problem vk umjesto facebooka

2

problem vk umjesto facebooka

offline
  • Pridružio: 22 Mar 2014
  • Poruke: 13

Napisano: 27 Mar 2014 13:28

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
malwarebytes.org

Database version: v2014.03.27.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
vedran :: VEDRAN-PC [administrator]

27.3.2014. 12:56:31
mbar-log-2014-03-27 (12-56-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 272706
Time elapsed: 16 minute(s), 12 second(s)

Memory Processes Detected: 3
C:\Windows\sysdriver32_.exe (Trojan.Agent) -> 1812 -> Delete on reboot.
C:\Windows\systemup.exe (Spyware.Agent) -> 1896 -> Delete on reboot.
C:\Windows\l1rezerv.exe (Trojan.Agent) -> 1668 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wxpdrivers (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{79007602-0CDB-4405-9DBF-1257BB3226EE} (Spyware.OnlineGames) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\sysdriver32.exe (Trojan.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\systeminfog (Trojan.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\SERVICES32.EXE (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\MINIMAL\wxpdrivers (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\wxpdrivers (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\srvbtcclient (Trojan.Downloader) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\srviecheck (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\srvsysdriver32 (Trojan.Agent) -> Delete on reboot.

Registry Values Detected: 12
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|sysdriver32_.exe (Trojan.Agent) -> Data: "C:\Windows\sysdriver32_.exe" rezerv -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|systemup (Spyware.Agent) -> Data: "C:\Windows\systemup.exe" stand -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|l1rezerv.exe (Trojan.Agent) -> Data: "C:\Windows\l1rezerv.exe" -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|wxpdrv (Trojan.Agent) -> Data: C:\Windows\services32.exe -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|sysdriver32.exe (Trojan.Agent) -> Data: "C:\Windows\sysdriver32.exe" rezerv -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|tray_ico0 (Trojan.Agent) -> Data: C:\Windows\update.tray-9-0\svchost.exe -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|tray_ico1 (Trojan.Agent) -> Data: C:\Windows\update.tray-7-0\svchost.exe -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|tray_ico2 (Trojan.Agent) -> Data: C:\Windows\update.tray-8-0\svchost.exe -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|7346280.exe (Trojan.Downloader.Gen) -> Data: "C:\Users\vedran\AppData\Local\Temp\7346280.exe" -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|1536238.exe (Trojan.Downloader.Gen) -> Data: "C:\Users\vedran\AppData\Local\Temp\1536238.exe" -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\SERVICES32.EXE|close (Trojan.Agent) -> Data: 0 -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WXPDRIVERS|ImagePath (Trojan.Agent) -> Data: C:\Windows\update.1\svchost.exe srv -> Delete on reboot.

Registry Data Items Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT|AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> Replace on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\SUBSYSTEMS|Windows (Hijack.Trojan.Siredef.D) -> Bad: (%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16) Good: (%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16) -> Replace on reboot.

Folders Detected: 1
C:\Windows\rpcminer (Trojan.BCMiner) -> Delete on reboot.

Files Detected: 47
C:\Windows\sysdriver32_.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\systemup.exe (Spyware.Agent) -> Delete on reboot.
C:\Windows\l1rezerv.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\services32.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\sysdriver32.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\update.tray-9-0\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\update.tray-7-0\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\update.tray-8-0\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\update.1\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\wfxsvc.dll (Trojan.Siredef) -> Delete on reboot.
C:\Windows\System32\dlcg_device.dll (Trojan.Siredef) -> Delete on reboot.
C:\Windows\System32\roxmediadb9.dll (Trojan.Siredef) -> Delete on reboot.
C:\Windows\System32\consrv.dll (Trojan.Siredef) -> Delete on reboot.
C:\Users\vedran\Downloads\Flash-Player(1).exe (Trojan.Agent) -> Delete on reboot.
C:\Users\vedran\Downloads\Flash-Player.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\vedran\Downloads\scandsk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\vedran\Downloads\scandsk(4).exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\vedran\Downloads\BestCodecsPackSetup.exe (Adware.InstallBrain) -> Delete on reboot.
C:\Users\vedran\Downloads\scandsk(1).exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\vedran\Downloads\scandsk(2).exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\vedran\Downloads\scandsk(3).exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.
C:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.
C:\Windows\assembly\tmp\U\00000001.@ (Rootkit.0Access) -> Delete on reboot.
C:\Windows\assembly\tmp\U\000000cf.@ (Trojan.Agent) -> Delete on reboot.
C:\Windows\assembly\tmp\U\800000c0.@ (Rootkit.0Access) -> Delete on reboot.
C:\Windows\assembly\tmp\U\800000cf.@ (Rootkit.0Access) -> Delete on reboot.
C:\Windows\update.7.1\svchostdriver.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\update.2\svchost.exe (Backdoor.Agent) -> Delete on reboot.
C:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Delete on reboot.
C:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Delete on reboot.
C:\Users\vedran\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
C:\Windows\System32\drivers\etc\hîsts (Hijack.Trace) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Dopuna: 27 Mar 2014 13:31

mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pokusaj sada da pokrenes Combofix.

offline
  • Pridružio: 22 Mar 2014
  • Poruke: 13

omboFix 14-03-23.01 - vedran 3.03.2014. 20:17:10.2.1 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.385.1033.18.1918.1411 [GMT 1:00]
Running from: C:\Users\vedran\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files (x86)\intellidownload\gunzip.exe
C:\Program Files (x86)\Speed Test 127\ScRIpthost.dll
C:\Users\vedran\AppData\Roaming\DMCache\wlrmdr.dll
C:\Users\vedran\AppData\Roaming\DMCache\wlrmdr.exe
C:\Users\vedran\AppData\Roaming\Microsoft\msdrm.dll
C:\Users\vedran\AppData\Roaming\Microsoft\msdtc.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\tmp\U
C:\Windows\assembly\tmp\U\00000001.@
C:\Windows\assembly\tmp\U\000000c0.@
C:\Windows\assembly\tmp\U\000000cb.@
C:\Windows\assembly\tmp\U\000000cf.@
C:\Windows\assembly\tmp\U\80000000.@
C:\Windows\assembly\tmp\U\800000c0.@
C:\Windows\assembly\tmp\U\800000cb.@
C:\Windows\assembly\tmp\U\800000cf.@
C:\Windows\av_ico
C:\Windows\av_ico\ico_avast_desktop.ico
C:\Windows\av_ico\ico_avast_start.ico
C:\Windows\av_ico\ico_avira_start.ico
C:\Windows\av_ico\ico_mcafee_start.ico
C:\Windows\btc_client_iplist.txt
C:\Windows\front_ip_list.txt
C:\Windows\geoiplist
C:\Windows\geoiplist.rar
C:\Windows\iecheck_iplist.txt
C:\Windows\info1
C:\Windows\iplist.txt
C:\Windows\l1rezerv.exe
C:\Windows\loader2.exe_ok
C:\Windows\phoenix
C:\Windows\phoenix.rar
C:\Windows\phoenix\kernels\phatk\__init__.py
C:\Windows\phoenix\kernels\phatk\__init__.pyc
C:\Windows\phoenix\kernels\phatk\BFIPatcher.py
C:\Windows\phoenix\kernels\phatk\kernel.cl
C:\Windows\phoenix\kernels\poclbm\__init__.py
C:\Windows\phoenix\kernels\poclbm\__init__.pyc
C:\Windows\phoenix\kernels\poclbm\BFIPatcher.py
C:\Windows\phoenix\kernels\poclbm\kernel.cl
C:\Windows\phoenix\phoenix.exe
C:\Windows\proc_list1.log
C:\Windows\rpcminer
C:\Windows\rpcminer\bitcoinminercuda_10.cubin
C:\Windows\rpcminer\bitcoinminercuda_11.cubin
C:\Windows\rpcminer\bitcoinminercuda_20.cubin
C:\Windows\rpcminer\bitcoinmineropencl.cl
C:\Windows\rpcminer\cudart32_32_16.dll
C:\Windows\rpcminer\curllib.dll
C:\Windows\rpcminer\libeay32.dll
C:\Windows\rpcminer\libsasl.dll
C:\Windows\rpcminer\openldap.dll
C:\Windows\rpcminer\rpcminer-4way.exe
C:\Windows\rpcminer\rpcminer-cpu.exe
C:\Windows\rpcminer\rpcminer-cuda.exe
C:\Windows\rpcminer\rpcminer-opencl.exe
C:\Windows\rpcminer\ssleay32.dll
C:\Windows\services32.exe
C:\Windows\sysdriver32.exe
C:\Windows\sysdriver32_.exe
C:\Windows\systemup.exe
C:\Windows\SysWow64\AppLog.log
C:\Windows\SysWow64\lang-1033-default.dll
C:\Windows\SysWow64\Packet.dll
C:\Windows\SysWow64\pthreadVC.dll
C:\Windows\SysWow64\wpcap.dll
C:\Windows\ufa.rar
C:\Windows\update.1
C:\Windows\update.1\svchost.exe
C:\Windows\update.2
C:\Windows\update.2\svchost.exe
C:\Windows\update.5.0
C:\Windows\update.5.0\svchost.exe
C:\Windows\update.7.1
C:\Windows\update.7.1\svchostdriver.exe
C:\Windows\update.tray-8-0-lnk
C:\Windows\update.tray-8-0-lnk\svchost.exe
C:\Windows\update.tray-8-0
C:\Windows\winlog-dirs.txt
C:\Windows\winlog-ids.txt
C:\Windows\winsetupapi.log


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_ddservice
-------\Service_npf
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers


((((((((((((((((((((((((( Files Created from 2014-02-23 to 2014-03-23 )))))))))))))))))))))))))))))))


2014-03-23 19:24:36 . 2014-03-23 19:24:36 -------- d-----w- C:\Users\fbwuser\AppData\Local\temp
2014-03-23 19:24:36 . 2014-03-23 19:24:36 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-03-23 17:38:46 . 2014-03-23 17:38:48 -------- d-----w- C:\Users\vedran\AppData\Roaming\DropboxMaster
2014-03-23 17:32:39 . 2014-03-23 17:32:39 43152 ----a-w- C:\Windows\avastSS.scr
2014-03-23 17:31:41 . 2014-03-23 17:31:41 -------- d-----w- C:\Program Files\AVAST Software
2014-03-23 17:30:56 . 2014-03-23 17:31:00 -------- d-----w- C:\ProgramData\AVAST Software
2014-03-22 20:44:55 . 2014-03-22 21:04:54 -------- d-----w- C:\AdwCleaner
2014-03-22 04:49:20 . 2014-03-22 04:49:20 61120 ----a-w- C:\Windows\system32\drivers\wStLib64.sys
2014-03-19 20:17:34 . 2014-03-19 20:17:34 -------- d-----w- C:\ProgramData\Package Cache
2014-03-19 14:25:08 . 2014-03-19 14:25:08 421704 ----a-w- C:\Windows\system32\drivers\hhzsdunn.sys
2014-03-03 03:31:18 . 2014-03-03 03:31:18 -------- d-----w- C:\91Mobile
2014-02-22 11:32:26 . 2014-03-22 23:09:35 -------- d-----w- C:\Users\vedran\AppData\Local\CrashDumps
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-03-23 17:32:43 . 2014-02-17 13:41:07 84816 ----a-w- C:\Windows\system32\drivers\aswStm.sys
2014-03-23 17:32:43 . 2014-02-17 13:41:07 208928 ----a-w- C:\Windows\system32\drivers\aswVmm.sys
2014-03-23 17:32:41 . 2014-02-17 13:41:06 65776 ----a-w- C:\Windows\system32\drivers\aswRvrt.sys
2014-03-23 17:32:41 . 2014-02-17 13:41:05 1039096 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2014-03-23 17:32:41 . 2014-02-17 13:41:03 423240 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2014-03-23 17:32:41 . 2014-02-17 13:41:02 79184 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2014-03-23 17:32:41 . 2014-02-17 13:40:36 334648 ----a-w- C:\Windows\system32\aswBoot.exe
2014-03-23 17:32:40 . 2014-02-17 13:40:58 93568 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys
2014-03-23 12:23:44 . 2012-03-09 23:10:14 0 --sha-w- C:\Windows\system32\dds_log_ad13.cmd
2014-03-14 13:27:45 . 2012-10-21 11:58:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-14 13:27:43 . 2011-10-31 17:26:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 22:57:57 . 2014-02-20 22:57:57 1002728 ----a-w- C:\Windows\system32\WinUSBCoInstaller2.dll
2014-02-20 22:57:57 . 2014-02-20 22:57:56 1721576 ----a-w- C:\Windows\system32\WdfCoInstaller01009.dll
2014-02-17 21:01:22 . 2014-02-17 21:01:18 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2014-02-17 21:01:18 . 2014-02-17 21:01:15 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2014-01-14 14:13:28 . 2014-02-20 22:55:41 12072 ----a-w- C:\Windows\SysWow64\drivers\MoborobAssDriver64.sys
2014-01-08 15:23:45 . 2009-07-13 23:52:07 65536 ----a-w- C:\Windows\system32\sppuinotify.dll
2014-01-08 15:23:21 . 2014-01-08 15:23:28 381952 ----a-w- C:\Windows\system32\sppcommdlg.dll
2014-01-08 15:21:14 . 2009-07-13 23:52:11 349696 ----a-w- C:\Windows\system32\slui.exe

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Nisi iskopirao komletan log, prikaci ga uz poruku.

