.174
 217.75.205.155
 217.75.205.144
 217.75.205.176
 217.75.205.165
 217.75.205.159
 217.75.205.170
 217.75.205.177
 217.75.205.148
 217.75.205.163
 217.75.205.185
 217.75.205.166
 217.75.205.154
 
 
Pinging google.com [217.75.205.152] with 32 bytes of data:
Reply from 217.75.205.152: bytes=32 time=12ms TTL=61
Reply from 217.75.205.152: bytes=32 time=13ms TTL=61
 
Ping statistics for 217.75.205.152:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 13ms, Average = 12ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=163ms TTL=53
Reply from 98.139.183.24: bytes=32 time=161ms TTL=53
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 161ms, Maximum = 163ms, Average = 162ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 44...........................l2
 21...b4 b5 2f 77 c6 bc ......Realtek PCIe GBE Family Controller
 18...22 68 9d 1a 58 b4 ......Microsoft Virtual WiFi Miniport Adapter #3
 17...20 68 9d 1a 58 b4 ......Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
 12...20 68 9d 1a ba 52 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         On-link      178.77.33.74     21
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
      169.254.0.0      255.255.0.0         On-link     169.254.87.30   4501
    169.254.87.30  255.255.255.255         On-link     169.254.87.30   4501
  169.254.255.255  255.255.255.255         On-link     169.254.87.30   4501
     178.77.33.74  255.255.255.255         On-link      178.77.33.74    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link     169.254.87.30   4502
        224.0.0.0        240.0.0.0         On-link      178.77.33.74     21
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link     169.254.87.30   4501
  255.255.255.255  255.255.255.255         On-link      178.77.33.74    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 19   1072 ::/0                     2002:c058:6301::1
  1    306 ::1/128                  On-link
 19   1025 2002::/16                On-link
 19    281 2002:b24d:214a::b24d:214a/128
                                    On-link
 21    276 fe80::/64                On-link
 21    276 fe80::6cbb:5e6b:2d68:571e/128
                                    On-link
  1    306 ff00::/8                 On-link
 21    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
 
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
 
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
 
Catalog5 05 C:\Windows\System32\mswsock.dll [231424] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
 
Catalog5 07 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
 
**** End of log ****


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:23 AM

Posted 20 May 2016 - 12:07 PM

Thank you,
 

Reseting browsers didn1t solve the problem.

Did you also reset Internet Explorer? Do you get the same behavior with that browser?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Task: {8158CD27-386A-4A21-A19A-9F16ECFE7F89} - System32\Tasks\{ABB96D5C-1B10-41AD-B9D9-C7409C20F2EA} => pcalua.exe -a "C:\Program Files\HDvid Codec V1\Uninstall.exe" -c /fromcontrolpanel=1
C:\Program Files\HDvid Codec V1
Task: {CA4143EB-594E-4BCF-8117-32D076E89D92} - System32\Tasks\{8755A6DD-C010-4842-8236-C1A8DD3E2786} => pcalua.exe -a "D:\Burger Bustle 2 Ellie's Organics Setup.exe" -d D:\
Task: {D6021BFE-43B5-43D0-9D57-0F826922ADCD} - System32\Tasks\{78C84979-E88C-4109-A374-828D708C1BEB} => pcalua.exe -a "C:\Windows\Club Paradise\uninstall.exe" -c "/U:C:\Program Files\Club Paradise\Uninstall\uninstall.xml"
File: C:\Windows\Club Paradise\uninstall.exe
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Zoek by Smeenk - Scan and Automatic Cleanup

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 4 in the lower box to Do a Deep Scan and Automated Cleanup then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Browsers?
  • Fixlog
  • Zoek log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Nevidljiva

Nevidljiva
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 20 May 2016 - 01:11 PM

Internet explorer is also infected although I rarely use it. I get redirected, smart new tab appears, etc it is the same like on google chrome. Resetting IE didn`t help.

 

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x86) Version:19-05-2016

Ran by Irina.islambegovic (2016-05-20 19:12:46) Run:2
Running from C:\Users\Irina.islambegovic\Desktop
Loaded Profiles: Irina.islambegovic (Available Profiles: Irina.islambegovic)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Task: {8158CD27-386A-4A21-A19A-9F16ECFE7F89} - System32\Tasks\{ABB96D5C-1B10-41AD-B9D9-C7409C20F2EA} => pcalua.exe -a "C:\Program Files\HDvid Codec V1\Uninstall.exe" -c /fromcontrolpanel=1
C:\Program Files\HDvid Codec V1
Task: {CA4143EB-594E-4BCF-8117-32D076E89D92} - System32\Tasks\{8755A6DD-C010-4842-8236-C1A8DD3E2786} => pcalua.exe -a "D:\Burger Bustle 2 Ellie's Organics Setup.exe" -d D:\
Task: {D6021BFE-43B5-43D0-9D57-0F826922ADCD} - System32\Tasks\{78C84979-E88C-4109-A374-828D708C1BEB} => pcalua.exe -a "C:\Windows\Club Paradise\uninstall.exe" -c "/U:C:\Program Files\Club Paradise\Uninstall\uninstall.xml"
File: C:\Windows\Club Paradise\uninstall.exe
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8158CD27-386A-4A21-A19A-9F16ECFE7F89}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8158CD27-386A-4A21-A19A-9F16ECFE7F89}" => key removed successfully.
C:\Windows\System32\Tasks\{ABB96D5C-1B10-41AD-B9D9-C7409C20F2EA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ABB96D5C-1B10-41AD-B9D9-C7409C20F2EA}" => key removed successfully.
"C:\Program Files\HDvid Codec V1" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA4143EB-594E-4BCF-8117-32D076E89D92}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA4143EB-594E-4BCF-8117-32D076E89D92}" => key removed successfully.
C:\Windows\System32\Tasks\{8755A6DD-C010-4842-8236-C1A8DD3E2786} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8755A6DD-C010-4842-8236-C1A8DD3E2786}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6021BFE-43B5-43D0-9D57-0F826922ADCD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6021BFE-43B5-43D0-9D57-0F826922ADCD}" => key removed successfully.
C:\Windows\System32\Tasks\{78C84979-E88C-4109-A374-828D708C1BEB} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{78C84979-E88C-4109-A374-828D708C1BEB}" => key removed successfully.
 
========================= File: C:\Windows\Club Paradise\uninstall.exe ========================
 
File not signed
MD5: 76DA2C7C124183ACF74251DB2A336A79
Creation and modification date: 2016-02-06 18:32 - 2016-02-06 18:32
Size: 0577024
Attributes: ----A
Company Name: 
Internal Name: suf80_rt
Original Name: suf80_rt.exe
Product: Setup Factory 8.0 Runtime
Description: Setup Application
File Version: 8.1.1006.0
Product Version: 8.1.1006.0
Copyright: Runtime Engine Copyright © 2008 Indigo Rose Corporation (www.indigorose.com)
 
====== End of File: ======
 
 
==== End of Fixlog 19:12:47 ====
 
Zoek log
 
 
 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Irina.islambegovic on pet 20.05.2016 at 19:16:36,70.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Irina.islambegovic\Desktop\zoek.exe    [Scan all users]   [Deep Scan] [Auto Clean]
 
==== System Restore Info ======================
 
20.5.2016 19:19:04 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Program Files\Reason deleted successfully
C:\Program Files\Common Files\SWF Studio deleted successfully
C:\PROGRA~2\Validity deleted successfully
C:\PROGRA~2\{EB0535DA-8CF3-4A16-A92A-87BDC6432A9B} deleted successfully
C:\Users\Irina.islambegovic\AppData\Local\Skype deleted successfully
C:\Users\Irina.islambegovic\AppData\Local\Unity deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Running Processes ======================
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WinZip\FAHWindow32.exe
C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Irina.islambegovic\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Program Files\Reason not found
C:\PROGRA~2\{EB0535DA-8CF3-4A16-A92A-87BDC6432A9B} not found
C:\Program Files\File Identifier deleted
C:\Users\Irina.islambegovic\.android deleted
C:\Windows\system32\config\systemprofile\.android deleted
C:\Program Files\GUM8C9F.tmp deleted
C:\Program Files\Camp Funshine - Carrie the Caregiver 3 deleted
C:\Program Files\HP Universal Camera Driver deleted
C:\Users\Irina.islambegovic\AppData\Roaming\GiftBag.db deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping Blocks deleted
C:\Users\Irina.islambegovic\AppData\LocalLow\Unity deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
 
==== System Specs ======================
 
Windows: Windows 7 Professional Edition Service Pack 1 (Build 7601)
Memory (RAM): 2958 MB
CPU Info: Intel® Core™ i5-2450M CPU @ 2.50GHz
CPU Speed: 2512,2 MHz
Sound Card: Speakers (High Definition Audio | 
Display Adapters: Intel® HD Graphics 3000 | Intel® HD Graphics 3000 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: l2 | Realtek PCIe GBE Family Controller | Microsoft Virtual WiFi Miniport Adapter #3 | Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter | Bluetooth Device (Personal Area Network)
CD / DVD Drives: 1x (E: | ) E: hp      DVDRAM GT50N
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  307,9GB | D:  390,6GB
Hard Disks - Free: C:  233,1GB | D:  390,0GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 10/31/11 | HPQOEM - f
Time Zone: Central European Standard Time
Motherboard *: Hewlett-Packard 17F6
Country: Bosna i Hercegovina 
Language: BSB 
 
