Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups,Grayed out controls,Fake Firefox


  • This topic is locked This topic is locked
33 replies to this topic

#1 kingW3

kingW3

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 23 February 2017 - 11:10 AM

Few weeks ago my Home page changed,and the shortcut for my chrome had kemgadeojglibflomicgnfeopkdfflnk" http://qtipr.com/ in it,I've tried to delete the virus turned off few services like FirefoxU(Since I had no Firefox installed),Archer,and deleted Few folders in Program Files that were created at that day or few days before.After a while the virus reappeared and grayed out my volume control button and added a Fake chrome which had a path like C:\Program Files\*Fake name*\chrome.exe + load some extension,I've fixed the problem in registry and seemingly deleted the virus again,the virus appeared again and changed the theme of Win 7 to Classical,and grayed out the option to change the theme.Today my chrome crashed and as it crashed another chrome appeared in the task bar and firefox (which I've deleted) so here I am.Here is the FRST.txt
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2017
Ran by Vule (administrator) on KVAN (23-02-2017 16:33:06)
Running from C:\Users\Vule\Downloads
Loaded Profiles: Vule (Available Profiles: Vule & Vule1 & Pishtus & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Birdjob\Application\chrome.exe" "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNABCSWK.EXE
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files\Firefox\bin\FirefoxUpdate.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [226784 2010-01-11] (CANON INC.)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-14341686-2959951868-204901888-1000\...\Run: [E06AXLRD_3740513] => C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE [301776 2005-06-03] (Microsoft Corporation)
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> E:\ALEKSA\NOVEI~40\IDLEWILD.EXE
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Providers\2lfq7cnq: C:\Program Files\Artatyvonas Server\local32spl.dll
ShellExecuteHooks: No Name - {E7869040-ECD1-11E6-AD72-64006A5CFC23} - C:\Users\Vule\AppData\Roaming\Vupeculttusely\Druresyclcdom.dll -> No File
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [.DEFAULT] => 185.115.127.19:80
AutoConfigURL: [.DEFAULT] => 185.115.127.19:80
ProxyServer: [S-1-5-21-14341686-2959951868-204901888-1000] => 185.115.127.19:80
AutoConfigURL: [S-1-5-21-14341686-2959951868-204901888-1000] => 185.115.127.19:80
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 109.122.98.6
Tcpip\..\Interfaces\{216E23D9-D56F-490C-A087-F3E0A15FE060}: [DhcpNameServer] 109.122.98.6
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-14341686-2959951868-204901888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q&q={searchTerms}
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.rs/?gws_rd=ssl
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q&q={searchTerms}
URLSearchHook: HKLM -> Default = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-14341686-2959951868-204901888-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-18] (Oracle Corporation)
BHO: Encarta Web Companion Helper Object -> {955BE0B8-BC85-4CAF-856E-8E0D8B610560} -> C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-18] (Oracle Corporation)
Toolbar: HKLM - Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-14341686-2959951868-204901888-1000 -> Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q
 
FireFox:
========
FF ProfilePath: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\jg1xlz61.default-1479413574090\Profiles\jg1xlz61.default-1479413574090 [not found]
FF ProfilePath: C:\Users\Vule\AppData\Roaming\Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090 [2017-02-21]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090 -> trotux
FF Homepage: Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090 -> hxxp://www.startpageing123.com/?type=hp&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\2lfq7cnq.xml [2017-02-11]
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\startpageing123.xml [2017-02-21]
FF ProfilePath: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090 [2017-02-23]
FF DefaultSearchEngine: Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090 -> trotux
FF Homepage: Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090 -> hxxp://www.searchinme.com/?type=hp&ts=1487863113968&z=&from=official&uid=ST3500413AS_Z2AC309Q
FF Extension: (FF Adr) - C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-02-23] [not signed]
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\2lfq7cnq.xml [2017-02-11]
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\searchinme.xml [2017-02-23]
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\startpageing123.xml [2017-02-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2013-12-27] (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-14341686-2959951868-204901888-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-14341686-2959951868-204901888-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-14341686-2959951868-204901888-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vule\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-14341686-2959951868-204901888-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-01-29] ()
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default [2017-02-23]
CHR Extension: (Google Slides) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-22]
CHR Extension: (Google Docs) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-22]
CHR Extension: (Google Drive) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-22]
CHR Extension: (YouTube) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-22]
CHR Extension: (Adblock Plus) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-02-22]
CHR Extension: (Google Sheets) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-22]
CHR Extension: (Gmail) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
StartMenuInternet: Google Chrome - C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-30] (Adobe Systems) [File not signed]
S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [112640 2017-02-23] () [File not signed]
R2 APPLE_svr; C:\ProgramData\Apple Computer\iTunes\iPodDevices.dll [482304 2017-02-13] () [File not signed]
R2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Google Inc.)
S4 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2304912 2011-07-06] (WIBU-SYSTEMS AG)
R2 FirefoxU; C:\Program Files\Firefox\bin\FirefoxUpdate.exe [160944 2017-02-21] ()
S4 GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [1677072 2011-11-10] (ClanServers Hosting LLC)
S4 iThemes5; C:\Program Files\Common Files\Services\iThemes.dll [459264 2017-02-13] () [File not signed] <==== ATTENTION
S4 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [11063808 2015-09-18] () [File not signed]
S4 PlaysService; C:\Program Files\Raptr Inc\PlaysTV\plays_service.exe [55056 2016-12-23] (Copyright © 2016 Plays.tv, LLC)
S4 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S4 TechSmith Uploader Service; C:\Program Files\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
R3 TermService; C:\Windows\System32\termsrv.dll [523776 2016-11-22] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [DependOnService: ]<==== ATTENTION
S4 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) [File not signed]
S4 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]
S4 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357016 2012-08-15] (VMware, Inc.)
S4 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [719512 2012-08-01] (VMware, Inc.)
S4 VMware NAT Service; C:\Windows\system32\vmnat.exe [435864 2012-08-15] (VMware, Inc.)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [45800 2015-07-07] (Microsoft Corporation)
S4 wampapache; c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) [File not signed]
S4 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WinSAPSvc; C:\Users\Vule\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-02-21] (TODO: <Company name>) [File not signed]
R2 WinSnare; C:\Users\Vule\AppData\Roaming\WinSnare\WinSnare.dll [649216 2017-02-21] (InterSect Alliance Pty Ltd) [File not signed]
S4 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [1431424 2016-12-22] (Sony)
S2 Archer; C:\Program Files\WinArcher\Archer.dll [X]
S2 bilibili; C:\Program Files\bilibili\bilibili.dll [X]
S2 ed2kidle; "C:\Program Files\amuleCe\ed2k.exe" -downloadwhenidle [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-05-08] (DT Soft Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2016-12-31] (Sony Mobile Communications)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-08-01] (VMware, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
S3 msloop; C:\Windows\System32\DRIVERS\loop.sys [5632 2009-07-14] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed]
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113608 2013-01-27] (Power Software Ltd)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44032 2012-07-09] (Apple, Inc.) [File not signed]
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25624 2012-08-15] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2012-08-15] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2012-08-15] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25752 2012-08-15] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [61848 2012-08-15] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [61296 2012-07-06] (VMware, Inc.)
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 catchme; \??\C:\Users\Vule\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 EverestDriver; \??\G:\Everest\kerneld.wnt [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-23 16:33 - 2017-02-23 16:34 - 00024112 _____ C:\Users\Vule\Downloads\FRST.txt
2017-02-23 16:32 - 2017-02-23 16:33 - 00000000 ____D C:\FRST
2017-02-23 16:32 - 2017-02-23 16:32 - 01765376 _____ (Farbar) C:\Users\Vule\Downloads\FRST.exe
2017-02-23 16:20 - 2017-02-23 16:20 - 00518272 _____ (ESET) C:\Users\Vule\Downloads\ESETPoweliksCleaner.exe
2017-02-23 16:20 - 2017-02-23 16:20 - 00000022 _____ C:\Users\Vule\Downloads\ESETPoweliksCleaner.exe_20170223.162014.3284.zip
2017-02-23 16:16 - 2017-02-23 16:30 - 00002030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-23 16:16 - 2017-02-23 16:30 - 00001960 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-23 16:16 - 2017-02-23 16:16 - 00000007 _____ C:\Windows\system32\F959.tmp
2017-02-23 16:16 - 2017-02-23 16:16 - 00000000 ____D C:\Users\Vule\AppData\Local\Birdjob
2017-02-23 16:16 - 2017-02-23 16:16 - 00000000 ____D C:\Program Files\Firefox
2017-02-23 16:15 - 2017-02-23 16:15 - 00000000 ____D C:\Program Files\Birdjob
2017-02-21 15:49 - 2017-02-23 16:17 - 00000000 ____D C:\Program Files\reports
2017-02-21 12:45 - 2017-02-23 16:16 - 00000211 _____ C:\Users\Public\Desktop\Google Chrome.url
2017-02-20 17:20 - 2017-02-20 17:20 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-20 17:20 - 2017-02-20 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-20 17:18 - 2017-02-20 17:18 - 00041623 _____ C:\Users\Vule\Downloads\2017_okruzno_rezultati.zip
2017-02-20 17:18 - 2017-02-20 17:18 - 00011739 _____ C:\Users\Vule\Downloads\2017_kvote.xlsx
2017-02-20 17:12 - 2017-02-20 17:12 - 00000000 ____D C:\Users\Vule\Downloads\backups
2017-02-20 17:09 - 2017-02-20 17:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Vule\Downloads\HijackThis.exe
2017-02-20 13:15 - 2017-02-21 12:47 - 00000000 ____D C:\Users\Vule\AppData\Roaming\WinSAPSvc
2017-02-20 13:15 - 2017-02-21 08:48 - 00000000 ____D C:\Users\Vule\AppData\Roaming\WinSnare
2017-02-17 08:46 - 2017-02-17 08:46 - 00000000 ____D C:\Users\Vule\AppData\Local\Standuck
2017-02-17 04:08 - 2017-02-17 04:08 - 00000000 ____D C:\Users\Vule\Documents\aMule Downloads
2017-02-15 13:16 - 2017-02-22 01:38 - 00000000 ____D C:\Users\Vule\AppData\Roaming\aMule
2017-02-15 08:23 - 2017-02-15 08:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-02-15 08:21 - 2017-02-15 08:21 - 00000000 ____D C:\Users\Pishtus\Documents\Visual Studio 2015
2017-02-13 18:54 - 2017-02-23 16:19 - 00000040 _____ C:\Program Files\settings.dat
2017-02-13 18:54 - 2017-02-23 16:17 - 00001306 _____ C:\Program Files\metadata
2017-02-13 17:42 - 2017-02-23 16:18 - 00000000 ____D C:\Users\Vule\AppData\LocalLow\Mozilla
2017-02-13 17:41 - 2017-02-13 17:41 - 00000000 ____D C:\Users\Vule\AppData\Local\Firefox
2017-02-13 17:40 - 2017-02-13 17:40 - 00000007 _____ C:\Windows\system32\1B5E.tmp
2017-02-13 17:40 - 2017-02-13 17:40 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Firefox
2017-02-13 17:40 - 2017-02-13 17:40 - 00000000 ____D C:\Users\Vule\AppData\Local\Goldass
2017-02-13 17:39 - 2017-02-23 16:33 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-02-13 17:39 - 2017-02-23 16:17 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-02-11 08:45 - 2017-02-11 08:45 - 00000000 ____D C:\Users\Pishtus\AppData\Roaming\ATI
2017-02-11 08:45 - 2017-02-11 08:45 - 00000000 ____D C:\Users\Pishtus\AppData\Local\ATI
2017-02-11 08:44 - 2017-02-22 07:00 - 00000000 ____D C:\Users\Pishtus\AppData\Local\TSVNCache
2017-02-11 08:44 - 2017-02-22 06:58 - 00000430 __RSH C:\Users\Pishtus\ntuser.pol
2017-02-11 08:44 - 2017-02-11 08:44 - 00000000 ____D C:\Users\Pishtus\AppData\Roaming\Event Monitor
2017-02-11 01:59 - 2017-02-11 02:11 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Vupeculttusely
2017-02-11 01:59 - 2017-02-11 01:59 - 00000000 ____D C:\Users\Vule\AppData\Local\Anopert
2017-02-09 01:50 - 2017-02-09 01:50 - 00000000 ____D C:\Users\Vule\AppData\Local\ESET
2017-02-09 00:56 - 2017-02-09 00:58 - 00000484 _____ C:\Users\Vule\Downloads\Enable_Volume_Notification_Icon.reg
2017-02-09 00:55 - 2017-02-09 00:55 - 00000430 __RSH C:\Users\Vule\ntuser.pol
2017-02-08 22:59 - 2017-02-08 23:01 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Vule\Downloads\esetonlinescanner_enu.exe
2017-02-07 21:16 - 2017-02-07 21:16 - 00000000 ____D C:\Users\Vule\AppData\Roaming\AC3Filter
2017-02-07 15:20 - 2017-02-07 15:20 - 00000000 ____D C:\Users\Vule\AppData\Local\AdvinstAnalytics
2017-02-07 13:40 - 2017-02-07 15:48 - 00000000 ____D C:\ProgramData\Microleaves
2017-02-07 13:37 - 2017-02-07 13:38 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Microleaves
2017-02-07 13:37 - 2017-02-07 13:37 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Softlink
2017-02-07 13:37 - 2017-02-07 13:37 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-07 13:37 - 2017-02-07 13:37 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-06 06:20 - 2017-02-06 06:20 - 00148914 _____ C:\Users\Vule\Downloads\7C921C0AC5D968F61D876C308B39838FB5215588.torrent
2017-02-02 03:58 - 2017-02-02 03:59 - 01061357 _____ C:\Users\Vule\Downloads\2015-eng.pdf
2017-01-31 22:02 - 2017-01-31 22:02 - 00000000 ____D C:\Users\Pishtus\AppData\Roaming\PlaysTV
2017-01-31 22:01 - 2017-02-11 08:48 - 00000000 ____D C:\Users\Pishtus\AppData\Roaming\Raptr
2017-01-29 23:18 - 2017-02-08 02:59 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Might & Magic Heroes VI
2017-01-29 23:18 - 2017-01-30 01:05 - 00000000 ____D C:\Users\Vule\AppData\Local\Ubisoft Game Launcher
2017-01-29 23:18 - 2017-01-29 23:33 - 00000000 ____D C:\Users\Vule\Documents\Might & Magic Heroes VI
2017-01-29 21:47 - 2017-01-29 21:47 - 00000000 ____D C:\Users\Vule\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.8.ALL.SKIDROW.NODVD
2017-01-29 21:39 - 2017-01-29 21:40 - 11521911 _____ C:\Users\Vule\Downloads\HEROES.OF.MIGHT.AND.MAGIC.6.V1.8.ALL.SKIDROW.NODVD.ZIP
2017-01-26 01:14 - 2017-01-26 01:14 - 00011233 _____ C:\Users\Vule\Downloads\55-Rez_A2a_pism_jan_2017 (1).xlsx
2017-01-26 01:13 - 2017-01-26 01:13 - 00011233 _____ C:\Users\Vule\Downloads\55-Rez_A2a_pism_jan_2017.xlsx
2017-01-25 21:23 - 2017-01-25 21:25 - 00372736 _____ C:\Users\Vule\Documents\Database3.accdb
2017-01-25 20:13 - 2017-01-25 20:13 - 03014656 _____ C:\Users\Vule\Downloads\zaKontrolni.mdb
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-23 16:30 - 2012-01-20 00:05 - 00002498 _____ C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-23 16:30 - 2012-01-19 19:58 - 00001118 _____ C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-23 06:25 - 2016-01-27 03:03 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 06:24 - 2009-07-14 05:34 - 00016912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-23 06:24 - 2009-07-14 05:34 - 00016912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-23 06:18 - 2016-01-27 03:03 - 135086848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 06:14 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-22 08:32 - 2012-11-04 20:16 - 00000000 ____D C:\Users\Vule\AppData\Local\TSVNCache
2017-02-22 06:58 - 2016-11-21 19:49 - 00000000 ____D C:\Users\Pishtus
2017-02-22 06:58 - 2012-02-22 21:33 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-22 02:00 - 2012-12-07 19:08 - 00000000 ____D C:\Users\Vule\AppData\Local\ElevatedDiagnostics
2017-02-22 01:33 - 2014-05-28 18:13 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-21 23:24 - 2012-10-21 20:07 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Skype
2017-02-21 21:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-02-21 18:48 - 2014-02-09 14:18 - 00000000 ____D C:\Users\Vule\AppData\Roaming\TS3Client
2017-02-21 18:48 - 2012-08-15 21:19 - 00000000 ____D C:\Users\Vule\AppData\Roaming\BitTorrent
2017-02-21 18:48 - 2012-02-25 08:30 - 00000000 ____D C:\Users\Vule\AppData\Roaming\DAEMON Tools Lite
2017-02-21 18:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\ModemLogs
2017-02-21 18:46 - 2014-06-06 08:26 - 00000000 ____D C:\Users\Vule\AppData\Local\CrashDumps
2017-02-21 18:46 - 2014-01-27 20:15 - 00000000 ____D C:\Windows\Minidump
2017-02-18 09:13 - 2012-08-17 20:02 - 00000000 ____D C:\Windows\Sun
2017-02-17 08:46 - 2012-10-13 16:30 - 00000000 ____D C:\ProgramData\Apple
2017-02-15 09:07 - 2012-11-11 09:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\TSVNCache
2017-02-15 08:36 - 2016-11-21 19:51 - 00000000 ____D C:\Users\Pishtus\AppData\Local\CrashDumps
2017-02-15 08:26 - 2012-08-13 00:52 - 00126480 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-15 07:58 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\Services
2017-02-13 20:53 - 2015-04-25 13:12 - 00000000 ____D C:\Users\Vule\AppData\Local\ApplicationHistory
2017-02-13 17:40 - 2016-03-04 12:05 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2017-02-12 21:07 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-02-12 21:06 - 2016-11-21 20:43 - 00000000 ____D C:\Users\Pishtus\AppData\Local\ApplicationHistory
2017-02-12 20:21 - 2016-11-21 19:49 - 00000000 ____D C:\Users\Pishtus\AppData\Local\Google
2017-02-11 10:56 - 2014-06-05 17:34 - 00000000 ____D C:\Program Files\DriverToolkit
2017-02-11 09:06 - 2013-05-05 22:04 - 00000000 ____D C:\Program Files\Google
2017-02-11 08:45 - 2016-11-21 19:50 - 00126480 _____ C:\Users\Pishtus\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-11 02:04 - 2012-11-07 16:29 - 00000000 ____D C:\Windows\pss
2017-02-11 01:58 - 2014-05-04 20:14 - 00003340 __RSH C:\ProgramData\ntuser.pol
2017-02-11 01:58 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-09 19:15 - 2014-05-28 11:56 - 00000000 ____D C:\Temp
2017-02-09 19:02 - 2016-03-05 10:20 - 00000000 ____D C:\ProgramData\Google
2017-02-09 19:02 - 2012-01-20 00:04 - 00000000 ____D C:\Users\Vule\AppData\Local\Google
2017-02-09 15:54 - 2015-12-05 19:51 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Raptr
2017-02-09 00:55 - 2012-01-19 19:57 - 00000000 ____D C:\Users\Vule
2017-02-07 15:27 - 2015-11-25 18:17 - 00000000 ___RD C:\Users\Vule\Dropbox
2017-02-07 13:39 - 2016-11-21 19:49 - 00001082 _____ C:\Users\Pishtus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-07 13:39 - 2013-03-19 00:41 - 00001082 _____ C:\Users\Vule1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-07 13:39 - 2012-08-13 00:52 - 00001082 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-06 16:16 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-02-06 08:35 - 2016-06-27 00:26 - 03686522 ____H C:\Users\Vule\AppData\Local\IconCache.db.backup
2017-02-05 17:16 - 2012-01-19 20:01 - 00899186 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-01 15:18 - 2013-04-04 22:27 - 00000000 ____D C:\Users\Vule\Desktop\prezentacija
2017-01-29 23:06 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-29 23:04 - 2014-06-06 08:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-01-29 22:58 - 2012-05-08 11:49 - 00000000 ____D C:\Program Files\Ubisoft
2017-01-25 06:51 - 2009-07-14 08:27 - 00000000 ____D C:\Windows\CSC
2017-01-24 19:48 - 2016-11-24 19:34 - 00000000 __SHD C:\Users\Vule\AppData\Roaming\Xl5jVVxcVWIx
2017-01-24 19:48 - 2016-02-22 23:20 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Carambis
 
==================== Files in the root of some directories =======
 
2012-08-14 18:29 - 2006-10-09 11:06 - 0546304 _____ () C:\Program Files\fy_snow.bsp
2017-02-13 18:54 - 2017-02-23 16:17 - 0001306 _____ () C:\Program Files\metadata
2012-08-13 01:03 - 2006-04-17 18:11 - 1241822 _____ (Will Day <willday@metamod.org>) C:\Program Files\metamod.dll
2017-02-13 18:54 - 2017-02-23 16:19 - 0000040 _____ () C:\Program Files\settings.dat
2015-01-04 21:29 - 2015-01-04 21:29 - 0000044 _____ () C:\Users\Vule\AppData\Roaming\twow_sysprepdt.dat
2012-12-09 14:15 - 2016-12-15 07:32 - 0009728 _____ () C:\Users\Vule\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-11 21:37 - 2012-11-11 21:37 - 0004096 ____H () C:\Users\Vule\AppData\Local\keyfile3.drm
2015-06-19 21:10 - 2015-06-19 21:10 - 0007602 _____ () C:\Users\Vule\AppData\Local\Resmon.ResmonCfg
2016-02-22 23:21 - 2016-02-22 23:21 - 0000016 _____ () C:\ProgramData\mntemp
2016-02-22 23:21 - 2016-02-22 23:21 - 0004927 _____ () C:\ProgramData\mtbjfghn.xbe
 
