Poslao: 27 Mar 2014 13:31
|
offline
- valentinag
- Novi MyCity građanin
- Pridružio: 22 Mar 2014
- Poruke: 13
|
Napisano: 27 Mar 2014 13:28
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
malwarebytes.org
Database version: v2014.03.27.02
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
vedran :: VEDRAN-PC [administrator]
27.3.2014. 12:56:31
mbar-log-2014-03-27 (12-56-31).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 272706
Time elapsed: 16 minute(s), 12 second(s)
Memory Processes Detected: 3
C:\Windows\sysdriver32_.exe (Trojan.Agent) -> 1812 -> Delete on reboot.
C:\Windows\systemup.exe (Spyware.Agent) -> 1896 -> Delete on reboot.
C:\Windows\l1rezerv.exe (Trojan.Agent) -> 1668 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 10
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wxpdrivers (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{79007602-0CDB-4405-9DBF-1257BB3226EE} (Spyware.OnlineGames) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\sysdriver32.exe (Trojan.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\systeminfog (Trojan.Agent) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\SERVICES32.EXE (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\MINIMAL\wxpdrivers (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\wxpdrivers (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\srvbtcclient (Trojan.Downloader) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\srviecheck (Trojan.Agent) -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\srvsysdriver32 (Trojan.Agent) -> Delete on reboot.
Registry Values Detected: 12
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|sysdriver32_.exe (Trojan.Agent) -> Data: "C:\Windows\sysdriver32_.exe" rezerv -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|systemup (Spyware.Agent) -> Data: "C:\Windows\systemup.exe" stand -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|l1rezerv.exe (Trojan.Agent) -> Data: "C:\Windows\l1rezerv.exe" -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|wxpdrv (Trojan.Agent) -> Data: C:\Windows\services32.exe -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|sysdriver32.exe (Trojan.Agent) -> Data: "C:\Windows\sysdriver32.exe" rezerv -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|tray_ico0 (Trojan.Agent) -> Data: C:\Windows\update.tray-9-0\svchost.exe -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|tray_ico1 (Trojan.Agent) -> Data: C:\Windows\update.tray-7-0\svchost.exe -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|tray_ico2 (Trojan.Agent) -> Data: C:\Windows\update.tray-8-0\svchost.exe -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|7346280.exe (Trojan.Downloader.Gen) -> Data: "C:\Users\vedran\AppData\Local\Temp\7346280.exe" -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|1536238.exe (Trojan.Downloader.Gen) -> Data: "C:\Users\vedran\AppData\Local\Temp\1536238.exe" -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\SERVICES32.EXE|close (Trojan.Agent) -> Data: 0 -> Delete on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WXPDRIVERS|ImagePath (Trojan.Agent) -> Data: C:\Windows\update.1\svchost.exe srv -> Delete on reboot.
Registry Data Items Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT|AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> Replace on reboot.
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\SUBSYSTEMS|Windows (Hijack.Trojan.Siredef.D) -> Bad: (%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16) Good: (%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16) -> Replace on reboot.
Folders Detected: 1
C:\Windows\rpcminer (Trojan.BCMiner) -> Delete on reboot.
Files Detected: 47
C:\Windows\sysdriver32_.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\systemup.exe (Spyware.Agent) -> Delete on reboot.
C:\Windows\l1rezerv.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\services32.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\sysdriver32.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\update.tray-9-0\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\update.tray-7-0\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\update.tray-8-0\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\update.1\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\wfxsvc.dll (Trojan.Siredef) -> Delete on reboot.
C:\Windows\System32\dlcg_device.dll (Trojan.Siredef) -> Delete on reboot.
C:\Windows\System32\roxmediadb9.dll (Trojan.Siredef) -> Delete on reboot.
C:\Windows\System32\consrv.dll (Trojan.Siredef) -> Delete on reboot.
C:\Users\vedran\Downloads\Flash-Player(1).exe (Trojan.Agent) -> Delete on reboot.