offline
  • Pridružio: 22 Mar 2014
  • Poruke: 13

ComboFix 14-03-24.01 - vedran 7.03.2014. 14:09:44.3.1 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.385.1033.18.1918.665 [GMT 1:00]
Running from: c:\users\vedran\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\intellidownload\gunzip.exe
c:\program files (x86)\Speed Test 127\ScRIpthost.dll
c:\users\vedran\AppData\Roaming\DMCache\wlrmdr.dll
c:\users\vedran\AppData\Roaming\DMCache\wlrmdr.exe
c:\users\vedran\AppData\Roaming\Microsoft\msdrm.dll
c:\users\vedran\AppData\Roaming\Microsoft\msdtc.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\SysWow64\AppLog.log
c:\windows\SysWow64\lang-1033-default.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0-lnk\svchost.exe
c:\windows\update.tray-8-0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_ddservice
-------\Service_npf
-------\Service_WXPDRIVERS
.
.
((((((((((((((((((((((((( Files Created from 2014-02-27 to 2014-03-27 )))))))))))))))))))))))))))))))
.
.
2014-03-27 13:20 . 2014-03-27 13:20 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2014-03-27 13:20 . 2014-03-27 13:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-27 12:25 . 2014-03-27 13:28 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F96206B-C1B1-4A13-8BF2-81C72BD9ACA7}\offreg.dll
2014-03-27 11:56 . 2014-03-27 11:56 -------- d-----w- c:\programdata\Malwarebytes
2014-03-27 11:56 . 2014-03-27 12:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-27 11:56 . 2014-03-27 11:56 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-27 11:55 . 2014-03-27 11:55 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-26 22:40 . 2014-03-26 22:41 -------- d-----w- C:\FRST
2014-03-26 04:45 . 2014-03-17 09:16 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F96206B-C1B1-4A13-8BF2-81C72BD9ACA7}\mpengine.dll
2014-03-23 17:38 . 2014-03-23 17:38 -------- d-----w- c:\users\vedran\AppData\Roaming\DropboxMaster
2014-03-23 17:30 . 2014-03-23 19:49 -------- d-----w- c:\programdata\AVAST Software
2014-03-22 20:44 . 2014-03-22 21:04 -------- d-----w- C:\AdwCleaner
2014-03-22 04:49 . 2014-03-22 04:49 61120 ----a-w- c:\windows\system32\drivers\wStLib64.sys
2014-03-19 20:17 . 2014-03-19 20:17 -------- d-----w- c:\programdata\Package Cache
2014-03-19 14:25 . 2014-03-19 14:25 421704 ----a-w- c:\windows\system32\drivers\hhzsdunn.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-24 13:00 . 2012-03-09 23:10 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2014-03-19 14:27 . 2014-02-17 13:41 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-19 14:27 . 2014-02-17 13:41 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-19 14:27 . 2014-02-17 13:41 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-19 14:27 . 2014-02-17 13:41 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-19 14:27 . 2014-02-17 13:41 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-19 14:27 . 2014-02-17 13:41 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-19 14:27 . 2014-02-17 13:40 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-19 14:27 . 2014-02-17 13:40 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-14 13:27 . 2012-10-21 11:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-14 13:27 . 2011-10-31 17:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 22:57 . 2014-02-20 22:57 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-02-20 22:57 . 2014-02-20 22:57 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-02-17 21:01 . 2014-02-17 21:01 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2014-02-17 21:01 . 2014-02-17 21:01 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2014-02-17 13:40 . 2014-02-17 13:40 43152 ----a-w- c:\windows\avastSS.scr
2014-01-14 14:13 . 2014-02-20 22:55 12072 ----a-w- c:\windows\SysWow64\drivers\MoborobAssDriver64.sys
2014-01-08 15:23 . 2009-07-13 23:52 65536 ----a-w- c:\windows\system32\sppuinotify.dll
2014-01-08 15:23 . 2014-01-08 15:23 381952 ----a-w- c:\windows\system32\sppcommdlg.dll
2014-01-08 15:21 . 2009-07-13 23:52 349696 ----a-w- c:\windows\system32\slui.exe
2011-08-27 21:58 543744 --sha-w- c:\windows\System32\hale.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-02-04 . F78E7BD7ADC829D9DD92C558180E09DB . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2009-11-25 19:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Boot Cleanup"="c:\users\vedran\AppData\Local\CCleaner\Bin\CCleaner.exe" [2013-05-03 151040]
"BrowserUid"="c:\users\vedran\AppData\Local\PlayFree Browser\Application\PlayFreeBrowser.exe" [2014-02-26 886568]
"MPCBrowser Update"="c:\users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe" [2014-02-26 120256]
"GoogleChromeAutoLaunch_BB3C84E317859ACDEF883F30197A9F9B"="c:\users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe" [2014-02-26 886568]
"msdtc.exe"="c:\users\vedran\AppData\Roaming\DMCache\msdtc.exe" [2013-10-30 167424]
"wlrmdr.exe"="c:\users\vedran\AppData\Roaming\DMCache\slui.exe" [2013-11-15 64982]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2014-02-19 1484800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PrivitizeVPN"="c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe" [2013-02-22 196784]
"Boot Cleanup"="c:\program files\CCleaner\Bin\CCleaner.exe" [2013-05-03 151040]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"NPSStartup"=
"6979265.exe"="c:\windows\Temp\6979265.exe"
"2988524.exe"="c:\windows\Temp\2988524.exe"
"7033900.exe"="c:\windows\Temp\7033900.exe"
"tray_ico"=
"tray_ico1"=
"tray_ico2"=
"tray_ico3"=
"tray_ico4"=
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Component Manager"="c:\program files (x86)\HP\hpcoretech\hpcmpmgr.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
.
R1 aczaiywv;aczaiywv;c:\windows\system32\drivers\aczaiywv.sys;c:\windows\SYSNATIVE\drivers\aczaiywv.sys [x]
R1 ahbjsqzb;ahbjsqzb;c:\windows\system32\drivers\ahbjsqzb.sys;c:\windows\SYSNATIVE\drivers\ahbjsqzb.sys [x]
R1 aitjqshv;aitjqshv;c:\windows\system32\drivers\aitjqshv.sys;c:\windows\SYSNATIVE\drivers\aitjqshv.sys [x]
R1 amdjekvs;amdjekvs;c:\windows\system32\drivers\amdjekvs.sys;c:\windows\SYSNATIVE\drivers\amdjekvs.sys [x]
R1 atajcetg;atajcetg;c:\windows\system32\drivers\atajcetg.sys;c:\windows\SYSNATIVE\drivers\atajcetg.sys [x]
R1 audhrgry;audhrgry;c:\windows\system32\drivers\audhrgry.sys;c:\windows\SYSNATIVE\drivers\audhrgry.sys [x]
R1 avfgyfsc;avfgyfsc;c:\windows\system32\drivers\avfgyfsc.sys;c:\windows\SYSNATIVE\drivers\avfgyfsc.sys [x]
R1 aychafcq;aychafcq;c:\windows\system32\drivers\aychafcq.sys;c:\windows\SYSNATIVE\drivers\aychafcq.sys [x]
R1 bfpkvffl;bfpkvffl;c:\windows\system32\drivers\bfpkvffl.sys;c:\windows\SYSNATIVE\drivers\bfpkvffl.sys [x]
R1 bgppadqf;bgppadqf;c:\windows\system32\drivers\bgppadqf.sys;c:\windows\SYSNATIVE\drivers\bgppadqf.sys [x]
R1 bjjlxfkd;bjjlxfkd;c:\windows\system32\drivers\bjjlxfkd.sys;c:\windows\SYSNATIVE\drivers\bjjlxfkd.sys [x]
R1 bxpfgoig;bxpfgoig;c:\windows\system32\drivers\bxpfgoig.sys;c:\windows\SYSNATIVE\drivers\bxpfgoig.sys [x]
R1 bzpoxrpx;bzpoxrpx;c:\windows\system32\drivers\bzpoxrpx.sys;c:\windows\SYSNATIVE\drivers\bzpoxrpx.sys [x]
R1 cbwcymtu;cbwcymtu;c:\windows\system32\drivers\cbwcymtu.sys;c:\windows\SYSNATIVE\drivers\cbwcymtu.sys [x]
R1 cdrbjytk;cdrbjytk;c:\windows\system32\drivers\cdrbjytk.sys;c:\windows\SYSNATIVE\drivers\cdrbjytk.sys [x]
R1 cekcsypw;cekcsypw;c:\windows\system32\drivers\cekcsypw.sys;c:\windows\SYSNATIVE\drivers\cekcsypw.sys [x]
R1 cswpgeou;cswpgeou;c:\windows\system32\drivers\cswpgeou.sys;c:\windows\SYSNATIVE\drivers\cswpgeou.sys [x]
R1 ctmmkenz;ctmmkenz;c:\windows\system32\drivers\ctmmkenz.sys;c:\windows\SYSNATIVE\drivers\ctmmkenz.sys [x]
R1 ddoynkvh;ddoynkvh;c:\windows\system32\drivers\ddoynkvh.sys;c:\windows\SYSNATIVE\drivers\ddoynkvh.sys [x]
R1 dgwqbycy;dgwqbycy;c:\windows\system32\drivers\dgwqbycy.sys;c:\windows\SYSNATIVE\drivers\dgwqbycy.sys [x]
R1 dheqkdty;dheqkdty;c:\windows\system32\drivers\dheqkdty.sys;c:\windows\SYSNATIVE\drivers\dheqkdty.sys [x]
R1 dixlmrkh;dixlmrkh;c:\windows\system32\drivers\dixlmrkh.sys;c:\windows\SYSNATIVE\drivers\dixlmrkh.sys [x]
R1 drqidbhj;drqidbhj;c:\windows\system32\drivers\drqidbhj.sys;c:\windows\SYSNATIVE\drivers\drqidbhj.sys [x]
R1 dvqpxcia;dvqpxcia;c:\windows\system32\drivers\dvqpxcia.sys;c:\windows\SYSNATIVE\drivers\dvqpxcia.sys [x]
R1 dvzspiss;dvzspiss;c:\windows\system32\drivers\dvzspiss.sys;c:\windows\SYSNATIVE\drivers\dvzspiss.sys [x]
R1 ebugeqrd;ebugeqrd;c:\windows\system32\drivers\ebugeqrd.sys;c:\windows\SYSNATIVE\drivers\ebugeqrd.sys [x]
R1 eeesbokw;eeesbokw;c:\windows\system32\drivers\eeesbokw.sys;c:\windows\SYSNATIVE\drivers\eeesbokw.sys [x]
R1 eekasamo;eekasamo;c:\windows\system32\drivers\eekasamo.sys;c:\windows\SYSNATIVE\drivers\eekasamo.sys [x]
R1 egmqidwo;egmqidwo;c:\windows\system32\drivers\egmqidwo.sys;c:\windows\SYSNATIVE\drivers\egmqidwo.sys [x]
R1 ekojwcuj;ekojwcuj;c:\windows\system32\drivers\ekojwcuj.sys;c:\windows\SYSNATIVE\drivers\ekojwcuj.sys [x]
R1 encxewum;encxewum;c:\windows\system32\drivers\encxewum.sys;c:\windows\SYSNATIVE\drivers\encxewum.sys [x]
R1 eoftyzov;eoftyzov;c:\windows\system32\drivers\eoftyzov.sys;c:\windows\SYSNATIVE\drivers\eoftyzov.sys [x]
R1 eslijtxa;eslijtxa;c:\windows\system32\drivers\eslijtxa.sys;c:\windows\SYSNATIVE\drivers\eslijtxa.sys [x]
R1 etklyimd;etklyimd;c:\windows\system32\drivers\etklyimd.sys;c:\windows\SYSNATIVE\drivers\etklyimd.sys [x]
R1 eyxbtyrr;eyxbtyrr;c:\windows\system32\drivers\eyxbtyrr.sys;c:\windows\SYSNATIVE\drivers\eyxbtyrr.sys [x]
R1 faaabzpm;faaabzpm;c:\windows\system32\drivers\faaabzpm.sys;c:\windows\SYSNATIVE\drivers\faaabzpm.sys [x]
R1 fbqwbxvc;fbqwbxvc;c:\windows\system32\drivers\fbqwbxvc.sys;c:\windows\SYSNATIVE\drivers\fbqwbxvc.sys [x]
R1 fhclpdvu;fhclpdvu;c:\windows\system32\drivers\fhclpdvu.sys;c:\windows\SYSNATIVE\drivers\fhclpdvu.sys [x]
R1 fialegxd;fialegxd;c:\windows\system32\drivers\fialegxd.sys;c:\windows\SYSNATIVE\drivers\fialegxd.sys [x]
R1 fqevxmtd;fqevxmtd;c:\windows\system32\drivers\fqevxmtd.sys;c:\windows\SYSNATIVE\drivers\fqevxmtd.sys [x]
R1 fqzkokze;fqzkokze;c:\windows\system32\drivers\fqzkokze.sys;c:\windows\SYSNATIVE\drivers\fqzkokze.sys [x]
R1 gblducjz;gblducjz;c:\windows\system32\drivers\gblducjz.sys;c:\windows\SYSNATIVE\drivers\gblducjz.sys [x]
R1 gcqztrsm;gcqztrsm;c:\windows\system32\drivers\gcqztrsm.sys;c:\windows\SYSNATIVE\drivers\gcqztrsm.sys [x]
R1 geqgpmcy;geqgpmcy;c:\windows\system32\drivers\geqgpmcy.sys;c:\windows\SYSNATIVE\drivers\geqgpmcy.sys [x]
R1 gjggsnbh;gjggsnbh;c:\windows\system32\drivers\gjggsnbh.sys;c:\windows\SYSNATIVE\drivers\gjggsnbh.sys [x]