Files to move or delete:
====================
C:\Users\Vule\xobglu16.dll
 
 
Some files in TEMP:
====================
2015-12-11 12:01 - 2015-12-11 12:01 - 0071168 _____ () C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5uogiv.dll
2014-07-11 22:12 - 2014-07-11 22:12 - 0918952 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
2014-07-28 06:15 - 2014-07-28 06:15 - 0918440 _____ (Oracle Corporation) C:\Users\Administrator\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2017-02-07 15:19 - 2016-11-26 06:52 - 0101088 _____ () C:\Users\Vule\AppData\Local\Temp\DriverInstall.exe
2017-02-07 15:19 - 2016-11-26 06:52 - 0115936 _____ () C:\Users\Vule\AppData\Local\Temp\DriverInstall_X64.exe
2017-02-07 15:19 - 2016-11-26 06:52 - 0112352 _____ () C:\Users\Vule\AppData\Local\Temp\DriverTool.dll
2017-02-07 15:19 - 2016-11-26 06:52 - 0162832 _____ (深圳市猫哈网络科技发展有限公司) C:\Users\Vule\AppData\Local\Temp\maohasubstat.dll
2017-02-11 01:58 - 2017-02-11 01:58 - 1114112 _____ (Moni) C:\Users\Vule\AppData\Local\Temp\Setup.exe
2017-02-10 00:20 - 2017-02-10 00:20 - 44049880 _____ (Skype Technologies S.A.) C:\Users\Vule\AppData\Local\Temp\SkypeSetup.exe
2017-02-07 15:19 - 2016-11-26 06:52 - 0797216 _____ (深圳市猫哈网络科技发展有限公司) C:\Users\Vule\AppData\Local\Temp\softconfig.dll
2017-02-07 15:19 - 2016-11-26 06:55 - 0598560 _____ () C:\Users\Vule\AppData\Local\Temp\uninstall.dll
2017-02-11 01:58 - 2017-02-11 01:58 - 2152198 _____ () C:\Users\Vule\AppData\Local\Temp\yt.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-22 00:29
 
==================== End of FRST.txt ============================

Thanks in advance

Attached Files


Edited by kingW3, 23 February 2017 - 11:22 AM.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 PM

Posted 23 February 2017 - 02:01 PM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Did you set a ProxyServer: [.DEFAULT] => 185.115.127.19:80

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 kingW3

kingW3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 23 February 2017 - 03:22 PM

Hi Jo,not quite sure about the proxy,if it's inactive then most likely I've set it up though I won't be using it again.If it's active then it's not my as I have no proxies.I couldn't run Malwarebytes Anti-Rootkit as it gave me a error "The system volume seems inaccessible or encrypted. Scan can't continue.".Here are the results of the Security check and AdwCleaner

 
Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Microsoft VisualStudio JavaScript Project System 
 Java 7 Update 75  
 Java 8 Update 31  
 Java 8 Update 51  
 Java SE Development Kit 7 Update 75 
 Microsoft VisualStudio JavaScript Language Service 
 Java version 32-bit out of Date! 
  Adobe Flash Player  17.0.0.169 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox 40.0.3 Firefox out of Date!  
 Google Chrome (56.0.2924.87) 
 Google Chrome (SetupMetrics...) 
 Google Chrome ???? ????.lnk.. Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 
?

 

# AdwCleaner v6.043 - Logfile created 23/02/2017 at 21:17:35
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-23.4 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X86)
# Username : Vule - KVAN
# Running from : C:\Users\Vule\Downloads\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  FirefoxU
Service Found:  WinSAPSvc
Service Found:  Archer
Service Found:  ed2kidle
Service Found:  iThemes5
Service Found:  WinSnare
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Vule\AppData\Local\DriverToolkit
Folder Found:  C:\Users\Vule\AppData\Local\PackageAware
Folder Found:  C:\Users\Vule\AppData\LocalLow\Mp3Tube Toolbar
Folder Found:  C:\Users\Vule\AppData\Roaming\Babylon
Folder Found:  C:\Users\Vule\AppData\Roaming\Softlink
Folder Found:  C:\Users\Vule\AppData\Roaming\WinSAPSvc
Folder Found:  C:\Users\Vule\AppData\Roaming\Microleaves
Folder Found:  C:\Users\Vule\AppData\Roaming\winsapsvc
Folder Found:  C:\Users\Vule\AppData\Roaming\aMule
Folder Found:  C:\Users\Vule\AppData\Roaming\WinSnare
Folder Found:  C:\Users\Pishtus\AppData\Roaming\Event Monitor
Folder Found:  C:\ProgramData\Babylon
Folder Found:  C:\ProgramData\Microleaves
Folder Found:  C:\ProgramData\Application Data\Babylon
Folder Found:  C:\ProgramData\Application Data\Microleaves
Folder Found:  C:\Program Files\Conduit
Folder Found:  C:\Program Files\DriverToolkit
Folder Found:  C:\Program Files\SiteLookup
Folder Found:  C:\Program Files\Firefox
Folder Found:  C:\Users\Vule\AppData\Roaming\WinSnare
Folder Found:  C:\Program Files\reports
 
 
***** [ Files ] *****
 
File Found:  C:\END
File Found:  C:\Program Files\Common Files\SERVICES\ITHEMES.DLL
File Found:  C:\Program Files\settings.dat
File Found:  C:\Users\Public\Documents\temp.dat
File Found:  C:\Users\Public\Documents\report.dat
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
Key Found:  : \root\subscription\\ActiveScriptEventConsumer [ASEC]
 
 
***** [ Shortcuts ] *****
 
Shortcut infected:  C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://qtipr.com/ )
Shortcut infected:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://qtipr.com/ )
Shortcut infected:  C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk (  --load-extension="C:\Users\Vule\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/ )
Shortcut infected:  C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://qtipr.com/ )
Shortcut infected:  C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://qtipr.com/ )
Shortcut infected:  C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://qtipr.com/ )
Shortcut infected:  C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk (  --load-extension="C:\Users\Vule\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp:/
Shortcut infected:  C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk ( hxxp://qtipr.com/ )
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BasicScan Service
Key Found:  HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\IHProtect Service
Key Found:  HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WindowsMangerProtect
Key Found:  HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ihpmServer
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
Key Found:  HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
Key Found:  HKLM\SOFTWARE\Classes\EncWCBar.WCToolbar
Key Found:  HKLM\SOFTWARE\Classes\EncWCBar.WCToolbar.1
Key Found:  HKLM\SOFTWARE\Classes\Prod.cap
Key Found:  HKLM\SOFTWARE\Classes\SecureShellFile
Key Found:  HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
Key Found:  HKU\.DEFAULT\Software\jhdbca
Key Found:  HKU\.DEFAULT\Software\UpgSvr
Key Found:  HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Conduit
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\DriverToolkit
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Installer
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Softonic
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\PC
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\SprgFiles
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\AutoTime
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Event Monitor
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\SNDA
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\dlr
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\PopWnd
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\UpgSvr
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\AppDataLow\Toolbar
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\AppDataLow\Software\BackgroundContainer
Key Found:  HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\AppDataLow\Software\Mp3Tube
Key Found:  HKU\S-1-5-18\Software\jhdbca
Key Found:  HKU\S-1-5-18\Software\UpgSvr
Key Found:  HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Key Found:  HKCU\Software\Conduit
Key Found:  HKCU\Software\DriverToolkit
Key Found:  HKCU\Software\Installer
Key Found:  HKCU\Software\Softonic
Key Found:  HKCU\Software\PC
Key Found:  HKCU\Software\SprgFiles
Key Found:  HKCU\Software\AutoTime
Key Found:  HKCU\Software\Event Monitor
Key Found:  HKCU\Software\SNDA
Key Found:  HKCU\Software\dlr
Key Found:  HKCU\Software\PopWnd
Key Found:  HKCU\Software\UpgSvr
Key Found:  HKCU\Software\AppDataLow\Toolbar
Key Found:  HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found:  HKCU\Software\AppDataLow\Software\Mp3Tube
Key Found:  HKLM\SOFTWARE\Conduit
Key Found:  HKLM\SOFTWARE\Jawego
Key Found:  HKLM\SOFTWARE\Reimage
Key Found:  HKLM\SOFTWARE\SiteFinder
Key Found:  HKLM\SOFTWARE\PC
Key Found:  HKLM\SOFTWARE\SprgFiles
Key Found:  HKLM\SOFTWARE\Event Monitor
Key Found:  HKLM\SOFTWARE\ScreenShot
Key Found:  HKLM\SOFTWARE\jhdbca
Key Found:  HKLM\SOFTWARE\WinArcher
Key Found:  HKLM\SOFTWARE\Microleaves
Key Found:  HKLM\SOFTWARE\InterSect Alliance
Key Found:  HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [KuaiZip Shell Extension]
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj
Key Found:  HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
Key Found:  HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
Key Found:  HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
Value Found:  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSnare]
Value Found:  HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [9846 Bytes] - [23/02/2017 21:17:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9919 Bytes] ##########


#4 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 PM

Posted 23 February 2017 - 03:57 PM

Hello,

:step1: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step2: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step3: How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 kingW3

kingW3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 24 February 2017 - 02:34 PM

Sorry for taking so long to replay,here are the logs

# AdwCleaner v6.043 - Logfile created 23/02/2017 at 22:30:29

# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-23.4 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X86)
# Username : Vule - KVAN
# Running from : C:\Users\Vule\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: FirefoxU
[-] Service deleted: WinSAPSvc
[-] Service deleted: Archer
[-] Service deleted: ed2kidle
[-] Service deleted: iThemes5
[-] Service deleted: WinSnare
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Vule\AppData\Local\DriverToolkit
[-] Folder deleted: C:\Users\Vule\AppData\Local\PackageAware
[-] Folder deleted: C:\Users\Vule\AppData\LocalLow\Mp3Tube Toolbar
[-] Folder deleted: C:\Users\Vule\AppData\Roaming\Babylon
[-] Folder deleted: C:\Users\Vule\AppData\Roaming\Softlink
[-] Folder deleted: C:\Users\Vule\AppData\Roaming\WinSAPSvc
[-] Folder deleted: C:\Users\Vule\AppData\Roaming\Microleaves
[#] Folder deleted on reboot: C:\Users\Vule\AppData\Roaming\winsapsvc
[-] Folder deleted: C:\Users\Vule\AppData\Roaming\aMule
[-] Folder deleted: C:\Users\Vule\AppData\Roaming\WinSnare
[-] Folder deleted: C:\Users\Pishtus\AppData\Roaming\Event Monitor
[-] Folder deleted: C:\ProgramData\Babylon
[-] Folder deleted: C:\ProgramData\Microleaves
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Babylon
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Microleaves
[-] Folder deleted: C:\Program Files\Conduit
[-] Folder deleted: C:\Program Files\DriverToolkit
[-] Folder deleted: C:\Program Files\SiteLookup
[-] Folder deleted: C:\Program Files\Firefox
[#] Folder deleted on reboot: C:\Users\Vule\AppData\Roaming\WinSnare
[-] Folder deleted: C:\Program Files\reports
 
 
***** [ Files ] *****
 
[-] File deleted: C:\END
[-] File deleted: C:\Program Files\Common Files\SERVICES\ITHEMES.DLL
[-] File deleted: C:\Program Files\settings.dat
[-] File deleted: C:\Users\Public\Documents\temp.dat
[-] File deleted: C:\Users\Public\Documents\report.dat
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BasicScan Service
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\IHProtect Service
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WindowsMangerProtect
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ihpmServer
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Key deleted: HKLM\SOFTWARE\Classes\EncWCBar.WCToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\EncWCBar.WCToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: HKLM\SOFTWARE\Classes\SecureShellFile
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BF8946CD-EEBE-436B-8282-B19A021C9EFE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{38DD0B4A-E4E0-4A57-99EE-DCCB185B4728}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Key deleted: HKU\.DEFAULT\Software\jhdbca
[-] Key deleted: HKU\.DEFAULT\Software\UpgSvr
[-] Key deleted: HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\DriverToolkit
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Installer
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Softonic
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\PC
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\SprgFiles
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\AutoTime
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Event Monitor
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\SNDA
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\dlr
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\PopWnd
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\UpgSvr
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\AppDataLow\Toolbar
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\AppDataLow\Software\BackgroundContainer
[-] Key deleted: HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\AppDataLow\Software\Mp3Tube
[#] Key deleted on reboot: HKU\S-1-5-18\Software\jhdbca
[#] Key deleted on reboot: HKU\S-1-5-18\Software\UpgSvr
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\DriverToolkit
[#] Key deleted on reboot: HKCU\Software\Installer
[#] Key deleted on reboot: HKCU\Software\Softonic
[#] Key deleted on reboot: HKCU\Software\PC
[#] Key deleted on reboot: HKCU\Software\SprgFiles
[#] Key deleted on reboot: HKCU\Software\AutoTime
[#] Key deleted on reboot: HKCU\Software\Event Monitor
[#] Key deleted on reboot: HKCU\Software\SNDA
[#] Key deleted on reboot: HKCU\Software\dlr
[#] Key deleted on reboot: HKCU\Software\PopWnd
[#] Key deleted on reboot: HKCU\Software\UpgSvr
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Toolbar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\BackgroundContainer
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Mp3Tube
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\Jawego
[-] Key deleted: HKLM\SOFTWARE\Reimage
[-] Key deleted: HKLM\SOFTWARE\SiteFinder
[-] Key deleted: HKLM\SOFTWARE\PC
[-] Key deleted: HKLM\SOFTWARE\SprgFiles
[-] Key deleted: HKLM\SOFTWARE\Event Monitor
[-] Key deleted: HKLM\SOFTWARE\ScreenShot
[-] Key deleted: HKLM\SOFTWARE\jhdbca
[-] Key deleted: HKLM\SOFTWARE\WinArcher
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKLM\SOFTWARE\InterSect Alliance
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [KuaiZip Shell Extension]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj
[-] Key deleted: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSnare]
[-] Value deleted: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [9782 Bytes] - [23/02/2017 22:30:29]
C:\AdwCleaner\AdwCleaner[S0].txt - [9998 Bytes] - [23/02/2017 21:17:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [9451 Bytes] - [23/02/2017 22:29:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10001 Bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x86 
Ran by Vule (Administrator) on cet 23.02.2017 at 22:33:56,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 44 
 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\Users\Vule\AppData\Roaming\new version available (Folder) 
Successfully deleted: C:\Users\Vule\Documents\add-in express (Folder) 
Successfully deleted: C:\Windows\System32\ai_recyclebin (Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RF1Q93F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1U9P5PP0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3F0ZTEDR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GN0SQ3M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6N9FS4V3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZK94M0J (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D0VKW8E (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95O0BXE0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4TYSLBS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWQSUG5V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZWU94SQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1VAXJAF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7LKEKJH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKY9J67T (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IC4O463E (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBUP6O1V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O6XD7NYL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHSEWCY7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY4RG3YI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Vule\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAE219FN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1RF1Q93F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1U9P5PP0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3F0ZTEDR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GN0SQ3M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6N9FS4V3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZK94M0J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D0VKW8E (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95O0BXE0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4TYSLBS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWQSUG5V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZWU94SQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E1VAXJAF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7LKEKJH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKY9J67T (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IC4O463E (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBUP6O1V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O6XD7NYL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHSEWCY7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UY4RG3YI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XAE219FN (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on cet 23.02.2017 at 22:42:33,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The computer seems okay,I'm concerned cause I saw the same file which was deleted created again C:\Program Files\settings.dat not sure if it's supposed to be there.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 PM

Posted 24 February 2017 - 03:01 PM

Hello,
 

***


Copy FRST / FSRT64.exe to your desktop!

Log on to all your Windows user accounts now - without restarting !

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt



	
Start	
CreateRestorePoint:	
CloseProcesses:	
ShellExecuteHooks: No Name - {E7869040-ECD1-11E6-AD72-64006A5CFC23} - C:\Users\Vule\AppData\Roaming\Vupeculttusely\Druresyclcdom.dll -> No File	
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File	
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File	
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION	
ProxyServer: [.DEFAULT] => 185.115.127.19:80	
RemoveProxy:	
ProxyServer: [S-1-5-21-14341686-2959951868-204901888-1000] => 185.115.127.19:80	
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION	
HKU\S-1-5-21-14341686-2959951868-204901888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION	
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q&q={searchTerms}	
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q&q={searchTerms}	
SearchScopes: HKU\S-1-5-21-14341686-2959951868-204901888-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q&q={searchTerms}	
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090 -> trotux	
FF DefaultSearchEngine: Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090 -> trotux	
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]	
S4 iThemes5; C:\Program Files\Common Files\Services\iThemes.dll [459264 2017-02-13]  <==== ATTENTION	
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [DependOnService: ]<==== ATTENTION	
R2 WinSAPSvc; C:\Users\Vule\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-02-21] (TODO: <Company name>) 	
S2 Archer; C:\Program Files\WinArcher\Archer.dll [X]	
S2 bilibili; C:\Program Files\bilibili\bilibili.dll [X]	
S2 ed2kidle; "C:\Program Files\amuleCe\ed2k.exe" -downloadwhenidle [X]	
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]	
S3 catchme; \??\C:\Users\Vule\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION	
S3 catchme; C:\Users\Vule\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION	
S3 EverestDriver; \??\G:\Everest\kerneld.wnt [X]	
2017-02-20 13:15 - 2017-02-21 12:47 - 00000000 ____D C:\Users\Vule\AppData\Roaming\WinSAPSvc	
Folder: C:\Users\UserName\AppData\Roaming\Xl5jVVxcVWIx	
C:\Users\Vule\xobglu16.dll	
HKU\S-1-5-21-14341686-2959951868-204901888-1000\...\ChromeHTML: -> C:\Program Files\Birdjob\Application\chrome.exe (Google Inc.) <==== ATTENTION	
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File	
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File	
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION	
Shortcut: C:\Users\Vule\AppData\Local\Google\Chrome\Application\Гугл Хром.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic	
Shortcut: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Гугл Хром.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic	
Shortcut: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Интернет Експлорер.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic	
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/	
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/	
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/	
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/	
AlternateDataStreams: C:\Temp:list3 [2449]	
AlternateDataStreams: C:\Temp:pid1 [10]	
AlternateDataStreams: C:\Temp:pid2 [10]	
AlternateDataStreams: C:\Temp:rnd.dat [10]	
AlternateDataStreams: C:\ProgramData\TEMP:D163F419 [146]	
MSCONFIG\startupfolder: C:^Users^Vule^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^winsvc.vbs => C:\Windows\pss\winsvc.vbs.Startup	
EmptyTemp:	
End	



NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Chrome Software Cleaner


---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 kingW3

kingW3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 25 February 2017 - 09:10 AM

Chrom software cleaner found No programs,here's the log
 

Fix result of Farbar Recovery Scan Tool (x86) Version: 25-02-2017
Ran by Vule (25-02-2017 14:53:44) Run:1
Running from C:\Users\Vule\Desktop
Loaded Profiles: Vule & Vule1 & Pishtus & Administrator (Available Profiles: Vule & Vule1 & Pishtus & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ShellExecuteHooks: No Name - {E7869040-ECD1-11E6-AD72-64006A5CFC23} - C:\Users\Vule\AppData\Roaming\Vupeculttusely\Druresyclcdom.dll -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => 185.115.127.19:80
RemoveProxy:
ProxyServer: [S-1-5-21-14341686-2959951868-204901888-1000] => 185.115.127.19:80
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-14341686-2959951868-204901888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q&q={searchTerms}
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q&q={searchTerms}
SearchScopes: HKU\S-1-5-21-14341686-2959951868-204901888-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q&q={searchTerms}
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090 -> trotux
FF DefaultSearchEngine: Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090 -> trotux
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
S4 iThemes5; C:\Program Files\Common Files\Services\iThemes.dll [459264 2017-02-13]  <==== ATTENTION
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [DependOnService: ]<==== ATTENTION
R2 WinSAPSvc; C:\Users\Vule\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-02-21] (TODO: <Company name>)
S2 Archer; C:\Program Files\WinArcher\Archer.dll [X]
S2 bilibili; C:\Program Files\bilibili\bilibili.dll [X]
S2 ed2kidle; "C:\Program Files\amuleCe\ed2k.exe" -downloadwhenidle [X]
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 catchme; \??\C:\Users\Vule\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 catchme; C:\Users\Vule\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
S3 EverestDriver; \??\G:\Everest\kerneld.wnt [X]
2017-02-20 13:15 - 2017-02-21 12:47 - 00000000 ____D C:\Users\Vule\AppData\Roaming\WinSAPSvc
Folder: C:\Users\UserName\AppData\Roaming\Xl5jVVxcVWIx
C:\Users\Vule\xobglu16.dll
HKU\S-1-5-21-14341686-2959951868-204901888-1000\...\ChromeHTML: -> C:\Program Files\Birdjob\Application\chrome.exe (Google Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
Shortcut: C:\Users\Vule\AppData\Local\Google\Chrome\Application\???? ????.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\???? ????.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\???????? ?????????.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
AlternateDataStreams: C:\Temp:list3 [2449]
AlternateDataStreams: C:\Temp:pid1 [10]
AlternateDataStreams: C:\Temp:pid2 [10]
AlternateDataStreams: C:\Temp:rnd.dat [10]
AlternateDataStreams: C:\ProgramData\TEMP:D163F419 [146]
MSCONFIG\startupfolder: C:^Users^Vule^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^winsvc.vbs => C:\Windows\pss\winsvc.vbs.Startup
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{E7869040-ECD1-11E6-AD72-64006A5CFC23} => value removed successfully.
HKCR\CLSID\{E7869040-ECD1-11E6-AD72-64006A5CFC23} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay => key removed successfully.
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj => key not found. 
HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"C:\Windows\system32\GroupPolicy\User" => not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
 
 
========= End of RemoveProxy: =========
 
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-14341686-2959951868-204901888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-14341686-2959951868-204901888-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
Firefox DefaultSearchEngine removed successfully.
Firefox DefaultSearchEngine removed successfully.
HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0 => key removed successfully.
iThemes5 => service not found.
HKLM\System\CurrentControlSet\Services\Themes\\DependOnService => value not found.
WinSAPSvc => service not found.
Archer => service not found.
HKLM\System\CurrentControlSet\Services\bilibili => key removed successfully.
bilibili => service removed successfully.
ed2kidle => service not found.
HKLM\System\CurrentControlSet\Services\amdiox86 => key removed successfully.
amdiox86 => service removed successfully.
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully.
catchme => service removed successfully.
catchme => service not found.
HKLM\System\CurrentControlSet\Services\EverestDriver => key removed successfully.
EverestDriver => service removed successfully.
"C:\Users\Vule\AppData\Roaming\WinSAPSvc" => not found.
 