C:\Users\vedran\Downloads\Flash-Player.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\vedran\Downloads\scandsk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\vedran\Downloads\scandsk(4).exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\vedran\Downloads\BestCodecsPackSetup.exe (Adware.InstallBrain) -> Delete on reboot.
C:\Users\vedran\Downloads\scandsk(1).exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\vedran\Downloads\scandsk(2).exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\vedran\Downloads\scandsk(3).exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.
C:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.
C:\Windows\assembly\tmp\U\00000001.@ (Rootkit.0Access) -> Delete on reboot.
C:\Windows\assembly\tmp\U\000000cf.@ (Trojan.Agent) -> Delete on reboot.
C:\Windows\assembly\tmp\U\800000c0.@ (Rootkit.0Access) -> Delete on reboot.
C:\Windows\assembly\tmp\U\800000cf.@ (Rootkit.0Access) -> Delete on reboot.
C:\Windows\update.7.1\svchostdriver.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\update.2\svchost.exe (Backdoor.Agent) -> Delete on reboot.
C:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Delete on reboot.
C:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Delete on reboot.
C:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Delete on reboot.
C:\Users\vedran\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
C:\Windows\System32\drivers\etc\hîsts (Hijack.Trace) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Dopuna: 27 Mar 2014 13:31
mycity.rs/must-login.png
|
|
|
|
Poslao: 27 Mar 2014 13:33
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Pokusaj sada da pokrenes Combofix.
|
|
|
|
Poslao: 27 Mar 2014 13:35
|
offline
- valentinag
- Novi MyCity građanin
- Pridružio: 22 Mar 2014
- Poruke: 13
|
omboFix 14-03-23.01 - vedran 3.03.2014. 20:17:10.2.1 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.385.1033.18.1918.1411 [GMT 1:00]
Running from: C:\Users\vedran\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files (x86)\intellidownload\gunzip.exe
C:\Program Files (x86)\Speed Test 127\ScRIpthost.dll
C:\Users\vedran\AppData\Roaming\DMCache\wlrmdr.dll
C:\Users\vedran\AppData\Roaming\DMCache\wlrmdr.exe
C:\Users\vedran\AppData\Roaming\Microsoft\msdrm.dll
C:\Users\vedran\AppData\Roaming\Microsoft\msdtc.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\tmp\U
C:\Windows\assembly\tmp\U\00000001.@
C:\Windows\assembly\tmp\U\000000c0.@
C:\Windows\assembly\tmp\U\000000cb.@
C:\Windows\assembly\tmp\U\000000cf.@
C:\Windows\assembly\tmp\U\80000000.@
C:\Windows\assembly\tmp\U\800000c0.@
C:\Windows\assembly\tmp\U\800000cb.@
C:\Windows\assembly\tmp\U\800000cf.@
C:\Windows\av_ico
C:\Windows\av_ico\ico_avast_desktop.ico
C:\Windows\av_ico\ico_avast_start.ico
C:\Windows\av_ico\ico_avira_start.ico
C:\Windows\av_ico\ico_mcafee_start.ico
C:\Windows\btc_client_iplist.txt
C:\Windows\front_ip_list.txt
C:\Windows\geoiplist
C:\Windows\geoiplist.rar
C:\Windows\iecheck_iplist.txt
C:\Windows\info1
C:\Windows\iplist.txt
C:\Windows\l1rezerv.exe
C:\Windows\loader2.exe_ok