==== System Specs (Software) ======================
 
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Anti-Virus *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
Internet Explorer Version: 11.0.9600.18314 
Google Chrome version: 50.0.2661.102
Adobe Reader version: 15.16.20039.185268
Sun Java version: 1.8.0_91 (32-bit) 
Shockwave Player version: 12.2.1r171
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2016-04-21 14:37:40 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2016-04-21 14:37:40 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2016-04-21 14:37:40 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2016-04-21 14:37:40 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2016-04-21 14:37:39 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
====== C:\Users\IRINA~1.ISL\AppData\Local\Temp ====
2016-05-20 09:49:57 387D366CD459D08AEBC307A8B12E13E1 1310528 ----a-w- C:\Users\IRINA~1.ISL\AppData\Local\temp\dllnt_dump.dll
2016-05-20 09:49:57 387D366CD459D08AEBC307A8B12E13E1 1310528 ----a-w- C:\Users\Irina.islambegovic\AppData\Local\temp\dllnt_dump.dll
====== Java Cache =====
====== C:\Windows\system32 =====
2016-05-20 06:51:34 E9F47E13C6305BE07C75C223EA0B9CE8 438568 ----a-w- C:\Windows\System32\FNTCACHE.DAT
2016-05-18 14:08:08 5BD233EE77616373D9B6CF7F112D0CB1 142528 ----a-w- C:\Windows\System32\FlashPlayerCPLApp.cpl
2016-05-18 14:08:08 007681EDB11DECD1F89641FF98A32409 797376 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
2016-05-18 13:55:20 AA42AAC0000253E8FF25C769C3D827B8 95808 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll
2016-05-11 07:34:18 C84D6B9A0AC864D637DB8F12CE2123A8 306176 ----a-w- C:\Windows\System32\gdi32.dll
2016-05-11 07:34:17 8098ED20E478CC1BCBB335FFF6764EF2 603648 ----a-w- C:\Windows\System32\d3d10level9.dll
2016-05-11 07:34:17 525B93B761DCCB2D33A58ED603178228 1230848 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2016-05-11 07:34:15 6A9AE6A5BBF0A87EFDA0D85CCC852396 2397696 ----a-w- C:\Windows\System32\win32k.sys
2016-05-11 07:34:13 D73C9595BB613D736FF6240BF272F07E 19968 ----a-w- C:\Windows\System32\jnwmon.dll
2016-05-11 07:34:12 1F1D2BEAB6295511F5FF121ADDC1FF28 216064 ----a-w- C:\Windows\System32\InkEd.dll
2016-05-11 07:34:07 E1E4376C8B74BAFC599383699BDBB5B5 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-05-11 07:33:59 20CCB08C50B558E2FD21286DEEBFC949 60416 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-05-11 07:33:58 EB28AEBBAB4DF479E5379A0ED254E05A 346312 ----a-w- C:\Windows\System32\iedkcs32.dll
2016-05-11 07:33:58 AD02E683D6D598D4899FE5733A9711E1 30720 ----a-w- C:\Windows\System32\iernonce.dll
2016-05-11 07:33:58 8B509B1AB7F34205B32A584391095B6D 667648 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-05-11 07:33:58 7B262F0276914682688BA4EDA0427D82 689664 ----a-w- C:\Windows\System32\ie4uinit.exe
2016-05-11 07:33:58 79038436F8149140804E594FAC75DC62 130048 ----a-w- C:\Windows\System32\occache.dll
2016-05-11 07:33:58 7307C4B6E9DC8611A4EADE67B37BA1FE 102912 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-05-11 07:33:58 597F91AD234C33E1F2E57DFA3F487F8E 47616 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-05-11 07:33:58 1088B22FC16C769B6F1D130C64A575C1 91136 ----a-w- C:\Windows\System32\inseng.dll
2016-05-11 07:33:57 92447454D422B61098722F3E32FDA108 1312256 ----a-w- C:\Windows\System32\urlmon.dll
2016-05-11 07:33:57 4D4AFCB56FDE1C0E3FB8EC04DF78215E 115712 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-05-11 07:33:57 496DB0A700A16F907C163B5C38AF144B 47104 ----a-w- C:\Windows\System32\jsproxy.dll
2016-05-11 07:33:56 944E9682639592534699338EB0CDBBD3 620032 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-05-11 07:33:55 C47F1C3B0BCD0FD8414504866B217CBF 416256 ----a-w- C:\Windows\System32\dxtmsft.dll
2016-05-11 07:33:55 9A2D3244780C31C7F393A420A82DBADB 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-05-11 07:33:55 65FD7525C425EB13A107B3CCED39C5EC 693248 ----a-w- C:\Windows\System32\msfeeds.dll
2016-05-11 07:33:55 1D71FF7ED3DAC131F25C3D9B975DEE3F 710144 ----a-w- C:\Windows\System32\ieapfltr.dll
2016-05-11 07:33:54 DA6C32EDF3475EC53D2764C9C89D0AED 230400 ----a-w- C:\Windows\System32\webcheck.dll
2016-05-11 07:33:54 A77B4ECEAE257BADF43E3DB157D06FDD 2056192 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-05-11 07:33:54 A124ECF6569252EA3B4EFD8C06D8F4D5 62464 ----a-w- C:\Windows\System32\iesetup.dll
2016-05-11 07:33:54 032534A6D0983132206BCD386842F3DB 168960 ----a-w- C:\Windows\System32\msrating.dll
2016-05-11 07:33:53 8EF022E16150BFAFC7DBB795C43C6BA2 2121216 ----a-w- C:\Windows\System32\wininet.dll
2016-05-11 07:33:53 715C6CFC79EC368461730E0CB3AA9B78 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-05-11 07:33:52 AE291D2064C8819550EC5BDB8A3C811B 476160 ----a-w- C:\Windows\System32\ieui.dll
2016-05-11 07:33:52 1D2A4F6731F5C839CB06BFB42A2D17DE 279040 ----a-w- C:\Windows\System32\dxtrans.dll
2016-05-11 07:33:51 F6E942EACAF8BCDD0585EC37C0AEEA1E 13811200 ----a-w- C:\Windows\System32\ieframe.dll
2016-05-11 07:33:50 805B2423E2A6748558A102D4AE2B8845 341504 ----a-w- C:\Windows\System32\html.iec
2016-05-11 07:33:50 5977D8883562E79DB1883EAA76BF1796 76288 ----a-w- C:\Windows\System32\mshtmled.dll
2016-05-11 07:33:50 2975F5A31DA534F4988EE7F423885CDD 1155072 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-05-11 07:33:49 6B0E7E0684D6F01C5B79B2CFBBF86D87 64000 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-05-11 07:33:49 2A60FB02AFE1B0C908462F8B82C80416 2285568 ----a-w- C:\Windows\System32\iertutil.dll
2016-05-11 07:33:48 63A16C06142DC21B143C1694F0E98FD4 20350464 ----a-w- C:\Windows\System32\mshtml.dll
2016-05-11 07:33:47 C318703CA34BC44AD328756B790D64BE 663552 ----a-w- C:\Windows\System32\jscript.dll
2016-05-11 07:33:47 63C5906CDB3851B7FEFE0159E4E283C4 4611072 ----a-w- C:\Windows\System32\jscript9.dll
2016-05-11 07:33:47 2E220AC0726E93012CFF802E6CC976D6 497152 ----a-w- C:\Windows\System32\vbscript.dll
2016-05-11 07:33:24 55BAF523383B955141C89C71D88F79E7 3998952 ----a-w- C:\Windows\System32\ntkrnlpa.exe
2016-05-11 07:33:24 0060068CC288885E7FFDF18D079CA1DD 553472 ----a-w- C:\Windows\System32\kerberos.dll
2016-05-11 07:33:23 9DF92D5FDDF0E397229BDC99F96EAF50 3943144 ----a-w- C:\Windows\System32\ntoskrnl.exe
2016-05-11 07:33:23 8B6D57C68E162097118823B526CAF15F 1062400 ----a-w- C:\Windows\System32\lsasrv.dll
2016-05-11 07:33:23 3E74E11A72A2318ACA5DF36C970C5D51 655360 ----a-w- C:\Windows\System32\rpcrt4.dll
2016-05-11 07:33:23 387D366CD459D08AEBC307A8B12E13E1 1310528 ----a-w- C:\Windows\System32\ntdll.dll
2016-05-11 07:33:23 039567AA833DDAC96E85880204516424 644096 ----a-w- C:\Windows\System32\advapi32.dll
2016-05-11 07:33:22 F3BDC789FC0F08E49161F503913EC540 141312 ----a-w- C:\Windows\System32\rpchttp.dll
2016-05-11 07:33:22 F11B94DD3C78CC2878206D84E97D6943 223232 ----a-w- C:\Windows\System32\ncrypt.dll
2016-05-11 07:33:22 F07DBB814DD09ACAAE456DCA10ACBEFA 22016 ----a-w- C:\Windows\System32\secur32.dll
2016-05-11 07:33:22 CE0731E4B4236639F57C975376D55252 38912 ----a-w- C:\Windows\System32\csrsrv.dll
2016-05-11 07:33:22 B96C54CACF98A9065331AEC9E3490687 99840 ----a-w- C:\Windows\System32\sspicli.dll
2016-05-11 07:33:22 B853BACE5D47FD22AC8E34AF3FF38293 400896 ----a-w- C:\Windows\System32\srcore.dll
2016-05-11 07:33:22 B787A7C9B6CD553649F4148CA1ADD394 171520 ----a-w- C:\Windows\System32\wdigest.dll
2016-05-11 07:33:22 9AB8911144C6ED982189E89752C9975B 43008 ----a-w- C:\Windows\System32\srclient.dll
2016-05-11 07:33:22 9A8D915E33F63746CA30CDD7D303F2B7 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2016-05-11 07:33:22 941DBDF26F96718BF0B5C5E692DBFDDD 262656 ----a-w- C:\Windows\System32\rstrui.exe
2016-05-11 07:33:22 910ED0DF49A5A02059BB224B99C689D2 22016 ----a-w- C:\Windows\System32\lsass.exe
2016-05-11 07:33:22 8333787D8FCA460C0DD70436464A8A8D 29696 ----a-w- C:\Windows\System32\appidsvc.dll
2016-05-11 07:33:22 6BC921FF016A5BD8EC60578ACBF3324F 69632 ----a-w- C:\Windows\System32\smss.exe
2016-05-11 07:33:22 645D048B2D9AF4CDF299AB93B6A4631D 97792 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2016-05-11 07:33:22 59A55027D3239BDFB3C06EEDA15EFCBB 65536 ----a-w- C:\Windows\System32\TSpkg.dll
2016-05-11 07:33:22 5490A3788CF61248DC3423F279ABF876 251392 ----a-w- C:\Windows\System32\schannel.dll
2016-05-11 07:33:22 5225DAD8684A316587B5F0AC56B50B59 17408 ----a-w- C:\Windows\System32\credssp.dll
2016-05-11 07:33:22 4A3C137270473F865FB652CE5EFF2D95 260608 ----a-w- C:\Windows\System32\msv1_0.dll
2016-05-11 07:33:22 3F6179FCEC6473F79FFA75B6ED7C7E11 36352 ----a-w- C:\Windows\System32\cryptbase.dll
2016-05-11 07:33:22 35F6D2FAC5B11D9A8457BDF182CCC7F5 50176 ----a-w- C:\Windows\System32\setbcdlocale.dll
2016-05-11 07:33:22 0ED7981D7FFB58AF23E85289F6104B0D 50176 ----a-w- C:\Windows\System32\auditpol.exe
2016-05-11 07:33:22 0ABA313538EA960A66DBCB2AF20EF267 50688 ----a-w- C:\Windows\System32\appidapi.dll
2016-05-11 07:33:22 01EB167CB5796CAF1F4EBAA717E671D8 15872 ----a-w- C:\Windows\System32\sspisrv.dll
2016-05-11 07:33:21 CEDF8CBE4AE24A70421DA9319B60B079 146432 ----a-w- C:\Windows\System32\msaudite.dll
2016-05-11 07:33:21 89F158101922E0AEE59FC6094135F440 60416 ----a-w- C:\Windows\System32\msobjs.dll
2016-05-11 07:33:21 30EE614007B9180EBFAB405A9E8132E3 690688 ----a-w- C:\Windows\System32\adtschema.dll
2016-05-11 07:33:21 2B8D91FEA19E796F0C4DAEC5DDBED6B9 16896 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2016-05-11 07:32:42 CAC0B52373068BE0BF55A49D2BCD9BAF 107520 ----a-w- C:\Windows\System32\cdd.dll
====== C:\Windows\system32\drivers =====
2016-05-20 15:19:21 5023F594D5448E16F920157174C61358 170200 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-05-19 19:34:12 A1D52DB330E18B5A7A718D31D950CA87 24448 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-05-19 19:34:12 66DDF98174707CBADBCA6BBABDA1231C 53120 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-05-19 19:34:12 22649DC583AE1F124C12FB1D39AE8B0B 126336 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-05-11 12:14:47 95F53A2E794EF13EE411DD2F2F7C3A31 305928 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2016-05-11 07:33:23 D94D58A52BFC1352E82EBECADE518B6D 137960 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-05-11 07:33:23 C04D36B97BCEE4A83EC34325A3424768 124416 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-05-11 07:33:23 37507B2F0EA8C2A7CFE120E6EE2128B5 67304 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-05-11 07:33:22 C7F5CAE0B450BE875EEE0E6DDFA771FE 50688 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-05-11 07:33:22 8758312AE2602620E6C972F527EC64ED 98304 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-05-11 07:33:22 84D65385A4DF3577C9CA697B67DFCE26 226304 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-05-11 07:32:43 4B21D102E49E9D44C478D6766A7FCBE5 730344 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2016-05-11 07:32:42 2201679A6CBD50141AF5C79C6F2CFA0D 218856 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2016-05-07 10:36:01 B9BB8E2093C1615AD6EA55AD96214354 27192 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2016-05-03 20:56:20 0C997B061E3C66BD9E927C1288EB1CC7 24688 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2016-04-27 19:53:26 2FB9B034CC55F84516A4CE5BBC8C5417 38520 ----a-w- C:\Windows\System32\drivers\DasPtct.SYS
====== C:\Windows\Tasks ======
2016-05-18 14:08:14 B982F0FAD11722DBBBB254FD724C06A0 3768 ----a-w- C:\Windows\system32\Tasks\Adobe Flash Player Updater
2016-05-18 14:08:13 B1E43956BE7E587E07DADEFA2DDE7AB9 830 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-23 19:23:05 627426C20B8F173A3735747B1C62E6C3 3134 ----a-w- C:\Windows\system32\Tasks\{B53E267F-2E54-475C-BEA9-4B9C6E8EAFB0}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2016-05-18 13:56:11 -------- d-----w- C:\Program Files\Common Files\Java
2016-05-07 10:36:00 -------- d-----w- C:\Program Files\VS Revo Group
2016-05-04 21:43:33 -------- d-----w- C:\Program Files\Enigma Software Group
2016-05-03 20:55:34 -------- d-----w- C:\Program Files\RogueKiller
2016-04-29 12:01:53 -------- d-----w- C:\Program Files\ESET
2016-04-29 09:27:12 -------- d-----w- C:\Program Files\Exterminate It!
2016-04-21 14:28:59 -------- d-----w- C:\Program Files\Common Files\Lavasoft
======= C: =====
====== C:\Users\Irina.islambegovic\AppData\Roaming ======
2016-05-20 10:49:22 59EE83ABED6D99698F44EEAFA8267A94 112656 ----a-w- C:\Users\IRINA~1.ISL\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-20 10:49:22 59EE83ABED6D99698F44EEAFA8267A94 112656 ----a-w- C:\Users\Irina.islambegovic\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-18 18:07:20 -------- d-----w- C:\Users\Public\AppData\Local\temp
2016-05-18 18:07:20 -------- d-----w- C:\Users\Default\AppData\Local\temp
2016-05-18 18:07:20 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2016-05-16 18:05:41 -------- d-----w- C:\Users\IRINA~1.ISL\AppData\Local\Diagnostics
2016-05-16 18:05:41 -------- d-----w- C:\Users\Irina.islambegovic\AppData\Local\Diagnostics
2016-05-11 15:12:14 016A654BA8FB7A7C5968C0776537A2E7 433587 ----a-w- C:\Users\IRINA~1.ISL\AppData\Local\census.cache
2016-05-11 15:12:14 016A654BA8FB7A7C5968C0776537A2E7 433587 ----a-w- C:\Users\Irina.islambegovic\AppData\Local\census.cache
2016-05-11 15:11:56 F02FB6BC31473DBD0CECF65A0F9A57FB 426151 ----a-w- C:\Users\IRINA~1.ISL\AppData\Local\ars.cache
2016-05-11 15:11:56 F02FB6BC31473DBD0CECF65A0F9A57FB 426151 ----a-w- C:\Users\Irina.islambegovic\AppData\Local\ars.cache
2016-05-11 12:27:26 A4B915DD8CED07CD05462514AE5C7AB7 10 ----a-w- C:\Users\IRINA~1.ISL\AppData\Local\sponge.last.runtime.cache
2016-05-11 12:27:26 A4B915DD8CED07CD05462514AE5C7AB7 10 ----a-w- C:\Users\Irina.islambegovic\AppData\Local\sponge.last.runtime.cache
2016-05-11 12:14:31 D0DB51B18065A4781C696E6459DB5F9B 36 ----a-w- C:\Users\IRINA~1.ISL\AppData\Local\housecall.guid.cache
2016-05-11 12:14:31 D0DB51B18065A4781C696E6459DB5F9B 36 ----a-w- C:\Users\Irina.islambegovic\AppData\Local\housecall.guid.cache
2016-05-07 13:16:06 -------- d-----w- C:\Users\IRINA~1.ISL\AppData\Local\temp
2016-05-07 13:16:06 -------- d-----w- C:\Users\Irina.islambegovic\AppData\Local\temp
2016-05-07 10:36:13 -------- d-----w- C:\Users\IRINA~1.ISL\AppData\Local\VS Revo Group
2016-05-07 10:36:13 -------- d-----w- C:\Users\Irina.islambegovic\AppData\Local\VS Revo Group
2016-05-04 21:43:37 -------- d-----w- C:\Users\IRINA~1.ISL\AppData\Roaming\Enigma Software Group
2016-05-04 21:43:37 -------- d-----w- C:\Users\Irina.islambegovic\AppData\Roaming\Enigma Software Group
2016-05-04 21:43:34 -------- d-----w- C:\Users\IRINA~1.ISL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2016-05-04 21:43:34 -------- d-----w- C:\Users\Irina.islambegovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2016-05-04 16:40:03 -------- d-----w- C:\Users\IRINA~1.ISL\AppData\Local\VirtualStore
2016-05-04 16:40:03 -------- d-----w- C:\Users\Irina.islambegovic\AppData\Local\VirtualStore
2016-05-02 16:52:53 -------- d-----w- C:\Users\IRINA~1.ISL\AppData\Locallow\uTorrent
2016-05-02 16:52:53 -------- d-----w- C:\Users\Irina.islambegovic\AppData\Locallow\uTorrent
2016-04-29 09:27:53 -------- d-----w- C:\Users\IRINA~1.ISL\AppData\Roaming\Curiolab
2016-04-29 09:27:53 -------- d-----w- C:\Users\Irina.islambegovic\AppData\Roaming\Curiolab
2016-04-21 14:30:10 -------- d-----w- C:\Users\IRINA~1.ISL\AppData\Roaming\LavasoftStatistics
2016-04-21 14:30:10 -------- d-----w- C:\Users\Irina.islambegovic\AppData\Roaming\LavasoftStatistics
====== C:\Users\Irina.islambegovic ======
2016-05-20 14:35:53 F794E988B53804105BF915ABDAFAFCD7 891392 ----a-w- C:\Users\IRINA~1.ISL\Desktop\MiniToolBox.exe
2016-05-20 14:35:53 F794E988B53804105BF915ABDAFAFCD7 891392 ----a-w- C:\Users\Irina.islambegovic\Desktop\MiniToolBox.exe
2016-05-19 19:39:18 AF4B40D4F96E233B65FC9861967299C2 1732608 ----a-w- C:\Users\IRINA~1.ISL\Desktop\FRST.exe
2016-05-19 19:39:18 AF4B40D4F96E233B65FC9861967299C2 1732608 ----a-w- C:\Users\Irina.islambegovic\Desktop\FRST.exe
2016-05-19 19:33:21 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\Users\IRINA~1.ISL\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-19 19:33:21 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\Users\Irina.islambegovic\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-19 15:41:04 D8A65ADFDA097A239831D28418BDBF5E 2953520 ----a-w- C:\Users\IRINA~1.ISL\Downloads\avast-browser-cleanup (1).exe
2016-05-19 15:41:04 D8A65ADFDA097A239831D28418BDBF5E 2953520 ----a-w- C:\Users\Irina.islambegovic\Downloads\avast-browser-cleanup (1).exe
2016-05-18 17:26:36 D0EB45DEF6549458A9E3A23A953A036F 1610816 ----a-w- C:\Users\IRINA~1.ISL\Desktop\JRT.exe
2016-05-18 17:26:36 D0EB45DEF6549458A9E3A23A953A036F 1610816 ----a-w- C:\Users\Irina.islambegovic\Desktop\JRT.exe
2016-05-18 16:34:10 67B0906B68164E807BD5691C67696DA4 16563352 ----a-w- C:\Users\IRINA~1.ISL\Desktop\mbar-1.09.3.1001.exe
2016-05-18 16:34:10 67B0906B68164E807BD5691C67696DA4 16563352 ----a-w- C:\Users\Irina.islambegovic\Desktop\mbar-1.09.3.1001.exe
2016-05-18 14:45:24 276301DE3892CC50045EF3721DBFA08A 3651136 ----a-w- C:\Users\IRINA~1.ISL\Desktop\adwcleaner_5.117 (1).exe
2016-05-18 14:45:24 276301DE3892CC50045EF3721DBFA08A 3651136 ----a-w- C:\Users\Irina.islambegovic\Desktop\adwcleaner_5.117 (1).exe
2016-05-18 13:55:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-17 12:58:30 -------- d-----w- C:\ProgramData\Sophos
2016-05-16 20:49:15 D8A65ADFDA097A239831D28418BDBF5E 2953520 ----a-w- C:\Users\IRINA~1.ISL\Downloads\avast-browser-cleanup.exe
2016-05-16 20:49:15 D8A65ADFDA097A239831D28418BDBF5E 2953520 ----a-w- C:\Users\Irina.islambegovic\Downloads\avast-browser-cleanup.exe
2016-05-15 20:08:11 276301DE3892CC50045EF3721DBFA08A 3651136 ----a-w- C:\Users\IRINA~1.ISL\Downloads\adwcleaner_5.117.exe
2016-05-15 20:08:11 276301DE3892CC50045EF3721DBFA08A 3651136 ----a-w- C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.117.exe
2016-05-11 12:20:47 -------- d-----w- C:\ProgramData\Trend Micro
2016-05-10 19:31:23 9416BBA7C68CEAA308C3775EB7CC56D2 3640384 ----a-w- C:\Users\IRINA~1.ISL\Downloads\adwcleaner_5.116 (1).exe
2016-05-10 19:31:23 9416BBA7C68CEAA308C3775EB7CC56D2 3640384 ----a-w- C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.116 (1).exe
2016-05-09 19:54:58 9416BBA7C68CEAA308C3775EB7CC56D2 3640384 ----a-w- C:\Users\IRINA~1.ISL\Downloads\adwcleaner_5.116.exe
2016-05-09 19:54:58 9416BBA7C68CEAA308C3775EB7CC56D2 3640384 ----a-w- C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.116.exe
2016-05-07 10:36:01 -------- d-----w- C:\ProgramData\VS Revo Group
2016-05-07 10:36:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-05-05 08:15:50 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2016-05-03 20:55:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-05-03 20:55:27 -------- d-----w- C:\ProgramData\RogueKiller
2016-04-29 09:27:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2016-04-28 08:15:08 -------- d-----w- C:\ProgramData\HitmanPro
2016-04-26 12:27:27 -------- d-----w- C:\ProgramData\InstallMachine
2016-04-22 09:41:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2016-04-21 14:55:18 -------- d-----w- C:\Users\Public\AppData
2016-04-21 14:28:09 -------- d-----w- C:\ProgramData\Lavasoft
 