R1 gjobbtuu;gjobbtuu;c:\windows\system32\drivers\gjobbtuu.sys;c:\windows\SYSNATIVE\drivers\gjobbtuu.sys [x]
R1 gnudlllq;gnudlllq;c:\windows\system32\drivers\gnudlllq.sys;c:\windows\SYSNATIVE\drivers\gnudlllq.sys [x]
R1 gpkvuoaa;gpkvuoaa;c:\windows\system32\drivers\gpkvuoaa.sys;c:\windows\SYSNATIVE\drivers\gpkvuoaa.sys [x]
R1 gpkybxbk;gpkybxbk;c:\windows\system32\drivers\gpkybxbk.sys;c:\windows\SYSNATIVE\drivers\gpkybxbk.sys [x]
R1 gsnxjgzk;gsnxjgzk;c:\windows\system32\drivers\gsnxjgzk.sys;c:\windows\SYSNATIVE\drivers\gsnxjgzk.sys [x]
R1 gstvopua;gstvopua;c:\windows\system32\drivers\gstvopua.sys;c:\windows\SYSNATIVE\drivers\gstvopua.sys [x]
R1 gtvffalc;gtvffalc;c:\windows\system32\drivers\gtvffalc.sys;c:\windows\SYSNATIVE\drivers\gtvffalc.sys [x]
R1 guermvvs;guermvvs;c:\windows\system32\drivers\guermvvs.sys;c:\windows\SYSNATIVE\drivers\guermvvs.sys [x]
R1 gutyjkeu;gutyjkeu;c:\windows\system32\drivers\gutyjkeu.sys;c:\windows\SYSNATIVE\drivers\gutyjkeu.sys [x]
R1 gvmzlyjl;gvmzlyjl;c:\windows\system32\drivers\gvmzlyjl.sys;c:\windows\SYSNATIVE\drivers\gvmzlyjl.sys [x]
R1 gwjbwpgr;gwjbwpgr;c:\windows\system32\drivers\gwjbwpgr.sys;c:\windows\SYSNATIVE\drivers\gwjbwpgr.sys [x]
R1 hadgavkm;hadgavkm;c:\windows\system32\drivers\hadgavkm.sys;c:\windows\SYSNATIVE\drivers\hadgavkm.sys [x]
R1 hgruwrxv;hgruwrxv;c:\windows\system32\drivers\hgruwrxv.sys;c:\windows\SYSNATIVE\drivers\hgruwrxv.sys [x]
R1 hmmuyobu;hmmuyobu;c:\windows\system32\drivers\hmmuyobu.sys;c:\windows\SYSNATIVE\drivers\hmmuyobu.sys [x]
R1 ibcifnlc;ibcifnlc;c:\windows\system32\drivers\ibcifnlc.sys;c:\windows\SYSNATIVE\drivers\ibcifnlc.sys [x]
R1 immdssoy;immdssoy;c:\windows\system32\drivers\immdssoy.sys;c:\windows\SYSNATIVE\drivers\immdssoy.sys [x]
R1 itkehngm;itkehngm;c:\windows\system32\drivers\itkehngm.sys;c:\windows\SYSNATIVE\drivers\itkehngm.sys [x]
R1 izvaipas;izvaipas;c:\windows\system32\drivers\izvaipas.sys;c:\windows\SYSNATIVE\drivers\izvaipas.sys [x]
R1 jbwweexf;jbwweexf;c:\windows\system32\drivers\jbwweexf.sys;c:\windows\SYSNATIVE\drivers\jbwweexf.sys [x]
R1 jhogjmgm;jhogjmgm;c:\windows\system32\drivers\jhogjmgm.sys;c:\windows\SYSNATIVE\drivers\jhogjmgm.sys [x]
R1 jvhefywd;jvhefywd;c:\windows\system32\drivers\jvhefywd.sys;c:\windows\SYSNATIVE\drivers\jvhefywd.sys [x]
R1 kdkjqvvk;kdkjqvvk;c:\windows\system32\drivers\kdkjqvvk.sys;c:\windows\SYSNATIVE\drivers\kdkjqvvk.sys [x]
R1 kpeguxql;kpeguxql;c:\windows\system32\drivers\kpeguxql.sys;c:\windows\SYSNATIVE\drivers\kpeguxql.sys [x]
R1 kteigpga;kteigpga;c:\windows\system32\drivers\kteigpga.sys;c:\windows\SYSNATIVE\drivers\kteigpga.sys [x]
R1 lbigmusp;lbigmusp;c:\windows\system32\drivers\lbigmusp.sys;c:\windows\SYSNATIVE\drivers\lbigmusp.sys [x]
R1 ldhdvmxv;ldhdvmxv;c:\windows\system32\drivers\ldhdvmxv.sys;c:\windows\SYSNATIVE\drivers\ldhdvmxv.sys [x]
R1 llnzndpt;llnzndpt;c:\windows\system32\drivers\llnzndpt.sys;c:\windows\SYSNATIVE\drivers\llnzndpt.sys [x]
R1 lmpnkosr;lmpnkosr;c:\windows\system32\drivers\lmpnkosr.sys;c:\windows\SYSNATIVE\drivers\lmpnkosr.sys [x]
R1 ltaqoqqa;ltaqoqqa;c:\windows\system32\drivers\ltaqoqqa.sys;c:\windows\SYSNATIVE\drivers\ltaqoqqa.sys [x]
R1 luwavqpw;luwavqpw;c:\windows\system32\drivers\luwavqpw.sys;c:\windows\SYSNATIVE\drivers\luwavqpw.sys [x]
R1 lvvrwxjs;lvvrwxjs;c:\windows\system32\drivers\lvvrwxjs.sys;c:\windows\SYSNATIVE\drivers\lvvrwxjs.sys [x]
R1 mavswkai;mavswkai;c:\windows\system32\drivers\mavswkai.sys;c:\windows\SYSNATIVE\drivers\mavswkai.sys [x]
R1 mxdxqmzm;mxdxqmzm;c:\windows\system32\drivers\mxdxqmzm.sys;c:\windows\SYSNATIVE\drivers\mxdxqmzm.sys [x]
R1 nibnwgav;nibnwgav;c:\windows\system32\drivers\nibnwgav.sys;c:\windows\SYSNATIVE\drivers\nibnwgav.sys [x]
R1 nmzcithh;nmzcithh;c:\windows\system32\drivers\nmzcithh.sys;c:\windows\SYSNATIVE\drivers\nmzcithh.sys [x]
R1 ntimxcsl;ntimxcsl;c:\windows\system32\drivers\ntimxcsl.sys;c:\windows\SYSNATIVE\drivers\ntimxcsl.sys [x]
R1 nvfkswah;nvfkswah;c:\windows\system32\drivers\nvfkswah.sys;c:\windows\SYSNATIVE\drivers\nvfkswah.sys [x]
R1 nxqhhqud;nxqhhqud;c:\windows\system32\drivers\nxqhhqud.sys;c:\windows\SYSNATIVE\drivers\nxqhhqud.sys [x]
R1 odttghon;odttghon;c:\windows\system32\drivers\odttghon.sys;c:\windows\SYSNATIVE\drivers\odttghon.sys [x]
R1 oeugmnaw;oeugmnaw;c:\windows\system32\drivers\oeugmnaw.sys;c:\windows\SYSNATIVE\drivers\oeugmnaw.sys [x]
R1 ofeqjuow;ofeqjuow;c:\windows\system32\drivers\ofeqjuow.sys;c:\windows\SYSNATIVE\drivers\ofeqjuow.sys [x]
R1 ogcgsdzl;ogcgsdzl;c:\windows\system32\drivers\ogcgsdzl.sys;c:\windows\SYSNATIVE\drivers\ogcgsdzl.sys [x]
R1 pfpiexlm;pfpiexlm;c:\windows\system32\drivers\pfpiexlm.sys;c:\windows\SYSNATIVE\drivers\pfpiexlm.sys [x]
R1 polztgny;polztgny;c:\windows\system32\drivers\polztgny.sys;c:\windows\SYSNATIVE\drivers\polztgny.sys [x]
R1 ppxerrgg;ppxerrgg;c:\windows\system32\drivers\ppxerrgg.sys;c:\windows\SYSNATIVE\drivers\ppxerrgg.sys [x]
R1 psmtacre;psmtacre;c:\windows\system32\drivers\psmtacre.sys;c:\windows\SYSNATIVE\drivers\psmtacre.sys [x]
R1 pwwayjlx;pwwayjlx;c:\windows\system32\drivers\pwwayjlx.sys;c:\windows\SYSNATIVE\drivers\pwwayjlx.sys [x]
R1 qctapsfv;qctapsfv;c:\windows\system32\drivers\qctapsfv.sys;c:\windows\SYSNATIVE\drivers\qctapsfv.sys [x]
R1 qeezmpvm;qeezmpvm;c:\windows\system32\drivers\qeezmpvm.sys;c:\windows\SYSNATIVE\drivers\qeezmpvm.sys [x]
R1 qhdxecoa;qhdxecoa;c:\windows\system32\drivers\qhdxecoa.sys;c:\windows\SYSNATIVE\drivers\qhdxecoa.sys [x]
R1 qkfiwpkm;qkfiwpkm;c:\windows\system32\drivers\qkfiwpkm.sys;c:\windows\SYSNATIVE\drivers\qkfiwpkm.sys [x]
R1 saduavcz;saduavcz;c:\windows\system32\drivers\saduavcz.sys;c:\windows\SYSNATIVE\drivers\saduavcz.sys [x]
R1 sewtjomv;sewtjomv;c:\windows\system32\drivers\sewtjomv.sys;c:\windows\SYSNATIVE\drivers\sewtjomv.sys [x]
R1 sliaqzbu;sliaqzbu;c:\windows\system32\drivers\sliaqzbu.sys;c:\windows\SYSNATIVE\drivers\sliaqzbu.sys [x]
R1 tigsdhvl;tigsdhvl;c:\windows\system32\drivers\tigsdhvl.sys;c:\windows\SYSNATIVE\drivers\tigsdhvl.sys [x]
R1 tjmnuuls;tjmnuuls;c:\windows\system32\drivers\tjmnuuls.sys;c:\windows\SYSNATIVE\drivers\tjmnuuls.sys [x]
R1 trgqfbqh;trgqfbqh;c:\windows\system32\drivers\trgqfbqh.sys;c:\windows\SYSNATIVE\drivers\trgqfbqh.sys [x]
R1 ujwtrxlv;ujwtrxlv;c:\windows\system32\drivers\ujwtrxlv.sys;c:\windows\SYSNATIVE\drivers\ujwtrxlv.sys [x]
R1 vrkjwmbo;vrkjwmbo;c:\windows\system32\drivers\vrkjwmbo.sys;c:\windows\SYSNATIVE\drivers\vrkjwmbo.sys [x]
R1 vvyhfcei;vvyhfcei;c:\windows\system32\drivers\vvyhfcei.sys;c:\windows\SYSNATIVE\drivers\vvyhfcei.sys [x]
R1 whjmobue;whjmobue;c:\windows\system32\drivers\whjmobue.sys;c:\windows\SYSNATIVE\drivers\whjmobue.sys [x]
R1 wrozzueo;wrozzueo;c:\windows\system32\drivers\wrozzueo.sys;c:\windows\SYSNATIVE\drivers\wrozzueo.sys [x]
R1 zchaffza;zchaffza;c:\windows\system32\drivers\zchaffza.sys;c:\windows\SYSNATIVE\drivers\zchaffza.sys [x]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\FantastiGames\X5XSEx_Pr143.Sys;c:\program files (x86)\FantastiGames\X5XSEx_Pr143.Sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 aswSP;aswSP; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 wStLib64;wStLib64;c:\windows\system32\drivers\wStLib64.sys;c:\windows\SYSNATIVE\drivers\wStLib64.sys [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 MoboroboDeviceService;Moborobo Device Service;c:\program files (x86)\Moborobo\MoboroboDeviceService.exe;c:\program files (x86)\Moborobo\MoboroboDeviceService.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 Update WebSparkle;Update WebSparkle;c:\program files (x86)\WebSparkle\updateWebSparkle.exe;c:\program files (x86)\WebSparkle\updateWebSparkle.exe [x]
S2 Util WebSparkle;Util WebSparkle;c:\program files (x86)\WebSparkle\bin\utilWebSparkle.exe;c:\program files (x86)\WebSparkle\bin\utilWebSparkle.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 14:38 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-21 13:27]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 14:34]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 14:34]
.
2014-03-26 c:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-2003735831-4074796972-7830778-1000Core.job
- c:\users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2013-08-21 21:43]
.
2014-03-27 c:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-2003735831-4074796972-7830778-1000UA.job
- c:\users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2013-08-21 21:43]
.
2014-03-27 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2013-08-21 12:44]
.
2014-03-26 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2013-08-21 12:43]
.
2014-03-27 c:\windows\Tasks\Start Registry Reviver for vedran-PC@vedran(logon).job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2013-09-10 10:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"c711029"="START" [X]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
iAimTV6
AsusACPI
vaiomediaplatform-photoserver-appserver
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://home.allgameshome.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1
IE: &Download All using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-04-14 18:30; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - c:\program files (x86)\Speed Test 127\ScriptHost.dll
BHO-{EB52E2E7-953C-B183-FDB7-7ED8A12C9BD4} - c:\programdata\Browse2savee\516e622b3f175.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-OM2_Monitor - c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKCU-Run-GoogleChromeAutoLaunch_E4B601A048BE9A47AC3681DB3BDC5E9F - c:\users\vedran\AppData\Local\Torch\Application\torch.exe
Wow6432Node-HKCU-Run-Exetender - c:\program files (x86)\FantastiGames\GPlayer.exe
Wow6432Node-HKLM-Run-AvastUI.exe - c:\program files\AVAST Software\Avast\AvastUI.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Wow6432Node-HKLM-Run-Avira Systray - c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe
Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\FantastiGames\GPlayer.exe
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShA64.dll
AddRemove-koyotesofttoolbarnew - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
AddRemove-Operation Return Gifts_is1 - c:\program files (x86)\AllGamesHome.com\Operation Return Gifts\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\System32\hale.exe
.
**************************************************************************
.
Completion time: 2014-03-27 14:46:57 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-27 13:46
.
Pre-Run: 85.323.587.584 bytes free
Post-Run: 84.991.250.432 bytes free
.
- - End Of File - - A3AB45B0CE9E697321FB4AFCACC23FE5
A36C5E4F47E84449FF07ED3517B43A31