C:\Windows\phoenix
C:\Windows\phoenix.rar
C:\Windows\phoenix\kernels\phatk\__init__.py
C:\Windows\phoenix\kernels\phatk\__init__.pyc
C:\Windows\phoenix\kernels\phatk\BFIPatcher.py
C:\Windows\phoenix\kernels\phatk\kernel.cl
C:\Windows\phoenix\kernels\poclbm\__init__.py
C:\Windows\phoenix\kernels\poclbm\__init__.pyc
C:\Windows\phoenix\kernels\poclbm\BFIPatcher.py
C:\Windows\phoenix\kernels\poclbm\kernel.cl
C:\Windows\phoenix\phoenix.exe
C:\Windows\proc_list1.log
C:\Windows\rpcminer
C:\Windows\rpcminer\bitcoinminercuda_10.cubin
C:\Windows\rpcminer\bitcoinminercuda_11.cubin
C:\Windows\rpcminer\bitcoinminercuda_20.cubin
C:\Windows\rpcminer\bitcoinmineropencl.cl
C:\Windows\rpcminer\cudart32_32_16.dll
C:\Windows\rpcminer\curllib.dll
C:\Windows\rpcminer\libeay32.dll
C:\Windows\rpcminer\libsasl.dll
C:\Windows\rpcminer\openldap.dll
C:\Windows\rpcminer\rpcminer-4way.exe
C:\Windows\rpcminer\rpcminer-cpu.exe
C:\Windows\rpcminer\rpcminer-cuda.exe
C:\Windows\rpcminer\rpcminer-opencl.exe
C:\Windows\rpcminer\ssleay32.dll
C:\Windows\services32.exe
C:\Windows\sysdriver32.exe
C:\Windows\sysdriver32_.exe
C:\Windows\systemup.exe
C:\Windows\SysWow64\AppLog.log
C:\Windows\SysWow64\lang-1033-default.dll
C:\Windows\SysWow64\Packet.dll
C:\Windows\SysWow64\pthreadVC.dll
C:\Windows\SysWow64\wpcap.dll
C:\Windows\ufa.rar
C:\Windows\update.1
C:\Windows\update.1\svchost.exe
C:\Windows\update.2
C:\Windows\update.2\svchost.exe
C:\Windows\update.5.0
C:\Windows\update.5.0\svchost.exe
C:\Windows\update.7.1
C:\Windows\update.7.1\svchostdriver.exe
C:\Windows\update.tray-8-0-lnk
C:\Windows\update.tray-8-0-lnk\svchost.exe
C:\Windows\update.tray-8-0
C:\Windows\winlog-dirs.txt
C:\Windows\winlog-ids.txt
C:\Windows\winsetupapi.log
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_ddservice
-------\Service_npf
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
((((((((((((((((((((((((( Files Created from 2014-02-23 to 2014-03-23 )))))))))))))))))))))))))))))))
2014-03-23 19:24:36 . 2014-03-23 19:24:36 -------- d-----w- C:\Users\fbwuser\AppData\Local\temp
2014-03-23 19:24:36 . 2014-03-23 19:24:36 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-03-23 17:38:46 . 2014-03-23 17:38:48 -------- d-----w- C:\Users\vedran\AppData\Roaming\DropboxMaster
2014-03-23 17:32:39 . 2014-03-23 17:32:39 43152 ----a-w- C:\Windows\avastSS.scr
2014-03-23 17:31:41 . 2014-03-23 17:31:41 -------- d-----w- C:\Program Files\AVAST Software
2014-03-23 17:30:56 . 2014-03-23 17:31:00 -------- d-----w- C:\ProgramData\AVAST Software
2014-03-22 20:44:55 . 2014-03-22 21:04:54 -------- d-----w- C:\AdwCleaner
2014-03-22 04:49:20 . 2014-03-22 04:49:20 61120 ----a-w- C:\Windows\system32\drivers\wStLib64.sys
2014-03-19 20:17:34 . 2014-03-19 20:17:34 -------- d-----w- C:\ProgramData\Package Cache
2014-03-19 14:25:08 . 2014-03-19 14:25:08 421704 ----a-w- C:\Windows\system32\drivers\hhzsdunn.sys
2014-03-03 03:31:18 . 2014-03-03 03:31:18 -------- d-----w- C:\91Mobile
2014-02-22 11:32:26 . 2014-03-22 23:09:35 -------- d-----w- C:\Users\vedran\AppData\Local\CrashDumps