====== C: exe-files ==
2016-05-20 14:35:53 F794E988B53804105BF915ABDAFAFCD7 891392 ----a-w- C:\Users\Irina.islambegovic\Desktop\MiniToolBox.exe
2016-05-19 19:39:18 AF4B40D4F96E233B65FC9861967299C2 1732608 ----a-w- C:\Users\Irina.islambegovic\Desktop\FRST.exe
2016-05-19 19:33:21 52F4695C53B02ADA7D648F95F2E2F8B4 22851472 ----a-w- C:\Users\Irina.islambegovic\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-19 15:41:04 D8A65ADFDA097A239831D28418BDBF5E 2953520 ----a-w- C:\Users\Irina.islambegovic\Downloads\avast-browser-cleanup (1).exe
2016-05-18 17:26:36 D0EB45DEF6549458A9E3A23A953A036F 1610816 ----a-w- C:\Users\Irina.islambegovic\Desktop\JRT.exe
2016-05-18 16:34:10 67B0906B68164E807BD5691C67696DA4 16563352 ----a-w- C:\Users\Irina.islambegovic\Desktop\mbar-1.09.3.1001.exe
2016-05-18 14:45:24 276301DE3892CC50045EF3721DBFA08A 3651136 ----a-w- C:\Users\Irina.islambegovic\Desktop\adwcleaner_5.117 (1).exe
2016-05-18 14:08:08 007681EDB11DECD1F89641FF98A32409 797376 ----a-w- C:\Windows\System32\FlashPlayerApp.exe
2016-05-18 14:07:50 1115BE7832A7FA6005CB06AA20CDBB5C 77312 ----a-w- C:\Users\Irina.islambegovic\AppData\Local\Adobe\0AE62392-078E-4B50-AB24-0E01E02D7C07\gtcheck.exe
2016-05-18 14:07:49 AD6274FC24DF32A8433FDC7969CD5AD3 121856 ----a-w- C:\Users\Irina.islambegovic\AppData\Local\Adobe\0AE62392-078E-4B50-AB24-0E01E02D7C07\gccheck_small.exe
2016-05-18 13:55:21 D117B71E46E9156F1C88146E6F5EDB03 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe
2016-05-18 13:55:21 0BA64EAF4F4080DA2FB79DCC05CB2A14 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe
2016-05-18 13:55:20 28AC474C021D764DF31736CB9B47DD88 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe
2016-05-18 13:55:05 BA45896DE4744CC7AB7EAECF59D6758C 16448 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\orbd.exe
2016-05-18 13:55:05 AFB89E0B881A2F9F0135AB8984B9FC53 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\pack200.exe
2016-05-18 13:55:05 76E017B33C2C0F72CBBDB77251B00658 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\rmid.exe
2016-05-18 13:55:05 6C58D1081EC589813A197E81CA5CB85C 159296 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\unpack200.exe
2016-05-18 13:55:05 56B31942246558D41498912CA9868DF2 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\servertool.exe
2016-05-18 13:55:05 38E67313028C22B78E26D7860494015E 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\policytool.exe
2016-05-18 13:55:05 2C02E97DF732010028B565DA92F3CB0F 51776 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\ssvagent.exe
2016-05-18 13:55:05 1F3D5C9A2D230CDE5B2120AA0F3721B6 16448 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\tnameserv.exe
2016-05-18 13:55:05 1CB2916C0CC541F2A4AC28DAC03F1833 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\rmiregistry.exe
2016-05-18 13:55:04 D8065554BA4D664A55F57F76E1B4F9E3 77888 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\jp2launcher.exe
2016-05-18 13:55:04 D26A12768BFA19B5565F82DF16B85192 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\kinit.exe
2016-05-18 13:55:04 B6AAFABF90E5FE4683690793F2963388 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\keytool.exe
2016-05-18 13:55:04 2EBB23647400B52B56815FEBC59DCCF7 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\ktab.exe
2016-05-18 13:55:04 2ABC222E2C3E728136516D6390BDF447 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\klist.exe
2016-05-18 13:55:03 DE2D3B374C6EFA769028B811A1203FB1 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\jjs.exe
2016-05-18 13:55:03 D117B71E46E9156F1C88146E6F5EDB03 191552 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\javaw.exe
2016-05-18 13:55:03 CCCE1ACFFBFCB34B5F3CD157A78522F8 68672 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\javacpl.exe
2016-05-18 13:55:03 AFD756C629D5527D1CFE3BE9D6EBB416 30784 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\jabswitch.exe
2016-05-18 13:55:03 28AC474C021D764DF31736CB9B47DD88 191040 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\java.exe
2016-05-18 13:55:03 0BA64EAF4F4080DA2FB79DCC05CB2A14 268352 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\javaws.exe
2016-05-18 13:55:03 09EABD6F36ECC85644DCE5C3BD709F29 15936 ----a-w- C:\Program Files\Java\jre1.8.0_91\bin\java-rmi.exe
2016-05-17 12:20:15 1D2AD5926FFA15FF1CFE597B559B1391 1276105 ----a-w- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe
2016-05-16 20:49:15 D8A65ADFDA097A239831D28418BDBF5E 2953520 ----a-w- C:\Users\Irina.islambegovic\Downloads\avast-browser-cleanup.exe
2016-05-16 20:41:31 900458F3ADBFB0D808AF0170DAA58B5A 616616 ------w- C:\Users\Irina.islambegovic\Desktop\Autoruns (1)\autorunsc.exe
2016-05-16 20:41:31 1696B21ECB054A46E5270F0F4798F5FC 704672 ------w- C:\Users\Irina.islambegovic\Desktop\Autoruns (1)\Autoruns.exe
2016-05-16 18:35:11 4905FA996B0BCD4D7C3504776CFB66D0 796744 ----a-w- C:\Program Files\RogueKiller\unins000.exe
2016-05-16 16:44:12 D3F63AAF649149F3ABFE654DFEDC1DCD 11826360 ----a-w- C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe
2016-05-15 20:08:11 276301DE3892CC50045EF3721DBFA08A 3651136 ----a-w- C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.117.exe
=== C: other files ==
2016-05-20 15:19:21 5023F594D5448E16F920157174C61358 170200 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-05-20 14:48:00 39BAED97731EE49DCC5440F402DFAA03 68907 ----a-w- C:\Users\Irina.islambegovic\Desktop\Summary.zip
2016-05-19 19:34:12 A1D52DB330E18B5A7A718D31D950CA87 24448 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-05-19 19:34:12 66DDF98174707CBADBCA6BBABDA1231C 53120 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-05-19 19:34:12 22649DC583AE1F124C12FB1D39AE8B0B 126336 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-05-18 13:55:06 CB600FFB53D99A9B07EB870111BA7470 14130 ----a-w- C:\Program Files\Java\jre1.8.0_91\lib\deploy\ffjcext.zip
2016-05-16 20:39:40 F46E92DE5CEF3BB5892CACD0B43351DA 615478 ----a-w- C:\Users\Irina.islambegovic\Downloads\Autoruns (1).zip
 
==== Orphaned Tasks deleted from Registry ======================
 
Hewlett-Packard\HP Active Health deleted
HPCeeScheduleForIrina.islambegovic deleted
{39058B71-E129-4C76-AF42-2275E5A404AE} deleted
{D3EAA1BF-C5C2-4971-8853-76FA373E17F5} deleted
 
==== Startup Registry Enabled ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"Communicator"="C:\Program Files\Microsoft Lync\communicator.exe /fromrunkey"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
"Malwarebytes Anti-Exploit"="C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0FO\\kloehk.dll C:\\PROGRA~1\\KASPER~1\\KASPER~1.0FO\\adialhk.dll"
 
==== Startup Registry Disabled ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"hkey"="HKLM"
"item"="APSDaemon"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PrnStatusMX]
"command"="C:\\Program Files\\Hewlett-Packard\\PrnStatusMX\\PrnStatusMX.exe"
"hkey"="HKLM"
"item"="PrnStatusMX"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
"hkey"="HKLM"
"item"="SunJavaUpdateSched"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Duplicati.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Duplicati.lnk"
"backup"="C:\\Windows\\pss\\Duplicati.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\DUPLIC~1\\DUD63B~1.EXE "
"item"="Duplicati"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Notifier.lnk]
"backup"="C:\\Windows\\pss\\Update Notifier.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files\\WinZip\\WZUpdateNotifier.exe"
"item"="Update Notifier"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Update Notifier.lnk"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk]
"backup"="C:\\Windows\\pss\\WinZip Preloader.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files\\WinZip\\WzPreloader.exe"
"item"="WinZip Preloader"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinZip Preloader.lnk"
 