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pazljivo iskopiraj kompletan tekst unutar Code taga!


Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\drivers\hhzsdunn.sys
c:\windows\System32\hale.exe
c:\windows\System32\mscoree.dll
c:\users\vedran\AppData\Roaming\DMCache\slui.exe
c:\program files\Software Informer\softinfo.exe
c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe
c:\windows\Temp\7033900.exe
c:\windows\Temp\2988524.exe
c:\windows\Temp\6979265.exe
c:\windows\SYSNATIVE\drivers\aczaiywv.sys
c:\windows\SYSNATIVE\drivers\ahbjsqzb.sys
c:\windows\SYSNATIVE\drivers\aitjqshv.sys
c:\windows\SYSNATIVE\drivers\amdjekvs.sys
c:\windows\SYSNATIVE\drivers\atajcetg.sys
c:\windows\SYSNATIVE\drivers\audhrgry.sys
c:\windows\SYSNATIVE\drivers\avfgyfsc.sys
c:\windows\SYSNATIVE\drivers\aychafcq.sys
c:\windows\SYSNATIVE\drivers\bfpkvffl.sys
c:\windows\SYSNATIVE\drivers\bgppadqf.sys
c:\windows\SYSNATIVE\drivers\bjjlxfkd.sys
c:\windows\SYSNATIVE\drivers\bxpfgoig.sys
c:\windows\SYSNATIVE\drivers\bzpoxrpx.sys
c:\windows\SYSNATIVE\drivers\cbwcymtu.sys
c:\windows\SYSNATIVE\drivers\cdrbjytk.sys
c:\windows\SYSNATIVE\drivers\cekcsypw.sys
c:\windows\SYSNATIVE\drivers\cswpgeou.sys
c:\windows\SYSNATIVE\drivers\ddoynkvh.sys
c:\windows\SYSNATIVE\drivers\dgwqbycy.sys
c:\windows\SYSNATIVE\drivers\dheqkdty.sys
c:\windows\SYSNATIVE\drivers\dixlmrkh.sys
c:\windows\SYSNATIVE\drivers\drqidbhj.sys
c:\windows\SYSNATIVE\drivers\dvqpxcia.sys
c:\windows\SYSNATIVE\drivers\dvzspiss.sys
c:\windows\SYSNATIVE\drivers\ebugeqrd.sys
c:\windows\SYSNATIVE\drivers\eeesbokw.sys
c:\windows\SYSNATIVE\drivers\eekasamo.sys
c:\windows\SYSNATIVE\drivers\egmqidwo.sys
c:\windows\SYSNATIVE\drivers\ekojwcuj.sys
c:\windows\SYSNATIVE\drivers\encxewum.sys
c:\windows\SYSNATIVE\drivers\eoftyzov.sys
c:\windows\SYSNATIVE\drivers\eslijtxa.sys
c:\windows\SYSNATIVE\drivers\etklyimd.sys
c:\windows\SYSNATIVE\drivers\eyxbtyrr.sys
c:\windows\SYSNATIVE\drivers\faaabzpm.sys
c:\windows\SYSNATIVE\drivers\fbqwbxvc.sys
c:\windows\SYSNATIVE\drivers\fhclpdvu.sys
c:\windows\SYSNATIVE\drivers\fialegxd.sys
c:\windows\SYSNATIVE\drivers\fqevxmtd.sys
c:\windows\SYSNATIVE\drivers\fqzkokze.sys
c:\windows\SYSNATIVE\drivers\gblducjz.sys
c:\windows\SYSNATIVE\drivers\gcqztrsm.sys
c:\windows\SYSNATIVE\drivers\geqgpmcy.sys
c:\windows\SYSNATIVE\drivers\gjggsnbh.sys
c:\windows\SYSNATIVE\drivers\gjobbtuu.sys
c:\windows\SYSNATIVE\drivers\gnudlllq.sys
c:\windows\SYSNATIVE\drivers\gpkvuoaa.sys
c:\windows\SYSNATIVE\drivers\gpkybxbk.sys
c:\windows\SYSNATIVE\drivers\gsnxjgzk.sys
c:\windows\SYSNATIVE\drivers\gstvopua.sys
c:\windows\SYSNATIVE\drivers\gtvffalc.sys
c:\windows\SYSNATIVE\drivers\guermvvs.sys
c:\windows\SYSNATIVE\drivers\gutyjkeu.sys
c:\windows\SYSNATIVE\drivers\gvmzlyjl.sys
c:\windows\SYSNATIVE\drivers\gwjbwpgr.sys
c:\windows\SYSNATIVE\drivers\hadgavkm.sys
c:\windows\SYSNATIVE\drivers\hgruwrxv.sys
c:\windows\SYSNATIVE\drivers\hmmuyobu.sys
c:\windows\SYSNATIVE\drivers\ibcifnlc.sys
c:\windows\SYSNATIVE\drivers\immdssoy.sys
c:\windows\SYSNATIVE\drivers\itkehngm.sys
c:\windows\SYSNATIVE\drivers\izvaipas.sys
c:\windows\SYSNATIVE\drivers\jbwweexf.sys
c:\windows\SYSNATIVE\drivers\jhogjmgm.sys
c:\windows\SYSNATIVE\drivers\jvhefywd.sys
c:\windows\SYSNATIVE\drivers\kdkjqvvk.sys
c:\windows\SYSNATIVE\drivers\kpeguxql.sys
c:\windows\SYSNATIVE\drivers\kteigpga.sys
c:\windows\SYSNATIVE\drivers\lbigmusp.sys
c:\windows\SYSNATIVE\drivers\ldhdvmxv.sys
c:\windows\SYSNATIVE\drivers\llnzndpt.sys
c:\windows\SYSNATIVE\drivers\lmpnkosr.sys
c:\windows\SYSNATIVE\drivers\ltaqoqqa.sys
c:\windows\SYSNATIVE\drivers\luwavqpw.sys
c:\windows\SYSNATIVE\drivers\lvvrwxjs.sys
c:\windows\SYSNATIVE\drivers\mavswkai.sys
c:\windows\SYSNATIVE\drivers\mxdxqmzm.sys
c:\windows\SYSNATIVE\drivers\nibnwgav.sys
c:\windows\SYSNATIVE\drivers\nmzcithh.sys
c:\windows\SYSNATIVE\drivers\ntimxcsl.sys
c:\windows\SYSNATIVE\drivers\nvfkswah.sys
c:\windows\SYSNATIVE\drivers\nxqhhqud.sys
c:\windows\SYSNATIVE\drivers\odttghon.sys
c:\windows\SYSNATIVE\drivers\oeugmnaw.sys
c:\windows\SYSNATIVE\drivers\ofeqjuow.sys
c:\windows\SYSNATIVE\drivers\ogcgsdzl.sys
c:\windows\SYSNATIVE\drivers\pfpiexlm.sys
c:\windows\SYSNATIVE\drivers\polztgny.sys
c:\windows\SYSNATIVE\drivers\ppxerrgg.sys
c:\windows\SYSNATIVE\drivers\pwwayjlx.sys
c:\windows\SYSNATIVE\drivers\qctapsfv.sys
c:\windows\SYSNATIVE\drivers\qeezmpvm.sys
c:\windows\SYSNATIVE\drivers\qhdxecoa.sys
c:\windows\SYSNATIVE\drivers\qkfiwpkm.sys
c:\windows\SYSNATIVE\drivers\saduavcz.sys
c:\windows\SYSNATIVE\drivers\sewtjomv.sys
c:\windows\SYSNATIVE\drivers\sliaqzbu.sys
c:\windows\SYSNATIVE\drivers\tigsdhvl.sys
c:\windows\SYSNATIVE\drivers\tjmnuuls.sys
c:\windows\SYSNATIVE\drivers\trgqfbqh.sys
c:\windows\SYSNATIVE\drivers\ujwtrxlv.sys
c:\windows\SYSNATIVE\drivers\vrkjwmbo.sys
c:\windows\SYSNATIVE\drivers\vvyhfcei.sys
c:\windows\SYSNATIVE\drivers\whjmobue.sys
c:\windows\SYSNATIVE\drivers\wrozzueo.sys
c:\windows\SYSNATIVE\drivers\zchaffza.sys

ClearJavaCache::

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msdtc.exe"=-
"wlrmdr.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PrivitizeVPN"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"NPSStartup"=-
"6979265.exe"=-
"6979265.exe"=-
"2988524.exe"=-
"7033900.exe"=-
"tray_ico"=-
"tray_ico1"=-
"tray_ico2"=-
"tray_ico3"=-
"tray_ico4"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"c711029"=-

NetSvc::
iAimTV6

Driver::
odttghon
oeugmnaw
ofeqjuow
ogcgsdzl
pfpiexlm
polztgny
ppxerrgg
psmtacre
pwwayjlx
qctapsfv
qeezmpvm
qhdxecoa
qkfiwpkm
saduavcz
sewtjomv
sliaqzbu
tigsdhvl
tjmnuuls
trgqfbqh
ujwtrxlv
vrkjwmbo
vvyhfcei
whjmobue
wrozzueo
zchaffza
luwavqpw
lvvrwxjs
mavswkai
mxdxqmzm
nibnwgav
nmzcithh
ntimxcsl
nvfkswah
nxqhhqud
gstvopua
gtvffalc
guermvvs
gutyjkeu
gvmzlyjl
gwjbwpgr
hadgavkm
hgruwrxv
hmmuyobu
ibcifnlc
immdssoy
itkehngm
izvaipas
jbwweexf
jhogjmgm
jvhefywd
kdkjqvvk
kpeguxql
kteigpga
lbigmusp
ldhdvmxv
llnzndpt
lmpnkosr
ltaqoqqa
dixlmrkh
drqidbhj
dvqpxcia
dvzspiss
ebugeqrd
eeesbokw
eekasamo
egmqidwo
ekojwcuj
encxewum
eoftyzov
eslijtxa
etklyimd
eyxbtyrr
faaabzpm
fbqwbxvc
fhclpdvu
fialegxd
fqevxmtd
fqzkokze
gblducjz
gcqztrsm
geqgpmcy
gjggsnbh
gjobbtuu
gnudlllq
gpkvuoaa
gpkybxbk
gsnxjgzk
aczaiywv
ahbjsqzb
aitjqshv
amdjekvs
atajcetg
audhrgry
avfgyfsc
aychafcq
bfpkvffl
bgppadqf
bjjlxfkd
bxpfgoig
bzpoxrpx
cbwcymtu
cdrbjytk
cekcsypw
cswpgeou
ctmmkenz
ddoynkvh
dgwqbycy
dheqkdty
Avira.OE.ServiceHost
Update WebSparkle
Util WebSparkle

Folder::
c:\program files (x86)\Avira
c:\program files (x86)\WebSparkle

DDS::
IE: &Download All using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

Firefox::
FF - ProfilePath - c:\users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\
FF - ExtSQL: !HIDDEN! 2013-04-14 18:30; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff

FCOPY::
c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll|c:\windows\system32\user32.dll