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2014-03-23 17:32:43 . 2014-02-17 13:41:07 84816 ----a-w- C:\Windows\system32\drivers\aswStm.sys
2014-03-23 17:32:43 . 2014-02-17 13:41:07 208928 ----a-w- C:\Windows\system32\drivers\aswVmm.sys
2014-03-23 17:32:41 . 2014-02-17 13:41:06 65776 ----a-w- C:\Windows\system32\drivers\aswRvrt.sys
2014-03-23 17:32:41 . 2014-02-17 13:41:05 1039096 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2014-03-23 17:32:41 . 2014-02-17 13:41:03 423240 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2014-03-23 17:32:41 . 2014-02-17 13:41:02 79184 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2014-03-23 17:32:41 . 2014-02-17 13:40:36 334648 ----a-w- C:\Windows\system32\aswBoot.exe
2014-03-23 17:32:40 . 2014-02-17 13:40:58 93568 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys
2014-03-23 12:23:44 . 2012-03-09 23:10:14 0 --sha-w- C:\Windows\system32\dds_log_ad13.cmd
2014-03-14 13:27:45 . 2012-10-21 11:58:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-14 13:27:43 . 2011-10-31 17:26:58 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 22:57:57 . 2014-02-20 22:57:57 1002728 ----a-w- C:\Windows\system32\WinUSBCoInstaller2.dll
2014-02-20 22:57:57 . 2014-02-20 22:57:56 1721576 ----a-w- C:\Windows\system32\WdfCoInstaller01009.dll
2014-02-17 21:01:22 . 2014-02-17 21:01:18 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2014-02-17 21:01:18 . 2014-02-17 21:01:15 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2014-01-14 14:13:28 . 2014-02-20 22:55:41 12072 ----a-w- C:\Windows\SysWow64\drivers\MoborobAssDriver64.sys
2014-01-08 15:23:45 . 2009-07-13 23:52:07 65536 ----a-w- C:\Windows\system32\sppuinotify.dll
2014-01-08 15:23:21 . 2014-01-08 15:23:28 381952 ----a-w- C:\Windows\system32\sppcommdlg.dll
2014-01-08 15:21:14 . 2009-07-13 23:52:11 349696 ----a-w- C:\Windows\system32\slui.exe
|
|
|
|
Poslao: 27 Mar 2014 13:37
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Nisi iskopirao komletan log, prikaci ga uz poruku.
|
|
|
|
Poslao: 27 Mar 2014 14:50
|
offline
- valentinag
- Novi MyCity građanin
- Pridružio: 22 Mar 2014
- Poruke: 13
|
ComboFix 14-03-24.01 - vedran 7.03.2014. 14:09:44.3.1 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.385.1033.18.1918.665 [GMT 1:00]
Running from: c:\users\vedran\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\intellidownload\gunzip.exe
c:\program files (x86)\Speed Test 127\ScRIpthost.dll
c:\users\vedran\AppData\Roaming\DMCache\wlrmdr.dll
c:\users\vedran\AppData\Roaming\DMCache\wlrmdr.exe
c:\users\vedran\AppData\Roaming\Microsoft\msdrm.dll
c:\users\vedran\AppData\Roaming\Microsoft\msdtc.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\SysWow64\AppLog.log
c:\windows\SysWow64\lang-1033-default.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0-lnk\svchost.exe
c:\windows\update.tray-8-0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_ddservice
-------\Service_npf
-------\Service_WXPDRIVERS
.
.
((((((((((((((((((((((((( Files Created from 2014-02-27 to 2014-03-27 )))))))))))))))))))))))))))))))
.
.