 
==== Startup Folders ======================
 
2015-11-27 23:36:22 1961 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18.05.2016 16:08]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [30.08.2015 21:10]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [30.08.2015 21:10]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\UninstallMonitor" [C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{F3369428-29E0-4CD2-96D7-FE29075D2E7E}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\system32\tasks\{1429B858-A96F-4985-ACAD-1A08DA38AC8B}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.21.0.104/en/abandoninstall?page=tsPlugin]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Chromium Look ======================
 
 
Google Slides - Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Sheets - Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AdblockPro - Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch
Gmail - Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - IRINA~1.ISL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - IRINA~1.ISL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - IRINA~1.ISL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - IRINA~1.ISL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Sheets - IRINA~1.ISL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - IRINA~1.ISL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - IRINA~1.ISL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AdblockPro - IRINA~1.ISL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch
Gmail - IRINA~1.ISL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Fix ======================
 
C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully
C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{1FF4F776-C4BD-468B-9072-F0F694295B3F}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
 
==== HijackThis Entries ======================
 
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: FAH.lnk = C:\Program Files\WinZip\FAHConsole.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Shopping%20Blocks/Images/stg_drm.ocx
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Shopping%20Blocks/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{79B404E9-B2A7-4BCE-84D8-A5D620E6BC2C}: NameServer = 8.8.8.8 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC8FC67A-BF14-4898-AD28-96D70C9B92C8}: NameServer = 8.8.8.8 8.8.4.4
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: ICM_UpdaterService Disp (ICM_UpdaterService) - Unknown owner - C:\Program Files\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
 
==== Empty IE Cache ======================
 
C:\Users\Irina.islambegovic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Irina.islambegovic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\IRINA~1.ISL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\IRINA~1.ISL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Irina.islambegovic\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\IRINA~1.ISL\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\IRINA~1.ISL\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=120 folders=12 7832206 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Irina.islambegovic\AppData\Local\temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\IRINA~1.ISL\AppData\Local\temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\IRINA~1.ISL\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
 
==== EOF on pet 20.05.2016 at 20:04:23,11 ======================


#8 Nevidljiva

Nevidljiva
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 20 May 2016 - 01:41 PM

Maybe this can help you too

 

Malwarebytes found this, second entry (file) is new to me

 

Registry Values: 1
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-3780152140-139227125-843777247-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://un-stop.biz/wpad.dat?43b878b802320dcaf85ee48a509fcecd8956881, , [012623b5abeed46286b11fb2e51ee51b] - this value can`t be permanently deleted from registry no matter what I do
 
Files: 1
PUP.Optional.TerraClicks.ShrtCln, C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (www.terraclicks.com), ,[42e527b1c9d07fb77f399ad83fc5ff01]

Edited by Nevidljiva, 20 May 2016 - 01:42 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:23 AM

Posted 20 May 2016 - 01:59 PM

Thank you. Have you ever done a factory reset of your router and/or know how to do that? Just asking for now.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Nevidljiva

Nevidljiva
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 20 May 2016 - 02:05 PM

I didn`t do factory reset of my router I don`t think that the option is available since it is not wireless router but at least in last 5-10 minutes I was able to use chrome normally without being redirected to strange sites or pop ups.

 

edit

 

There is a reset button on the side but I never used it 


Edited by Nevidljiva, 20 May 2016 - 02:12 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:23 AM

Posted 20 May 2016 - 02:19 PM

OK thank you. Just wondering for now.

Please do these things.

===================================================

Resetting Registry Proxy Settings

--------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reboot:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • Your computer will automatically reboot
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

SystemLook by jpshortstuff

--------------------
  • Right-click SystemLook.exe and select Run as administrator...
  • Copy the content of the following codebox into the main textfield:
:filefind
Service.exe
*WebSearcher*
*fiddler*
:folderfind
*WebSearcher*
:regfind
WebSearcher
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply
===================================================

Rerun a FRST scan and make sure Addition.txt is checked.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • SystemLook report
  • FRST.txt
  • Addition.txt
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Nevidljiva

Nevidljiva
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 20 May 2016 - 02:33 PM

There is no link for downloading systemlook.exe



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:23 AM

Posted 20 May 2016 - 02:57 PM

Sorry about that.
 

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Nevidljiva

Nevidljiva
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:23 AM

Posted 20 May 2016 - 03:15 PM

Autoconfigurl is still present in my registry and foryourweb.net appeared again when I started chrome.

 

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x86) Version:19-05-2016

Ran by Irina.islambegovic (2016-05-20 21:24:54) Run:3
Running from C:\Users\Irina.islambegovic\Desktop
Loaded Profiles: Irina.islambegovic (Available Profiles: Irina.islambegovic)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
Reg: Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Reboot:
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v DefaultConnectionSettings /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v SavedLegacySettings /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\services\NlaSvc\Parameters\Internet\ManualProxies" /ve /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 21:26:07 ====
 
Systemlook
 
SystemLook 30.07.11 by jpshortstuff
Log created at 21:59 on 20/05/2016 by Irina.islambegovic
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "Service.exe"
No files found.
 
Searching for "*WebSearcher*"
No files found.
 
Searching for "*fiddler*"
No files found.
 
========== folderfind ==========
 
Searching for "*WebSearcher*"
No folders found.
 
========== regfind ==========
 
Searching for "WebSearcher"
No data found.
 