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 22 Mar 2014
  • Poruke: 13

ComboFix 14-03-24.01 - vedran 7.03.2014. 17:02:43.4.1 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.385.1033.18.1918.898 [GMT 1:00]
Running from: c:\users\vedran\Desktop\ComboFix.exe
Command switches used :: c:\users\vedran\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe"
"c:\program files\Software Informer\softinfo.exe"
"c:\users\vedran\AppData\Roaming\DMCache\slui.exe"
"c:\windows\system32\drivers\aczaiywv.sys"
"c:\windows\system32\drivers\ahbjsqzb.sys"
"c:\windows\system32\drivers\aitjqshv.sys"
"c:\windows\system32\drivers\amdjekvs.sys"
"c:\windows\system32\drivers\atajcetg.sys"
"c:\windows\system32\drivers\audhrgry.sys"
"c:\windows\system32\drivers\avfgyfsc.sys"
"c:\windows\system32\drivers\aychafcq.sys"
"c:\windows\system32\drivers\bfpkvffl.sys"
"c:\windows\system32\drivers\bgppadqf.sys"
"c:\windows\system32\drivers\bjjlxfkd.sys"
"c:\windows\system32\drivers\bxpfgoig.sys"
"c:\windows\system32\drivers\bzpoxrpx.sys"
"c:\windows\system32\drivers\cbwcymtu.sys"
"c:\windows\system32\drivers\cdrbjytk.sys"
"c:\windows\system32\drivers\cekcsypw.sys"
"c:\windows\system32\drivers\cswpgeou.sys"
"c:\windows\system32\drivers\ddoynkvh.sys"
"c:\windows\system32\drivers\dgwqbycy.sys"
"c:\windows\system32\drivers\dheqkdty.sys"
"c:\windows\system32\drivers\dixlmrkh.sys"
"c:\windows\system32\drivers\drqidbhj.sys"
"c:\windows\system32\drivers\dvqpxcia.sys"
"c:\windows\system32\drivers\dvzspiss.sys"
"c:\windows\system32\drivers\ebugeqrd.sys"
"c:\windows\system32\drivers\eeesbokw.sys"
"c:\windows\system32\drivers\eekasamo.sys"
"c:\windows\system32\drivers\egmqidwo.sys"
"c:\windows\system32\drivers\ekojwcuj.sys"
"c:\windows\system32\drivers\encxewum.sys"
"c:\windows\system32\drivers\eoftyzov.sys"
"c:\windows\system32\drivers\eslijtxa.sys"
"c:\windows\system32\drivers\etklyimd.sys"
"c:\windows\system32\drivers\eyxbtyrr.sys"
"c:\windows\system32\drivers\faaabzpm.sys"
"c:\windows\system32\drivers\fbqwbxvc.sys"
"c:\windows\system32\drivers\fhclpdvu.sys"
"c:\windows\system32\drivers\fialegxd.sys"
"c:\windows\system32\drivers\fqevxmtd.sys"
"c:\windows\system32\drivers\fqzkokze.sys"
"c:\windows\system32\drivers\gblducjz.sys"
"c:\windows\system32\drivers\gcqztrsm.sys"
"c:\windows\system32\drivers\geqgpmcy.sys"
"c:\windows\system32\drivers\gjggsnbh.sys"
"c:\windows\system32\drivers\gjobbtuu.sys"
"c:\windows\system32\drivers\gnudlllq.sys"
"c:\windows\system32\drivers\gpkvuoaa.sys"
"c:\windows\system32\drivers\gpkybxbk.sys"
"c:\windows\system32\drivers\gsnxjgzk.sys"
"c:\windows\system32\drivers\gstvopua.sys"
"c:\windows\system32\drivers\gtvffalc.sys"
"c:\windows\system32\drivers\guermvvs.sys"
"c:\windows\system32\drivers\gutyjkeu.sys"
"c:\windows\system32\drivers\gvmzlyjl.sys"
"c:\windows\system32\drivers\gwjbwpgr.sys"
"c:\windows\system32\drivers\hadgavkm.sys"
"c:\windows\system32\drivers\hgruwrxv.sys"
"c:\windows\system32\drivers\hmmuyobu.sys"
"c:\windows\system32\drivers\ibcifnlc.sys"
"c:\windows\system32\drivers\immdssoy.sys"
"c:\windows\system32\drivers\itkehngm.sys"
"c:\windows\system32\drivers\izvaipas.sys"
"c:\windows\system32\drivers\jbwweexf.sys"
"c:\windows\system32\drivers\jhogjmgm.sys"
"c:\windows\system32\drivers\jvhefywd.sys"
"c:\windows\system32\drivers\kdkjqvvk.sys"
"c:\windows\system32\drivers\kpeguxql.sys"
"c:\windows\system32\drivers\kteigpga.sys"
"c:\windows\system32\drivers\lbigmusp.sys"
"c:\windows\system32\drivers\ldhdvmxv.sys"
"c:\windows\system32\drivers\llnzndpt.sys"
"c:\windows\system32\drivers\lmpnkosr.sys"
"c:\windows\system32\drivers\ltaqoqqa.sys"
"c:\windows\system32\drivers\luwavqpw.sys"
"c:\windows\system32\drivers\lvvrwxjs.sys"
"c:\windows\system32\drivers\mavswkai.sys"
"c:\windows\system32\drivers\mxdxqmzm.sys"
"c:\windows\system32\drivers\nibnwgav.sys"
"c:\windows\system32\drivers\nmzcithh.sys"
"c:\windows\system32\drivers\ntimxcsl.sys"
"c:\windows\system32\drivers\nvfkswah.sys"
"c:\windows\system32\drivers\nxqhhqud.sys"
"c:\windows\system32\drivers\odttghon.sys"
"c:\windows\system32\drivers\oeugmnaw.sys"
"c:\windows\system32\drivers\ofeqjuow.sys"
"c:\windows\system32\drivers\ogcgsdzl.sys"
"c:\windows\system32\drivers\pfpiexlm.sys"
"c:\windows\system32\drivers\polztgny.sys"
"c:\windows\system32\drivers\ppxerrgg.sys"
"c:\windows\system32\drivers\pwwayjlx.sys"
"c:\windows\system32\drivers\qctapsfv.sys"
"c:\windows\system32\drivers\qeezmpvm.sys"
"c:\windows\system32\drivers\qhdxecoa.sys"
"c:\windows\system32\drivers\qkfiwpkm.sys"
"c:\windows\system32\drivers\saduavcz.sys"
"c:\windows\system32\drivers\sewtjomv.sys"
"c:\windows\system32\drivers\sliaqzbu.sys"
"c:\windows\system32\drivers\tigsdhvl.sys"
"c:\windows\system32\drivers\tjmnuuls.sys"
"c:\windows\system32\drivers\trgqfbqh.sys"
"c:\windows\system32\drivers\ujwtrxlv.sys"
"c:\windows\system32\drivers\vrkjwmbo.sys"
"c:\windows\system32\drivers\vvyhfcei.sys"
"c:\windows\system32\drivers\whjmobue.sys"
"c:\windows\system32\drivers\wrozzueo.sys"
"c:\windows\system32\drivers\zchaffza.sys"
"c:\windows\system32\drivers\hhzsdunn.sys"
"c:\windows\System32\hale.exe"
"c:\windows\System32\mscoree.dll"
"c:\windows\Temp\2988524.exe"
"c:\windows\Temp\6979265.exe"
"c:\windows\Temp\7033900.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe
c:\program files (x86)\WebSparkle
c:\program files (x86)\WebSparkle\bin\7za.exe
c:\program files (x86)\WebSparkle\bin\BrowserAdapterS.7z
c:\program files (x86)\WebSparkle\bin\FilterApp_C64.exe
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.Bromon.dll
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.BrowserAdapterS.dll
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.CompatibilityChecker.dll
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.FFUpdate.dll
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.GCUpdate.dll
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.IEUpdate.dll
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.PurBrowse.dll
c:\program files (x86)\WebSparkle\bin\sqlite3.dll
c:\program files (x86)\WebSparkle\bin\utilWebSparkle.exe
c:\program files (x86)\WebSparkle\bin\utilWebSparkle.InstallState
c:\program files (x86)\WebSparkle\bin\XTLS.dll
c:\program files (x86)\WebSparkle\bin\XTLSApp.dll
c:\program files (x86)\WebSparkle\bin\XTLSApp.exe
c:\program files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx
c:\program files (x86)\WebSparkle\updateWebSparkle.exe
c:\program files (x86)\WebSparkle\updateWebSparkle.InstallState
c:\program files (x86)\WebSparkle\WebSparkle.ico
c:\program files (x86)\WebSparkle\WebSparkleUninstall.exe
c:\program files\Software Informer\softinfo.exe
c:\users\vedran\AppData\Roaming\DMCache\slui.exe
c:\windows\system32\drivers\hhzsdunn.sys
c:\windows\System32\hale.exe
.
.
--------------- FCopy ---------------
.
c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --> c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_aczaiywv
-------\Service_ahbjsqzb
-------\Service_aitjqshv
-------\Service_amdjekvs
-------\Service_atajcetg
-------\Service_audhrgry
-------\Service_avfgyfsc
-------\Service_Avira.OE.ServiceHost
-------\Service_aychafcq
-------\Service_bfpkvffl
-------\Service_bgppadqf
-------\Service_bjjlxfkd
-------\Service_bxpfgoig
-------\Service_bzpoxrpx
-------\Service_cbwcymtu
-------\Service_cdrbjytk
-------\Service_cekcsypw
-------\Service_cswpgeou
-------\Service_ctmmkenz
-------\Service_ddoynkvh
-------\Service_dgwqbycy
-------\Service_dheqkdty
-------\Service_dixlmrkh
-------\Service_drqidbhj
-------\Service_dvqpxcia
-------\Service_dvzspiss
-------\Service_ebugeqrd
-------\Service_eeesbokw
-------\Service_eekasamo
-------\Service_egmqidwo
-------\Service_ekojwcuj
-------\Service_encxewum
-------\Service_eoftyzov
-------\Service_eslijtxa
-------\Service_etklyimd
-------\Service_eyxbtyrr
-------\Service_faaabzpm
-------\Service_fbqwbxvc
-------\Service_fhclpdvu
-------\Service_fialegxd
-------\Service_fqevxmtd
-------\Service_fqzkokze
-------\Service_gblducjz
-------\Service_gcqztrsm
-------\Service_geqgpmcy
-------\Service_gjggsnbh
-------\Service_gjobbtuu
-------\Service_gnudlllq
-------\Service_gpkvuoaa
-------\Service_gpkybxbk
-------\Service_gsnxjgzk
-------\Service_gstvopua
-------\Service_gtvffalc
-------\Service_guermvvs
-------\Service_gutyjkeu
-------\Service_gvmzlyjl
-------\Service_gwjbwpgr
-------\Service_hadgavkm
-------\Service_hgruwrxv
-------\Service_hmmuyobu
-------\Service_ibcifnlc
-------\Service_immdssoy
-------\Service_itkehngm
-------\Service_izvaipas
-------\Service_jbwweexf
-------\Service_jhogjmgm
-------\Service_jvhefywd
-------\Service_kdkjqvvk
-------\Service_kpeguxql
-------\Service_kteigpga
-------\Service_lbigmusp
-------\Service_ldhdvmxv
-------\Service_llnzndpt
-------\Service_lmpnkosr
-------\Service_ltaqoqqa
-------\Service_luwavqpw
-------\Service_lvvrwxjs
-------\Service_mavswkai
-------\Service_mxdxqmzm
-------\Service_nibnwgav
-------\Service_nmzcithh
-------\Service_ntimxcsl
-------\Service_nvfkswah
-------\Service_nxqhhqud
-------\Service_odttghon
-------\Service_oeugmnaw
-------\Service_ofeqjuow
-------\Service_ogcgsdzl
-------\Service_pfpiexlm
-------\Service_polztgny
-------\Service_ppxerrgg
-------\Service_psmtacre
-------\Service_pwwayjlx
-------\Service_qctapsfv
-------\Service_qeezmpvm
-------\Service_qhdxecoa
-------\Service_qkfiwpkm
-------\Service_saduavcz
-------\Service_sewtjomv
-------\Service_sliaqzbu
-------\Service_tigsdhvl
-------\Service_tjmnuuls
-------\Service_trgqfbqh
-------\Service_ujwtrxlv
-------\Service_Update WebSparkle
-------\Service_Util WebSparkle
-------\Service_vrkjwmbo
-------\Service_vvyhfcei
-------\Service_whjmobue
-------\Service_wrozzueo
-------\Service_zchaffza
.
.
((((((((((((((((((((((((( Files Created from 2014-02-27 to 2014-03-27 )))))))))))))))))))))))))))))))
.
.
2014-03-27 16:19 . 2014-03-27 16:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F96206B-C1B1-4A13-8BF2-81C72BD9ACA7}\offreg.dll
2014-03-27 16:12 . 2014-03-27 16:12 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2014-03-27 16:12 . 2014-03-27 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-27 11:56 . 2014-03-27 11:56 -------- d-----w- c:\programdata\Malwarebytes
2014-03-27 11:56 . 2014-03-27 12:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-27 11:56 . 2014-03-27 11:56 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-27 11:55 . 2014-03-27 11:55 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-26 22:40 . 2014-03-26 22:41 -------- d-----w- C:\FRST
2014-03-26 04:45 . 2014-03-17 09:16 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F96206B-C1B1-4A13-8BF2-81C72BD9ACA7}\mpengine.dll
2014-03-23 17:38 . 2014-03-23 17:38 -------- d-----w- c:\users\vedran\AppData\Roaming\DropboxMaster
2014-03-23 17:30 . 2014-03-23 19:49 -------- d-----w- c:\programdata\AVAST Software
2014-03-22 20:44 . 2014-03-22 21:04 -------- d-----w- C:\AdwCleaner
2014-03-22 04:49 . 2014-03-22 04:49 61120 ----a-w- c:\windows\system32\drivers\wStLib64.sys
2014-03-19 20:17 . 2014-03-19 20:17 -------- d-----w- c:\programdata\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-27 16:04 . 2009-07-13 23:38 1008128 ----a-w- c:\windows\system32\user32.dll
2014-03-24 13:00 . 2012-03-09 23:10 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2014-03-19 14:27 . 2014-02-17 13:41 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-19 14:27 . 2014-02-17 13:41 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-19 14:27 . 2014-02-17 13:41 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-19 14:27 . 2014-02-17 13:41 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-19 14:27 . 2014-02-17 13:41 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-19 14:27 . 2014-02-17 13:41 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-19 14:27 . 2014-02-17 13:40 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-19 14:27 . 2014-02-17 13:40 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-14 13:27 . 2012-10-21 11:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-14 13:27 . 2011-10-31 17:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 22:57 . 2014-02-20 22:57 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-02-20 22:57 . 2014-02-20 22:57 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-02-17 21:01 . 2014-02-17 21:01 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2014-02-17 21:01 . 2014-02-17 21:01 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2014-02-17 13:40 . 2014-02-17 13:40 43152 ----a-w- c:\windows\avastSS.scr
2014-01-14 14:13 . 2014-02-20 22:55 12072 ----a-w- c:\windows\SysWow64\drivers\MoborobAssDriver64.sys
2014-01-08 15:23 . 2009-07-13 23:52 65536 ----a-w- c:\windows\system32\sppuinotify.dll
2014-01-08 15:23 . 2014-01-08 15:23 381952 ----a-w- c:\windows\system32\sppcommdlg.dll
2014-01-08 15:21 . 2009-07-13 23:52 349696 ----a-w- c:\windows\system32\slui.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-08-27 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7600.16385] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2014-03-27 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}]
c:\program files (x86)\Speed Test 127\ScriptHost.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2009-11-25 19:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EB52E2E7-953C-B183-FDB7-7ED8A12C9BD4}]
c:\programdata\Browse2savee\516e622b3f175.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Boot Cleanup"="c:\users\vedran\AppData\Local\CCleaner\Bin\CCleaner.exe" [2013-05-03 151040]
"BrowserUid"="c:\users\vedran\AppData\Local\PlayFree Browser\Application\PlayFreeBrowser.exe" [2014-02-26 886568]
"MPCBrowser Update"="c:\users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe" [2014-02-26 120256]
"GoogleChromeAutoLaunch_BB3C84E317859ACDEF883F30197A9F9B"="c:\users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe" [2014-02-26 886568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Boot Cleanup"="c:\program files\CCleaner\Bin\CCleaner.exe" [2013-05-03 151040]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Component Manager"="c:\program files (x86)\HP\hpcoretech\hpcmpmgr.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\FantastiGames\X5XSEx_Pr143.Sys;c:\program files (x86)\FantastiGames\X5XSEx_Pr143.Sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 aswSP;aswSP; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 wStLib64;wStLib64;c:\windows\system32\drivers\wStLib64.sys;c:\windows\SYSNATIVE\drivers\wStLib64.sys [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 MoboroboDeviceService;Moborobo Device Service;c:\program files (x86)\Moborobo\MoboroboDeviceService.exe;c:\program files (x86)\Moborobo\MoboroboDeviceService.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 14:38 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-21 13:27]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 14:34]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 14:34]
.
2014-03-26 c:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-2003735831-4074796972-7830778-1000Core.job
- c:\users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2013-08-21 21:43]
.
2014-03-27 c:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-2003735831-4074796972-7830778-1000UA.job
- c:\users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2013-08-21 21:43]
.
2014-03-27 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2013-08-21 12:44]
.
2014-03-26 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2013-08-21 12:43]
.
2014-03-27 c:\windows\Tasks\Start Registry Reviver for vedran-PC@vedran(logon).job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2013-09-10 10:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\program files\AVAST Software\Avast\ashShA64.dll [BU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
iAimTV6
AsusACPI
vaiomediaplatform-photoserver-appserver
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://home.allgameshome.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-04-14 18:30; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
AddRemove-koyotesofttoolbarnew - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
AddRemove-Operation Return Gifts_is1 - c:\program files (x86)\AllGamesHome.com\Operation Return Gifts\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Completion time: 2014-03-27 17:33:20 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-27 16:33
ComboFix2.txt 2014-03-27 13:47
.
Pre-Run: 84.042.686.464 bytes free
Post-Run: 83.990.962.176 bytes free
.
- - End Of File - - A4470FA254FD71300D115AD04202D3D2
A36C5E4F47E84449FF07ED3517B43A31

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Deinstaliraj sledece programe:

McAfee Security Scan
TuneUpUtilities
PC Tools Registry Mechanic 11.1


Zatim pokreni FRST i postavi mi sveze logove (okaci uz poruku).

offline
  • Pridružio: 22 Mar 2014
  • Poruke: 13

Napisano: 29 Mar 2014 11:06

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by vedran (administrator) on VEDRAN-PC on 29-03-2014 11:03:35
Running from C:\Users\vedran\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ReviverSoft LLC) C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe
(Piriform Ltd) C:\Users\vedran\AppData\Local\CCleaner\Bin\CCleaner.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
() C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
() C:\Program Files (x86)\Moborobo\MoboroboDeviceService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Farbar) C:\Users\vedran\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [MobileConnect] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2060288 2008-03-13] (Vodafone)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Boot Cleanup] - C:\Program Files\CCleaner\Bin\CCleaner.exe [151040 2013-05-03] (Piriform Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2003735831-4074796972-7830778-1000\...\Run: [Boot Cleanup] - C:\Users\vedran\AppData\Local\CCleaner\Bin\CCleaner.exe [151040 2013-05-03] (Piriform Ltd)
HKU\S-1-5-21-2003735831-4074796972-7830778-1000\...\Run: [BrowserUid] - C:\Users\vedran\AppData\Local\PlayFree Browser\Application\PlayFreeBrowser.exe [886568 2014-02-26] (MyPlayCity, Inc.)
HKU\S-1-5-21-2003735831-4074796972-7830778-1000\...\Run: [MPCBrowser Update] - C:\Users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [120256 2014-02-26] (MyPlayCity, Inc.)
HKU\S-1-5-21-2003735831-4074796972-7830778-1000\...\Run: [GoogleChromeAutoLaunch_BB3C84E317859ACDEF883F30197A9F9B] - C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe [886568 2014-02-26] (MyPlayCity, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = home.allgameshome.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG2&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG2&q={searchTerms}
SearchScopes: HKLM-x32 - {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = search.mywebsearch.com/mywebsearch/GGmain.j.....searchfor={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG2&q={searchTerms}
SearchScopes: HKLM-x32 - {EF4D31BC-72C4-4B47-B1C7-DE12A4F68623} URL = home.allgameshome.com/results.php?category=web&s={searchTerms}
SearchScopes: HKCU - {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = search.mywebsearch.com/mywebsearch/GGmain.j.....searchfor={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG2&q={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO-x32: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Browse2savee - {EB52E2E7-953C-B183-FDB7-7ED8A12C9BD4} - C:\ProgramData\Browse2savee\516e622b3f175.dll No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} content.systemrequirementslab.com.s3.amazon.....4.21.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\FantastiGames\npExentCtl.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @omaha.playfree.org/MPCBrowser Update;version=3 - C:\Users\vedran\AppData\Local\MPCBrowser\Update\1.3.27.0\npGoogleUpdate3.dll (MyPlayCity, Inc.)
FF Plugin HKCU: @omaha.playfree.org/MPCBrowser Update;version=9 - C:\Users\vedran\AppData\Local\MPCBrowser\Update\1.3.27.0\npGoogleUpdate3.dll (MyPlayCity, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\searchplugins\allgameshome-search.xml
FF SearchPlugin: C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\searchplugins\allgameshome.xml
FF SearchPlugin: C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\searchplugins\myplaycity.xml
FF Extension: 4shared Desktop Plugin - C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\Extensions\4sharedCopyLinks.xpi [2013-03-14]
FF Extension: WebSparkle - C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\Extensions\{058899d6-9704-4de3-aae7-17e9fc44c761}.xpi [2014-03-23]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-22]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2014-02-15]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR DefaultSearchProvider: Eazel
CHR DefaultSearchURL: google.com
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-17]
CHR Extension: (Google Drive) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-17]
CHR Extension: (YouTube) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Freemake Video Downloader) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-06-27]
CHR Extension: (Google Search) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-06-27]
CHR Extension: (WebSparkle) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikgojpdbiniccokkgadmdheobjfdbbcg [2014-03-23]
CHR Extension: (Freemake Video Converter) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-06-27]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-27]
CHR Extension: (Google Wallet) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Gmail) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-04-14]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [ddkpepdilbfaccbiljmaflabkcbgjfin] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [ikgojpdbiniccokkgadmdheobjfdbbcg] - C:\Program Files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-04-28]

==================== Services (Whitelisted) =================

S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-04-25] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-04-01] (Ellora Assets Corp.)
R2 MoboroboDeviceService; C:\Program Files (x86)\Moborobo\MoboroboDeviceService.exe [70952 2014-01-14] ()
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [343032 2012-02-08] (Nitro PDF Software)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [24576 2008-03-13] (Vodafone)
S2 AsusACPI; %systemroot%\system32\wfxsvc.dll [X]
S2 iAimTV6; %systemroot%\system32\dlcg_device.dll [X]
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [X]
S2 vaiomediaplatform-photoserver-appserver; %systemroot%\system32\roxmediadb9.dll [X]

==================== Drivers (Whitelisted) ====================

U5 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [78648 2014-03-19] (AVAST Software)
U5 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-19] ()
U5 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1038072 2014-03-19] (AVAST Software)
S4 aswSP; C:\Windows\System32\Drivers\aswSP.sys [421704 2014-03-19] (AVAST Software)
U5 aswStm; C:\Windows\System32\Drivers\aswStm.sys [80184 2014-03-19] (AVAST Software)
U5 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-19] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-07-24] (AnchorFree Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119000 2014-03-27] (Malwarebytes Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-22] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [X]

==================== NetSvcs (Whitelisted) ===================

NETSVC: iAimTV6 -> C:\Windows\system32\dlcg_device.dll ==> No File.
NETSVC: AsusACPI -> C:\Windows\system32\wfxsvc.dll ==> No File.
NETSVC: vaiomediaplatform-photoserver-appserver -> C:\Windows\system32\roxmediadb9.dll ==> No File.

==================== One Month Created Files and Folders ========

2014-03-29 11:03 - 2014-03-29 11:03 - 02157056 _____ (Farbar) C:\Users\vedran\Desktop\FRST64(1).exe
2014-03-27 19:00 - 2014-03-28 19:05 - 00000416 _____ () C:\Windows\SysWOW64\AppLog.log
2014-03-27 17:33 - 2014-03-27 17:33 - 00029789 _____ () C:\ComboFix.txt
2014-03-27 13:31 - 2014-03-27 13:32 - 05192353 ____R (Swearware) C:\Users\vedran\Desktop\ComboFix.exe
2014-03-27 13:18 - 2014-03-27 13:19 - 00281720 _____ () C:\Windows\Minidump\032714-24211-01.dmp
2014-03-27 12:56 - 2014-03-27 13:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-27 12:56 - 2014-03-27 12:56 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 12:56 - 2014-03-27 12:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 12:55 - 2014-03-27 13:30 - 00000000 ____D () C:\Users\vedran\Desktop\mbar
2014-03-27 12:55 - 2014-03-27 12:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 12:54 - 2014-03-27 12:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\vedran\Desktop\mbar-1.07.0.1009.exe
2014-03-26 23:43 - 2014-03-29 11:03 - 00021418 _____ () C:\Users\vedran\Desktop\FRST.txt
2014-03-26 23:43 - 2014-03-26 23:43 - 00033294 _____ () C:\Users\vedran\Desktop\Addition.txt
2014-03-26 23:41 - 2014-03-26 23:41 - 00033294 _____ () C:\Users\vedran\Downloads\Addition.txt
2014-03-26 23:40 - 2014-03-29 11:03 - 00000000 ____D () C:\FRST
2014-03-26 23:40 - 2014-03-26 23:41 - 00053918 _____ () C:\Users\vedran\Downloads\FRST.txt
2014-03-26 23:39 - 2014-03-26 23:40 - 02157056 _____ (Farbar) C:\Users\vedran\Downloads\FRST64.exe
2014-03-26 23:39 - 2014-03-26 23:39 - 01145856 _____ (Farbar) C:\Users\vedran\Downloads\FRST.exe
2014-03-23 18:38 - 2014-03-23 18:38 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\DropboxMaster
2014-03-23 18:30 - 2014-03-23 20:49 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-23 15:57 - 2014-03-23 16:01 - 88551496 _____ (AVAST Software) C:\Users\vedran\Downloads\avast_free_antivirus_setup (2).exe
2014-03-22 23:43 - 2014-03-22 23:43 - 05190052 ____R (Swearware) C:\Users\vedran\Downloads\ComboFix(1).exe
2014-03-22 23:13 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-22 23:13 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-22 23:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-22 23:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-22 23:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-22 23:13 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-22 23:13 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-22 23:13 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-22 22:07 - 2014-03-22 22:07 - 00001672 _____ () C:\Users\vedran\Desktop\AdwCleaner[S1].txt
2014-03-22 22:03 - 2014-03-22 22:03 - 01950720 _____ () C:\Users\vedran\Desktop\AdwCleaner(1).exe
2014-03-22 21:44 - 2014-03-22 22:04 - 00000000 ____D () C:\AdwCleaner
2014-03-22 21:44 - 2014-03-22 21:44 - 01950720 _____ () C:\Users\vedran\Downloads\AdwCleaner.exe
2014-03-22 19:33 - 2014-03-22 19:33 - 00013114 _____ () C:\Users\vedran\Desktop\attach.txt
2014-03-22 19:33 - 2014-03-22 19:32 - 00021084 _____ () C:\Users\vedran\Desktop\dds.txt
2014-03-22 19:30 - 2014-03-22 19:30 - 00688992 _____ (Swearware) C:\Users\vedran\Downloads\dds (1).pif
2014-03-22 19:30 - 2014-03-22 19:30 - 00688992 _____ (Swearware) C:\Users\vedran\Downloads\dds (1).com
2014-03-22 19:24 - 2014-03-22 19:24 - 00688992 _____ (Swearware) C:\Users\vedran\Downloads\dds.pif
2014-03-22 19:23 - 2014-03-22 19:24 - 00688992 ____R (Swearware) C:\Users\vedran\Downloads\dds.com
2014-03-22 05:49 - 2014-03-22 05:49 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-19 21:18 - 2014-03-24 14:01 - 00001913 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-03-19 21:17 - 2014-03-19 21:17 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\vedran\Downloads\avira_en_av___ws (2).exe
2014-03-19 21:17 - 2014-03-19 21:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-19 21:16 - 2014-03-19 21:16 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\vedran\Downloads\avira_en_av___ws.exe
2014-03-19 21:16 - 2014-03-19 21:16 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\vedran\Downloads\avira_en_av___ws (1).exe
2014-03-19 15:22 - 2014-03-19 15:25 - 90578216 _____ (AVAST Software) C:\Users\vedran\Downloads\avast_free_antivirus_setup (1).exe
2014-03-16 22:54 - 2014-03-16 22:55 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh(2).exe
2014-03-16 22:53 - 2014-03-16 22:54 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh(1).exe
2014-03-16 22:45 - 2014-03-16 22:45 - 01161000 _____ () C:\Users\vedran\Downloads\farm_frenzy_3-gs_agh.exe
2014-03-16 22:44 - 2014-03-16 22:44 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh.exe
2014-03-16 22:44 - 2014-03-16 22:44 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh (1).exe
2014-03-08 22:39 - 2014-03-08 22:45 - 00000000 ____D () C:\Users\vedran\Desktop\Originals
2014-03-08 22:32 - 2014-03-08 22:32 - 00056856 _____ () C:\Users\vedran\Desktop\IMG_20140308_121157-bbbbbbbbbbbbbbbbbbb