========================= Folder: C:\Users\UserName\AppData\Roaming\Xl5jVVxcVWIx ========================
 
not found.
 
====== End of Folder: ======
 
C:\Users\Vule\xobglu16.dll => moved successfully
HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\ChromeHTML => key removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully.
HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully.
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully.
"C:\Users\Vule\AppData\Local\Google\Chrome\Application\???? ????.lnk" => Could not move.
"C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\???? ????.lnk" => Could not move.
"C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\???????? ?????????.lnk" => Could not move.
C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => not found.
C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully..
C:\Users\Public\Desktop\Mozilla Firefox.lnk => not found.
C:\Temp => ":list3" ADS removed successfully..
C:\Temp => ":pid1" ADS removed successfully..
C:\Temp => ":pid2" ADS removed successfully..
C:\Temp => ":rnd.dat" ADS removed successfully..
C:\ProgramData\TEMP => ":D163F419" ADS removed successfully..
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Vule^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^winsvc.vbs => key removed successfully.
C:\Windows\pss\winsvc.vbs.Startup => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11321228 B
Java, Flash, Steam htmlcache => 245800724 B
Windows/system/drivers => 1378801545 B
Edge => 0 B
Chrome => 530192367 B
Firefox => 46436471 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33060369 B
LocalService => 132244 B
NetworkService => 67476 B
Vule => 642271443 B
Vule1 => 496875 B
Pishtus => 137764427 B
Administrator => 145364463 B
 
RecycleBin => 3259 B
EmptyTemp: => 3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:57:36 ====


#8 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 PM

Posted 25 February 2017 - 09:33 AM

Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs



***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***


How the pc is running now?
 

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 kingW3

kingW3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 25 February 2017 - 11:33 AM

The computer seems to be running fine.
 

ComboFix 17-02-24.01 - Vule 25.02.2017  16:36:26.2.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3059.2095 [GMT 1:00]
Running from: c:\users\Vule\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinPCap
.
.
(((((((((((((((((((((((((   Files Created from 2017-01-25 to 2017-02-25  )))))))))))))))))))))))))))))))
.
.
2017-02-25 15:53 . 2017-02-25 15:53 -------- d-----w- c:\users\Vule1\AppData\Local\temp
2017-02-25 15:53 . 2017-02-25 15:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-02-25 15:53 . 2017-02-25 15:53 -------- d-----w- c:\users\Pishtus\AppData\Local\temp
2017-02-25 15:53 . 2017-02-25 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-02-25 15:53 . 2017-02-25 15:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2017-02-24 14:11 . 2017-02-10 00:04 9992952 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6F4DFD9-828F-4B57-B45C-17E70C3FAD8C}\mpengine.dll
2017-02-23 21:32 . 2017-02-23 21:32 -------- d-----w- c:\program files\reports
2017-02-23 20:15 . 2017-02-23 21:30 -------- d-----w- C:\AdwCleaner
2017-02-23 19:44 . 2017-02-23 20:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2017-02-23 19:43 . 2017-02-23 19:43 -------- d-----w- c:\users\Vule\New folder
2017-02-23 15:32 . 2017-02-25 13:59 -------- d-----w- C:\FRST
2017-02-23 15:16 . 2017-02-23 15:16 -------- d-----w- c:\users\Vule\AppData\Local\Birdjob
2017-02-23 15:16 . 2017-02-23 15:16 7 ----a-w- c:\windows\system32\F959.tmp
2017-02-23 15:15 . 2017-02-23 15:15 -------- d-----w- c:\program files\Birdjob
2017-02-17 07:46 . 2017-02-17 07:46 -------- d-----w- c:\users\Vule\AppData\Local\Standuck
2017-02-15 07:23 . 2017-02-15 07:53 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
2017-02-13 16:41 . 2017-02-13 16:41 -------- d-----w- c:\users\Vule\AppData\Local\Firefox
2017-02-13 16:40 . 2017-02-13 16:40 -------- d-----w- c:\users\Vule\AppData\Roaming\Firefox
2017-02-13 16:40 . 2017-02-13 16:40 -------- d-----w- c:\users\Vule\AppData\Local\Goldass
2017-02-13 16:40 . 2017-02-13 16:40 7 ----a-w- c:\windows\system32\1B5E.tmp
2017-02-11 07:45 . 2017-02-11 07:45 -------- d-----w- c:\users\Pishtus\AppData\Roaming\ATI
2017-02-11 07:45 . 2017-02-11 07:45 -------- d-----w- c:\users\Pishtus\AppData\Local\ATI
2017-02-11 07:44 . 2017-02-25 13:52 -------- d-----w- c:\users\Pishtus\AppData\Local\TSVNCache
2017-02-11 00:59 . 2017-02-11 01:11 -------- d-----w- c:\users\Vule\AppData\Roaming\Vupeculttusely
2017-02-11 00:59 . 2017-02-11 00:59 -------- d-----w- c:\users\Vule\AppData\Roaming\Profiles
2017-02-11 00:59 . 2017-02-11 00:59 -------- d-----w- c:\users\Vule\AppData\Local\Anopert
2017-02-09 00:50 . 2017-02-09 00:50 -------- d-----w- c:\users\Vule\AppData\Local\ESET
2017-02-07 20:16 . 2017-02-07 20:16 -------- d-----w- c:\users\Vule\AppData\Roaming\AC3Filter
2017-02-07 14:20 . 2017-02-07 14:20 -------- d-----w- c:\users\Vule\AppData\Local\AdvinstAnalytics
2017-02-07 12:37 . 2017-02-07 12:37 -------- d-----w- c:\users\Default\AppData\Local\AdvinstAnalytics
2017-01-31 21:02 . 2017-01-31 21:02 -------- d-----w- c:\users\Pishtus\AppData\Roaming\PlaysTV
2017-01-31 21:01 . 2017-02-11 07:48 -------- d-----w- c:\users\Pishtus\AppData\Roaming\Raptr
2017-01-29 22:18 . 2017-01-30 00:05 -------- d-----w- c:\users\Vule\AppData\Local\Ubisoft Game Launcher
2017-01-29 22:18 . 2017-02-08 01:59 -------- d-----w- c:\users\Vule\AppData\Roaming\Might & Magic Heroes VI
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-23 20:10 . 2014-05-28 17:13 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-23 20:10 . 2014-05-28 17:13 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-01-19 19:23 . 2012-05-28 11:48 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-01-19 19:23 . 2012-02-22 20:33 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-01-15 02:50 . 2013-01-13 21:56 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2017-01-05 17:46 . 2017-01-15 00:37 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-01-05 17:46 . 2017-01-15 00:37 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2017-01-05 17:43 . 2017-01-15 00:37 172032 ----a-w- c:\windows\system32\wdigest.dll
2017-01-05 17:43 . 2017-01-15 00:37 99840 ----a-w- c:\windows\system32\sspicli.dll
2017-01-05 17:43 . 2017-01-15 00:37 65536 ----a-w- c:\windows\system32\TSpkg.dll
2017-01-05 17:43 . 2017-01-15 00:38 254464 ----a-w- c:\windows\system32\schannel.dll
2017-01-05 17:43 . 2017-01-15 00:37 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2017-01-05 17:43 . 2017-01-15 00:37 141312 ----a-w- c:\windows\system32\rpchttp.dll
2017-01-05 17:43 . 2017-01-15 00:37 22016 ----a-w- c:\windows\system32\secur32.dll
2017-01-05 17:43 . 2017-01-15 00:38 261120 ----a-w- c:\windows\system32\msv1_0.dll
2017-01-05 17:43 . 2017-01-15 00:37 223232 ----a-w- c:\windows\system32\ncrypt.dll
2017-01-05 17:43 . 2017-01-15 00:37 60416 ----a-w- c:\windows\system32\msobjs.dll
2017-01-05 17:43 . 2017-01-15 00:37 146432 ----a-w- c:\windows\system32\msaudite.dll
2017-01-05 17:43 . 2017-01-15 00:38 553472 ----a-w- c:\windows\system32\kerberos.dll
2017-01-05 17:43 . 2017-01-15 00:38 1062912 ----a-w- c:\windows\system32\lsasrv.dll
2017-01-05 17:43 . 2017-01-15 00:37 17408 ----a-w- c:\windows\system32\credssp.dll
2017-01-05 17:43 . 2017-01-15 00:37 82432 ----a-w- c:\windows\system32\bcrypt.dll
2017-01-05 17:42 . 2017-01-15 00:37 690688 ----a-w- c:\windows\system32\adtschema.dll
2017-01-05 17:23 . 2017-01-15 00:37 50176 ----a-w- c:\windows\system32\auditpol.exe
2017-01-05 17:19 . 2017-01-15 00:37 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2017-01-05 17:19 . 2017-01-15 00:37 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-01-05 17:19 . 2017-01-15 00:37 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-01-05 17:19 . 2017-01-15 00:37 36352 ----a-w- c:\windows\system32\cryptbase.dll
2017-01-05 17:19 . 2017-01-15 00:37 22016 ----a-w- c:\windows\system32\lsass.exe
2017-01-05 17:19 . 2017-01-15 00:37 15872 ----a-w- c:\windows\system32\sspisrv.dll
2016-12-31 19:18 . 2016-12-31 19:18 26328 ----a-w- c:\windows\system32\drivers\ggsomc.sys
2016-12-31 19:18 . 2016-12-31 19:18 13528 ----a-w- c:\windows\system32\drivers\ggflt.sys
2006-04-17 17:11 . 2012-08-13 00:03 1241822 ----a-w- c:\program files\metamod.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2016-11-22 . 863BDA6195D0C61F0AC83F42EB1902E1 . 523776 . . [6.1.7601.17514] . . c:\windows\System32\termsrv.dll
[7] 2014-10-14 . FCFD4F50419B4BC72E80066DA10D2E54 . 523776 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_9093f7d7b293cb1c\termsrv.dll
[7] 2014-10-14 . DD01319264B6D19E379BDD079A27DA91 . 526848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_910ec574cbbd1ea2\termsrv.dll
[7] 2014-07-17 . E05E31F7BF577228E27CFFCA5B54ABBD . 523264 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_908223ffb2a23885\termsrv.dll
[7] 2014-07-16 . 278F31DD3BFDE48F2E1FFF882FBD24B5 . 525824 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_9100f2c4cbc7f167\termsrv.dll
[7] 2010-11-20 . 382C804C92811BE57829D8E550A900E2 . 521216 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
[7] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\erdnt\cache\termsrv.dll
[7] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2016-11-30 15:59 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2016-11-30 15:59 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2016-11-30 15:59 575448 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-11-15 14:23 1743664 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-11-15 14:23 1743664 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-11-15 14:23 1743664 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"E06AXLRD_3740513"="c:\program files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" [2005-06-03 301776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2010-01-11 226784]
"StartCCC"="c:\program files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe" [2015-08-04 748744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodeMeter Control Center.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
backup=c:\windows\pss\CodeMeter Control Center.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 13.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 13.lnk
backup=c:\windows\pss\Snagit 13.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Vule^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA]
1 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
start AMD Accelerated Video Transcoding device initialization [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2016-12-19 21:38 1160408 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameTracker]
2011-11-09 23:49 4018448 ----a-w- c:\program files\GameTracker\GTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2016-12-16 22:09 601752 ----atw- c:\users\Vule\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
2016-09-28 22:07 58584 ----a-w- c:\progra~1\RAPTRI~1\Raptr\raptrstub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2016-12-20 18:35 27262432 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2017-01-19 01:30 2881824 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-06-08 17:08 334896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XperiaCompanionAgent]
2016-12-22 15:51 2088832 ----a-w- c:\program files\Sony\Xperia Companion\XperiaCompanionAgent.exe
.
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2016-12-31 13528]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys [2016-12-31 26328]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV32.sys [2009-10-27 105984]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-11-12 102912]
R3 MySQL56;MySQL56;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld.exe [2015-09-18 11063808]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2012-03-26 18432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2015-07-06 45800]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2015-08-04 214528]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2015-08-03 276992]
R4 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912]
R4 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [2011-11-09 1677072]
R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2014-04-08 137528]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 PlaysService;Plays.tv Update Service (PlaysService);c:\program files\Raptr Inc\PlaysTV\plays_service.exe [2016-12-23 55056]
R4 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-09-20 324224]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2015-04-03 380064]
R4 TechSmith Uploader Service;TechSmith Uploader Service;c:\program files\Common Files\TechSmith Shared\Uploader\UploaderService.exe [2015-09-14 3661096]
R4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2013-11-06 758224]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-08-01 719512]
R4 XperiaCompanionService;Xperia Companion Service;c:\program files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2016-12-22 1431424]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 71152]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 61296]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-08 242240]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [2014-02-11 50400]
S2 Apple_Cfg;Apple Config Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 APPLE_svr;Apple ConfigSetting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 chromoting;Chrome Remote Desktop Service;c:\program files\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [2017-01-03 72024]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2015-07-15 78848]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-12-27 394856]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ   DiagTrack
apple_setting REG_MULTI_SZ   APPLE_svr
bilibiliGroupEx REG_MULTI_SZ   bilibili
apple_config REG_MULTI_SZ   Apple_Cfg
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.startpageing123.com/?type=hp&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q
TCP: DhcpNameServer = 109.122.98.6
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-8&IFfbçC0r - c:\users\Vule\AppData\Local\Temp\{a28-61-2a-3741f-a9f1a-032e-abc12}\8&IFfbçC0r.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-MurGee - c:\users\Vule\AppData\Roaming\Auto Clicker\AutoClicker.exe
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
MSConfigStartUp-ZIGEbu93jc - c:\users\Vule\AppData\Local\Temp\{a28-61-2a-3741f-a9f1a-032e-abc12}\ZIGEbu93jc.exe
AddRemove-Authorizer_is1 - c:\program files\Propellerhead\Authorizer\Uninstall Authorizer\unins000.exe
AddRemove-Half-Life Dedicated Server Update Tool - c:\progra~1\Valve\HLServer\UNWISE.EXE
AddRemove-Heroes of Might and Magic V - Collectors Edition3.1 - c:\heroes of might and magic v - collectors edition\uninstall.exe
AddRemove-League client alpha 1.0 - c:\riot games\League of Legends\Uninstall League client alpha.exe
AddRemove-Mozilla Firefox 40.0.3 (x86 en-US) - c:\program files\Mozilla Firefox\uninstall\helper.exe
AddRemove-Wireshark - c:\program files\Wireshark\uninstall.exe
AddRemove-{1AB2D4DE-34EB-48EB-A9F2-148D02A063E4} - c:\users\Vule\AppData\Local\{C49877F5-B9A4-4C4D-AB8D-F7F9DA1A9BBB}\Setup.exe
AddRemove-{AD58D257-F7A6-4AB5-B5E1-364EAC098B94} - c:\users\Vule\AppData\Local\{5D2A2660-61FD-4FE8-A1DB-7338B81FFFF8}\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*(*d*k%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-02-25  16:57:13
ComboFix-quarantined-files.txt  2017-02-25 15:57
ComboFix2.txt  2014-06-05 21:21
.
Pre-Run: 16.246.702.080 bytes free
Post-Run: 15.681.585.152 bytes free
.
- - End Of File - - D49C7BE48FF53DBC2E5275C7A8068F23
A36C5E4F47E84449FF07ED3517B43A31

Edited by kingW3, 25 February 2017 - 11:33 AM.


#10 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 PM

Posted 25 February 2017 - 12:57 PM

Hello again,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.4.5.2467.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 PM

Posted 01 March 2017 - 04:53 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Thread will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 kingW3

kingW3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 01 March 2017 - 06:41 AM

Hi, sorry for taking long I had a few obligations,I've had problems finishing the malwarebytes scan at the end it finds around 25.000 threats and just hangs/freezes.If you need here's the log for rkill
 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/01/2017 12:04:03 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\termsrv.dll : 523.776 : 11/22/2016 06:16 PM : 863bda6195d0c61f0ac83f42eb1902e1 [NoSig]
 +-> C:\Windows\erdnt\cache\termsrv.dll : 543.232 : 07/14/2009 02:16 AM : a01e50a04d7b1960b33e92b9080e6a94 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll : 543.232 : 07/14/2009 02:16 AM : a01e50a04d7b1960b33e92b9080e6a94 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll : 521.216 : 11/20/2010 01:21 PM : 382c804c92811be57829d8e550a900e2 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_908223ffb2a23885\termsrv.dll : 523.264 : 07/17/2014 02:39 AM : e05e31f7bf577228e27cffca5b54abbd [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_9093f7d7b293cb1c\termsrv.dll : 523.776 : 10/14/2014 02:50 AM : fcfd4f50419b4bc72e80066da10d2e54 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_9100f2c4cbc7f167\termsrv.dll : 525.824 : 07/16/2014 03:56 AM : 278f31dd3bfde48f2e1fff882fbd24b5 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_910ec574cbbd1ea2\termsrv.dll : 526.848 : 10/14/2014 02:50 AM : dd01319264b6d19e379bdd079a27da91 [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 03/01/2017 12:06:33 PM
Execution time: 0 hours(s), 2 minute(s), and 30 seconds(s)


#13 Jo*

Jo*

  • Malware Response Team
  • 3,292 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:03 PM

Posted 01 March 2017 - 06:49 AM

Ok, stop malwarebytes please.




FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 kingW3

kingW3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 01 March 2017 - 02:49 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-03-2017
Ran by Vule (administrator) on KVAN (01-03-2017 20:44:34)
Running from C:\Users\Vule\Desktop
Loaded Profiles: Vule (Available Profiles: Vule & Vule1 & Pishtus & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNABCSWK.EXE
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\ENCARTA.EXE
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [226784 2010-01-11] (CANON INC.)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-14341686-2959951868-204901888-1000\...\Run: [E06AXLRD_3740513] => C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE [301776 2005-06-03] (Microsoft Corporation)
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> E:\ALEKSA\NOVEI~40\IDLEWILD.EXE
HKLM\...\Providers\2lfq7cnq: C:\Program Files\Artatyvonas Server\local32spl.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 109.122.98.6
Tcpip\..\Interfaces\{216E23D9-D56F-490C-A087-F3E0A15FE060}: [DhcpNameServer] 109.122.98.6
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-14341686-2959951868-204901888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.rs/?gws_rd=ssl
URLSearchHook: HKLM -> Default = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-18] (Oracle Corporation)
BHO: Encarta Web Companion Helper Object -> {955BE0B8-BC85-4CAF-856E-8E0D8B610560} -> C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-18] (Oracle Corporation)
Toolbar: HKLM - Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-14341686-2959951868-204901888-1000 -> Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\jg1xlz61.default-1479413574090\Profiles\jg1xlz61.default-1479413574090 [not found]
FF ProfilePath: C:\Users\Vule\AppData\Roaming\Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090 [2017-02-25]
FF Homepage: Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090 -> hxxp://www.startpageing123.com/?type=hp&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\2lfq7cnq.xml [2017-02-11]
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\startpageing123.xml [2017-02-21]
FF ProfilePath: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090 [2017-02-25]
FF Homepage: Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090 -> hxxp://www.searchinme.com/?type=hp&ts=1487863113968&z=&from=official&uid=ST3500413AS_Z2AC309Q
FF Extension: (FF Adr) - C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-02-23] [not signed]
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\2lfq7cnq.xml [2017-02-11]
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\searchinme.xml [2017-02-23]
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\startpageing123.xml [2017-02-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2013-12-27] (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-14341686-2959951868-204901888-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-14341686-2959951868-204901888-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-14341686-2959951868-204901888-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vule\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-14341686-2959951868-204901888-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-01-29] ()
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default [2017-03-01]
CHR Extension: (Google Slides) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-22]
CHR Extension: (Google Docs) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-22]
CHR Extension: (Google Drive) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-22]
CHR Extension: (YouTube) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-22]
CHR Extension: (Adblock Plus) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-02-22]
CHR Extension: (Google Sheets) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-22]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-02-25]
CHR Extension: (Google Docs Offline) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-22]
CHR Extension: (AdBlock) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-22]
CHR Extension: (Speedtest by Ookla) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-02-25]
CHR Extension: (Gmail) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
StartMenuInternet: Google Chrome - C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-30] (Adobe Systems) [File not signed]
S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [112640 2017-02-23] () [File not signed]
R2 APPLE_svr; C:\ProgramData\Apple Computer\iTunes\iPodDevices.dll [482304 2017-02-13] () [File not signed]
R2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Google Inc.)
S4 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2304912 2011-07-06] (WIBU-SYSTEMS AG)
S4 GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [1677072 2011-11-10] (ClanServers Hosting LLC)
S4 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [11063808 2015-09-18] () [File not signed]
S4 PlaysService; C:\Program Files\Raptr Inc\PlaysTV\plays_service.exe [55056 2016-12-23] (Copyright © 2016 Plays.tv, LLC)
S4 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S4 TechSmith Uploader Service; C:\Program Files\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
R3 TermService; C:\Windows\System32\termsrv.dll [523776 2016-11-22] (Microsoft Corporation) [File not signed]
S4 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) [File not signed]
S4 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]
S4 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357016 2012-08-15] (VMware, Inc.)
S4 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [719512 2012-08-01] (VMware, Inc.)
S4 VMware NAT Service; C:\Windows\system32\vmnat.exe [435864 2012-08-15] (VMware, Inc.)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [45800 2015-07-07] (Microsoft Corporation)
S4 wampapache; c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) [File not signed]
S4 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [1431424 2016-12-22] (Sony)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-05-08] (DT Soft Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2016-12-31] (Sony Mobile Communications)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-08-01] (VMware, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
S3 msloop; C:\Windows\System32\DRIVERS\loop.sys [5632 2009-07-14] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed]
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113608 2013-01-27] (Power Software Ltd)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44032 2012-07-09] (Apple, Inc.) [File not signed]
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25624 2012-08-15] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2012-08-15] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2012-08-15] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25752 2012-08-15] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [61848 2012-08-15] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [61296 2012-07-06] (VMware, Inc.)
S3 catchme; \??\C:\Users\Vule\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-01 20:33 - 2017-03-01 20:35 - 00076880 _____ C:\Users\Vule\Desktop\Addition.txt
2017-03-01 20:31 - 2017-03-01 20:44 - 00021541 _____ C:\Users\Vule\Desktop\FRST.txt
2017-03-01 12:04 - 2017-03-01 12:06 - 00005404 _____ C:\Users\Vule\Desktop\Rkill.txt
2017-03-01 12:03 - 2017-03-01 12:03 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Vule\Downloads\rkill.exe
2017-02-28 00:14 - 2017-02-28 00:14 - 00116736 _____ C:\Users\Vule\Downloads\2015_republicko_rezultati.xls
2017-02-28 00:13 - 2017-02-28 00:13 - 00055301 _____ C:\Users\Vule\Downloads\2016_republicko_rezultati.xlsx
2017-02-25 16:57 - 2017-02-25 16:57 - 00025917 _____ C:\ComboFix.txt
2017-02-25 15:36 - 2017-02-25 15:36 - 05660168 ____R (Swearware) C:\Users\Vule\Desktop\ComboFix.exe
2017-02-25 15:36 - 2017-02-25 15:36 - 05660168 _____ (Swearware) C:\Users\Vule\Downloads\ComboFix.exe
2017-02-25 14:53 - 2017-02-27 06:38 - 00000008 __RSH C:\Users\Vule1\ntuser.pol
2017-02-25 14:53 - 2017-02-25 14:57 - 00015846 _____ C:\Users\Vule\Desktop\Fixlog.txt
2017-02-25 14:52 - 2017-02-25 14:52 - 00000430 __RSH C:\Users\Administrator\ntuser.pol
2017-02-25 14:51 - 2017-03-01 20:30 - 00000000 ____D C:\Users\Vule\Desktop\FRST-OlderVersion
2017-02-25 12:10 - 2017-02-25 12:10 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-02-24 20:03 - 2017-02-24 20:03 - 00000377 _____ C:\Users\Vule\Downloads\code190608.cpp
2017-02-24 18:36 - 2017-02-24 18:37 - 00000377 _____ C:\Users\Vule\Downloads\code190606.cpp
2017-02-23 23:04 - 2017-02-23 23:04 - 00007379 _____ C:\Users\Vule\Documents\JRT.txt
2017-02-23 22:42 - 2017-02-23 22:42 - 00007379 _____ C:\Users\Vule\Desktop\JRT.txt
2017-02-23 22:33 - 2017-02-23 22:33 - 01663040 _____ (Malwarebytes) C:\Users\Vule\Downloads\JRT.exe
2017-02-23 22:32 - 2017-03-01 19:47 - 00000040 _____ C:\Program Files\settings.dat
2017-02-23 22:32 - 2017-02-23 22:32 - 00000000 ____D C:\Program Files\reports
2017-02-23 22:31 - 2017-03-01 06:21 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-02-23 21:15 - 2017-02-23 22:30 - 00000000 ____D C:\AdwCleaner
2017-02-23 21:14 - 2017-02-23 21:14 - 04015056 _____ C:\Users\Vule\Downloads\AdwCleaner.exe
2017-02-23 21:04 - 2017-02-23 21:04 - 00001502 _____ C:\Users\Vule\Desktop\new  2.txt
2017-02-23 20:48 - 2017-02-23 21:12 - 00000000 ____D C:\Users\Vule\Desktop\mbar
2017-02-23 20:44 - 2017-02-23 21:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-23 20:43 - 2017-02-23 20:43 - 00000000 ____D C:\Users\Vule\New folder
2017-02-23 20:42 - 2017-02-23 20:42 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Vule\Downloads\mbar-1.09.3.1001.exe
2017-02-23 20:21 - 2017-02-23 20:21 - 00852798 _____ C:\Users\Vule\Downloads\SecurityCheck.exe
2017-02-23 16:35 - 2017-02-23 16:37 - 00072768 _____ C:\Users\Vule\Downloads\Addition.txt
2017-02-23 16:33 - 2017-02-23 16:37 - 00039748 _____ C:\Users\Vule\Downloads\FRST.txt
2017-02-23 16:32 - 2017-03-01 20:44 - 00000000 ____D C:\FRST
2017-02-23 16:32 - 2017-03-01 20:30 - 01765888 _____ (Farbar) C:\Users\Vule\Desktop\FRST.exe
2017-02-23 16:20 - 2017-02-23 16:20 - 00518272 _____ (ESET) C:\Users\Vule\Downloads\ESETPoweliksCleaner.exe
2017-02-23 16:20 - 2017-02-23 16:20 - 00000022 _____ C:\Users\Vule\Downloads\ESETPoweliksCleaner.exe_20170223.162014.3284.zip
2017-02-23 16:16 - 2017-02-25 14:54 - 00000816 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-23 16:16 - 2017-02-23 16:16 - 00000007 _____ C:\Windows\system32\F959.tmp
2017-02-23 16:16 - 2017-02-23 16:16 - 00000000 ____D C:\Users\Vule\AppData\Local\Birdjob
2017-02-23 16:15 - 2017-02-23 16:15 - 00000000 ____D C:\Program Files\Birdjob
2017-02-20 17:20 - 2017-02-20 17:20 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-20 17:20 - 2017-02-20 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-20 17:18 - 2017-02-20 17:18 - 00041623 _____ C:\Users\Vule\Downloads\2017_okruzno_rezultati.zip
2017-02-20 17:18 - 2017-02-20 17:18 - 00011739 _____ C:\Users\Vule\Downloads\2017_kvote.xlsx
2017-02-20 17:12 - 2017-02-20 17:12 - 00000000 ____D C:\Users\Vule\Downloads\backups
2017-02-20 17:09 - 2017-02-20 17:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Vule\Downloads\HijackThis.exe
2017-02-17 08:46 - 2017-02-17 08:46 - 00000000 ____D C:\Users\Vule\AppData\Local\Standuck
2017-02-17 04:08 - 2017-02-17 04:08 - 00000000 ____D C:\Users\Vule\Documents\aMule Downloads
2017-02-15 08:23 - 2017-02-15 08:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-02-15 08:21 - 2017-02-15 08:21 - 00000000 ____D C:\Users\Pishtus\Documents\Visual Studio 2015
2017-02-13 18:54 - 2017-02-23 16:17 - 00001306 _____ C:\Program Files\metadata
2017-02-13 17:42 - 2017-02-23 16:18 - 00000000 ____D C:\Users\Vule\AppData\LocalLow\Mozilla
2017-02-13 17:41 - 2017-02-13 17:41 - 00000000 ____D C:\Users\Vule\AppData\Local\Firefox
2017-02-13 17:40 - 2017-02-13 17:40 - 00000007 _____ C:\Windows\system32\1B5E.tmp
2017-02-13 17:40 - 2017-02-13 17:40 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Firefox
2017-02-13 17:40 - 2017-02-13 17:40 - 00000000 ____D C:\Users\Vule\AppData\Local\Goldass
2017-02-11 08:45 - 2017-02-11 08:45 - 00000000 ____D C:\Users\Pishtus\AppData\Roaming\ATI
2017-02-11 08:45 - 2017-02-11 08:45 - 00000000 ____D C:\Users\Pishtus\AppData\Local\ATI
2017-02-11 08:44 - 2017-02-27 20:29 - 00000008 __RSH C:\Users\Pishtus\ntuser.pol
2017-02-11 08:44 - 2017-02-25 14:52 - 00000000 ____D C:\Users\Pishtus\AppData\Local\TSVNCache
2017-02-11 01:59 - 2017-02-11 02:11 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Vupeculttusely
2017-02-11 01:59 - 2017-02-11 01:59 - 00000000 ____D C:\Users\Vule\AppData\Local\Anopert
2017-02-09 01:50 - 2017-02-09 01:50 - 00000000 ____D C:\Users\Vule\AppData\Local\ESET
2017-02-09 00:56 - 2017-02-09 00:58 - 00000484 _____ C:\Users\Vule\Downloads\Enable_Volume_Notification_Icon.reg
2017-02-09 00:55 - 2017-02-25 15:00 - 00000008 __RSH C:\Users\Vule\ntuser.pol
2017-02-08 22:59 - 2017-02-08 23:01 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Vule\Downloads\esetonlinescanner_enu.exe
2017-02-07 21:16 - 2017-02-07 21:16 - 00000000 ____D C:\Users\Vule\AppData\Roaming\AC3Filter
2017-02-07 15:20 - 2017-02-07 15:20 - 00000000 ____D C:\Users\Vule\AppData\Local\AdvinstAnalytics
2017-02-07 13:37 - 2017-02-07 13:37 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-07 13:37 - 2017-02-07 13:37 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-06 06:20 - 2017-02-06 06:20 - 00148914 _____ C:\Users\Vule\Downloads\7C921C0AC5D968F61D876C308B39838FB5215588.torrent
2017-02-02 03:58 - 2017-02-02 03:59 - 01061357 _____ C:\Users\Vule\Downloads\2015-eng.pdf
2017-01-31 22:02 - 2017-01-31 22:02 - 00000000 ____D C:\Users\Pishtus\AppData\Roaming\PlaysTV
2017-01-31 22:01 - 2017-02-11 08:48 - 00000000 ____D C:\Users\Pishtus\AppData\Roaming\Raptr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-01 20:35 - 2015-04-25 13:12 - 00000000 ____D C:\Users\Vule\AppData\Local\ApplicationHistory
2017-03-01 12:42 - 2014-05-28 18:13 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 06:31 - 2009-07-14 05:34 - 00016912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-01 06:31 - 2009-07-14 05:34 - 00016912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-01 06:21 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-28 22:48 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-02-28 06:23 - 2012-11-04 20:16 - 00000000 ____D C:\Users\Vule\AppData\Local\TSVNCache
2017-02-27 20:31 - 2016-11-21 20:43 - 00000000 ____D C:\Users\Pishtus\AppData\Local\ApplicationHistory
2017-02-27 20:29 - 2016-11-21 19:49 - 00000000 ____D C:\Users\Pishtus
2017-02-27 06:39 - 2013-03-19 00:41 - 00000000 ____D C:\Users\Vule1\AppData\Local\TSVNCache
2017-02-27 06:38 - 2013-03-19 00:40 - 00000000 ____D C:\Users\Vule1
2017-02-25 16:57 - 2014-06-05 22:07 - 00000000 ____D C:\Qoobox
2017-02-25 16:53 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2017-02-25 15:00 - 2014-05-04 20:14 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-25 15:00 - 2012-02-22 21:33 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-25 15:00 - 2012-01-19 19:57 - 00000000 ____D C:\Users\Vule
2017-02-25 14:56 - 2012-11-28 22:35 - 00000000 ____D C:\Users\Vule\AppData\LocalLow\Temp
2017-02-25 14:54 - 2012-11-07 16:29 - 00000000 ____D C:\Windows\pss
2017-02-25 14:54 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-25 14:53 - 2012-01-20 00:05 - 00001464 _____ C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-25 14:53 - 2012-01-19 19:58 - 00001212 _____ C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-25 14:53 - 2009-07-14 05:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-25 14:52 - 2012-11-11 09:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\TSVNCache
2017-02-25 14:52 - 2012-08-13 00:52 - 00000000 ____D C:\Users\Administrator
2017-02-24 18:31 - 2013-01-13 22:56 - 00000000 ____D C:\Users\Vule\Documents\Visual Studio 2010
2017-02-23 22:30 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\Services
2017-02-23 21:10 - 2014-05-28 18:13 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-02-23 06:25 - 2016-01-27 03:03 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 06:18 - 2016-01-27 03:03 - 135086848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 02:00 - 2012-12-07 19:08 - 00000000 ____D C:\Users\Vule\AppData\Local\ElevatedDiagnostics
2017-02-21 23:24 - 2012-10-21 20:07 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Skype
2017-02-21 21:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-02-21 18:48 - 2014-02-09 14:18 - 00000000 ____D C:\Users\Vule\AppData\Roaming\TS3Client
2017-02-21 18:48 - 2012-08-15 21:19 - 00000000 ____D C:\Users\Vule\AppData\Roaming\BitTorrent
2017-02-21 18:48 - 2012-02-25 08:30 - 00000000 ____D C:\Users\Vule\AppData\Roaming\DAEMON Tools Lite
2017-02-21 18:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\ModemLogs
2017-02-21 18:46 - 2014-06-06 08:26 - 00000000 ____D C:\Users\Vule\AppData\Local\CrashDumps
2017-02-21 18:46 - 2014-01-27 20:15 - 00000000 ____D C:\Windows\Minidump
2017-02-18 09:13 - 2012-08-17 20:02 - 00000000 ____D C:\Windows\Sun
2017-02-17 08:46 - 2012-10-13 16:30 - 00000000 ____D C:\ProgramData\Apple
2017-02-15 08:36 - 2016-11-21 19:51 - 00000000 ____D C:\Users\Pishtus\AppData\Local\CrashDumps
2017-02-15 08:26 - 2012-08-13 00:52 - 00126480 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-13 17:40 - 2016-03-04 12:05 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2017-02-12 20:21 - 2016-11-21 19:49 - 00000000 ____D C:\Users\Pishtus\AppData\Local\Google
2017-02-11 09:06 - 2013-05-05 22:04 - 00000000 ____D C:\Program Files\Google
2017-02-11 08:45 - 2016-11-21 19:50 - 00126480 _____ C:\Users\Pishtus\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-09 19:15 - 2014-05-28 11:56 - 00000000 ____D C:\Temp
2017-02-09 19:02 - 2016-03-05 10:20 - 00000000 ____D C:\ProgramData\Google
2017-02-09 19:02 - 2012-01-20 00:04 - 00000000 ____D C:\Users\Vule\AppData\Local\Google
2017-02-09 15:54 - 2015-12-05 19:51 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Raptr
2017-02-08 02:59 - 2017-01-29 23:18 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Might & Magic Heroes VI
2017-02-07 15:27 - 2015-11-25 18:17 - 00000000 ___RD C:\Users\Vule\Dropbox
2017-02-07 13:39 - 2016-11-21 19:49 - 00001082 _____ C:\Users\Pishtus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-07 13:39 - 2013-03-19 00:41 - 00001082 _____ C:\Users\Vule1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-07 13:39 - 2012-08-13 00:52 - 00001082 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-06 16:16 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-02-06 08:35 - 2016-06-27 00:26 - 03686522 ____H C:\Users\Vule\AppData\Local\IconCache.db.backup
2017-02-05 17:16 - 2012-01-19 20:01 - 00899186 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-01 15:18 - 2013-04-04 22:27 - 00000000 ____D C:\Users\Vule\Desktop\prezentacija
2017-01-30 01:05 - 2017-01-29 23:18 - 00000000 ____D C:\Users\Vule\AppData\Local\Ubisoft Game Launcher
 
==================== Files in the root of some directories =======
 
2012-08-14 18:29 - 2006-10-09 11:06 - 0546304 _____ () C:\Program Files\fy_snow.bsp
2017-02-13 18:54 - 2017-02-23 16:17 - 0001306 _____ () C:\Program Files\metadata
2012-08-13 01:03 - 2006-04-17 18:11 - 1241822 _____ (Will Day <willday@metamod.org>) C:\Program Files\metamod.dll
2017-02-23 22:32 - 2017-03-01 19:47 - 0000040 _____ () C:\Program Files\settings.dat
2015-01-04 21:29 - 2015-01-04 21:29 - 0000044 _____ () C:\Users\Vule\AppData\Roaming\twow_sysprepdt.dat
2012-12-09 14:15 - 2016-12-15 07:32 - 0009728 _____ () C:\Users\Vule\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-11 21:37 - 2012-11-11 21:37 - 0004096 ____H () C:\Users\Vule\AppData\Local\keyfile3.drm
2015-06-19 21:10 - 2015-06-19 21:10 - 0007602 _____ () C:\Users\Vule\AppData\Local\Resmon.ResmonCfg
2016-02-22 23:21 - 2016-02-22 23:21 - 0004927 _____ () C:\ProgramData\mtbjfghn.xbe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-22 00:29
 