-= EOF =-
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-05-2016
Ran by Irina.islambegovic (administrator) on DAMIRCORIC-PC (20-05-2016 22:07:16)
Running from C:\Users\Irina.islambegovic\Desktop
Loaded Profiles: Irina.islambegovic (Available Profiles: Irina.islambegovic)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAHWindow32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12119872 2016-03-14] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [311680 2010-03-12] (Kaspersky Lab)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun_KL_notset] 1
AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\kloehk.dll [13056 2015-11-10] (Kaspersky Lab ZAO)
AppInit_DLLs:  C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\adialhk.dll [85080 2015-11-10] (Kaspersky Lab ZAO)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-04-17]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{79B404E9-B2A7-4BCE-84D8-A5D620E6BC2C}: [NameServer] 8.8.8.8 4.2.2.2
Tcpip\..\Interfaces\{EC8FC67A-BF14-4898-AD28-96D70C9B92C8}: [NameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3780152140-139227125-843777247-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3780152140-139227125-843777247-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
HKU\S-1-5-21-3780152140-139227125-843777247-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE09&ocid=UE09DHP
SearchScopes: HKU\S-1-5-21-3780152140-139227125-843777247-1003 -> DefaultScope {1FF4F776-C4BD-468B-9072-F0F694295B3F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3780152140-139227125-843777247-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3780152140-139227125-843777247-1003 -> {1FF4F776-C4BD-468B-9072-F0F694295B3F} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-05-02] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-18] (Oracle Corporation)
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Shopping%20Blocks/Images/stg_drm.ocx
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Shopping%20Blocks/Images/armhelper.ocx
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-02] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-15] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-02] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-15] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://us-mg5.mail.yahoo.com/neo/launch?.rand=f9u4ongufe2k6
CHR Profile: C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-19]
CHR Extension: (Google Docs) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-19]
CHR Extension: (Google Drive) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-19]
CHR Extension: (YouTube) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-19]
CHR Extension: (Google Sheets) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-19]
CHR Extension: (Google Docs Offline) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-19]
CHR Extension: (Adblock Pro) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-05-19]
CHR Extension: (Gmail) - C:\Users\Irina.islambegovic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-19]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [311680 2010-03-12] (Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2013936 2016-05-02] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
S2 ICM_UpdaterService; C:\Program Files\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [204883 2011-03-18] () [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1590560 2012-05-17] (Microsoft Corp.)
R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [2342008 2012-07-19] (Validity Sensors, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-04-15] ()
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [99968 2014-11-10] (Gemalto)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [15640 2012-03-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [349976 2012-03-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-03-27] (Intel Corporation)
R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [126480 2009-11-12] (Kaspersky Lab)
R3 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [24848 2009-09-03] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [233560 2015-11-10] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [22104 2015-11-10] (Kaspersky Lab ZAO)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [126336 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-05-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv.sys [1552736 2015-06-16] (Sunplus)
S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-20 22:06 - 2016-05-20 22:06 - 00000982 _____ C:\Users\Irina.islambegovic\Desktop\SystemLook.txt 1.txt
2016-05-20 21:59 - 2016-05-20 22:05 - 00000980 _____ C:\Users\Irina.islambegovic\Desktop\SystemLook.txt
2016-05-20 21:58 - 2016-05-20 21:58 - 00139264 _____ C:\Users\Irina.islambegovic\Desktop\SystemLook.exe
2016-05-20 20:37 - 2016-05-20 20:37 - 00001459 _____ C:\Users\Irina.islambegovic\Desktop\mb.txt
2016-05-20 20:03 - 2016-05-20 20:03 - 00000000 ____D C:\ProgramData\Validity
2016-05-20 19:41 - 2016-05-20 19:16 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-05-20 19:16 - 2016-05-20 19:39 - 00000000 ____D C:\zoek_backup
2016-05-20 19:14 - 2016-05-20 19:13 - 01309184 _____ C:\Users\Irina.islambegovic\Desktop\zoek.exe
2016-05-20 17:19 - 2016-05-20 21:31 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-20 16:48 - 2016-05-20 16:48 - 00068907 _____ C:\Users\Irina.islambegovic\Desktop\Summary.zip
2016-05-20 16:46 - 2016-05-20 16:47 - 01470082 _____ C:\Users\Irina.islambegovic\Desktop\Summary.nfo
2016-05-20 16:42 - 2016-05-20 16:42 - 00017411 _____ C:\Users\Irina.islambegovic\Desktop\MTB.txt 1.txt
2016-05-20 16:40 - 2016-05-20 17:37 - 00017281 _____ C:\Users\Irina.islambegovic\Desktop\MTB.txt
2016-05-20 16:35 - 2016-05-20 16:35 - 00891392 _____ (Farbar) C:\Users\Irina.islambegovic\Desktop\MiniToolBox.exe
2016-05-20 16:30 - 2016-05-20 21:26 - 00004023 _____ C:\Users\Irina.islambegovic\Desktop\Fixlog.txt
2016-05-20 12:49 - 2016-05-20 12:49 - 00112656 _____ C:\Users\Irina.islambegovic\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-20 08:51 - 2016-05-20 08:51 - 00438568 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-19 21:40 - 2016-05-20 22:07 - 00014696 _____ C:\Users\Irina.islambegovic\Desktop\FRST.txt
2016-05-19 21:40 - 2016-05-19 21:41 - 00024870 _____ C:\Users\Irina.islambegovic\Desktop\Addition.txt
2016-05-19 21:39 - 2016-05-19 21:39 - 01732608 _____ (Farbar) C:\Users\Irina.islambegovic\Desktop\FRST.exe
2016-05-19 21:34 - 2016-05-19 21:34 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-19 21:34 - 2016-05-19 21:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-19 21:34 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-19 21:34 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-19 21:34 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-19 21:33 - 2016-05-19 21:33 - 22851472 _____ (Malwarebytes ) C:\Users\Irina.islambegovic\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-19 21:31 - 2016-05-19 21:31 - 00000000 ____D C:\ComboFix
2016-05-19 18:27 - 2016-05-19 18:27 - 00001294 _____ C:\Users\Irina.islambegovic\Desktop\t.txt
2016-05-19 17:41 - 2016-05-19 17:41 - 02953520 _____ (AVAST Software) C:\Users\Irina.islambegovic\Downloads\avast-browser-cleanup (1).exe
2016-05-18 20:07 - 2016-05-18 20:07 - 00028784 _____ C:\ComboFix.txt
2016-05-18 19:36 - 2016-05-18 19:37 - 05659526 ____R (Swearware) C:\Users\Irina.islambegovic\Desktop\ComboFix.exe
2016-05-18 19:26 - 2016-05-18 19:26 - 01610816 _____ (Malwarebytes) C:\Users\Irina.islambegovic\Desktop\JRT.exe
2016-05-18 18:37 - 2016-05-18 19:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-05-18 18:34 - 2016-05-18 18:34 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Irina.islambegovic\Desktop\mbar-1.09.3.1001.exe
2016-05-18 16:45 - 2016-05-18 16:45 - 03651136 _____ C:\Users\Irina.islambegovic\Desktop\adwcleaner_5.117 (1).exe
2016-05-18 16:08 - 2016-05-20 21:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-18 16:08 - 2016-05-18 16:08 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-05-18 16:08 - 2016-05-18 16:08 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-05-18 15:56 - 2016-05-18 15:56 - 00000000 ____D C:\Program Files\Common Files\Java
2016-05-18 15:55 - 2016-05-18 15:55 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2016-05-18 15:55 - 2016-05-18 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-17 14:58 - 2016-05-18 15:37 - 00000000 ____D C:\ProgramData\Sophos
2016-05-16 23:37 - 2016-05-17 22:26 - 00000000 ____D C:\ProgramData\Emsisoft
2016-05-16 23:09 - 2016-05-20 16:19 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-05-16 22:49 - 2016-05-16 22:49 - 02953520 _____ (AVAST Software) C:\Users\Irina.islambegovic\Downloads\avast-browser-cleanup.exe
2016-05-16 22:41 - 2016-05-16 22:41 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\Autoruns (1)
2016-05-16 22:39 - 2016-05-16 22:39 - 00615478 _____ C:\Users\Irina.islambegovic\Downloads\Autoruns (1).zip
2016-05-15 22:08 - 2016-05-15 22:08 - 03651136 _____ C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.117.exe
2016-05-12 13:10 - 2016-05-12 13:10 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\New folder (4)
2016-05-12 13:09 - 2016-05-12 13:09 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\New folder (3)
2016-05-12 13:09 - 2016-05-12 13:09 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\New folder (2)
2016-05-12 13:09 - 2016-05-12 13:09 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\New folder
2016-05-12 13:03 - 2016-05-12 13:08 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\Wedding_Salon_2_ENG_final
2016-05-11 17:12 - 2016-05-11 17:12 - 00433587 _____ C:\Users\Irina.islambegovic\AppData\Local\census.cache
2016-05-11 17:11 - 2016-05-11 17:11 - 00426151 _____ C:\Users\Irina.islambegovic\AppData\Local\ars.cache
2016-05-11 14:27 - 2016-05-11 16:55 - 00000010 _____ C:\Users\Irina.islambegovic\AppData\Local\sponge.last.runtime.cache
2016-05-11 14:20 - 2016-05-11 14:21 - 00000000 ____D C:\ProgramData\Trend Micro
2016-05-11 14:14 - 2016-05-11 14:14 - 00000036 _____ C:\Users\Irina.islambegovic\AppData\Local\housecall.guid.cache
2016-05-11 14:14 - 2015-12-24 15:03 - 00305928 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-05-11 09:34 - 2016-04-14 15:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 09:34 - 2016-04-09 08:54 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 09:34 - 2016-04-09 08:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 09:34 - 2016-04-09 07:40 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 09:34 - 2016-04-09 06:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 09:34 - 2016-04-06 12:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 09:34 - 2016-03-09 20:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 09:33 - 2016-04-23 18:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 09:33 - 2016-04-23 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 09:33 - 2016-04-23 06:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 09:33 - 2016-04-23 06:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 09:33 - 2016-04-23 06:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 09:33 - 2016-04-23 06:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 09:33 - 2016-04-23 06:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 09:33 - 2016-04-23 06:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 09:33 - 2016-04-23 06:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 09:33 - 2016-04-23 06:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 09:33 - 2016-04-23 06:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 09:33 - 2016-04-23 06:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 09:33 - 2016-04-23 05:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 09:33 - 2016-04-23 05:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 09:33 - 2016-04-23 05:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 09:33 - 2016-04-23 05:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 09:33 - 2016-04-23 05:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 09:33 - 2016-04-23 05:53 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 09:33 - 2016-04-23 05:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 09:33 - 2016-04-23 05:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 09:33 - 2016-04-23 05:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 09:33 - 2016-04-23 05:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 09:33 - 2016-04-23 05:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 09:33 - 2016-04-23 05:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 09:33 - 2016-04-23 05:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 09:33 - 2016-04-23 05:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 09:33 - 2016-04-23 05:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 09:33 - 2016-04-23 05:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 09:33 - 2016-04-23 05:31 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 09:33 - 2016-04-23 05:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 09:33 - 2016-04-23 05:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 09:33 - 2016-04-23 05:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 09:33 - 2016-04-23 05:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 09:33 - 2016-04-23 05:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 09:33 - 2016-04-23 05:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 09:33 - 2016-04-09 08:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-05-11 09:33 - 2016-04-09 08:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 09:33 - 2016-04-09 08:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 09:33 - 2016-04-09 08:59 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 09:33 - 2016-04-09 08:57 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 09:33 - 2016-04-09 08:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 09:33 - 2016-04-09 07:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 09:33 - 2016-04-09 07:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 09:33 - 2016-04-09 07:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 09:33 - 2016-04-09 07:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 09:33 - 2016-04-09 07:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 09:33 - 2016-04-09 07:40 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 09:33 - 2016-04-09 07:38 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 09:33 - 2016-04-09 07:38 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 09:33 - 2016-04-09 07:38 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 09:33 - 2016-04-09 07:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 09:33 - 2016-04-09 07:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 09:33 - 2016-04-09 07:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 09:33 - 2016-04-09 07:37 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 09:32 - 2016-04-09 08:59 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 09:32 - 2016-04-09 08:59 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 09:32 - 2016-04-09 08:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-10 21:31 - 2016-05-10 21:31 - 03640384 _____ C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.116 (1).exe