==================== One Month Modified Files and Folders =======

2014-03-29 11:03 - 2014-03-29 11:03 - 02157056 _____ (Farbar) C:\Users\vedran\Desktop\FRST64(1).exe
2014-03-29 11:03 - 2014-03-26 23:43 - 00021418 _____ () C:\Users\vedran\Desktop\FRST.txt
2014-03-29 11:03 - 2014-03-26 23:40 - 00000000 ____D () C:\FRST
2014-03-29 11:02 - 2009-07-14 05:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-29 11:02 - 2009-07-14 05:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-29 10:56 - 2011-10-31 18:21 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-29 10:56 - 2011-04-17 15:34 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-29 10:55 - 2013-04-14 17:24 - 00000320 _____ () C:\Windows\Tasks\Start Registry Reviver for vedran-PC@vedran(logon).job
2014-03-29 10:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-29 10:55 - 2009-07-14 05:51 - 00144951 _____ () C:\Windows\setupact.log
2014-03-29 10:54 - 2011-04-17 12:45 - 01608979 _____ () C:\Windows\WindowsUpdate.log
2014-03-29 10:49 - 2013-06-26 13:30 - 00000000 ____D () C:\Users\vedran\Desktop\New folder (2)
2014-03-29 10:48 - 2013-08-21 12:19 - 00000952 _____ () C:\Windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-2003735831-4074796972-7830778-1000UA.job
2014-03-29 10:41 - 2011-04-17 15:34 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-29 10:38 - 2012-10-21 12:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-29 10:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-03-28 22:48 - 2013-08-21 12:19 - 00000900 _____ () C:\Windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-2003735831-4074796972-7830778-1000Core.job
2014-03-28 19:05 - 2014-03-27 19:00 - 00000416 _____ () C:\Windows\SysWOW64\AppLog.log
2014-03-27 17:52 - 2013-05-26 13:34 - 00000000 ____D () C:\Users\vedran\Desktop\programi
2014-03-27 17:34 - 2014-02-15 22:37 - 00000000 ____D () C:\Qoobox
2014-03-27 17:33 - 2014-03-27 17:33 - 00029789 _____ () C:\ComboFix.txt
2014-03-27 17:25 - 2011-04-17 12:50 - 00000000 ____D () C:\Users\vedran\AppData\Local\VirtualStore
2014-03-27 17:16 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-27 17:14 - 2011-04-17 15:46 - 00639444 _____ () C:\Windows\PFRO.log
2014-03-27 17:13 - 2014-02-20 23:28 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\Software Informer
2014-03-27 17:13 - 2014-02-15 22:36 - 00000000 ____D () C:\Windows\erdnt
2014-03-27 17:13 - 2009-07-14 03:34 - 56328192 _____ () C:\Windows\system32\config\software.bak
2014-03-27 17:13 - 2009-07-14 03:34 - 16252928 _____ () C:\Windows\system32\config\system.bak
2014-03-27 17:13 - 2009-07-14 03:34 - 00233472 _____ () C:\Windows\system32\config\default.bak
2014-03-27 17:13 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2014-03-27 17:13 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-03-27 17:10 - 2014-02-20 23:28 - 00000000 ____D () C:\Program Files\Software Informer
2014-03-27 17:10 - 2013-10-30 10:53 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\DMCache
2014-03-27 17:10 - 2013-02-22 19:55 - 00000000 ____D () C:\Program Files (x86)\PrivitizeVPN
2014-03-27 17:04 - 2009-07-14 00:38 - 01008128 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-03-27 14:47 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-27 14:15 - 2014-02-15 22:21 - 00000000 ____D () C:\Program Files (x86)\Speed Test 127
2014-03-27 14:15 - 2012-07-06 12:28 - 00000000 ____D () C:\Program Files (x86)\intellidownload
2014-03-27 13:36 - 2011-04-17 15:34 - 00003944 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 13:36 - 2011-04-17 15:34 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 13:32 - 2014-03-27 13:31 - 05192353 ____R (Swearware) C:\Users\vedran\Desktop\ComboFix.exe
2014-03-27 13:30 - 2014-03-27 12:55 - 00000000 ____D () C:\Users\vedran\Desktop\mbar
2014-03-27 13:19 - 2014-03-27 13:18 - 00281720 _____ () C:\Windows\Minidump\032714-24211-01.dmp
2014-03-27 13:18 - 2013-03-06 22:16 - 268491794 _____ () C:\Windows\MEMORY.DMP
2014-03-27 13:18 - 2013-03-06 22:16 - 00000000 ____D () C:\Windows\Minidump
2014-03-27 13:17 - 2014-03-27 12:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-27 13:13 - 2014-02-17 14:58 - 00000000 ___HD () C:\Windows\update.tray-7-0
2014-03-27 13:13 - 2011-12-12 18:15 - 00000000 ___HD () C:\Windows\update.tray-9-0
2014-03-27 12:56 - 2014-03-27 12:56 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 12:56 - 2014-03-27 12:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 12:55 - 2014-03-27 12:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 12:54 - 2014-03-27 12:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\vedran\Desktop\mbar-1.07.0.1009.exe
2014-03-26 23:43 - 2014-03-26 23:43 - 00033294 _____ () C:\Users\vedran\Desktop\Addition.txt
2014-03-26 23:41 - 2014-03-26 23:41 - 00033294 _____ () C:\Users\vedran\Downloads\Addition.txt
2014-03-26 23:41 - 2014-03-26 23:40 - 00053918 _____ () C:\Users\vedran\Downloads\FRST.txt
2014-03-26 23:40 - 2014-03-26 23:39 - 02157056 _____ (Farbar) C:\Users\vedran\Downloads\FRST64.exe
2014-03-26 23:39 - 2014-03-26 23:39 - 01145856 _____ (Farbar) C:\Users\vedran\Downloads\FRST.exe
2014-03-26 13:07 - 2012-10-21 12:00 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7CD55BEB-1BAE-46DE-A39E-B7B12D353F50}
2014-03-24 22:58 - 2014-02-17 14:58 - 00000000 ___HD () C:\Windows\update.tray-7-0-lnk
2014-03-24 22:58 - 2011-12-12 18:15 - 00000000 ___HD () C:\Windows\update.tray-9-0-lnk
2014-03-24 22:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-24 22:48 - 2014-02-22 12:32 - 00000000 ____D () C:\Users\vedran\AppData\Local\CrashDumps
2014-03-24 14:01 - 2014-03-19 21:18 - 00001913 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-03-24 14:00 - 2012-03-10 00:10 - 00000000 ___SH () C:\Windows\system32\dds_log_ad13.cmd
2014-03-24 14:00 - 2011-04-17 12:50 - 00000000 ____D () C:\Users\vedran
2014-03-24 06:08 - 2011-05-19 09:33 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-23 20:54 - 2011-04-17 12:45 - 00000000 ____D () C:\Recovery
2014-03-23 20:49 - 2014-03-23 18:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-23 19:14 - 2011-05-19 09:32 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\Dropbox
2014-03-23 19:08 - 2011-05-19 09:35 - 00000000 ___RD () C:\Users\vedran\Dropbox
2014-03-23 18:38 - 2014-03-23 18:38 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\DropboxMaster
2014-03-23 16:01 - 2014-03-23 15:57 - 88551496 _____ (AVAST Software) C:\Users\vedran\Downloads\avast_free_antivirus_setup (2).exe
2014-03-23 13:30 - 2009-07-14 06:08 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-22 23:43 - 2014-03-22 23:43 - 05190052 ____R (Swearware) C:\Users\vedran\Downloads\ComboFix(1).exe
2014-03-22 22:07 - 2014-03-22 22:07 - 00001672 _____ () C:\Users\vedran\Desktop\AdwCleaner[S1].txt
2014-03-22 22:04 - 2014-03-22 21:44 - 00000000 ____D () C:\AdwCleaner
2014-03-22 22:03 - 2014-03-22 22:03 - 01950720 _____ () C:\Users\vedran\Desktop\AdwCleaner(1).exe
2014-03-22 21:51 - 2009-07-14 03:34 - 00000857 _____ () C:\Windows\win.ini
2014-03-22 21:49 - 2011-04-18 09:40 - 00001045 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-22 21:49 - 2011-04-17 12:50 - 00000000 ___RD () C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 21:44 - 2014-03-22 21:44 - 01950720 _____ () C:\Users\vedran\Downloads\AdwCleaner.exe
2014-03-22 19:33 - 2014-03-22 19:33 - 00013114 _____ () C:\Users\vedran\Desktop\attach.txt
2014-03-22 19:32 - 2014-03-22 19:33 - 00021084 _____ () C:\Users\vedran\Desktop\dds.txt
2014-03-22 19:30 - 2014-03-22 19:30 - 00688992 _____ (Swearware) C:\Users\vedran\Downloads\dds (1).pif
2014-03-22 19:30 - 2014-03-22 19:30 - 00688992 _____ (Swearware) C:\Users\vedran\Downloads\dds (1).com
2014-03-22 19:24 - 2014-03-22 19:24 - 00688992 _____ (Swearware) C:\Users\vedran\Downloads\dds.pif
2014-03-22 19:24 - 2014-03-22 19:23 - 00688992 ____R (Swearware) C:\Users\vedran\Downloads\dds.com
2014-03-22 05:49 - 2014-03-22 05:49 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-19 21:17 - 2014-03-19 21:17 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\vedran\Downloads\avira_en_av___ws (2).exe
2014-03-19 21:17 - 2014-03-19 21:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-19 21:16 - 2014-03-19 21:16 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\vedran\Downloads\avira_en_av___ws.exe
2014-03-19 21:16 - 2014-03-19 21:16 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\vedran\Downloads\avira_en_av___ws (1).exe
2014-03-19 15:27 - 2014-02-17 14:41 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-19 15:27 - 2014-02-17 14:41 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-19 15:27 - 2014-02-17 14:41 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-19 15:27 - 2014-02-17 14:41 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-19 15:27 - 2014-02-17 14:41 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-19 15:27 - 2014-02-17 14:41 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-19 15:27 - 2014-02-17 14:40 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-19 15:27 - 2014-02-17 14:40 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-19 15:25 - 2014-03-19 15:22 - 90578216 _____ (AVAST Software) C:\Users\vedran\Downloads\avast_free_antivirus_setup (1).exe
2014-03-17 11:29 - 2012-07-10 22:45 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\Awem
2014-03-16 22:55 - 2014-03-16 22:54 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh(2).exe
2014-03-16 22:54 - 2014-03-16 22:53 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh(1).exe
2014-03-16 22:45 - 2014-03-16 22:45 - 01161000 _____ () C:\Users\vedran\Downloads\farm_frenzy_3-gs_agh.exe
2014-03-16 22:44 - 2014-03-16 22:44 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh.exe
2014-03-16 22:44 - 2014-03-16 22:44 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh (1).exe
2014-03-15 15:54 - 2014-02-17 14:50 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 12:57 - 2009-07-14 06:13 - 00006382 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 14:28 - 2012-10-21 12:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-14 14:27 - 2012-10-21 12:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-14 14:27 - 2011-10-31 18:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-08 22:45 - 2014-03-08 22:39 - 00000000 ____D () C:\Users\vedran\Desktop\Originals
2014-03-08 22:35 - 2011-04-20 09:49 - 00056320 ____H () C:\Users\vedran\Desktop\photothumb.db
2014-03-08 22:32 - 2014-03-08 22:32 - 00056856 _____ () C:\Users\vedran\Desktop\IMG_20140308_121157-bbbbbbbbbbbbbbbbbbb
2014-02-27 09:52 - 2013-03-28 12:44 - 00000000 ____D () C:\Users\vedran\AppData\Local\PlayFree Browser

ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\9a9f1c46
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\9a9f1c46\@
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\9a9f1c46\X

Files to move or delete:
====================
C:\ProgramData\ISTask.dll
C:\ProgramData\RegistryReviver.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-24 14:26

==================== End Of Log ============================

Dopuna: 29 Mar 2014 11:07

Users shortcut scan result (x64) Version: 13-03-2014
Ran by vedran at 2014-03-29 11:04:53
Running from C:\Users\vedran\Desktop
Boot Mode: Normal
==================== Shortcuts =============================