2014-03-27 13:20 . 2014-03-27 13:20 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2014-03-27 13:20 . 2014-03-27 13:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-27 12:25 . 2014-03-27 13:28 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F96206B-C1B1-4A13-8BF2-81C72BD9ACA7}\offreg.dll
2014-03-27 11:56 . 2014-03-27 11:56 -------- d-----w- c:\programdata\Malwarebytes
2014-03-27 11:56 . 2014-03-27 12:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-27 11:56 . 2014-03-27 11:56 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-27 11:55 . 2014-03-27 11:55 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-26 22:40 . 2014-03-26 22:41 -------- d-----w- C:\FRST
2014-03-26 04:45 . 2014-03-17 09:16 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F96206B-C1B1-4A13-8BF2-81C72BD9ACA7}\mpengine.dll
2014-03-23 17:38 . 2014-03-23 17:38 -------- d-----w- c:\users\vedran\AppData\Roaming\DropboxMaster
2014-03-23 17:30 . 2014-03-23 19:49 -------- d-----w- c:\programdata\AVAST Software
2014-03-22 20:44 . 2014-03-22 21:04 -------- d-----w- C:\AdwCleaner
2014-03-22 04:49 . 2014-03-22 04:49 61120 ----a-w- c:\windows\system32\drivers\wStLib64.sys
2014-03-19 20:17 . 2014-03-19 20:17 -------- d-----w- c:\programdata\Package Cache
2014-03-19 14:25 . 2014-03-19 14:25 421704 ----a-w- c:\windows\system32\drivers\hhzsdunn.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-24 13:00 . 2012-03-09 23:10 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2014-03-19 14:27 . 2014-02-17 13:41 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-19 14:27 . 2014-02-17 13:41 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-19 14:27 . 2014-02-17 13:41 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-19 14:27 . 2014-02-17 13:41 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-19 14:27 . 2014-02-17 13:41 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-19 14:27 . 2014-02-17 13:41 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-19 14:27 . 2014-02-17 13:40 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-19 14:27 . 2014-02-17 13:40 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-14 13:27 . 2012-10-21 11:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-14 13:27 . 2011-10-31 17:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 22:57 . 2014-02-20 22:57 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-02-20 22:57 . 2014-02-20 22:57 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-02-17 21:01 . 2014-02-17 21:01 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2014-02-17 21:01 . 2014-02-17 21:01 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2014-02-17 13:40 . 2014-02-17 13:40 43152 ----a-w- c:\windows\avastSS.scr
2014-01-14 14:13 . 2014-02-20 22:55 12072 ----a-w- c:\windows\SysWow64\drivers\MoborobAssDriver64.sys
2014-01-08 15:23 . 2009-07-13 23:52 65536 ----a-w- c:\windows\system32\sppuinotify.dll
2014-01-08 15:23 . 2014-01-08 15:23 381952 ----a-w- c:\windows\system32\sppcommdlg.dll
2014-01-08 15:21 . 2009-07-13 23:52 349696 ----a-w- c:\windows\system32\slui.exe
2011-08-27 21:58 543744 --sha-w- c:\windows\System32\hale.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-02-04 . F78E7BD7ADC829D9DD92C558180E09DB . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2009-11-25 19:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Boot Cleanup"="c:\users\vedran\AppData\Local\CCleaner\Bin\CCleaner.exe" [2013-05-03 151040]
"BrowserUid"="c:\users\vedran\AppData\Local\PlayFree Browser\Application\PlayFreeBrowser.exe" [2014-02-26 886568]
"MPCBrowser Update"="c:\users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe" [2014-02-26 120256]
"GoogleChromeAutoLaunch_BB3C84E317859ACDEF883F30197A9F9B"="c:\users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe" [2014-02-26 886568]
"msdtc.exe"="c:\users\vedran\AppData\Roaming\DMCache\msdtc.exe" [2013-10-30 167424]
"wlrmdr.exe"="c:\users\vedran\AppData\Roaming\DMCache\slui.exe" [2013-11-15 64982]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2014-02-19 1484800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PrivitizeVPN"="c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe" [2013-02-22 196784]
"Boot Cleanup"="c:\program files\CCleaner\Bin\CCleaner.exe" [2013-05-03 151040]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"NPSStartup"=
"6979265.exe"="c:\windows\Temp\6979265.exe"
"2988524.exe"="c:\windows\Temp\2988524.exe"
"7033900.exe"="c:\windows\Temp\7033900.exe"
"tray_ico"=
"tray_ico1"=
"tray_ico2"=
"tray_ico3"=
"tray_ico4"=
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Component Manager"="c:\program files (x86)\HP\hpcoretech\hpcmpmgr.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
.