2016-05-10 20:52 - 2016-05-10 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-05-10 20:41 - 2016-05-20 19:41 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-05-10 20:41 - 2016-05-14 15:25 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-05-10 11:23 - 2016-05-18 19:30 - 00002071 _____ C:\Users\Irina.islambegovic\Desktop\JRT.txt
2016-05-09 21:57 - 2016-05-09 21:57 - 00001970 _____ C:\Users\Irina.islambegovic\Desktop\AdwCleaner 9.5.txt
2016-05-09 21:54 - 2016-05-09 21:55 - 03640384 _____ C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.116.exe
2016-05-09 17:39 - 2016-05-09 17:39 - 00000000 ____D C:\KVRT_Data
2016-05-08 16:40 - 2016-05-08 16:40 - 00005192 _____ C:\Users\Irina.islambegovic\Desktop\ned.txt
2016-05-08 16:15 - 2016-05-08 16:15 - 00615478 _____ C:\Users\Irina.islambegovic\Downloads\Autoruns.zip
2016-05-08 16:15 - 2016-05-08 16:15 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\Autoruns
2016-05-08 15:58 - 2016-05-08 15:58 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-08 15:58 - 2016-05-08 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-05-08 15:58 - 2016-05-08 15:58 - 00000000 ____D C:\Program Files\CCleaner
2016-05-07 12:36 - 2016-05-17 14:20 - 00001230 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-05-07 12:36 - 2016-05-17 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-05-07 12:36 - 2016-05-07 12:36 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Local\VS Revo Group
2016-05-07 12:36 - 2016-05-07 12:36 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-05-07 12:36 - 2016-05-07 12:36 - 00000000 ____D C:\Program Files\VS Revo Group
2016-05-07 12:36 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-05-05 22:00 - 2016-05-05 22:00 - 00001819 _____ C:\Users\Irina.islambegovic\Desktop\ex.txt
2016-05-05 20:44 - 2016-05-05 20:44 - 00001292 _____ C:\Users\Irina.islambegovic\Desktop\m.txt
2016-05-05 10:15 - 2016-05-05 10:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-05-04 23:43 - 2016-05-04 23:43 - 00001235 _____ C:\Users\Irina.islambegovic\Desktop\RegHunter.lnk
2016-05-04 23:43 - 2016-05-04 23:43 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2016-05-04 23:43 - 2016-05-04 23:43 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Roaming\Enigma Software Group
2016-05-04 23:43 - 2016-05-04 23:43 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-05-04 18:40 - 2016-05-04 19:33 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Local\VirtualStore
2016-05-04 16:01 - 2016-05-04 16:01 - 00004230 _____ C:\Users\Irina.islambegovic\Desktop\rk.txt
2016-05-03 23:21 - 2016-05-03 23:21 - 00005408 _____ C:\Users\Irina.islambegovic\Desktop\rkiller.txt
2016-05-03 22:56 - 2016-05-20 11:50 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-03 22:55 - 2016-05-16 20:35 - 00001001 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-05-03 22:55 - 2016-05-16 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-05-03 22:55 - 2016-05-16 20:35 - 00000000 ____D C:\Program Files\RogueKiller
2016-05-03 22:55 - 2016-05-03 23:41 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-03 22:39 - 2016-05-13 09:45 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-03 22:39 - 2016-05-13 09:45 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-03 21:51 - 2016-05-03 21:51 - 00000244 _____ C:\Users\Irina.islambegovic\Desktop\tr.txt
2016-05-03 19:53 - 2016-05-03 19:53 - 00000840 _____ C:\Users\Irina.islambegovic\Desktop\danas.txt
2016-05-02 18:52 - 2016-05-14 22:08 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\LocalLow\uTorrent
2016-05-01 12:27 - 2016-05-01 12:27 - 03581504 _____ C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.114 (1).exe
2016-04-29 18:29 - 2016-04-29 18:30 - 03581504 _____ C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.114.exe
2016-04-29 14:01 - 2016-04-29 14:01 - 00000000 ____D C:\Program Files\ESET
2016-04-29 13:45 - 2016-04-29 13:45 - 00001860 _____ C:\Users\Irina.islambegovic\Desktop\exterminate-it-log 2016-04-29 12-24-40.txt
2016-04-29 13:40 - 2016-05-12 23:31 - 00030447 _____ C:\Users\Irina.islambegovic\Downloads\Addition.txt
2016-04-29 13:31 - 2016-05-20 22:07 - 00000000 ____D C:\FRST
2016-04-29 11:46 - 2016-04-29 11:46 - 00006111 _____ C:\Users\Irina.islambegovic\Desktop\exterminate-it-log 2016-04-29 11-27-53.txt
2016-04-29 11:27 - 2016-05-18 18:10 - 00000000 ____D C:\Program Files\Exterminate It!
2016-04-29 11:27 - 2016-04-29 11:27 - 00001039 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2016-04-29 11:27 - 2016-04-29 11:27 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Roaming\Curiolab
2016-04-29 11:27 - 2016-04-29 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2016-04-28 10:15 - 2016-04-28 10:42 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-27 21:53 - 2016-05-14 14:39 - 00001240 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2016-04-27 21:53 - 2016-04-27 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2016-04-27 21:53 - 2016-04-27 21:53 - 00000000 ____D C:\Program Files\Panda Security
2016-04-27 21:53 - 2015-09-14 13:03 - 00038520 _____ C:\Windows\system32\Drivers\DasPtct.SYS
2016-04-26 22:35 - 2016-04-26 22:35 - 03580480 _____ C:\Users\Irina.islambegovic\Downloads\adwcleaner_5.113.exe
2016-04-26 14:27 - 2016-04-26 14:27 - 00000000 ____D C:\ProgramData\InstallMachine
2016-04-26 14:18 - 2016-04-26 14:23 - 414656116 _____ C:\Users\Irina.islambegovic\Downloads\amac_delicioushc.dmg
2016-04-25 12:04 - 2016-05-16 11:26 - 00015185 _____ C:\Users\Irina.islambegovic\Documents\Putovanja,praznici.xlsx
2016-04-24 14:37 - 2016-04-24 14:37 - 00000000 ____D C:\MATS
2016-04-23 22:52 - 2016-04-24 14:39 - 00000000 ____D C:\Windows\system32\appmgmt
2016-04-22 11:41 - 2016-04-22 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
2016-04-21 16:37 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-04-21 16:37 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-04-21 16:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-04-21 16:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-04-21 16:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-04-21 16:37 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-04-21 16:37 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-04-21 16:37 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-04-21 16:32 - 2016-05-18 20:07 - 00000000 ____D C:\Qoobox
2016-04-21 16:31 - 2016-05-18 19:53 - 00000000 ____D C:\Windows\erdnt
2016-04-21 16:30 - 2016-04-21 16:30 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Roaming\LavasoftStatistics
2016-04-21 16:28 - 2016-04-21 16:28 - 00000000 ____D C:\ProgramData\Lavasoft
2016-04-21 16:28 - 2016-04-21 16:28 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-04-21 16:27 - 2016-04-21 16:28 - 02085168 _____ C:\Users\Irina.islambegovic\Downloads\Adaware_Installer.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-20 21:42 - 2013-02-25 09:25 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-20 21:35 - 2009-07-14 06:34 - 00032416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-20 21:35 - 2009-07-14 06:34 - 00032416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-20 21:27 - 2015-11-10 12:36 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-05-20 21:27 - 2015-11-10 12:30 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-05-20 21:27 - 2013-02-25 09:25 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-20 21:27 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-20 19:33 - 2015-11-09 10:22 - 00000000 ____D C:\Users\Irina.islambegovic
2016-05-20 19:01 - 2016-01-02 23:00 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Roaming\vlc
2016-05-20 12:37 - 2015-12-18 20:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-20 11:47 - 2015-12-12 18:33 - 00000000 ____D C:\AdwCleaner
2016-05-20 09:03 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-05-20 09:00 - 2010-11-20 23:01 - 00785794 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-19 21:34 - 2016-03-15 22:02 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-18 19:59 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2016-05-18 19:54 - 2009-07-14 04:03 - 68943872 _____ C:\Windows\system32\config\software.bak
2016-05-18 19:54 - 2009-07-14 04:03 - 21757952 _____ C:\Windows\system32\config\system.bak
2016-05-18 19:54 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\default.bak
2016-05-18 19:54 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-05-18 19:54 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\sam.bak
2016-05-18 16:07 - 2015-11-11 18:04 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Local\Adobe
2016-05-18 15:57 - 2015-11-20 22:30 - 00000000 ____D C:\ProgramData\Oracle
2016-05-18 15:54 - 2015-11-20 22:30 - 00000000 ____D C:\Program Files\Java
2016-05-16 22:31 - 2013-08-26 11:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-16 22:30 - 2013-01-15 14:17 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-05-16 22:30 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-16 22:28 - 2013-01-15 14:15 - 00000000 ____D C:\Program Files\Microsoft Office
2016-05-16 21:51 - 2016-04-16 21:12 - 00000008 __RSH C:\Users\Irina.islambegovic\ntuser.pol
2016-05-16 20:22 - 2016-03-31 11:29 - 00000000 ___RD C:\Users\Irina.islambegovic\OneDrive
2016-05-16 20:10 - 2009-07-14 04:37 - 00000000 ____D C:\PerfLogs
2016-05-16 20:07 - 2015-11-09 11:41 - 00000000 ____D C:\Windows\pss
2016-05-15 23:27 - 2015-11-09 10:24 - 00000000 ____D C:\Users\Irina.islambegovic\Tracing
2016-05-14 12:31 - 2009-07-14 06:53 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-13 16:01 - 2015-06-17 11:14 - 00000000 ____D C:\Windows\rescache
2016-05-13 11:28 - 2015-11-09 19:35 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Roaming\Skype
2016-05-13 11:24 - 2014-09-23 22:00 - 00000000 ___RD C:\Program Files\Skype
2016-05-13 11:24 - 2013-01-15 16:09 - 00000000 ____D C:\ProgramData\Skype
2016-05-11 23:21 - 2014-12-11 17:23 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-11 22:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2016-05-11 16:34 - 2010-11-21 02:23 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 14:23 - 2013-08-01 08:48 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 14:10 - 2013-01-15 15:36 - 136686448 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-09 17:15 - 2015-12-18 21:53 - 00000000 ____D C:\Program Files\MyPlayCity.com
2016-05-09 13:23 - 2016-02-15 15:33 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\Mid-term report
2016-05-09 10:49 - 2015-12-04 12:15 - 00000000 ____D C:\Users\Irina.islambegovic\Desktop\arhiva
2016-05-08 18:08 - 2016-02-16 16:48 - 00021259 _____ C:\Users\Irina.islambegovic\Documents\Packing List Macedonia.xlsx
2016-05-08 16:03 - 2013-12-16 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-05-08 16:03 - 2013-01-30 13:41 - 00000000 ____D C:\Windows\Minidump
2016-05-08 16:03 - 2013-01-15 23:06 - 00000000 ____D C:\Windows\Panther
2016-05-08 07:10 - 2016-03-31 11:29 - 00002200 _____ C:\Users\Irina.islambegovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-05-06 20:38 - 2015-04-05 16:46 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-04 00:33 - 2015-11-09 10:23 - 00000000 ____D C:\Users\Irina.islambegovic\AppData\Local\Google
2016-05-03 22:39 - 2013-02-25 09:25 - 00000000 ____D C:\Program Files\Google
2016-05-03 18:51 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2016-05-03 18:03 - 2015-11-20 22:30 - 00000000 ____D C:\Users\Irina.islambegovic\.oracle_jre_usage
2016-05-03 17:50 - 2013-01-15 14:17 - 00000000 ____D C:\Windows\PCHEALTH
2016-04-29 17:35 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2016-04-28 21:18 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\addins
2016-04-27 23:45 - 2015-12-31 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2016-04-27 23:45 - 2015-12-25 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-04-27 23:45 - 2015-12-23 00:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2
2016-04-26 14:34 - 2015-11-27 17:50 - 00000000 ____D C:\BigFishCache
2016-04-24 14:39 - 2013-01-15 15:37 - 00000000 ____D C:\Program Files\Hewlett-Packard
2016-04-24 14:37 - 2015-11-27 02:07 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-04-24 14:36 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2016-04-21 15:05 - 2013-01-15 15:24 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2015-11-09 21:02 - 2015-11-09 21:02 - 2837704 _____ (ESET) C:\Program Files\eset_smart_security_live_installer.exe
2016-05-11 17:11 - 2016-05-11 17:11 - 0426151 _____ () C:\Users\Irina.islambegovic\AppData\Local\ars.cache
2016-05-11 17:12 - 2016-05-11 17:12 - 0433587 _____ () C:\Users\Irina.islambegovic\AppData\Local\census.cache
2016-05-11 14:14 - 2016-05-11 14:14 - 0000036 _____ () C:\Users\Irina.islambegovic\AppData\Local\housecall.guid.cache
2016-05-11 14:27 - 2016-05-11 16:55 - 0000010 _____ () C:\Users\Irina.islambegovic\AppData\Local\sponge.last.runtime.cache
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-18 14:44
 