==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-03-2017
Ran by Vule (01-03-2017 20:45:10)
Running from C:\Users\Vule\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2012-01-19 18:57:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-14341686-2959951868-204901888-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-14341686-2959951868-204901888-1018 - Limited - Enabled)
bada (S-1-5-21-14341686-2959951868-204901888-1008 - Limited - Enabled)
Guest (S-1-5-21-14341686-2959951868-204901888-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-14341686-2959951868-204901888-1002 - Limited - Enabled)
Pishtus (S-1-5-21-14341686-2959951868-204901888-1020 - Administrator - Enabled) => C:\Users\Pishtus
Vule (S-1-5-21-14341686-2959951868-204901888-1000 - Administrator - Enabled) => C:\Users\Vule
Vule1 (S-1-5-21-14341686-2959951868-204901888-1004 - Administrator - Enabled) => C:\Users\Vule1
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
888casino (HKLM\...\888casino) (Version:  - )
AC3File 0.6b (HKLM\...\AC3File_is1) (Version: 0.6b - Alexander Vigovsky)
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
ActivePerl 5.14.2 Build 1402 (HKLM\...\{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}) (Version: 5.14.1402 - ActiveState)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.19) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{17A7AA54-B23B-22B7-CDD5-C51122056415}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Application Insights Tools for Visual Studio 2015 (Version: 3.3 - Microsoft Corporation) Hidden
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Authorizer Ignition Key Support (Version: 1.0.3.0 - Propellerhead Software AB) Hidden
Auto Clicker by Shocker (HKLM\...\Auto Clicker by Shocker_is1) (Version: V3.0.1 - shockingsoft.com)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Azure AD Authentication Connected Service (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
BitTorrent (HKLM\...\BitTorrent) (Version: 7.8.0.29626 - BitTorrent Inc.)
Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.63.1071 - AB Team, d.o.o.)
Canon LBP6000/LBP6018 (HKLM\...\Canon LBP6000/LBP6018) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Cheat Engine 6.1 (HKLM\...\Cheat Engine 6.1_is1) (Version:  - Dark Byte)
Chicken Invaders 4 (HKLM\...\Chicken Invaders 4 v.4.13) (Version: 4.13 - InterAction Studios)
Chrome Remote Desktop Host (HKLM\...\{0F4FB60A-EBD8-445B-8117-128E8351647E}) (Version: 56.0.2924.51 - Google Inc.)
CodeSite Express 5 (HKLM\...\CodeSite Express 5_is1) (Version: 5.1.8 - Raize Software, Inc.)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
Delphi 7 Second Edition (HKLM\...\Delphi 7 Second Edition v7.2_is1) (Version:  - Lite Applications)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dotfuscator and Analytics Community Edition 5.18.1 (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
EasyBCD 2.1.2 (HKLM\...\EasyBCD) (Version: 2.1.2 - NeoSmart Technologies)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Eurobattle.net (HKLM\...\Eurobattle.net) (Version:  - Eurobattle.net)
Eurobattle.net (HKLM\...\Eurobattle.net1.26a) (Version: 1.26a - Eurobattle.net)
EXIFeditor (HKLM\...\{50FC1CE8-FF32-4F3B-B654-050DD6ECD474}) (Version: 1.0.0 - kiwi.software.NET)
FL Studio 11 (HKLM\...\FL Studio 11) (Version:  - Image-Line)
Flash Decompiler Trillix (HKLM\...\Flash Decompiler Trillix_is1) (Version: 5.3 - Eltima Software)
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version:  - )
Free Audio Editor 2016 v9.3.1 (HKLM\...\Free Audio Editor 2016_is1) (Version:  - Copyright© 2005-2015 FAEMedia, Inc.)
GameLoad 1.3.0.1 (HKLM\...\{2228944A-BBBF-4AB3-B59F-4C59B82BBCFC}_is1) (Version: 1.3.0.1 - Ant Media, s. r. o.)
GameTracker Lite (HKLM\...\GameTracker Lite) (Version:  - ClanServers Hosting LLC.)
GDR 5538 for SQL Server 2008 (KB3045305) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
GeoGebra 4.4 (HKLM\...\GeoGebra 4.4) (Version: 4.4.3.0 - International GeoGebra Institute)
GeoGebra 5 (HKLM\...\GeoGebra 5) (Version: 5.0.195.0 - International GeoGebra Institute)
Google Chrome (HKU\S-1-5-21-14341686-2959951868-204901888-1000\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{C28C9704-5633-4765-92C0-E7CC50B14FAC}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)
Java 7 Update 75 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java SE Development Kit 7 Update 75 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
Line 6 Uninstaller (HKLM\...\Line 6 Uninstaller) (Version:  - Line 6)
Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft .NET Version Manager (x86) 1.0.0-beta5 (HKLM\...\{2a375a89-9d97-35b7-917d-92f1ea73080d}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Encarta Premium 2006 DVD (HKLM\...\{06040081-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{83298573-A6B6-42AB-A234-FE91CA2859C0}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{D9DA2981-3298-4F1A-9192-F2CF5BD91145}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
Microsoft Visual Basic 6.0 Professional Edition (HKLM\...\Visual Basic 6.0 Professional Edition) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition - ENU (HKLM\...\Microsoft Visual C++ 2008 Express Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (HKLM\...\{44D9A2CB-0692-3180-B5E2-26F4E807D067}) (Version: 9.0.21228 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM\...\{F0DB2786-18C8-4B0D-9DC2-BA58856A2821}) (Version: 2.1.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{B6019E33-AC77-4B09-8D67-48B5A2502B2B}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{1F4DF099-EA5C-482D-9901-C0A8B539B417}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM\...\WebPost) (Version:  - )
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{B4C0A315-07FB-39F9-85CD-8CE20C019350}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Windows Server 2008 (6001.18000.367) (HKLM\...\SDKSetup_6.0.6001.18000) (Version: 6.0.6001.18000 - Microsoft Corporation)
Might & Magic Heroes VI (HKLM\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.8 - Ubisoft)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{BA562260-B4FA-4D87-ADC5-963783028C68}) (Version: 6.4.0 - Motorola Mobility LLC)
Motorola Phone Tools (HKLM\...\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}) (Version: 4.0.4a 11-22-2005 - Avanquest Software)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (Version: 14.0.23107 - Microsoft Corporation) Hidden
MySQL Connector C++ 1.1.6 (HKLM\...\{3986AD3D-19E0-4FEF-BCBA-08D66BFC216E}) (Version: 1.1.6 - Oracle and/or its affiliates)
MySQL Connector Net 6.9.7 (HKLM\...\{2C148B86-FF80-49A7-BA18-E4CEF6464AE6}) (Version: 6.9.7 - Oracle)
MySQL for Visual Studio 1.2.4 (HKLM\...\{32D9A474-FAFC-4E77-B804-055595D5B9E9}) (Version: 1.2.4 - Oracle)
MySQL Installer - Community (HKLM\...\{14E622E3-878B-4C66-AB07-49CB19FCCE73}) (Version: 1.4.11.0 - Oracle Corporation)
MySQL Server 5.6 (HKLM\...\{FAC02EB1-9C47-48D0-B894-E9F907DD7C71}) (Version: 5.6.27 - Oracle Corporation)
Mystery Case Files - 13 Ravenhearst Unlocked Collector's Edition (HKLM\...\Mystery Case Files - 13 Ravenhearst Unlocked Collector's EditionFinal) (Version: Final - Game-Owl)
Mystery Case Files - Broken Hour Collector's Edition (HKLM\...\Mystery Case Files - Broken Hour Collector's EditionFinal) (Version: Final - Game-Owl)
Mystery Case Files - Huntsville 1.00 (HKLM\...\Mystery Case Files - Huntsville 1.00) (Version:  - )
Mystery Case Files - Key to Ravenhearst Collector's Edition (HKLM\...\Mystery Case Files - Key to Ravenhearst Collector's EditionFinal) (Version: Final - Game-Owl.com)
Notepad++ (HKLM\...\Notepad++) (Version: 5.9.8 - )
NVIDIA DDS Utilities (HKLM\...\{64963F0E-03F2-4B59-8D1B-1806545E7092}) (Version: 1.0 - )
Oddworld - New 'n' Tasty (HKLM\...\1424782569_is1) (Version: 2.0.0.1 - GOG.com)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PlaysTV (HKLM\...\PlaysTV) (Version: 1.17.6-r119262-release - Plays.tv, LLC)
PowerISO (HKLM\...\PowerISO) (Version: 5.5 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Pro Pinball - The Web (HKLM\...\Pro Pinball - The Web) (Version:  - )
Python 2.7.3 (HKLM\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
Raptr (HKLM\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Rayman (HKLM\...\Rayman_is1) (Version:  - Ubisoft Entertainment)
Rayman Gold (HKLM\...\Rayman Gold_is1) (Version:  - Ubisoft Entertainment)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (Version: 14.0.23107 - Microsoft Corporation) Hidden
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype™ 7.31 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Snagit 13 (HKLM\...\{f77be5ce-8cc7-4cbe-aac0-2164e844b4be}) (Version: 13.0.1.6326 - TechSmith Corporation)
Snagit 13 (Version: 13.0.1 - TechSmith Corporation) Hidden
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.17.1.201701041432 - Sony Mobile Communications Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SSH Secure Shell (HKLM\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab (HKLM\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{76F7D503-FA46-4B2F-8EAF-95E5D356A04D}) (Version: 6.1.4.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2015 (Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (Version: 14.0.23107 - Microsoft Corporation) Hidden
TopazChat (HKLM\...\TopazChat) (Version:  - )
TortoiseSVN 1.7.10.23359 (32 bit) (HKLM\...\{FA5EC676-B609-4DBB-9C05-8219B8287A48}) (Version: 1.7.23359 - TortoiseSVN)
Tunngle beta (HKLM\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
TypeScript Power Tool (Version: 1.6.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (Version: 1.6.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.6.3.0 (HKLM\...\{da31aa25-410a-4c1b-9ec0-114dd8dff786}) (Version: 1.6.23313.0 - Microsoft Corporation)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-14341686-2959951868-204901888-1000\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version:  - Microsoft)
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VMware Player (HKLM\...\VMware_Player) (Version: 5.0.0 - VMware, Inc)
VMwarePlayer_x86 (Version: 5.0.0 - VMware, Inc.) Hidden
WampServer 2.2 (HKLM\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WCF Data Services 5.6.4 Runtime (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Worms: Armageddon version 3.6.31 + NoCD (HKLM\...\{B62B5438-6DDA-49D6-B9CF-0BDC428116D8}_is1) (Version: 3.6.31 + NoCD - Anonymous)
Xamarin Universal Installer (HKLM\...\{39f44823-a060-4315-a803-4bfcc4e904db}) (Version: 3.5.0.0 - Xamarin, Inc)
Xperia Companion (HKLM\...\{efee6944-1231-492a-a157-93409130a098}) (Version: 1.4.7.0 - Sony)
Xperia Companion (Version: 1.4.7.0 - Sony) Hidden
Xperia Companion Service (Version: 1.4.7.0 - Sony) Hidden
ZAR X (HKLM\...\{85DA9B81-D7F9-4165-8E62-F776B57213F8}_is1) (Version:  - www.z-a-recovery.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Vule\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{094AE5CB-62E5-4845-8ED6-617D9FE893DD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{22756E83-8EBC-4B16-A4A4-0AA73BE497B1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Vule\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{56C94D6A-7370-4885-A04E-7097FE4E0BAF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{79811B29-9C10-4FCB-A117-6030F2DC12BB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{94330D48-EB33-49BB-87F1-AD8C0352C010}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{F7CA46A9-ACA5-45A6-967E-03FF5A282D01}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06C59695-72FD-4B4B-AE99-A078623903B0} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2015-08-20] (Oracle Corporation) <==== ATTENTION
Task: {0CA43BF8-4C35-4980-B09B-881B757CAA39} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started <==== ATTENTION
Task: {0DFE4D33-DC15-4161-BDD1-7F29BC35CF53} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {1A3F9E47-C205-4950-AA57-4D5A9F414C45} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {2C986A97-DBA4-4E1E-A098-923A0C9ADEA6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {30FBBAEC-FFEC-4AE8-A772-17AE0370C0B9} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2016-03-23] (Microsoft Corporation) <==== ATTENTION
Task: {3B53C408-22E0-4936-8FA7-2A38E7136235} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {3E1F4961-DB2C-4F09-9A2E-3D7EAF6222A7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {4183BEB0-D006-4A81-A46F-34624AFC04A0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {42BDAD0B-CBBC-4554-9FD0-7F58A42AE02A} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {43B62885-7C28-4FED-B6D3-59EA7053C19F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) <==== ATTENTION
Task: {517C0D7A-C383-4BC9-9004-D0F1385701E4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {582B6520-0162-482D-AA6F-F89C48F46591} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {60158C7A-6808-42CD-95EE-AFD9A57925DB} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\Windows\system32\appidpolicyconverter.exe [2016-10-11] (Microsoft Corporation) <==== ATTENTION
Task: {68BBAEA2-0D75-45AB-8414-B322789C9F8F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => sc.exe start sppsvc <==== ATTENTION
Task: {6B7AC694-8D6D-481B-9DD8-2A3A741ADA6D} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem => C:\Windows\System32\powercfg.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {6E123E92-BAE3-491A-8615-3D8421C4668C} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {731E9C62-95B5-4C8C-AB64-4CC591C9FF5B} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {79FE24DE-8175-4225-8620-22814F571140} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {7D3C7871-A917-4EF0-82E8-5F0A96423051} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\BthUdTask.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {8F5780FA-2BE3-4544-9A82-147F21074473} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {916C88FA-BAB3-4345-B6E0-7B0DE3B69C69} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-14341686-2959951868-204901888-1000Core => C:\Users\Vule\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) <==== ATTENTION
Task: {934BC4BA-98F2-4D99-B849-5FDF4CE85391} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {9634E528-1B7C-4239-B6B3-7713C20A7841} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {9C8DE2CE-7E7E-4AD5-A033-3C8A0BCBD0E0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {A34F3DC0-D9AC-45B6-8C33-A2F43C08C6E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) <==== ATTENTION
Task: {A6394592-54CE-4E93-8D64-1A068F462632} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {A92E510E-527E-4FEC-A283-7E866C514CAA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {AF79C35B-BF77-4C86-BEC3-4F401FADD924} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {B41CC953-4FFA-4AF4-8D71-3A4DBB874145} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc <==== ATTENTION
Task: {B9BEE219-C29E-4310-819C-147A5A0E045E} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [2009-07-14] (Microsoft Corp.) <==== ATTENTION
Task: {BD994F37-1E30-4016-96C3-0D363EF688F9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-14341686-2959951868-204901888-1000UA => C:\Users\Vule\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) <==== ATTENTION
Task: {CD028623-336D-435A-B534-921D1DB5D184} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-09-12] (Microsoft Corporation) <==== ATTENTION
Task: {CE93AD6C-E01C-4D3E-9D3E-E0C59E2B316C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {CEDAC902-6B7E-498F-B0E3-C1E2D77EF5EC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => sc.exe config upnphost start= auto <==== ATTENTION
Task: {DE8699D2-8A05-42F7-8A85-5162AF47D26A} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {DEB92125-5A82-447E-8423-FDD525DA8CBB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {E8164C0D-216C-4B6B-9EB8-31BF958B8014} - System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo => C:\Windows\system32\gatherNetworkInfo.vbs [2009-06-10] () <==== ATTENTION
Task: {EB2D8A24-7F3A-499F-A8D6-5682C7BEDCA5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotifications.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {FC0C1130-1C7F-4FAC-A576-B4F94D84386A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) <==== ATTENTION
Task: {FE595B39-8151-4951-A858-A217010A8343} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Vule\AppData\Local\Google\Chrome\Application\Гугл Хром.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameTracker Lite\Visit GameTracker Website.lnk -> hxxp://www.gametracker.com
Shortcut: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Гугл Хром.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Интернет Експлорер.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
 
ShortcutWithArgument: C:\Users\Vule\AppData\Local\Standuck\User Data\Default\Web Applications\_crx_gbchcmhmhahfdphkhkmpfmihenigjmpp\Chrome Remote Desktop.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_gbchcmhmhahfdphkhkmpfmihenigjmpp\Chrome Remote Desktop.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Vule\AppData\Local\Goldass\User Data\Default\Web Applications\_crx_gbchcmhmhahfdphkhkmpfmihenigjmpp\Chrome Remote Desktop.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Birdjob\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Vule\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-17 08:46 - 2017-02-23 10:02 - 00112640 _____ () c:\programdata\apple\apple application support\support.dll
2017-02-13 17:40 - 2017-02-13 08:16 - 00482304 _____ () c:\programdata\apple computer\itunes\ipoddevices.dll
2016-11-15 15:22 - 2016-11-15 15:22 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-10-08 19:42 - 2012-10-08 19:42 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2011-07-18 22:04 - 2011-07-18 22:04 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll
2005-06-03 18:30 - 2005-06-03 18:30 - 00248528 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\ERSREGPR.DLL
2005-06-03 18:30 - 2005-06-03 18:30 - 00203472 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\MSENCDAT.DLL
2005-06-03 18:30 - 2005-06-03 18:30 - 00178896 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\ENCCONT.DLL
2005-06-03 18:30 - 2005-06-03 18:30 - 00326352 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\MSENCXML.DLL
2005-06-03 18:30 - 2005-06-03 18:30 - 00051920 _____ () C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICTITS.EBK
2017-02-06 22:25 - 2017-02-01 10:01 - 01870168 _____ () C:\Users\Vule\AppData\Local\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 22:25 - 2017-02-01 10:01 - 00085848 _____ () C:\Users\Vule\AppData\Local\Google\Chrome\Application\56.0.2924.87\libegl.dll
2015-04-25 13:08 - 2015-04-25 13:08 - 03289088 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1844f6f4\mscorlib.dll
2005-06-03 18:30 - 2005-06-03 18:30 - 00191184 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\PPDBMGR.DLL
2005-06-03 18:30 - 2005-06-03 18:30 - 00203472 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\PPMGR.DLL
2005-06-03 18:30 - 2005-06-03 18:30 - 00146128 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\ATCONT.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2014-06-05 22:19 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 109.122.98.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CodeMeter.exe => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GS In-Game Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: PlaysService => 2
MSCONFIG\Services: PST Service => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SolidWorks Licensing Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: TechSmith Uploader Service => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMnetDHCP => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMware NAT Service => 2
MSCONFIG\Services: wampapache => 3
MSCONFIG\Services: wampmysqld => 3
MSCONFIG\Services: XperiaCompanionService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodeMeter Control Center.lnk => C:\Windows\pss\CodeMeter Control Center.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 13.lnk => C:\Windows\pss\Snagit 13.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Vule^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA => 1
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GameTracker => "C:\Program Files\GameTracker\GTLite.exe"
MSCONFIG\startupreg: Google Update => C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~1\RAPTRI~1\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "D:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XperiaCompanionAgent => "C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F11842E5-8963-4924-98B9-F4E62247685F}] => (Allow) D:\Program Files\Steam\Steam.exe
FirewallRules: [{77A95B42-F389-4144-8473-3B51E444E401}] => (Allow) D:\Program Files\Steam\Steam.exe
FirewallRules: [TCP Query User{76FD444E-141C-4866-B154-CC0B8AAECFB1}C:\program files\valve\hlserver\hlds.exe] => (Allow) C:\program files\valve\hlserver\hlds.exe
FirewallRules: [UDP Query User{E7658C0C-536D-4928-B5E8-547185CA1B3B}C:\program files\valve\hlserver\hlds.exe] => (Allow) C:\program files\valve\hlserver\hlds.exe
FirewallRules: [{3D3915ED-86FB-4006-AD89-DCFEB1133BCA}] => (Allow) C:\Program Files\BitTorrent\BitTorrent.exe
FirewallRules: [{8E384A22-C672-4C60-9E69-FD599BE8D9DA}] => (Allow) C:\Program Files\BitTorrent\BitTorrent.exe
FirewallRules: [{22A24A68-5185-4308-9818-7F00582E98DF}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{5C71FCF5-61C3-4A6B-A3C5-7A87205DE1AB}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{DFFA6C9C-3FE5-46CE-BA3E-8E5234B89933}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{C53DD9C4-6025-495F-A86A-EBA903745F72}C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
FirewallRules: [UDP Query User{F34203AF-409B-4206-9BD1-9089442F372C}C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
FirewallRules: [{CF313154-FAF8-4C70-AC8A-2DA999F01C8A}] => (Block) C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
FirewallRules: [{FB1AA80F-330F-46C8-8424-EBCAC76E9364}] => (Block) C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
FirewallRules: [TCP Query User{CDFFAF98-0F10-416D-AD34-6FD35FE5AF9C}C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe] => (Allow) C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
FirewallRules: [UDP Query User{493680B1-9AD6-4DC2-AC8A-2B65FB6E5BB5}C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe] => (Allow) C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
FirewallRules: [{552AC32C-C12B-48A1-9537-92645272D4A8}] => (Block) C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
FirewallRules: [{2456F170-EFD5-472B-B4D4-BAB9D7706080}] => (Block) C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
FirewallRules: [{95D3E820-016B-4DDF-9249-46BDF5B070DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A51E39B4-7586-43BC-9B75-E9DC7E65273E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4BD45C17-67E3-4D6D-9C4B-6AF9B59660AE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F77D8A05-53B9-4071-BB8A-77D536EE4F83}D:\program files\warcraft iii\gproxy.exe] => (Block) D:\program files\warcraft iii\gproxy.exe
FirewallRules: [UDP Query User{264C37DA-CB3F-47AA-AD9C-5E934C3F331C}D:\program files\warcraft iii\gproxy.exe] => (Block) D:\program files\warcraft iii\gproxy.exe
FirewallRules: [TCP Query User{EC539B8F-9385-4FF5-A317-0FF625112005}D:\program files\warcraft iii\war3.exe] => (Block) D:\program files\warcraft iii\war3.exe
FirewallRules: [UDP Query User{CD4BA7F8-41BA-42E5-BC77-02D919C7B73F}D:\program files\warcraft iii\war3.exe] => (Block) D:\program files\warcraft iii\war3.exe
FirewallRules: [{B6E134AC-6C19-44E7-B550-42B15F6177A8}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{592A1100-8956-4AFC-B818-9C750DD93F17}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{20263FB1-830C-4658-8697-8F84ADFD8619}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{43CBD0EC-C215-4465-BD57-312555F05298}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{36FDE87C-6043-403A-A9B7-A460B5AF5733}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{50930009-D349-412F-86CD-CC31667C010E}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{356538BD-72DB-47EB-8422-3319F4BFECE6}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{37A71553-B138-4A0C-AC62-A94CBFBB319F}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{1837FE16-DE96-4C8A-87D5-689C8167AAE5}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{60F339B0-C828-448F-885A-5C4EE172CB13}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{2FE88B28-BF1A-41B9-804E-15DC2DD34E53}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{562D6880-A9A6-4265-B688-465868C78F80}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{C316C12D-8AC4-4197-B5D4-A4140AC236A1}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{D792DBD9-C7BF-4D4C-A5C0-9B38B476453D}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{95305FCC-4C71-48A4-BEE7-A0B2030BD9A8}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{6A04C984-A580-4ABB-BBF2-D118E998349A}] => (Allow) C:\Program Files\Tunngle\TnglCtrl.exe
FirewallRules: [{9A493B62-067E-41D6-9C95-5B5E860F2DBF}] => (Allow) C:\Program Files\Tunngle\TnglCtrl.exe
FirewallRules: [{78EA3121-E0F2-4E21-A1D3-68D0548D6865}] => (Allow) C:\Program Files\Tunngle\Tunngle.exe
FirewallRules: [{FF5F959D-FC21-4A43-94A1-1BF09B9CE22D}] => (Allow) C:\Program Files\Tunngle\Tunngle.exe
FirewallRules: [{89ACB9E8-2162-4E32-A33F-4C5872DE1632}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{5801C6D9-D4FD-4D32-AF65-E4A5FBB371D1}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{07138094-AE7F-47CE-901D-F2FE6F5FD366}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{C1FCFFE2-077B-4107-B252-5DD4F5CA7CE9}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F02703C9-4B83-4571-85C8-FE72AE6773D6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1F435E19-E44E-4CC7-A925-05FBD8D71ECA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{57F10A7F-FA22-475E-8714-29816C81AEF4}] => (Allow) C:\D backup\Steam\Steam.exe
FirewallRules: [{440D3AC7-E203-4DA1-843B-A217688D270D}] => (Allow) C:\D backup\Steam\Steam.exe
FirewallRules: [{63C971E5-A5EF-4424-8910-035B946C9946}] => (Allow) C:\D backup\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A804073D-D55D-4745-B1E0-47AFCBCD3FB2}] => (Allow) C:\D backup\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{874E4C2B-CB8A-42E6-BEAC-65F31D48D4AC}] => (Allow) C:\D backup\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{0C4B77E7-79D5-4BF6-B30A-F57B7191410B}] => (Allow) C:\D backup\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{41262ADA-5EF4-438D-A1E7-24D73E276B24}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{68A3ADC9-AB39-4A11-94DC-8882F35AA746}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{E885A8B4-A8F6-4086-BF6B-FE2ED5CDE5B0}] => (Allow) C:\Program Files\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{04E65A6D-82C4-45B4-A75B-171BAE020C2C}] => (Allow) D:\PROGRA~1\Unity\Editor\Unity.exe
FirewallRules: [{E9FAD9D1-812B-4C86-8DA6-038965B43C07}] => (Allow) C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{7324F64B-D41B-4564-8B56-AA917371191B}] => (Allow) C:\Program Files\Raptr\raptr.exe
FirewallRules: [{E4955221-B4EC-4B23-9949-975AFA256879}] => (Allow) C:\Program Files\Raptr\raptr.exe
FirewallRules: [{8E013AE8-E73F-411B-9F5E-CF0680DA7B46}] => (Allow) C:\Program Files\Raptr\raptr_im.exe
FirewallRules: [{B7B5EA27-3A52-480A-8ACA-806A9BE56D42}] => (Allow) C:\Program Files\Raptr\raptr_im.exe
FirewallRules: [{DF64C8FE-5BD4-49A7-A1B9-566178E0F952}] => (Allow) C:\Program Files\SprgFiles\SprgFiles.exe
FirewallRules: [{99422020-95E8-460D-A090-B26D08F78E1F}] => (Allow) C:\Program Files\SprgFiles\SprgFiles.exe
FirewallRules: [{B8C1306B-071F-408A-9DF7-400AFA59A761}] => (Allow) C:\Program Files\SprgFiles\downloader.exe
FirewallRules: [{231BC164-D761-4250-B715-7052D0AD7437}] => (Allow) C:\Program Files\SprgFiles\downloader.exe
FirewallRules: [{DAE05F74-0154-4E01-B675-5D49CD3E8507}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{5DCF8852-9828-435C-8BA5-74B74813F5D8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{1329A3E6-7AD4-4980-A7D2-1200938951B1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{247BA81A-4AA6-4E4F-A902-5669D6A3146C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0BB2CC01-E133-45F7-B843-F9898E34A0C2}] => (Allow) LPort=8298
FirewallRules: [{7CEE18A2-C67B-4997-8CE8-A340D2A920C2}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5DA430CB-5567-4D35-B167-DDD549290AEB}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2D5A5EF3-BC81-42C4-89BE-A56CB0CC1218}] => (Allow) C:\Program Files\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{7D345985-AE86-47FD-9404-1ED3C041F17C}] => (Allow) C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{45BAFA66-F651-4978-8BD5-FE94CC9FBD1D}] => (Allow) C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{35CD77DC-FDC3-46F4-8408-04AD80D7425E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{71079C90-DF9A-46EC-9092-5E96EEDA1F1A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DBC9E954-4A0A-4B0A-A6EB-73EE5D212ECC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2A98ACD7-BD46-42E5-BDC1-A8BF1EE96A88}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{29EAF8D0-47D5-419D-BEF6-B0636445FD85}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{5C705526-9B94-4F62-8786-91572D1D3899}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{344E15BE-6DD2-428D-8C78-B47873800BCA}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{892F7C52-0AEB-40D5-91BE-12869ECADECC}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{01861617-24D2-435A-A9A1-D1B3189E6AF9}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{A7DD42A3-D895-47B9-B307-0FFC0A30F64F}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{C7D33C52-3D2E-4426-BBB6-7ADB59B31193}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{B928A46D-DD45-40A6-AB23-98A6DC768F98}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{5F17775C-13E2-423D-B9B5-A0A6BE89A458}] => (Allow) C:\Program Files\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{80B7DA51-6E5B-4828-86EB-33F2D2C107BD}] => (Allow) C:\Program Files\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{5390DB96-C9EA-4CAB-88AC-5BD0430AB1A3}] => (Allow) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{ADE66BA3-4C08-4D11-AA3B-CFC441CDF444}] => (Allow) C:\Program Files\Maoha\MaohaAP\MaohaWifiSvr.exe
FirewallRules: [{9F91178C-7BDD-4388-AFA5-42F12F881B5E}] => (Allow) C:\Program Files\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
FirewallRules: [{029E3509-CB8D-48AF-A95C-C08969673F1B}] => (Allow) C:\Program Files\Birdjob\Application\chrome.exe
FirewallRules: [{84BB90F1-68B1-4268-AFD1-F4DFA145B043}] => (Allow) C:\Program Files\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{E92B2784-5C51-4113-9650-88320BF28AF7}] => (Allow) C:\Program Files\Firefox\Firefox.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
 