R1 aczaiywv;aczaiywv;c:\windows\system32\drivers\aczaiywv.sys;c:\windows\SYSNATIVE\drivers\aczaiywv.sys [x]
R1 ahbjsqzb;ahbjsqzb;c:\windows\system32\drivers\ahbjsqzb.sys;c:\windows\SYSNATIVE\drivers\ahbjsqzb.sys [x]
R1 aitjqshv;aitjqshv;c:\windows\system32\drivers\aitjqshv.sys;c:\windows\SYSNATIVE\drivers\aitjqshv.sys [x]
R1 amdjekvs;amdjekvs;c:\windows\system32\drivers\amdjekvs.sys;c:\windows\SYSNATIVE\drivers\amdjekvs.sys [x]
R1 atajcetg;atajcetg;c:\windows\system32\drivers\atajcetg.sys;c:\windows\SYSNATIVE\drivers\atajcetg.sys [x]
R1 audhrgry;audhrgry;c:\windows\system32\drivers\audhrgry.sys;c:\windows\SYSNATIVE\drivers\audhrgry.sys [x]
R1 avfgyfsc;avfgyfsc;c:\windows\system32\drivers\avfgyfsc.sys;c:\windows\SYSNATIVE\drivers\avfgyfsc.sys [x]
R1 aychafcq;aychafcq;c:\windows\system32\drivers\aychafcq.sys;c:\windows\SYSNATIVE\drivers\aychafcq.sys [x]
R1 bfpkvffl;bfpkvffl;c:\windows\system32\drivers\bfpkvffl.sys;c:\windows\SYSNATIVE\drivers\bfpkvffl.sys [x]
R1 bgppadqf;bgppadqf;c:\windows\system32\drivers\bgppadqf.sys;c:\windows\SYSNATIVE\drivers\bgppadqf.sys [x]
R1 bjjlxfkd;bjjlxfkd;c:\windows\system32\drivers\bjjlxfkd.sys;c:\windows\SYSNATIVE\drivers\bjjlxfkd.sys [x]
R1 bxpfgoig;bxpfgoig;c:\windows\system32\drivers\bxpfgoig.sys;c:\windows\SYSNATIVE\drivers\bxpfgoig.sys [x]
R1 bzpoxrpx;bzpoxrpx;c:\windows\system32\drivers\bzpoxrpx.sys;c:\windows\SYSNATIVE\drivers\bzpoxrpx.sys [x]
R1 cbwcymtu;cbwcymtu;c:\windows\system32\drivers\cbwcymtu.sys;c:\windows\SYSNATIVE\drivers\cbwcymtu.sys [x]
R1 cdrbjytk;cdrbjytk;c:\windows\system32\drivers\cdrbjytk.sys;c:\windows\SYSNATIVE\drivers\cdrbjytk.sys [x]
R1 cekcsypw;cekcsypw;c:\windows\system32\drivers\cekcsypw.sys;c:\windows\SYSNATIVE\drivers\cekcsypw.sys [x]
R1 cswpgeou;cswpgeou;c:\windows\system32\drivers\cswpgeou.sys;c:\windows\SYSNATIVE\drivers\cswpgeou.sys [x]
R1 ctmmkenz;ctmmkenz;c:\windows\system32\drivers\ctmmkenz.sys;c:\windows\SYSNATIVE\drivers\ctmmkenz.sys [x]
R1 ddoynkvh;ddoynkvh;c:\windows\system32\drivers\ddoynkvh.sys;c:\windows\SYSNATIVE\drivers\ddoynkvh.sys [x]
R1 dgwqbycy;dgwqbycy;c:\windows\system32\drivers\dgwqbycy.sys;c:\windows\SYSNATIVE\drivers\dgwqbycy.sys [x]
R1 dheqkdty;dheqkdty;c:\windows\system32\drivers\dheqkdty.sys;c:\windows\SYSNATIVE\drivers\dheqkdty.sys [x]