==================== End of FRST.txt ============================
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:19-05-2016
Ran by Irina.islambegovic (2016-05-20 22:07:56)
Running from C:\Users\Irina.islambegovic\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2013-01-15 12:12:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3780152140-139227125-843777247-500 - Administrator - Disabled)
Guest (S-1-5-21-3780152140-139227125-843777247-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3780152140-139227125-843777247-1002 - Limited - Enabled)
Irina.islambegovic (S-1-5-21-3780152140-139227125-843777247-1003 - Administrator - Enabled) => C:\Users\Irina.islambegovic
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Anti-Virus (Enabled - Up to date) {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Anti-Virus (Enabled) {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Cisco AnyConnect VPN Client (HKLM\...\{F4C6DD02-8ACA-4354-BA36-9FFC3B767E73}) (Version: 2.5.2014 - Cisco Systems, Inc.)
Cisco AnyConnect VPN Client Start Before Login Components (HKLM\...\{AE2F53E7-290C-47FD-AFE3-A1EE4EE87B42}) (Version: 2.4.1012 - Cisco Systems, Inc.)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Duplicati (HKLM\...\{52049833-14D0-4DDE-98FE-467156FF32D1}) (Version: 1.3.0.1066 - HexaD)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Exterminate It! (HKLM\...\Exterminate It!) (Version: 2.12.04.28 - CURIOLAB S.M.B.A.)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Free VPN version 3.2 (HKLM\...\{05A4243F-4ADC-416C-A21A-91613A87577E}_is1) (Version: 3.2 - VPNMaster, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{C35A147C-5037-443A-9BF8-A5E7C2154CE4}) (Version: 5.1.7.1 - Hewlett-Packard Company)
HP HD Webcam [Fixed] (HKLM\...\Sunplus SPUVCb) (Version: 3.4.8.54 - SunplusIT)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Kaspersky Anti-Virus 6.0 for Windows Workstations (HKLM\...\{8F023021-A7EB-45D3-9269-D65264C81729}) (Version: 6.0.4.1424 - Kaspersky Lab)
Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4498 - Microsoft Corporation)
Microsoft Lync 2013 (HKLM\...\Office15.LYNC) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3780152140-139227125-843777247-1003\...\OneDriveSetup.exe) (Version: 17.3.6386.0412 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.6868.2062 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{C89AD07D-CAA0-4BF2-A2E8-A851B71FD698}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2012 PowerPivot for Excel  32-bit (HKLM\...\{4CFC749F-E178-42C7-8095-796C5814C9C3}) (Version: 11.1.3129.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MPC-HC 1.6.7.7114 (9eb64ec) (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.7.7114 - MPC-HC Team)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Office 16 Click-to-Run Extensibility Component (Version: 16.0.6828.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6828.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.6828.1016 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.8 - Panda Security)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.58.411.2012 - Realtek)
RegHunter (HKLM\...\RegHunter) (Version: 2.0.24.1985 - Enigma Software Group, LLC)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Samsung Networking Wizard (HKLM\...\{0C485220-4029-48E7-9F27-965DA4A78D5E}) (Version: 1.1.11123.1 - Samsung Electronics Co., Ltd. )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-012C-0000-0000-0000000FF1CE}_Office15.LYNC_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.23 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.LYNC_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version:  - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{F83E415D-074E-4DAB-A623-5B3ABF9F3094}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WinRAR 5.30 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EE}) (Version: 20.0.11659 - WinZip Computing, S.L. )
Yawcam 0.4.2 (HKLM\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Irina.islambegovic\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuthLib.dll ()
CustomCLSID: HKU\S-1-5-21-3780152140-139227125-843777247-1003_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D58F547-602D-4803-A7E5-B7443774FFEB} - System32\Tasks\UninstallMonitor => C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Task: {0F003F31-BD5B-4E7F-A782-30F23D2A5665} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {168FEE9E-A703-480C-B0DD-15488BF283A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1A05C2C6-05AE-44E9-B3CC-D8842CC2CC2C} - System32\Tasks\{B53E267F-2E54-475C-BEA9-4B9C6E8EAFB0} => pcalua.exe -a "C:\Program Files\SAMSUNG\USB Drivers\Uninstall.exe"
Task: {31CA6EA9-20FA-4826-AA57-B78B18ACCD13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4F4EF731-A21C-499A-A949-0FF699977893} - System32\Tasks\{F197AEDE-46F6-4001-A6B7-F9792C7F65C6} => pcalua.exe -a C:\Users\IRINA~1.ISL\AppData\Local\Temp\jre-8u73-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
Task: {5B54EB6C-5F24-4475-A7E2-06ACE9926886} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-02] (Microsoft Corporation)
Task: {5CB1EDC8-E2DE-42B9-AD40-0654582096E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-18] (Adobe Systems Incorporated)
Task: {76C8AE26-E78D-451D-8DE9-F00F5207A12B} - System32\Tasks\{B0687340-306A-40F9-9FFA-EF56BB9F7B4A} => pcalua.exe -a C:\Users\IRINA~1.ISL\AppData\Local\Temp\jre-8u71-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
Task: {790092AE-5D01-4E83-8B1B-B0C8D249D869} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-02] (Microsoft Corporation)
Task: {B361A736-EFF6-4565-859D-AEDC4AC4D33A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {C4D3ED96-7B2F-4E05-8294-92A84B028549} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {C59F0A96-A123-412B-B6ED-E4AFE170132E} - System32\Tasks\{F28CF13C-A7D5-4DA7-92E8-CC3B1C19D775} => pcalua.exe -a C:\Users\IRINA~1.ISL\AppData\Local\Temp\jre-8u77-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1
Task: {DB5AE5FC-9762-4606-BC9E-7EBA2B6738D9} - System32\Tasks\{1429B858-A96F-4985-ACAD-1A08DA38AC8B} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.21.0.104/en/abandoninstall?page=tsPlugin
Task: {E83DF00B-2077-4452-BF0E-905B61725EAD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {FE87AF6C-DC84-40D2-8A27-0F8F8D4C1183} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-11 15:06 - 2013-04-01 18:15 - 00176128 _____ () C:\Windows\System32\HP2014LM.DLL
2016-03-11 15:07 - 2013-04-01 18:15 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP2014PP.dll
2010-03-12 20:29 - 2010-03-12 20:29 - 00026712 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\volenum.ppl
2016-03-14 14:48 - 2016-05-02 05:18 - 00343744 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-05-08 07:10 - 2016-05-08 07:10 - 00679624 _____ () C:\Users\Irina.islambegovic\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-10-10 06:32 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2016-05-18 19:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3780152140-139227125-843777247-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Irina.islambegovic\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Duplicati.lnk => C:\Windows\pss\Duplicati.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Notifier.lnk => C:\Windows\pss\Update Notifier.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: PrnStatusMX => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{33E814CC-E87E-4169-9EE0-F2D505B7FE37}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe
FirewallRules: [UDP Query User{ACA6F91B-5EC9-4BAB-8BFD-0EB2BD9C5AFD}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe
FirewallRules: [{C235CDA7-1800-4CF3-B379-40CB7D5011BD}] => (Block) C:\program files\microsoft office\office15\lync.exe
FirewallRules: [{8313CA95-42A3-4FD2-BF9C-8041DFEA8193}] => (Block) C:\program files\microsoft office\office15\lync.exe
 