==================== Restore Points =========================
 
01-03-2017 06:27:18 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Loopback Adapter
Description: Microsoft Loopback Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: msloop
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/01/2017 12:40:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 17c4
 
Start Time: 01d2927bf8419e59
 
Termination Time: 15
 
Application Path: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
 
Report Id: ce05e09b-fe73-11e6-a4fd-001fc69f92dc
 
Error: (02/25/2017 02:53:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1c48228a-b640-4609-9e82-692b826f48f2}
 
Error: (02/21/2017 08:12:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1550
 
Start Time: 01d28c6cc5d2cd7d
 
Termination Time: 85
 
Application Path: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
 
Report Id: abee8f7f-f869-11e6-9a22-001fc69f92dc
 
Error: (02/21/2017 06:36:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
The RPC server is unavailable.
.
 
Error: (02/21/2017 01:22:34 PM) (Source: chromoting) (EventID: 3) (User: )
Description: Access denied for client: svetlomer@gmail.com/chromoting07B25661.
 
Error: (02/18/2017 11:36:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1478
 
Start Time: 01d28a30ca917e2a
 
Termination Time: 20
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 8ed8fe0a-f62a-11e6-95bf-001fc69f92dc
 
Error: (02/15/2017 09:12:53 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: KVAN)
Description: Application or service 'ed2k idle service' could not be restarted.
 
Error: (02/15/2017 08:53:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.23537, time stamp: 0x57c44cc4
Faulting module name: mso.dll_unloaded, version: 0.0.0.0, time stamp: 0x584f9a8a
Exception code: 0xc0000005
Fault offset: 0x67507330
Faulting process id: 0x4d4
Faulting application start time: 0x01d2875f74e9f2f6
Faulting application path: C:\Windows\Explorer.exe
Faulting module path: mso.dll
Report Id: cc0ae1cc-f353-11e6-9382-001fc69f92dc
 
Error: (02/15/2017 08:45:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44cc4
Faulting module name: mso.dll_unloaded, version: 0.0.0.0, time stamp: 0x584f9a8a
Exception code: 0xc0000005
Fault offset: 0x06cd7330
Faulting process id: 0x624
Faulting application start time: 0x01d2875f54b45448
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: mso.dll
Report Id: af57bd98-f352-11e6-9382-001fc69f92dc
 
Error: (02/15/2017 08:36:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.23537, time stamp: 0x57c44cc4
Faulting module name: mso.dll_unloaded, version: 0.0.0.0, time stamp: 0x584f9a8a
Exception code: 0xc0000005
Fault offset: 0x678f7330
Faulting process id: 0xe38
Faulting application start time: 0x01d2875dfc6dd1f3
Faulting application path: C:\Windows\Explorer.exe
Faulting module path: mso.dll
Report Id: 6626333c-f351-11e6-b143-001fc69f92dc
 
 
System errors:
=============
Error: (02/28/2017 09:16:10 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Nitro PDF Driver 8 required for printer Nitro PDF Creator (Pro 8) is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (02/28/2017 09:16:07 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Send to Microsoft OneNote 16 Driver required for printer Send To OneNote 16 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (02/27/2017 08:31:13 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Send to Microsoft OneNote 16 Driver required for printer Send To OneNote 16 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (02/27/2017 08:31:12 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Nitro PDF Driver 8 required for printer Nitro PDF Creator (Pro 8) is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (02/27/2017 08:30:06 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Nitro PDF Driver 8 required for printer Nitro PDF Creator (Pro 8) is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (02/27/2017 08:30:01 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Send to Microsoft OneNote 16 Driver required for printer Send To OneNote 16 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (02/27/2017 06:39:33 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Error: (02/25/2017 08:11:13 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (02/25/2017 04:53:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/25/2017 04:46:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-28 21:16:04.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vorbis.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-28 21:16:04.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ac3filter.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-28 21:16:04.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 20:55:37.953
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vorbis.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 20:55:37.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ac3filter.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 20:55:37.797
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 20:30:52.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vorbis.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 20:30:52.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ac3filter.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 20:30:52.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-19 21:13:05.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vorbis.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-3600 APU with Radeon™ HD Graphics
Percentage of memory in use: 71%
Total physical RAM: 3058.88 MB
Available physical RAM: 867.23 MB
Total Virtual: 6116.07 MB
Available Virtual: 3291.6 MB
 
==================== Drives ================================
 
Drive c: (RAZVIGOR) (Fixed) (Total:130.01 GB) (Free:12.51 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (POVETARAC) (Fixed) (Total:238.15 GB) (Free:77.57 GB) NTFS
Drive h: (Windows 8) (Fixed) (Total:89.8 GB) (Free:89.67 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 05940593)
Partition 1: (Active) - (Size=7.8 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=130 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=89.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



#15 kingW3

kingW3
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 01 March 2017 - 02:49 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-03-2017
Ran by Vule (administrator) on KVAN (01-03-2017 20:44:34)
Running from C:\Users\Vule\Desktop
Loaded Profiles: Vule (Available Profiles: Vule & Vule1 & Pishtus & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\w32x86\3\CNABCSWK.EXE
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Advanced Micro Devices Inc.) C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\ENCARTA.EXE
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE [226784 2010-01-11] (CANON INC.)
HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-14341686-2959951868-204901888-1000\...\Run: [E06AXLRD_3740513] => C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE [301776 2005-06-03] (Microsoft Corporation)
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> E:\ALEKSA\NOVEI~40\IDLEWILD.EXE
HKLM\...\Providers\2lfq7cnq: C:\Program Files\Artatyvonas Server\local32spl.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 109.122.98.6
Tcpip\..\Interfaces\{216E23D9-D56F-490C-A087-F3E0A15FE060}: [DhcpNameServer] 109.122.98.6
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-14341686-2959951868-204901888-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.rs/?gws_rd=ssl
URLSearchHook: HKLM -> Default = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-18] (Oracle Corporation)
BHO: Encarta Web Companion Helper Object -> {955BE0B8-BC85-4CAF-856E-8E0D8B610560} -> C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-18] (Oracle Corporation)
Toolbar: HKLM - Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-14341686-2959951868-204901888-1000 -> Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL [2005-06-03] (Microsoft Corporation)
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-10-11] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\jg1xlz61.default-1479413574090\Profiles\jg1xlz61.default-1479413574090 [not found]
FF ProfilePath: C:\Users\Vule\AppData\Roaming\Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090 [2017-02-25]
FF Homepage: Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090 -> hxxp://www.startpageing123.com/?type=hp&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\2lfq7cnq.xml [2017-02-11]
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Mozilla\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\startpageing123.xml [2017-02-21]
FF ProfilePath: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090 [2017-02-25]
FF Homepage: Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090 -> hxxp://www.searchinme.com/?type=hp&ts=1487863113968&z=&from=official&uid=ST3500413AS_Z2AC309Q
FF Extension: (FF Adr) - C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-02-23] [not signed]
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\2lfq7cnq.xml [2017-02-11]
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\searchinme.xml [2017-02-23]
FF SearchPlugin: C:\Users\Vule\AppData\Roaming\Firefox\Firefox\Profiles\jg1xlz61.default-1479413574090\searchplugins\startpageing123.xml [2017-02-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2013-12-27] (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-14341686-2959951868-204901888-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-14341686-2959951868-204901888-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-14341686-2959951868-204901888-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vule\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-14341686-2959951868-204901888-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-01-29] ()
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default [2017-03-01]
CHR Extension: (Google Slides) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-22]
CHR Extension: (Google Docs) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-22]
CHR Extension: (Google Drive) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-22]
CHR Extension: (YouTube) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-22]
CHR Extension: (Adblock Plus) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-02-22]
CHR Extension: (Google Sheets) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-22]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-02-25]
CHR Extension: (Google Docs Offline) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-22]
CHR Extension: (AdBlock) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-22]
CHR Extension: (Speedtest by Ookla) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2017-02-25]
CHR Extension: (Gmail) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
StartMenuInternet: Google Chrome - C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-30] (Adobe Systems) [File not signed]
S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [112640 2017-02-23] () [File not signed]
R2 APPLE_svr; C:\ProgramData\Apple Computer\iTunes\iPodDevices.dll [482304 2017-02-13] () [File not signed]
R2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Google Inc.)
S4 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2304912 2011-07-06] (WIBU-SYSTEMS AG)
S4 GS In-Game Service; C:\Program Files\GameTracker\GSInGameService.exe [1677072 2011-11-10] (ClanServers Hosting LLC)
S4 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [11063808 2015-09-18] () [File not signed]
S4 PlaysService; C:\Program Files\Raptr Inc\PlaysTV\plays_service.exe [55056 2016-12-23] (Copyright © 2016 Plays.tv, LLC)
S4 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S4 TechSmith Uploader Service; C:\Program Files\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-14] (TechSmith Corporation)
R3 TermService; C:\Windows\System32\termsrv.dll [523776 2016-11-22] (Microsoft Corporation) [File not signed]
S4 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) [File not signed]
S4 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]
S4 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357016 2012-08-15] (VMware, Inc.)
S4 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [719512 2012-08-01] (VMware, Inc.)
S4 VMware NAT Service; C:\Windows\system32\vmnat.exe [435864 2012-08-15] (VMware, Inc.)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [45800 2015-07-07] (Microsoft Corporation)
S4 wampapache; c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) [File not signed]
S4 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [1431424 2016-12-22] (Sony)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-05-08] (DT Soft Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2016-12-31] (Sony Mobile Communications)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-08-01] (VMware, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
S3 msloop; C:\Windows\System32\DRIVERS\loop.sys [5632 2009-07-14] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2012-03-26] (Apple Inc.) [File not signed]
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [113608 2013-01-27] (Power Software Ltd)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [44032 2012-07-09] (Apple, Inc.) [File not signed]
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [25624 2012-08-15] (VMware, Inc.)
S3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2012-08-15] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2012-08-15] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [25752 2012-08-15] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [61848 2012-08-15] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [61296 2012-07-06] (VMware, Inc.)
S3 catchme; \??\C:\Users\Vule\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-01 20:33 - 2017-03-01 20:35 - 00076880 _____ C:\Users\Vule\Desktop\Addition.txt
2017-03-01 20:31 - 2017-03-01 20:44 - 00021541 _____ C:\Users\Vule\Desktop\FRST.txt
2017-03-01 12:04 - 2017-03-01 12:06 - 00005404 _____ C:\Users\Vule\Desktop\Rkill.txt
2017-03-01 12:03 - 2017-03-01 12:03 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Vule\Downloads\rkill.exe
2017-02-28 00:14 - 2017-02-28 00:14 - 00116736 _____ C:\Users\Vule\Downloads\2015_republicko_rezultati.xls
2017-02-28 00:13 - 2017-02-28 00:13 - 00055301 _____ C:\Users\Vule\Downloads\2016_republicko_rezultati.xlsx
2017-02-25 16:57 - 2017-02-25 16:57 - 00025917 _____ C:\ComboFix.txt
2017-02-25 15:36 - 2017-02-25 15:36 - 05660168 ____R (Swearware) C:\Users\Vule\Desktop\ComboFix.exe
2017-02-25 15:36 - 2017-02-25 15:36 - 05660168 _____ (Swearware) C:\Users\Vule\Downloads\ComboFix.exe
2017-02-25 14:53 - 2017-02-27 06:38 - 00000008 __RSH C:\Users\Vule1\ntuser.pol
2017-02-25 14:53 - 2017-02-25 14:57 - 00015846 _____ C:\Users\Vule\Desktop\Fixlog.txt
2017-02-25 14:52 - 2017-02-25 14:52 - 00000430 __RSH C:\Users\Administrator\ntuser.pol
2017-02-25 14:51 - 2017-03-01 20:30 - 00000000 ____D C:\Users\Vule\Desktop\FRST-OlderVersion
2017-02-25 12:10 - 2017-02-25 12:10 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-02-24 20:03 - 2017-02-24 20:03 - 00000377 _____ C:\Users\Vule\Downloads\code190608.cpp
2017-02-24 18:36 - 2017-02-24 18:37 - 00000377 _____ C:\Users\Vule\Downloads\code190606.cpp
2017-02-23 23:04 - 2017-02-23 23:04 - 00007379 _____ C:\Users\Vule\Documents\JRT.txt
2017-02-23 22:42 - 2017-02-23 22:42 - 00007379 _____ C:\Users\Vule\Desktop\JRT.txt
2017-02-23 22:33 - 2017-02-23 22:33 - 01663040 _____ (Malwarebytes) C:\Users\Vule\Downloads\JRT.exe
2017-02-23 22:32 - 2017-03-01 19:47 - 00000040 _____ C:\Program Files\settings.dat
2017-02-23 22:32 - 2017-02-23 22:32 - 00000000 ____D C:\Program Files\reports
2017-02-23 22:31 - 2017-03-01 06:21 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-02-23 21:15 - 2017-02-23 22:30 - 00000000 ____D C:\AdwCleaner
2017-02-23 21:14 - 2017-02-23 21:14 - 04015056 _____ C:\Users\Vule\Downloads\AdwCleaner.exe
2017-02-23 21:04 - 2017-02-23 21:04 - 00001502 _____ C:\Users\Vule\Desktop\new  2.txt
2017-02-23 20:48 - 2017-02-23 21:12 - 00000000 ____D C:\Users\Vule\Desktop\mbar
2017-02-23 20:44 - 2017-02-23 21:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-23 20:43 - 2017-02-23 20:43 - 00000000 ____D C:\Users\Vule\New folder
2017-02-23 20:42 - 2017-02-23 20:42 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Vule\Downloads\mbar-1.09.3.1001.exe
2017-02-23 20:21 - 2017-02-23 20:21 - 00852798 _____ C:\Users\Vule\Downloads\SecurityCheck.exe
2017-02-23 16:35 - 2017-02-23 16:37 - 00072768 _____ C:\Users\Vule\Downloads\Addition.txt
2017-02-23 16:33 - 2017-02-23 16:37 - 00039748 _____ C:\Users\Vule\Downloads\FRST.txt
2017-02-23 16:32 - 2017-03-01 20:44 - 00000000 ____D C:\FRST
2017-02-23 16:32 - 2017-03-01 20:30 - 01765888 _____ (Farbar) C:\Users\Vule\Desktop\FRST.exe
2017-02-23 16:20 - 2017-02-23 16:20 - 00518272 _____ (ESET) C:\Users\Vule\Downloads\ESETPoweliksCleaner.exe
2017-02-23 16:20 - 2017-02-23 16:20 - 00000022 _____ C:\Users\Vule\Downloads\ESETPoweliksCleaner.exe_20170223.162014.3284.zip
2017-02-23 16:16 - 2017-02-25 14:54 - 00000816 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-23 16:16 - 2017-02-23 16:16 - 00000007 _____ C:\Windows\system32\F959.tmp
2017-02-23 16:16 - 2017-02-23 16:16 - 00000000 ____D C:\Users\Vule\AppData\Local\Birdjob
2017-02-23 16:15 - 2017-02-23 16:15 - 00000000 ____D C:\Program Files\Birdjob
2017-02-20 17:20 - 2017-02-20 17:20 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-20 17:20 - 2017-02-20 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-20 17:18 - 2017-02-20 17:18 - 00041623 _____ C:\Users\Vule\Downloads\2017_okruzno_rezultati.zip
2017-02-20 17:18 - 2017-02-20 17:18 - 00011739 _____ C:\Users\Vule\Downloads\2017_kvote.xlsx
2017-02-20 17:12 - 2017-02-20 17:12 - 00000000 ____D C:\Users\Vule\Downloads\backups
2017-02-20 17:09 - 2017-02-20 17:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Vule\Downloads\HijackThis.exe
2017-02-17 08:46 - 2017-02-17 08:46 - 00000000 ____D C:\Users\Vule\AppData\Local\Standuck
2017-02-17 04:08 - 2017-02-17 04:08 - 00000000 ____D C:\Users\Vule\Documents\aMule Downloads
2017-02-15 08:23 - 2017-02-15 08:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2017-02-15 08:21 - 2017-02-15 08:21 - 00000000 ____D C:\Users\Pishtus\Documents\Visual Studio 2015
2017-02-13 18:54 - 2017-02-23 16:17 - 00001306 _____ C:\Program Files\metadata
2017-02-13 17:42 - 2017-02-23 16:18 - 00000000 ____D C:\Users\Vule\AppData\LocalLow\Mozilla
2017-02-13 17:41 - 2017-02-13 17:41 - 00000000 ____D C:\Users\Vule\AppData\Local\Firefox
2017-02-13 17:40 - 2017-02-13 17:40 - 00000007 _____ C:\Windows\system32\1B5E.tmp
2017-02-13 17:40 - 2017-02-13 17:40 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Firefox
2017-02-13 17:40 - 2017-02-13 17:40 - 00000000 ____D C:\Users\Vule\AppData\Local\Goldass
2017-02-11 08:45 - 2017-02-11 08:45 - 00000000 ____D C:\Users\Pishtus\AppData\Roaming\ATI
2017-02-11 08:45 - 2017-02-11 08:45 - 00000000 ____D C:\Users\Pishtus\AppData\Local\ATI
2017-02-11 08:44 - 2017-02-27 20:29 - 00000008 __RSH C:\Users\Pishtus\ntuser.pol
2017-02-11 08:44 - 2017-02-25 14:52 - 00000000 ____D C:\Users\Pishtus\AppData\Local\TSVNCache
2017-02-11 01:59 - 2017-02-11 02:11 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Vupeculttusely
2017-02-11 01:59 - 2017-02-11 01:59 - 00000000 ____D C:\Users\Vule\AppData\Local\Anopert
2017-02-09 01:50 - 2017-02-09 01:50 - 00000000 ____D C:\Users\Vule\AppData\Local\ESET
2017-02-09 00:56 - 2017-02-09 00:58 - 00000484 _____ C:\Users\Vule\Downloads\Enable_Volume_Notification_Icon.reg
2017-02-09 00:55 - 2017-02-25 15:00 - 00000008 __RSH C:\Users\Vule\ntuser.pol
2017-02-08 22:59 - 2017-02-08 23:01 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Vule\Downloads\esetonlinescanner_enu.exe
2017-02-07 21:16 - 2017-02-07 21:16 - 00000000 ____D C:\Users\Vule\AppData\Roaming\AC3Filter
2017-02-07 15:20 - 2017-02-07 15:20 - 00000000 ____D C:\Users\Vule\AppData\Local\AdvinstAnalytics
2017-02-07 13:37 - 2017-02-07 13:37 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-07 13:37 - 2017-02-07 13:37 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-06 06:20 - 2017-02-06 06:20 - 00148914 _____ C:\Users\Vule\Downloads\7C921C0AC5D968F61D876C308B39838FB5215588.torrent
2017-02-02 03:58 - 2017-02-02 03:59 - 01061357 _____ C:\Users\Vule\Downloads\2015-eng.pdf
2017-01-31 22:02 - 2017-01-31 22:02 - 00000000 ____D C:\Users\Pishtus\AppData\Roaming\PlaysTV
2017-01-31 22:01 - 2017-02-11 08:48 - 00000000 ____D C:\Users\Pishtus\AppData\Roaming\Raptr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-01 20:35 - 2015-04-25 13:12 - 00000000 ____D C:\Users\Vule\AppData\Local\ApplicationHistory
2017-03-01 12:42 - 2014-05-28 18:13 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 06:31 - 2009-07-14 05:34 - 00016912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-01 06:31 - 2009-07-14 05:34 - 00016912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-01 06:21 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-28 22:48 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-02-28 06:23 - 2012-11-04 20:16 - 00000000 ____D C:\Users\Vule\AppData\Local\TSVNCache
2017-02-27 20:31 - 2016-11-21 20:43 - 00000000 ____D C:\Users\Pishtus\AppData\Local\ApplicationHistory
2017-02-27 20:29 - 2016-11-21 19:49 - 00000000 ____D C:\Users\Pishtus
2017-02-27 06:39 - 2013-03-19 00:41 - 00000000 ____D C:\Users\Vule1\AppData\Local\TSVNCache
2017-02-27 06:38 - 2013-03-19 00:40 - 00000000 ____D C:\Users\Vule1
2017-02-25 16:57 - 2014-06-05 22:07 - 00000000 ____D C:\Qoobox
2017-02-25 16:53 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2017-02-25 15:00 - 2014-05-04 20:14 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-25 15:00 - 2012-02-22 21:33 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-25 15:00 - 2012-01-19 19:57 - 00000000 ____D C:\Users\Vule
2017-02-25 14:56 - 2012-11-28 22:35 - 00000000 ____D C:\Users\Vule\AppData\LocalLow\Temp
2017-02-25 14:54 - 2012-11-07 16:29 - 00000000 ____D C:\Windows\pss
2017-02-25 14:54 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-02-25 14:53 - 2012-01-20 00:05 - 00001464 _____ C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-25 14:53 - 2012-01-19 19:58 - 00001212 _____ C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-25 14:53 - 2009-07-14 05:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-25 14:52 - 2012-11-11 09:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\TSVNCache
2017-02-25 14:52 - 2012-08-13 00:52 - 00000000 ____D C:\Users\Administrator
2017-02-24 18:31 - 2013-01-13 22:56 - 00000000 ____D C:\Users\Vule\Documents\Visual Studio 2010
2017-02-23 22:30 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\Services
2017-02-23 21:10 - 2014-05-28 18:13 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-02-23 06:25 - 2016-01-27 03:03 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 06:18 - 2016-01-27 03:03 - 135086848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 02:00 - 2012-12-07 19:08 - 00000000 ____D C:\Users\Vule\AppData\Local\ElevatedDiagnostics
2017-02-21 23:24 - 2012-10-21 20:07 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Skype
2017-02-21 21:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2017-02-21 18:48 - 2014-02-09 14:18 - 00000000 ____D C:\Users\Vule\AppData\Roaming\TS3Client
2017-02-21 18:48 - 2012-08-15 21:19 - 00000000 ____D C:\Users\Vule\AppData\Roaming\BitTorrent
2017-02-21 18:48 - 2012-02-25 08:30 - 00000000 ____D C:\Users\Vule\AppData\Roaming\DAEMON Tools Lite
2017-02-21 18:47 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\ModemLogs
2017-02-21 18:46 - 2014-06-06 08:26 - 00000000 ____D C:\Users\Vule\AppData\Local\CrashDumps
2017-02-21 18:46 - 2014-01-27 20:15 - 00000000 ____D C:\Windows\Minidump
2017-02-18 09:13 - 2012-08-17 20:02 - 00000000 ____D C:\Windows\Sun
2017-02-17 08:46 - 2012-10-13 16:30 - 00000000 ____D C:\ProgramData\Apple
2017-02-15 08:36 - 2016-11-21 19:51 - 00000000 ____D C:\Users\Pishtus\AppData\Local\CrashDumps
2017-02-15 08:26 - 2012-08-13 00:52 - 00126480 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-13 17:40 - 2016-03-04 12:05 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2017-02-12 20:21 - 2016-11-21 19:49 - 00000000 ____D C:\Users\Pishtus\AppData\Local\Google
2017-02-11 09:06 - 2013-05-05 22:04 - 00000000 ____D C:\Program Files\Google
2017-02-11 08:45 - 2016-11-21 19:50 - 00126480 _____ C:\Users\Pishtus\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-09 19:15 - 2014-05-28 11:56 - 00000000 ____D C:\Temp
2017-02-09 19:02 - 2016-03-05 10:20 - 00000000 ____D C:\ProgramData\Google
2017-02-09 19:02 - 2012-01-20 00:04 - 00000000 ____D C:\Users\Vule\AppData\Local\Google
2017-02-09 15:54 - 2015-12-05 19:51 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Raptr
2017-02-08 02:59 - 2017-01-29 23:18 - 00000000 ____D C:\Users\Vule\AppData\Roaming\Might & Magic Heroes VI
2017-02-07 15:27 - 2015-11-25 18:17 - 00000000 ___RD C:\Users\Vule\Dropbox
2017-02-07 13:39 - 2016-11-21 19:49 - 00001082 _____ C:\Users\Pishtus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-07 13:39 - 2013-03-19 00:41 - 00001082 _____ C:\Users\Vule1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-07 13:39 - 2012-08-13 00:52 - 00001082 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-06 16:16 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
2017-02-06 08:35 - 2016-06-27 00:26 - 03686522 ____H C:\Users\Vule\AppData\Local\IconCache.db.backup
2017-02-05 17:16 - 2012-01-19 20:01 - 00899186 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-01 15:18 - 2013-04-04 22:27 - 00000000 ____D C:\Users\Vule\Desktop\prezentacija
2017-01-30 01:05 - 2017-01-29 23:18 - 00000000 ____D C:\Users\Vule\AppData\Local\Ubisoft Game Launcher
 