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\FantastiGames.lnk -> C:\Program Files (x86)\FantastiGames\GPlrLanc.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Rummy Royal.lnk -> C:\Rummy Royal\updater.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk -> C:\Windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk -> C:\Windows\Installer\{3A92A8D7-60F4-4BC0-892B-3AAE4481359D}\Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Uninstall Winamp.lnk -> C:\Program Files (x86)\Winamp\UninstWA.exe (Nullsoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\What's New.lnk -> C:\Program Files (x86)\Winamp\whatsnew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer\Software Informer.lnk -> C:\Program Files\Software Informer\softinfo.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer\Uninstall Software Informer.lnk -> C:\Program Files\Software Informer\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Windows\Installer\{5335DADB-34BA-4AE8-A519-648D78498846}\SkypeIcon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio\Samsung New PC Studio.lnk -> C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rummy Royal\Rummy Royal.lnk -> C:\Rummy Royal\updater.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft\Registry Reviver\Registry Reviver.lnk -> C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (ReviverSoft LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft\Registry Reviver\Uninstall.lnk -> C:\Program Files\ReviverSoft\Registry Reviver\Uninstall.exe (ReviverSoft LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\PhotoScape.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\Uninstall PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\uninstall.exe (Mooii)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Desinstalar Nero Burning ROM.lnk -> C:\Program Files (x86)\Nero\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Burning ROM.lnk -> C:\Program Files (x86)\Nero\Core\nero.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero ControlCenter 4.lnk -> C:\Program Files (x86)\Nero\Nero ControlCenter 4\ncc.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Online Upgrade.lnk -> C:\Program Files (x86)\Nero\Nero 9\Nero Online Upgrade\NeroOnlineUpgrade.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 9\Nero StartSmart Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moborobo\Moborobo.lnk -> C:\Program Files (x86)\Moborobo\Moborobo.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moborobo\Uninstall Moborobo.lnk -> C:\Program Files (x86)\Moborobo\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Shop for HP Supplies.lnk -> C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe (Hewlett-Packard Development Company L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\GDSMux.lnk -> C:\Program Files (x86)\Haali\MatroskaSplitter\gdsmux.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Uninstall.lnk -> C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe (Freemake)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Youtube Mp3 Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\FreemakeYoutubeMP3Converter.exe (Freemake)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter\Free Video Converter.lnk -> C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe (Koyote Soft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter\Uninstall Free Video Converter.lnk -> C:\Program Files (x86)\Free Video Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Easy Audio Cutter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe (Koyote Soft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Free CD Ripper.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\FreeCDRipper.exe (Koyote Soft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Free Mp3 Wma Converter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Uninstall Audiopack.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free Studio Manager.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe (DvdVideoSoft Ltd. )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe (DVDVideoSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Rocket Subscription.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\SubscriptionOffer.exe (DVDVideoSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube Download.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe (DVDVideoSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe (DVDVideoSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BearShare\BearShare.lnk -> C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\My Avira\Avira AntiVir.lnk -> C:\Windows\update.tray-8-0-lnk\svchost.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Wendy's Wellness\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Wendy's Wellness\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Wendy's Wellness\Wendy's Wellness Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Wendy's Wellness\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Wendy's Wellness\Wendy's Wellness.lnk -> C:\Program Files (x86)\AllGamesHome.com\Wendy's Wellness\Wendy's Wellness.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Wendy's Wellness\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Wendy's Wellness\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Wendy's Wellness\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Wendy's Wellness\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Vampire Saga - Pandora's Box\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Vampire Saga - Pandora's Box\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Vampire Saga - Pandora's Box\Vampire Saga - Pandora's Box Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Vampire Saga - Pandora's Box\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Vampire Saga - Pandora's Box\Vampire Saga - Pandora's Box.lnk -> C:\Program Files (x86)\AllGamesHome.com\Vampire Saga - Pandora's Box\Vampire Saga - Pandora's Box.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Vampire Saga - Pandora's Box\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Vampire Saga - Pandora's Box\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Vampire Saga - Pandora's Box\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Vampire Saga - Pandora's Box\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Treasures Of Montezuma\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Treasures Of Montezuma\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Treasures Of Montezuma\The Treasures Of Montezuma Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Treasures Of Montezuma\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Treasures Of Montezuma\The Treasures Of Montezuma.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Treasures Of Montezuma\The Treasures Of Montezuma.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Treasures Of Montezuma\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Treasures Of Montezuma\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Treasures Of Montezuma\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Treasures Of Montezuma\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Lost Kingdom Prophecy\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Lost Kingdom Prophecy\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Lost Kingdom Prophecy\The Lost Kingdom Prophecy Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Lost Kingdom Prophecy\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Lost Kingdom Prophecy\The Lost Kingdom Prophecy.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Lost Kingdom Prophecy\The Lost Kingdom Prophecy.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Lost Kingdom Prophecy\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Lost Kingdom Prophecy\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Lost Kingdom Prophecy\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Lost Kingdom Prophecy\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Joy of Farming\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Joy of Farming\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Joy of Farming\The Joy of Farming Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Joy of Farming\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Joy of Farming\The Joy of Farming.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Joy of Farming\The Joy of Farming.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Joy of Farming\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Joy of Farming\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Joy of Farming\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Joy of Farming\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Island - Castaway\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Island - Castaway\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Island - Castaway\The Island - Castaway Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Island - Castaway\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Island - Castaway\The Island - Castaway.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Island - Castaway\The Island - Castaway.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Island - Castaway\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Island - Castaway\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Island - Castaway\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Island - Castaway\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Settlement - Colossus\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Settlement - Colossus\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Settlement - Colossus\Settlement - Colossus Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Settlement - Colossus\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Settlement - Colossus\Settlement - Colossus.lnk -> C:\Program Files (x86)\AllGamesHome.com\Settlement - Colossus\Settlement - Colossus.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Settlement - Colossus\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Settlement - Colossus\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Settlement - Colossus\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Settlement - Colossus\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Operation Return Gifts\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Operation Return Gifts\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Operation Return Gifts\Operation Return Gifts Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Operation Return Gifts\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Operation Return Gifts\Operation Return Gifts.lnk -> C:\Program Files (x86)\AllGamesHome.com\Operation Return Gifts\Operation Return Gifts.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Operation Return Gifts\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Operation Return Gifts\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Operation Return Gifts\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Operation Return Gifts\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Legacy - World Adventure\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Legacy - World Adventure\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Legacy - World Adventure\Legacy - World Adventure Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Legacy - World Adventure\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Legacy - World Adventure\Legacy - World Adventure.lnk -> C:\Program Files (x86)\AllGamesHome.com\Legacy - World Adventure\Legacy - World Adventure.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Legacy - World Adventure\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Legacy - World Adventure\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Legacy - World Adventure\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Legacy - World Adventure\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Jewel Quest Heritage\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Jewel Quest Heritage\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Jewel Quest Heritage\Jewel Quest Heritage Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Jewel Quest Heritage\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Jewel Quest Heritage\Jewel Quest Heritage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Jewel Quest Heritage\Jewel Quest Heritage.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Jewel Quest Heritage\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Jewel Quest Heritage\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Jewel Quest Heritage\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Jewel Quest Heritage\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Home Sweet Home\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Home Sweet Home\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Home Sweet Home\Home Sweet Home Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Home Sweet Home\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Home Sweet Home\Home Sweet Home.lnk -> C:\Program Files (x86)\AllGamesHome.com\Home Sweet Home\Home Sweet Home.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Home Sweet Home\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Home Sweet Home\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Home Sweet Home\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Home Sweet Home\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Gourmania\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Gourmania\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Gourmania\Gourmania Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Gourmania\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Gourmania\Gourmania.lnk -> C:\Program Files (x86)\AllGamesHome.com\Gourmania\Gourmania.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Gourmania\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Gourmania\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Gourmania\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Gourmania\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Catch The Tune\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Catch The Tune\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Catch The Tune\Catch The Tune Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Catch The Tune\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Catch The Tune\Catch The Tune.lnk -> C:\Program Files (x86)\AllGamesHome.com\Catch The Tune\Catch The Tune.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Catch The Tune\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Catch The Tune\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Catch The Tune\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Catch The Tune\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Big Farm\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\AllGamesHome.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Big Farm\Big Farm Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\homepage.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Big Farm\Big Farm.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\Big Farm.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Big Farm\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Big Farm\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4shared Tools\4shared Desktop.lnk -> C:\Program Files (x86)\4shared Desktop\desktop.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4shared Tools\Uninstall.lnk -> C:\Program Files (x86)\4shared Desktop\uninstall.exe (New IT Solutions)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Avira.lnk -> C:\Windows\update.tray-8-0-lnk\svchost.exe (No File)
Shortcut: C:\Users\Public\Desktop\Big Farm.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\Big Farm.exe ()
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Registry Reviver.lnk -> C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (ReviverSoft LLC)
Shortcut: C:\Users\Public\Desktop\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\vedran\Links\Desktop.lnk -> C:\Users\vedran\Desktop ()
Shortcut: C:\Users\vedran\Links\Downloads.lnk -> C:\Users\vedran\Downloads ()
Shortcut: C:\Users\vedran\Desktop\4shared Desktop.lnk -> C:\Program Files (x86)\4shared Desktop\desktop.exe ()
Shortcut: C:\Users\vedran\Desktop\Bonga.lnk -> C:\Users\vedran\AppData\Local\PlayFree Browser\Games\bonga-gs_agh\play.exe ()
Shortcut: C:\Users\vedran\Desktop\Kingdom's Heyday.lnk -> C:\Users\vedran\AppData\Local\PlayFree Browser\Games\kingdoms_heyday-gs_agh\play.exe ()
Shortcut: C:\Users\vedran\Desktop\razno\slike\mobiteL\Free YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe (DVDVideoSoft Ltd.)
Shortcut: C:\Users\vedran\Desktop\programi\Adobe Reader X.lnk -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\vedran\Desktop\programi\BearShare.lnk -> C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (No File)
Shortcut: C:\Users\vedran\Desktop\programi\DVDVideoSoft Free Studio.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe (DvdVideoSoft Ltd. )
Shortcut: C:\Users\vedran\Desktop\programi\Easy Audio Cutter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\Desktop\programi\Facebook.lnk -> C:\Users\vedran\AppData\Local\Torch\Application\torch.exe (No File)
Shortcut: C:\Users\vedran\Desktop\programi\Free CD Ripper.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\FreeCDRipper.exe (Koyote Soft)
Shortcut: C:\Users\vedran\Desktop\programi\Free Mp3 Wma Converter - Copy.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\Desktop\programi\Free Mp3 Wma Converter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\Desktop\programi\Free Video Converter.lnk -> C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\Desktop\programi\Free YouTube Download.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe (DVDVideoSoft Ltd.)
Shortcut: C:\Users\vedran\Desktop\programi\Free YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe (DVDVideoSoft Ltd.)
Shortcut: C:\Users\vedran\Desktop\programi\Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe (Freemake)
Shortcut: C:\Users\vedran\Desktop\programi\Freemake Youtube Mp3 Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\FreemakeYoutubeMP3Converter.exe (Freemake)
Shortcut: C:\Users\vedran\Desktop\programi\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\Users\vedran\Desktop\programi\Nitro Reader.lnk -> C:\Program Files (x86)\Nitro PDF\Reader 2\NitroPDFReader.exe (Nitro PDF)
Shortcut: C:\Users\vedran\Desktop\programi\Norton Installation Files.lnk -> C:\Users\Public\Downloads\Norton\{NISADM-B201-4abb-B07C-C084B04B4F12} ()
Shortcut: C:\Users\vedran\Desktop\programi\PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\PhotoScape.exe ()
Shortcut: C:\Users\vedran\Desktop\programi\Play Free Games.lnk -> C:\Program Files (x86)\Free Video Converter\fantastic\fantasticInst.exe ()
Shortcut: C:\Users\vedran\Desktop\programi\Registry Reviver.lnk -> C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (ReviverSoft LLC)
Shortcut: C:\Users\vedran\Desktop\programi\Torch.lnk -> C:\Users\vedran\AppData\Local\Torch\Application\torch.exe (No File)
Shortcut: C:\Users\vedran\Desktop\programi\Youtube.lnk -> C:\Users\vedran\AppData\Local\Torch\Application\torch.exe (No File)
Shortcut: C:\Users\vedran\Desktop\New folder (2)\slike\mobiteL\Free YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe (DVDVideoSoft Ltd.)
Shortcut: C:\Users\vedran\Desktop\New folder (2)\mobiteL\Free YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe (DVDVideoSoft Ltd.)
Shortcut: C:\Users\vedran\AppData\AppData - Shortcut.lnk -> C:\Users\vedran\AppData ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free mp3 Wma Converter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Video Converter.lnk -> C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk -> C:\Users\vedran\AppData\Local\Pokki\Engine\pokki.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk -> C:\Users\vedran\AppData\Local\Torch\Application\torch.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN\PrivitizeVPN.lnk -> C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN\Uninstall PrivitizeVPN.lnk -> C:\Program Files (x86)\PrivitizeVPN\uninstall.exe (OOO Industry)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Youtube Mp3 Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\Uninstall\unins000.exe ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk -> C:\Program Files (x86)\4shared Desktop\desktop.exe ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk -> C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Big Farm.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\Big Farm.exe ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Catch The Tune.lnk -> C:\Program Files (x86)\AllGamesHome.com\Catch The Tune\Catch The Tune.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Easy Audio Cutter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\FreeCDRipper.exe (Koyote Soft)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk -> C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gourmania.lnk -> C:\Program Files (x86)\AllGamesHome.com\Gourmania\Gourmania.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Home Sweet Home.lnk -> C:\Program Files (x86)\AllGamesHome.com\Home Sweet Home\Home Sweet Home.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Jewel Quest Heritage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Jewel Quest Heritage\Jewel Quest Heritage.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Legacy - World Adventure.lnk -> C:\Program Files (x86)\AllGamesHome.com\Legacy - World Adventure\Legacy - World Adventure.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Operation Return Gifts.lnk -> C:\Program Files (x86)\AllGamesHome.com\Operation Return Gifts\Operation Return Gifts.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\PhotoScape.exe ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PlayFree Browser.lnk -> C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe (MyPlayCity, Inc.)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Registry Reviver.lnk -> C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (ReviverSoft LLC)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Rummy Royal.lnk -> C:\Rummy Royal\updater.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk -> C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Settlement - Colossus.lnk -> C:\Program Files (x86)\AllGamesHome.com\Settlement - Colossus\Settlement - Colossus.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\The Joy of Farming.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Joy of Farming\The Joy of Farming.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\The Lost Kingdom Prophecy.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Lost Kingdom Prophecy\The Lost Kingdom Prophecy.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\The Treasures Of Montezuma.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Treasures Of Montezuma\The Treasures Of Montezuma.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk -> C:\Users\vedran\AppData\Local\Torch\Application\torch.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vampire Saga - Pandora's Box.lnk -> C:\Program Files (x86)\AllGamesHome.com\Vampire Saga - Pandora's Box\Vampire Saga - Pandora's Box.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wendy's Wellness.lnk -> C:\Program Files (x86)\AllGamesHome.com\Wendy's Wellness\Wendy's Wellness.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Installer for SoftSafe.lnk -> C:\Users\vedran\Downloads\Ranko Marinkovic Ruke pdf.exe (SoftSafe)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PlayFree Browser.lnk -> C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe (MyPlayCity, Inc.)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BearShare.lnk -> C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Moborobo.lnk -> C:\Program Files (x86)\Moborobo\Moborobo.exe ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp (Safe Mode).lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> /SAFE=1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio\Uninstall Samsung New PC Studio.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe () -> -L2057 /removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rummy Royal\Uninstall Rummy Royal.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {479C85BE-93E3-49B7-A57D-C5D4EF374F4E}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Express.lnk -> C:\Program Files (x86)\Nero\Core\nero.exe (Nero AG) -> /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe () -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -c
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Media Splitter Settings.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> splitter.ax,Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Deinstalacija programa Google Earth.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Pokretanje programa Google Earth u DirectX naĊinu rada.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setDX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Pokretanje programa Google Earth u OpenGL naĊinu rada.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setOGL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\Avast.lnk -> C:\Windows\update.tray-7-0-lnk\svchost.exe (Cronosoft) -> tray 7-0 1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\vedran\Desktop\PlayFree Browser.lnk -> C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe (MyPlayCity, Inc.) -> --shortcut
ShortcutWithArgument: C:\Users\vedran\Desktop\razno\slike\best!\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\Users\vedran\Desktop\New folder (2)\slike\best!\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\Users\vedran\Desktop\New folder (2)\best!\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayFree Browser\PlayFree Browser.lnk -> C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe (MyPlayCity, Inc.) -> --startmenu
ShortcutWithArgument: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\avast! Free Antivirus.lnk -> C:\Windows\update.tray-7-0-lnk\svchost.exe (Cronosoft) -> tray 7-0 1


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moborobo\Moborobo on the Web.url -> hxxp://www.moborobo.com
InternetURL: C:\Users\vedran\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\vedran\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\vedran\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\vedran\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\vedran\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\vedran\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\vedran\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\vedran\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\vedran\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\vedran\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\vedran\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\vedran\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\vedran\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\vedran\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\vedran\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\vedran\Favorites\Links\Suggested Sites.url -> ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\vedran\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\vedran\Desktop\programi\Get The Best Facebook Chat Messenger.url -> hxxp://lp.ftalk.com/?sysid=431&appid=120
InternetURL: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com
InternetURL: C:\Users\vedran\AppData\Local\PlayFree Browser\Games\kingdoms_heyday-gs_agh\play.url -> hxxp://allgameshome.com/play.html?utm_source=gs_agh&utm_medium=play
InternetURL: C:\Users\vedran\AppData\Local\PlayFree Browser\Games\kingdoms_heyday-gs_agh\website.url -> hxxp://allgameshome.com/?utm_source=gs_agh&utm_medium=website
InternetURL: C:\Users\vedran\AppData\Local\PlayFree Browser\Games\bonga-gs_agh\play.url -> hxxp://allgameshome.com/play.html?utm_source=gs_agh&utm_medium=play
InternetURL: C:\Users\vedran\AppData\Local\PlayFree Browser\Games\bonga-gs_agh\website.url -> hxxp://allgameshome.com/?utm_source=gs_agh&utm_medium=website

==================== End of log =============================

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Kamo ga Additional.txt log?

Ko je trenutno na forumu
 

Ukupno su 1244 korisnika na forumu :: 32 registrovanih, 7 sakrivenih i 1205 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, amaterSRB, Battlehammer, Bobrock1, bojank, bokisha253, Botovac, Brana01, Centauro, cikadeda, dencorr, dragoljub11987, Fabius, FileFinder, Griffon vulture, ILGromovnik, Ivica1102, Još malo pa deda, kuntalo, Lucije Kvint, Mcdado, Milos ZA, mnn2, opt1, raptorsi, rodoljub, Srle993, stegonosa, Tvrtko I, vladaa012, vladulns, YU-UKI