==================== Restore Points =========================
 
17-05-2016 14:21:24 Revo Uninstaller Pro's restore point - Wedding_Salon_2_ENG_final
17-05-2016 14:23:47 Revo Uninstaller Pro's restore point - Delicious 9 -  Emilys Honeymoon Cruise (Www.ApunKaGames.Net)
17-05-2016 14:24:58 Revo Uninstaller Pro's restore point - Bistro.Boulevard.v1.0.Cracked-F4CG
17-05-2016 14:25:53 Revo Uninstaller Pro's restore point - Fabulous - Angelas Fashion Fever Deluxe
17-05-2016 14:28:44 Revo Uninstaller Pro's restore point - com.gamehouse.acid
17-05-2016 14:29:55 Revo Uninstaller Pro's restore point - GameHouse
17-05-2016 14:31:17 Revo Uninstaller Pro's restore point - PlayFirst
17-05-2016 14:32:40 Revo Uninstaller Pro's restore point - SugarGames
17-05-2016 14:56:19 Installed Sophos Virus Removal Tool.
18-05-2016 15:36:20 Removed Sophos Virus Removal Tool.
18-05-2016 15:39:22 Removed Java 8 Update 77
18-05-2016 19:27:11 JRT Pre-Junkware Removal
20-05-2016 16:30:17 Restore Point Created by FRST
20-05-2016 19:18:38 zoek.exe restore point
20-05-2016 21:25:00 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/20/2016 09:29:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2016 09:24:59 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {05c5a6cc-7c31-481b-96d9-d8abed72b402}
 
Error: (05/20/2016 08:33:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2016 08:05:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2016 05:34:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2016 04:33:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2016 04:30:17 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fca23634-027b-4a39-b5a9-0bf65120ac35}
 
Error: (05/20/2016 04:23:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2016 12:23:00 PM) (Source: Lync) (EventID: 3) (User: )
Description: Lync was unable to resolve the DNS hostname of the login server sipexternal.sos-kd.org.
 
 
 
Resolution:
 
If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full.  If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for sipexternal.sos-kd.org because it could not be resolved.
 
Error: (05/20/2016 12:23:00 PM) (Source: Lync) (EventID: 3) (User: )
Description: Lync was unable to resolve the DNS hostname of the login server sipexternal.sos-kd.org.
 
 
 
Resolution:
 
If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full.  If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for sipexternal.sos-kd.org because it could not be resolved.
 
 
System errors:
=============
Error: (05/20/2016 09:28:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/20/2016 09:27:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
epp
 
Error: (05/20/2016 09:25:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/20/2016 09:25:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/20/2016 09:25:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (05/20/2016 09:25:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Anti-Exploit Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/20/2016 09:25:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Online Services Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/20/2016 09:25:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/20/2016 09:25:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/20/2016 09:25:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 40%
Total physical RAM: 2957.73 MB
Available physical RAM: 1759.12 MB
Total Virtual: 5913.79 MB
Available Virtual: 4473.25 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:307.91 GB) (Free:232.73 GB) NTFS
Drive d: () (Fixed) (Total:390.62 GB) (Free:389.97 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 96259DBF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=307.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,721 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:23 AM

Posted 20 May 2016 - 03:42 PM

Thank you. I am trying everything I can think of before possibly resetting your modem/router.

Please boot your computer into Safe Mode with Networking and tell me if you still get redirects.

Using Revo Uninstaller please remove these programs.

Exterminate It!
RegHunter


-----

Are these empty folders?

C:\Users\Irina.islambegovic\Desktop\New folder (4)
C:\Users\Irina.islambegovic\Desktop\New folder (3)
C:\Users\Irina.islambegovic\Desktop\New folder (2)
C:\Users\Irina.islambegovic\Desktop\New folder


Please run these.

===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

MBR Dump Using Farbar's Recvovery Scan Tool in the Recovery Environment

--------------------

For this step you will need a USB flash drive.
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
SaveMbr: Drive=0
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (mbrdump.txt) on the flash drive. Please attach it to your reply. If you open the file you will not be able to read it.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Safe Mode?
  • Did Revo uninstall the programs?
  • Folders?
  • TDSSKiller log
  • aswMBR log
  • Attached mbrdump.txt file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users