==================== Files in the root of some directories =======
 
2012-08-14 18:29 - 2006-10-09 11:06 - 0546304 _____ () C:\Program Files\fy_snow.bsp
2017-02-13 18:54 - 2017-02-23 16:17 - 0001306 _____ () C:\Program Files\metadata
2012-08-13 01:03 - 2006-04-17 18:11 - 1241822 _____ (Will Day <willday@metamod.org>) C:\Program Files\metamod.dll
2017-02-23 22:32 - 2017-03-01 19:47 - 0000040 _____ () C:\Program Files\settings.dat
2015-01-04 21:29 - 2015-01-04 21:29 - 0000044 _____ () C:\Users\Vule\AppData\Roaming\twow_sysprepdt.dat
2012-12-09 14:15 - 2016-12-15 07:32 - 0009728 _____ () C:\Users\Vule\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-11 21:37 - 2012-11-11 21:37 - 0004096 ____H () C:\Users\Vule\AppData\Local\keyfile3.drm
2015-06-19 21:10 - 2015-06-19 21:10 - 0007602 _____ () C:\Users\Vule\AppData\Local\Resmon.ResmonCfg
2016-02-22 23:21 - 2016-02-22 23:21 - 0004927 _____ () C:\ProgramData\mtbjfghn.xbe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-22 00:29
 
==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-03-2017
Ran by Vule (01-03-2017 20:45:10)
Running from C:\Users\Vule\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2012-01-19 18:57:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-14341686-2959951868-204901888-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-14341686-2959951868-204901888-1018 - Limited - Enabled)
bada (S-1-5-21-14341686-2959951868-204901888-1008 - Limited - Enabled)
Guest (S-1-5-21-14341686-2959951868-204901888-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-14341686-2959951868-204901888-1002 - Limited - Enabled)
Pishtus (S-1-5-21-14341686-2959951868-204901888-1020 - Administrator - Enabled) => C:\Users\Pishtus
Vule (S-1-5-21-14341686-2959951868-204901888-1000 - Administrator - Enabled) => C:\Users\Vule
Vule1 (S-1-5-21-14341686-2959951868-204901888-1004 - Administrator - Enabled) => C:\Users\Vule1
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
888casino (HKLM\...\888casino) (Version:  - )
AC3File 0.6b (HKLM\...\AC3File_is1) (Version: 0.6b - Alexander Vigovsky)
AC3Filter 2.6.0b (HKLM\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
ActivePerl 5.14.2 Build 1402 (HKLM\...\{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}) (Version: 5.14.1402 - ActiveState)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.19) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{17A7AA54-B23B-22B7-CDD5-C51122056415}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Application Insights Tools for Visual Studio 2015 (Version: 3.3 - Microsoft Corporation) Hidden
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Authorizer Ignition Key Support (Version: 1.0.3.0 - Propellerhead Software AB) Hidden
Auto Clicker by Shocker (HKLM\...\Auto Clicker by Shocker_is1) (Version: V3.0.1 - shockingsoft.com)
Avanquest update (HKLM\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
Azure AD Authentication Connected Service (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
BitTorrent (HKLM\...\BitTorrent) (Version: 7.8.0.29626 - BitTorrent Inc.)
Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.63.1071 - AB Team, d.o.o.)
Canon LBP6000/LBP6018 (HKLM\...\Canon LBP6000/LBP6018) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Cheat Engine 6.1 (HKLM\...\Cheat Engine 6.1_is1) (Version:  - Dark Byte)
Chicken Invaders 4 (HKLM\...\Chicken Invaders 4 v.4.13) (Version: 4.13 - InterAction Studios)
Chrome Remote Desktop Host (HKLM\...\{0F4FB60A-EBD8-445B-8117-128E8351647E}) (Version: 56.0.2924.51 - Google Inc.)
CodeSite Express 5 (HKLM\...\CodeSite Express 5_is1) (Version: 5.1.8 - Raize Software, Inc.)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
Delphi 7 Second Edition (HKLM\...\Delphi 7 Second Edition v7.2_is1) (Version:  - Lite Applications)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Dotfuscator and Analytics Community Edition 5.18.1 (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
EasyBCD 2.1.2 (HKLM\...\EasyBCD) (Version: 2.1.2 - NeoSmart Technologies)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 (HKLM\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Eurobattle.net (HKLM\...\Eurobattle.net) (Version:  - Eurobattle.net)
Eurobattle.net (HKLM\...\Eurobattle.net1.26a) (Version: 1.26a - Eurobattle.net)
EXIFeditor (HKLM\...\{50FC1CE8-FF32-4F3B-B654-050DD6ECD474}) (Version: 1.0.0 - kiwi.software.NET)
FL Studio 11 (HKLM\...\FL Studio 11) (Version:  - Image-Line)
Flash Decompiler Trillix (HKLM\...\Flash Decompiler Trillix_is1) (Version: 5.3 - Eltima Software)
FlowStone FL 3.0 (HKLM\...\FlowStone) (Version:  - )
Free Audio Editor 2016 v9.3.1 (HKLM\...\Free Audio Editor 2016_is1) (Version:  - Copyright© 2005-2015 FAEMedia, Inc.)
GameLoad 1.3.0.1 (HKLM\...\{2228944A-BBBF-4AB3-B59F-4C59B82BBCFC}_is1) (Version: 1.3.0.1 - Ant Media, s. r. o.)
GameTracker Lite (HKLM\...\GameTracker Lite) (Version:  - ClanServers Hosting LLC.)
GDR 5538 for SQL Server 2008 (KB3045305) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
GeoGebra 4.4 (HKLM\...\GeoGebra 4.4) (Version: 4.4.3.0 - International GeoGebra Institute)
GeoGebra 5 (HKLM\...\GeoGebra 5) (Version: 5.0.195.0 - International GeoGebra Institute)
Google Chrome (HKU\S-1-5-21-14341686-2959951868-204901888-1000\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth (HKLM\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
IIS 10.0 Express (HKLM\...\{C28C9704-5633-4765-92C0-E7CC50B14FAC}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)
Java 7 Update 75 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java SE Development Kit 7 Update 75 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
Line 6 Uninstaller (HKLM\...\Line 6 Uninstaller) (Version:  - Line 6)
Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft .NET Version Manager (x86) 1.0.0-beta5 (HKLM\...\{2a375a89-9d97-35b7-917d-92f1ea73080d}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Encarta Premium 2006 DVD (HKLM\...\{06040081-3E21-46D6-9A91-D927BA08F41D}) (Version: 2006 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{83298573-A6B6-42AB-A234-FE91CA2859C0}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{D9DA2981-3298-4F1A-9192-F2CF5BD91145}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
Microsoft Visual Basic 6.0 Professional Edition (HKLM\...\Visual Basic 6.0 Professional Edition) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition - ENU (HKLM\...\Microsoft Visual C++ 2008 Express Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86 (HKLM\...\{44D9A2CB-0692-3180-B5E2-26F4E807D067}) (Version: 9.0.21228 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM\...\{F0DB2786-18C8-4B0D-9DC2-BA58856A2821}) (Version: 2.1.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{B6019E33-AC77-4B09-8D67-48B5A2502B2B}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{1F4DF099-EA5C-482D-9901-C0A8B539B417}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM\...\WebPost) (Version:  - )
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{B4C0A315-07FB-39F9-85CD-8CE20C019350}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Windows Server 2008 (6001.18000.367) (HKLM\...\SDKSetup_6.0.6001.18000) (Version: 6.0.6001.18000 - Microsoft Corporation)
Might & Magic Heroes VI (HKLM\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.8 - Ubisoft)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{BA562260-B4FA-4D87-ADC5-963783028C68}) (Version: 6.4.0 - Motorola Mobility LLC)
Motorola Phone Tools (HKLM\...\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}) (Version: 4.0.4a 11-22-2005 - Avanquest Software)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (Version: 14.0.23107 - Microsoft Corporation) Hidden
MySQL Connector C++ 1.1.6 (HKLM\...\{3986AD3D-19E0-4FEF-BCBA-08D66BFC216E}) (Version: 1.1.6 - Oracle and/or its affiliates)
MySQL Connector Net 6.9.7 (HKLM\...\{2C148B86-FF80-49A7-BA18-E4CEF6464AE6}) (Version: 6.9.7 - Oracle)
MySQL for Visual Studio 1.2.4 (HKLM\...\{32D9A474-FAFC-4E77-B804-055595D5B9E9}) (Version: 1.2.4 - Oracle)
MySQL Installer - Community (HKLM\...\{14E622E3-878B-4C66-AB07-49CB19FCCE73}) (Version: 1.4.11.0 - Oracle Corporation)
MySQL Server 5.6 (HKLM\...\{FAC02EB1-9C47-48D0-B894-E9F907DD7C71}) (Version: 5.6.27 - Oracle Corporation)
Mystery Case Files - 13 Ravenhearst Unlocked Collector's Edition (HKLM\...\Mystery Case Files - 13 Ravenhearst Unlocked Collector's EditionFinal) (Version: Final - Game-Owl)
Mystery Case Files - Broken Hour Collector's Edition (HKLM\...\Mystery Case Files - Broken Hour Collector's EditionFinal) (Version: Final - Game-Owl)
Mystery Case Files - Huntsville 1.00 (HKLM\...\Mystery Case Files - Huntsville 1.00) (Version:  - )
Mystery Case Files - Key to Ravenhearst Collector's Edition (HKLM\...\Mystery Case Files - Key to Ravenhearst Collector's EditionFinal) (Version: Final - Game-Owl.com)
Notepad++ (HKLM\...\Notepad++) (Version: 5.9.8 - )
NVIDIA DDS Utilities (HKLM\...\{64963F0E-03F2-4B59-8D1B-1806545E7092}) (Version: 1.0 - )
Oddworld - New 'n' Tasty (HKLM\...\1424782569_is1) (Version: 2.0.0.1 - GOG.com)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PlaysTV (HKLM\...\PlaysTV) (Version: 1.17.6-r119262-release - Plays.tv, LLC)
PowerISO (HKLM\...\PowerISO) (Version: 5.5 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Pro Pinball - The Web (HKLM\...\Pro Pinball - The Web) (Version:  - )
Python 2.7.3 (HKLM\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
Raptr (HKLM\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Rayman (HKLM\...\Rayman_is1) (Version:  - Ubisoft Entertainment)
Rayman Gold (HKLM\...\Rayman Gold_is1) (Version:  - Ubisoft Entertainment)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (Version: 14.0.23107 - Microsoft Corporation) Hidden
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype™ 7.31 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Snagit 13 (HKLM\...\{f77be5ce-8cc7-4cbe-aac0-2164e844b4be}) (Version: 13.0.1.6326 - TechSmith Corporation)
Snagit 13 (Version: 13.0.1 - TechSmith Corporation) Hidden
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.17.1.201701041432 - Sony Mobile Communications Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SSH Secure Shell (HKLM\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab (HKLM\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{76F7D503-FA46-4B2F-8EAF-95E5D356A04D}) (Version: 6.1.4.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2015 (Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (Version: 14.0.23107 - Microsoft Corporation) Hidden
TopazChat (HKLM\...\TopazChat) (Version:  - )
TortoiseSVN 1.7.10.23359 (32 bit) (HKLM\...\{FA5EC676-B609-4DBB-9C05-8219B8287A48}) (Version: 1.7.23359 - TortoiseSVN)
Tunngle beta (HKLM\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
TypeScript Power Tool (Version: 1.6.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (Version: 1.6.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.6.3.0 (HKLM\...\{da31aa25-410a-4c1b-9ec0-114dd8dff786}) (Version: 1.6.23313.0 - Microsoft Corporation)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-14341686-2959951868-204901888-1000\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version:  - Microsoft)
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VMware Player (HKLM\...\VMware_Player) (Version: 5.0.0 - VMware, Inc)
VMwarePlayer_x86 (Version: 5.0.0 - VMware, Inc.) Hidden
WampServer 2.2 (HKLM\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WCF Data Services 5.6.4 Runtime (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Worms: Armageddon version 3.6.31 + NoCD (HKLM\...\{B62B5438-6DDA-49D6-B9CF-0BDC428116D8}_is1) (Version: 3.6.31 + NoCD - Anonymous)
Xamarin Universal Installer (HKLM\...\{39f44823-a060-4315-a803-4bfcc4e904db}) (Version: 3.5.0.0 - Xamarin, Inc)
Xperia Companion (HKLM\...\{efee6944-1231-492a-a157-93409130a098}) (Version: 1.4.7.0 - Sony)
Xperia Companion (Version: 1.4.7.0 - Sony) Hidden
Xperia Companion Service (Version: 1.4.7.0 - Sony) Hidden
ZAR X (HKLM\...\{85DA9B81-D7F9-4165-8E62-F776B57213F8}_is1) (Version:  - www.z-a-recovery.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Vule\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{094AE5CB-62E5-4845-8ED6-617D9FE893DD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{11CD84A3-A5E0-43CB-B3DF-92C623C0E0E0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{22756E83-8EBC-4B16-A4A4-0AA73BE497B1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Vule\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{56C94D6A-7370-4885-A04E-7097FE4E0BAF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{79811B29-9C10-4FCB-A117-6030F2DC12BB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{841BFDCA-6A9A-4EBC-BC7E-194AA5DCE428}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{94330D48-EB33-49BB-87F1-AD8C0352C010}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-14341686-2959951868-204901888-1000_Classes\CLSID\{F7CA46A9-ACA5-45A6-967E-03FF5A282D01}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06C59695-72FD-4B4B-AE99-A078623903B0} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2015-08-20] (Oracle Corporation) <==== ATTENTION
Task: {0CA43BF8-4C35-4980-B09B-881B757CAA39} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started <==== ATTENTION
Task: {0DFE4D33-DC15-4161-BDD1-7F29BC35CF53} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {1A3F9E47-C205-4950-AA57-4D5A9F414C45} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {2C986A97-DBA4-4E1E-A098-923A0C9ADEA6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {30FBBAEC-FFEC-4AE8-A772-17AE0370C0B9} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2016-03-23] (Microsoft Corporation) <==== ATTENTION
Task: {3B53C408-22E0-4936-8FA7-2A38E7136235} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {3E1F4961-DB2C-4F09-9A2E-3D7EAF6222A7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {4183BEB0-D006-4A81-A46F-34624AFC04A0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {42BDAD0B-CBBC-4554-9FD0-7F58A42AE02A} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {43B62885-7C28-4FED-B6D3-59EA7053C19F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) <==== ATTENTION
Task: {517C0D7A-C383-4BC9-9004-D0F1385701E4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {582B6520-0162-482D-AA6F-F89C48F46591} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {5B184694-64C3-4633-94C5-945B3FA561D6} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {60158C7A-6808-42CD-95EE-AFD9A57925DB} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\Windows\system32\appidpolicyconverter.exe [2016-10-11] (Microsoft Corporation) <==== ATTENTION
Task: {68BBAEA2-0D75-45AB-8414-B322789C9F8F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => sc.exe start sppsvc <==== ATTENTION
Task: {6B7AC694-8D6D-481B-9DD8-2A3A741ADA6D} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem => C:\Windows\System32\powercfg.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {6E123E92-BAE3-491A-8615-3D8421C4668C} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {731E9C62-95B5-4C8C-AB64-4CC591C9FF5B} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {79FE24DE-8175-4225-8620-22814F571140} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {7D3C7871-A917-4EF0-82E8-5F0A96423051} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\BthUdTask.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {8F5780FA-2BE3-4544-9A82-147F21074473} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {916C88FA-BAB3-4345-B6E0-7B0DE3B69C69} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-14341686-2959951868-204901888-1000Core => C:\Users\Vule\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) <==== ATTENTION
Task: {934BC4BA-98F2-4D99-B849-5FDF4CE85391} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {9634E528-1B7C-4239-B6B3-7713C20A7841} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {9C8DE2CE-7E7E-4AD5-A033-3C8A0BCBD0E0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {A34F3DC0-D9AC-45B6-8C33-A2F43C08C6E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) <==== ATTENTION
Task: {A6394592-54CE-4E93-8D64-1A068F462632} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {A92E510E-527E-4FEC-A283-7E866C514CAA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {AF79C35B-BF77-4C86-BEC3-4F401FADD924} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {B41CC953-4FFA-4AF4-8D71-3A4DBB874145} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc <==== ATTENTION
Task: {B9BEE219-C29E-4310-819C-147A5A0E045E} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [2009-07-14] (Microsoft Corp.) <==== ATTENTION
Task: {BD994F37-1E30-4016-96C3-0D363EF688F9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-14341686-2959951868-204901888-1000UA => C:\Users\Vule\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) <==== ATTENTION
Task: {CD028623-336D-435A-B534-921D1DB5D184} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-09-12] (Microsoft Corporation) <==== ATTENTION
Task: {CE93AD6C-E01C-4D3E-9D3E-E0C59E2B316C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {CEDAC902-6B7E-498F-B0E3-C1E2D77EF5EC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => C:\Windows\system32\aitagent.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => sc.exe config upnphost start= auto <==== ATTENTION
Task: {DE8699D2-8A05-42F7-8A85-5162AF47D26A} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {DEB92125-5A82-447E-8423-FDD525DA8CBB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {E8164C0D-216C-4B6B-9EB8-31BF958B8014} - System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo => C:\Windows\system32\gatherNetworkInfo.vbs [2009-06-10] () <==== ATTENTION
Task: {EB2D8A24-7F3A-499F-A8D6-5682C7BEDCA5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
Task: {F93C7104-998A-4A38-B935-775A3138B3C3} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotifications.exe [2009-07-14] (Microsoft Corporation) <==== ATTENTION
Task: {FC0C1130-1C7F-4FAC-A576-B4F94D84386A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) <==== ATTENTION
Task: {FE595B39-8151-4951-A858-A217010A8343} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Vule\AppData\Local\Google\Chrome\Application\Гугл Хром.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameTracker Lite\Visit GameTracker Website.lnk -> hxxp://www.gametracker.com
Shortcut: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Гугл Хром.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Интернет Експлорер.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
 
ShortcutWithArgument: C:\Users\Vule\AppData\Local\Standuck\User Data\Default\Web Applications\_crx_gbchcmhmhahfdphkhkmpfmihenigjmpp\Chrome Remote Desktop.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Vule\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_gbchcmhmhahfdphkhkmpfmihenigjmpp\Chrome Remote Desktop.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Vule\AppData\Local\Goldass\User Data\Default\Web Applications\_crx_gbchcmhmhahfdphkhkmpfmihenigjmpp\Chrome Remote Desktop.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Birdjob\Application\chrome.exe (Google Inc.) ->  --load-extension="C:\Users\Vule\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1487663306&z=c74fb70a4f82a4922648da4g5zab3m7qcqec3cfe2w&from=che0812&uid=ST3500413AS_Z2AC309Q
ShortcutWithArgument: C:\Users\Vule\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-17 08:46 - 2017-02-23 10:02 - 00112640 _____ () c:\programdata\apple\apple application support\support.dll
2017-02-13 17:40 - 2017-02-13 08:16 - 00482304 _____ () c:\programdata\apple computer\itunes\ipoddevices.dll
2016-11-15 15:22 - 2016-11-15 15:22 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-10-08 19:42 - 2012-10-08 19:42 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2011-07-18 22:04 - 2011-07-18 22:04 - 00296448 _____ () C:\Program Files\Notepad++\NppShell_04.dll
2005-06-03 18:30 - 2005-06-03 18:30 - 00248528 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\ERSREGPR.DLL
2005-06-03 18:30 - 2005-06-03 18:30 - 00203472 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\MSENCDAT.DLL
2005-06-03 18:30 - 2005-06-03 18:30 - 00178896 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\ENCCONT.DLL
2005-06-03 18:30 - 2005-06-03 18:30 - 00326352 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\MSENCXML.DLL
2005-06-03 18:30 - 2005-06-03 18:30 - 00051920 _____ () C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICTITS.EBK
2017-02-06 22:25 - 2017-02-01 10:01 - 01870168 _____ () C:\Users\Vule\AppData\Local\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-06 22:25 - 2017-02-01 10:01 - 00085848 _____ () C:\Users\Vule\AppData\Local\Google\Chrome\Application\56.0.2924.87\libegl.dll
2015-04-25 13:08 - 2015-04-25 13:08 - 03289088 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1844f6f4\mscorlib.dll
2005-06-03 18:30 - 2005-06-03 18:30 - 00191184 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\PPDBMGR.DLL
2005-06-03 18:30 - 2005-06-03 18:30 - 00203472 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\PPMGR.DLL
2005-06-03 18:30 - 2005-06-03 18:30 - 00146128 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 2006\ATCONT.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2014-06-05 22:19 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-14341686-2959951868-204901888-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 109.122.98.6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CodeMeter.exe => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GS In-Game Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: PlaysService => 2
MSCONFIG\Services: PST Service => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SolidWorks Licensing Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: TechSmith Uploader Service => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMnetDHCP => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMware NAT Service => 2
MSCONFIG\Services: wampapache => 3
MSCONFIG\Services: wampmysqld => 3
MSCONFIG\Services: XperiaCompanionService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodeMeter Control Center.lnk => C:\Windows\pss\CodeMeter Control Center.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 13.lnk => C:\Windows\pss\Snagit 13.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Vule^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA => 1
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GameTracker => "C:\Program Files\GameTracker\GTLite.exe"
MSCONFIG\startupreg: Google Update => C:\Users\Vule\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~1\RAPTRI~1\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "D:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XperiaCompanionAgent => "C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{F11842E5-8963-4924-98B9-F4E62247685F}] => (Allow) D:\Program Files\Steam\Steam.exe
FirewallRules: [{77A95B42-F389-4144-8473-3B51E444E401}] => (Allow) D:\Program Files\Steam\Steam.exe
FirewallRules: [TCP Query User{76FD444E-141C-4866-B154-CC0B8AAECFB1}C:\program files\valve\hlserver\hlds.exe] => (Allow) C:\program files\valve\hlserver\hlds.exe
FirewallRules: [UDP Query User{E7658C0C-536D-4928-B5E8-547185CA1B3B}C:\program files\valve\hlserver\hlds.exe] => (Allow) C:\program files\valve\hlserver\hlds.exe
FirewallRules: [{3D3915ED-86FB-4006-AD89-DCFEB1133BCA}] => (Allow) C:\Program Files\BitTorrent\BitTorrent.exe
FirewallRules: [{8E384A22-C672-4C60-9E69-FD599BE8D9DA}] => (Allow) C:\Program Files\BitTorrent\BitTorrent.exe
FirewallRules: [{22A24A68-5185-4308-9818-7F00582E98DF}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{5C71FCF5-61C3-4A6B-A3C5-7A87205DE1AB}] => (Allow) C:\Program Files\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{DFFA6C9C-3FE5-46CE-BA3E-8E5234B89933}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{C53DD9C4-6025-495F-A86A-EBA903745F72}C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
FirewallRules: [UDP Query User{F34203AF-409B-4206-9BD1-9089442F372C}C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
FirewallRules: [{CF313154-FAF8-4C70-AC8A-2DA999F01C8A}] => (Block) C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
FirewallRules: [{FB1AA80F-330F-46C8-8424-EBCAC76E9364}] => (Block) C:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
FirewallRules: [TCP Query User{CDFFAF98-0F10-416D-AD34-6FD35FE5AF9C}C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe] => (Allow) C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
FirewallRules: [UDP Query User{493680B1-9AD6-4DC2-AC8A-2B65FB6E5BB5}C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe] => (Allow) C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
FirewallRules: [{552AC32C-C12B-48A1-9537-92645272D4A8}] => (Block) C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
FirewallRules: [{2456F170-EFD5-472B-B4D4-BAB9D7706080}] => (Block) C:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
FirewallRules: [{95D3E820-016B-4DDF-9249-46BDF5B070DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A51E39B4-7586-43BC-9B75-E9DC7E65273E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4BD45C17-67E3-4D6D-9C4B-6AF9B59660AE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F77D8A05-53B9-4071-BB8A-77D536EE4F83}D:\program files\warcraft iii\gproxy.exe] => (Block) D:\program files\warcraft iii\gproxy.exe
FirewallRules: [UDP Query User{264C37DA-CB3F-47AA-AD9C-5E934C3F331C}D:\program files\warcraft iii\gproxy.exe] => (Block) D:\program files\warcraft iii\gproxy.exe
FirewallRules: [TCP Query User{EC539B8F-9385-4FF5-A317-0FF625112005}D:\program files\warcraft iii\war3.exe] => (Block) D:\program files\warcraft iii\war3.exe
FirewallRules: [UDP Query User{CD4BA7F8-41BA-42E5-BC77-02D919C7B73F}D:\program files\warcraft iii\war3.exe] => (Block) D:\program files\warcraft iii\war3.exe
FirewallRules: [{B6E134AC-6C19-44E7-B550-42B15F6177A8}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{592A1100-8956-4AFC-B818-9C750DD93F17}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{20263FB1-830C-4658-8697-8F84ADFD8619}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{43CBD0EC-C215-4465-BD57-312555F05298}] => (Allow) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{36FDE87C-6043-403A-A9B7-A460B5AF5733}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{50930009-D349-412F-86CD-CC31667C010E}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{356538BD-72DB-47EB-8422-3319F4BFECE6}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{37A71553-B138-4A0C-AC62-A94CBFBB319F}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{1837FE16-DE96-4C8A-87D5-689C8167AAE5}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{60F339B0-C828-448F-885A-5C4EE172CB13}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{2FE88B28-BF1A-41B9-804E-15DC2DD34E53}] => (Allow) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{562D6880-A9A6-4265-B688-465868C78F80}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{C316C12D-8AC4-4197-B5D4-A4140AC236A1}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{D792DBD9-C7BF-4D4C-A5C0-9B38B476453D}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{95305FCC-4C71-48A4-BEE7-A0B2030BD9A8}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{6A04C984-A580-4ABB-BBF2-D118E998349A}] => (Allow) C:\Program Files\Tunngle\TnglCtrl.exe
FirewallRules: [{9A493B62-067E-41D6-9C95-5B5E860F2DBF}] => (Allow) C:\Program Files\Tunngle\TnglCtrl.exe
FirewallRules: [{78EA3121-E0F2-4E21-A1D3-68D0548D6865}] => (Allow) C:\Program Files\Tunngle\Tunngle.exe
FirewallRules: [{FF5F959D-FC21-4A43-94A1-1BF09B9CE22D}] => (Allow) C:\Program Files\Tunngle\Tunngle.exe
FirewallRules: [{89ACB9E8-2162-4E32-A33F-4C5872DE1632}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{5801C6D9-D4FD-4D32-AF65-E4A5FBB371D1}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{07138094-AE7F-47CE-901D-F2FE6F5FD366}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{C1FCFFE2-077B-4107-B252-5DD4F5CA7CE9}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{F02703C9-4B83-4571-85C8-FE72AE6773D6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1F435E19-E44E-4CC7-A925-05FBD8D71ECA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{57F10A7F-FA22-475E-8714-29816C81AEF4}] => (Allow) C:\D backup\Steam\Steam.exe
FirewallRules: [{440D3AC7-E203-4DA1-843B-A217688D270D}] => (Allow) C:\D backup\Steam\Steam.exe
FirewallRules: [{63C971E5-A5EF-4424-8910-035B946C9946}] => (Allow) C:\D backup\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A804073D-D55D-4745-B1E0-47AFCBCD3FB2}] => (Allow) C:\D backup\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{874E4C2B-CB8A-42E6-BEAC-65F31D48D4AC}] => (Allow) C:\D backup\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{0C4B77E7-79D5-4BF6-B30A-F57B7191410B}] => (Allow) C:\D backup\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{41262ADA-5EF4-438D-A1E7-24D73E276B24}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{68A3ADC9-AB39-4A11-94DC-8882F35AA746}] => (Allow) D:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{E885A8B4-A8F6-4086-BF6B-FE2ED5CDE5B0}] => (Allow) C:\Program Files\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{04E65A6D-82C4-45B4-A75B-171BAE020C2C}] => (Allow) D:\PROGRA~1\Unity\Editor\Unity.exe
FirewallRules: [{E9FAD9D1-812B-4C86-8DA6-038965B43C07}] => (Allow) C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{7324F64B-D41B-4564-8B56-AA917371191B}] => (Allow) C:\Program Files\Raptr\raptr.exe
FirewallRules: [{E4955221-B4EC-4B23-9949-975AFA256879}] => (Allow) C:\Program Files\Raptr\raptr.exe
FirewallRules: [{8E013AE8-E73F-411B-9F5E-CF0680DA7B46}] => (Allow) C:\Program Files\Raptr\raptr_im.exe
FirewallRules: [{B7B5EA27-3A52-480A-8ACA-806A9BE56D42}] => (Allow) C:\Program Files\Raptr\raptr_im.exe
FirewallRules: [{DF64C8FE-5BD4-49A7-A1B9-566178E0F952}] => (Allow) C:\Program Files\SprgFiles\SprgFiles.exe
FirewallRules: [{99422020-95E8-460D-A090-B26D08F78E1F}] => (Allow) C:\Program Files\SprgFiles\SprgFiles.exe
FirewallRules: [{B8C1306B-071F-408A-9DF7-400AFA59A761}] => (Allow) C:\Program Files\SprgFiles\downloader.exe
FirewallRules: [{231BC164-D761-4250-B715-7052D0AD7437}] => (Allow) C:\Program Files\SprgFiles\downloader.exe
FirewallRules: [{DAE05F74-0154-4E01-B675-5D49CD3E8507}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{5DCF8852-9828-435C-8BA5-74B74813F5D8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{1329A3E6-7AD4-4980-A7D2-1200938951B1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{247BA81A-4AA6-4E4F-A902-5669D6A3146C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0BB2CC01-E133-45F7-B843-F9898E34A0C2}] => (Allow) LPort=8298
FirewallRules: [{7CEE18A2-C67B-4997-8CE8-A340D2A920C2}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5DA430CB-5567-4D35-B167-DDD549290AEB}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2D5A5EF3-BC81-42C4-89BE-A56CB0CC1218}] => (Allow) C:\Program Files\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{7D345985-AE86-47FD-9404-1ED3C041F17C}] => (Allow) C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{45BAFA66-F651-4978-8BD5-FE94CC9FBD1D}] => (Allow) C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{35CD77DC-FDC3-46F4-8408-04AD80D7425E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{71079C90-DF9A-46EC-9092-5E96EEDA1F1A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DBC9E954-4A0A-4B0A-A6EB-73EE5D212ECC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2A98ACD7-BD46-42E5-BDC1-A8BF1EE96A88}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{29EAF8D0-47D5-419D-BEF6-B0636445FD85}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{5C705526-9B94-4F62-8786-91572D1D3899}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{344E15BE-6DD2-428D-8C78-B47873800BCA}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{892F7C52-0AEB-40D5-91BE-12869ECADECC}] => (Allow) C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{01861617-24D2-435A-A9A1-D1B3189E6AF9}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{A7DD42A3-D895-47B9-B307-0FFC0A30F64F}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{C7D33C52-3D2E-4426-BBB6-7ADB59B31193}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{B928A46D-DD45-40A6-AB23-98A6DC768F98}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{5F17775C-13E2-423D-B9B5-A0A6BE89A458}] => (Allow) C:\Program Files\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{80B7DA51-6E5B-4828-86EB-33F2D2C107BD}] => (Allow) C:\Program Files\Ubisoft\Might & Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{5390DB96-C9EA-4CAB-88AC-5BD0430AB1A3}] => (Allow) C:\Users\Vule\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{ADE66BA3-4C08-4D11-AA3B-CFC441CDF444}] => (Allow) C:\Program Files\Maoha\MaohaAP\MaohaWifiSvr.exe
FirewallRules: [{9F91178C-7BDD-4388-AFA5-42F12F881B5E}] => (Allow) C:\Program Files\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
FirewallRules: [{029E3509-CB8D-48AF-A95C-C08969673F1B}] => (Allow) C:\Program Files\Birdjob\Application\chrome.exe
FirewallRules: [{84BB90F1-68B1-4268-AFD1-F4DFA145B043}] => (Allow) C:\Program Files\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{E92B2784-5C51-4113-9650-88320BF28AF7}] => (Allow) C:\Program Files\Firefox\Firefox.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
 
==================== Restore Points =========================
 
01-03-2017 06:27:18 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Loopback Adapter
Description: Microsoft Loopback Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: msloop
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/01/2017 12:40:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 17c4
 
Start Time: 01d2927bf8419e59
 
Termination Time: 15
 
Application Path: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
 
Report Id: ce05e09b-fe73-11e6-a4fd-001fc69f92dc
 
Error: (02/25/2017 02:53:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1c48228a-b640-4609-9e82-692b826f48f2}
 
Error: (02/21/2017 08:12:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1550
 
Start Time: 01d28c6cc5d2cd7d
 
Termination Time: 85
 
Application Path: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
 
Report Id: abee8f7f-f869-11e6-9a22-001fc69f92dc
 
Error: (02/21/2017 06:36:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
The RPC server is unavailable.
.
 
Error: (02/21/2017 01:22:34 PM) (Source: chromoting) (EventID: 3) (User: )
Description: Access denied for client: svetlomer@gmail.com/chromoting07B25661.
 
Error: (02/18/2017 11:36:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18538 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1478
 
Start Time: 01d28a30ca917e2a
 
Termination Time: 20
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id: 8ed8fe0a-f62a-11e6-95bf-001fc69f92dc
 
Error: (02/15/2017 09:12:53 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: KVAN)
Description: Application or service 'ed2k idle service' could not be restarted.
 
Error: (02/15/2017 08:53:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.23537, time stamp: 0x57c44cc4
Faulting module name: mso.dll_unloaded, version: 0.0.0.0, time stamp: 0x584f9a8a
Exception code: 0xc0000005
Fault offset: 0x67507330
Faulting process id: 0x4d4
Faulting application start time: 0x01d2875f74e9f2f6
Faulting application path: C:\Windows\Explorer.exe
Faulting module path: mso.dll
Report Id: cc0ae1cc-f353-11e6-9382-001fc69f92dc
 
Error: (02/15/2017 08:45:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44cc4
Faulting module name: mso.dll_unloaded, version: 0.0.0.0, time stamp: 0x584f9a8a
Exception code: 0xc0000005
Fault offset: 0x06cd7330
Faulting process id: 0x624
Faulting application start time: 0x01d2875f54b45448
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: mso.dll
Report Id: af57bd98-f352-11e6-9382-001fc69f92dc
 
Error: (02/15/2017 08:36:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.exe, version: 6.1.7601.23537, time stamp: 0x57c44cc4
Faulting module name: mso.dll_unloaded, version: 0.0.0.0, time stamp: 0x584f9a8a
Exception code: 0xc0000005
Fault offset: 0x678f7330
Faulting process id: 0xe38
Faulting application start time: 0x01d2875dfc6dd1f3
Faulting application path: C:\Windows\Explorer.exe
Faulting module path: mso.dll
Report Id: 6626333c-f351-11e6-b143-001fc69f92dc
 
 
System errors:
=============
Error: (02/28/2017 09:16:10 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Nitro PDF Driver 8 required for printer Nitro PDF Creator (Pro 8) is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (02/28/2017 09:16:07 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Send to Microsoft OneNote 16 Driver required for printer Send To OneNote 16 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (02/27/2017 08:31:13 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Send to Microsoft OneNote 16 Driver required for printer Send To OneNote 16 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (02/27/2017 08:31:12 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Nitro PDF Driver 8 required for printer Nitro PDF Creator (Pro 8) is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (02/27/2017 08:30:06 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Nitro PDF Driver 8 required for printer Nitro PDF Creator (Pro 8) is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (02/27/2017 08:30:01 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Send to Microsoft OneNote 16 Driver required for printer Send To OneNote 16 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (02/27/2017 06:39:33 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Error: (02/25/2017 08:11:13 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (02/25/2017 04:53:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (02/25/2017 04:46:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-28 21:16:04.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vorbis.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-28 21:16:04.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ac3filter.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-28 21:16:04.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 20:55:37.953
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vorbis.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 20:55:37.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ac3filter.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 20:55:37.797
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 20:30:52.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vorbis.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 20:30:52.239
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\ac3filter.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-27 20:30:52.135
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-02-19 21:13:05.025
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\vorbis.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-3600 APU with Radeon™ HD Graphics
Percentage of memory in use: 71%
Total physical RAM: 3058.88 MB
Available physical RAM: 867.23 MB
Total Virtual: 6116.07 MB
Available Virtual: 3291.6 MB
 
==================== Drives ================================
 
Drive c: (RAZVIGOR) (Fixed) (Total:130.01 GB) (Free:12.51 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (POVETARAC) (Fixed) (Total:238.15 GB) (Free:77.57 GB) NTFS
Drive h: (Windows 8) (Fixed) (Total:89.8 GB) (Free:89.67 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 05940593)
Partition 1: (Active) - (Size=7.8 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=130 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=89.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users