R1 dixlmrkh;dixlmrkh;c:\windows\system32\drivers\dixlmrkh.sys;c:\windows\SYSNATIVE\drivers\dixlmrkh.sys [x]
R1 drqidbhj;drqidbhj;c:\windows\system32\drivers\drqidbhj.sys;c:\windows\SYSNATIVE\drivers\drqidbhj.sys [x]
R1 dvqpxcia;dvqpxcia;c:\windows\system32\drivers\dvqpxcia.sys;c:\windows\SYSNATIVE\drivers\dvqpxcia.sys [x]
R1 dvzspiss;dvzspiss;c:\windows\system32\drivers\dvzspiss.sys;c:\windows\SYSNATIVE\drivers\dvzspiss.sys [x]
R1 ebugeqrd;ebugeqrd;c:\windows\system32\drivers\ebugeqrd.sys;c:\windows\SYSNATIVE\drivers\ebugeqrd.sys [x]
R1 eeesbokw;eeesbokw;c:\windows\system32\drivers\eeesbokw.sys;c:\windows\SYSNATIVE\drivers\eeesbokw.sys [x]
R1 eekasamo;eekasamo;c:\windows\system32\drivers\eekasamo.sys;c:\windows\SYSNATIVE\drivers\eekasamo.sys [x]
R1 egmqidwo;egmqidwo;c:\windows\system32\drivers\egmqidwo.sys;c:\windows\SYSNATIVE\drivers\egmqidwo.sys [x]
R1 ekojwcuj;ekojwcuj;c:\windows\system32\drivers\ekojwcuj.sys;c:\windows\SYSNATIVE\drivers\ekojwcuj.sys [x]
R1 encxewum;encxewum;c:\windows\system32\drivers\encxewum.sys;c:\windows\SYSNATIVE\drivers\encxewum.sys [x]
R1 eoftyzov;eoftyzov;c:\windows\system32\drivers\eoftyzov.sys;c:\windows\SYSNATIVE\drivers\eoftyzov.sys [x]
R1 eslijtxa;eslijtxa;c:\windows\system32\drivers\eslijtxa.sys;c:\windows\SYSNATIVE\drivers\eslijtxa.sys [x]
R1 etklyimd;etklyimd;c:\windows\system32\drivers\etklyimd.sys;c:\windows\SYSNATIVE\drivers\etklyimd.sys [x]
R1 eyxbtyrr;eyxbtyrr;c:\windows\system32\drivers\eyxbtyrr.sys;c:\windows\SYSNATIVE\drivers\eyxbtyrr.sys [x]
R1 faaabzpm;faaabzpm;c:\windows\system32\drivers\faaabzpm.sys;c:\windows\SYSNATIVE\drivers\faaabzpm.sys [x]
R1 fbqwbxvc;fbqwbxvc;c:\windows\system32\drivers\fbqwbxvc.sys;c:\windows\SYSNATIVE\drivers\fbqwbxvc.sys [x]
R1 fhclpdvu;fhclpdvu;c:\windows\system32\drivers\fhclpdvu.sys;c:\windows\SYSNATIVE\drivers\fhclpdvu.sys [x]
R1 fialegxd;fialegxd;c:\windows\system32\drivers\fialegxd.sys;c:\windows\SYSNATIVE\drivers\fialegxd.sys [x]
R1 fqevxmtd;fqevxmtd;c:\windows\system32\drivers\fqevxmtd.sys;c:\windows\SYSNATIVE\drivers\fqevxmtd.sys [x]
R1 fqzkokze;fqzkokze;c:\windows\system32\drivers\fqzkokze.sys;c:\windows\SYSNATIVE\drivers\fqzkokze.sys [x]
R1 gblducjz;gblducjz;c:\windows\system32\drivers\gblducjz.sys;c:\windows\SYSNATIVE\drivers\gblducjz.sys [x]
R1 gcqztrsm;gcqztrsm;c:\windows\system32\drivers\gcqztrsm.sys;c:\windows\SYSNATIVE\drivers\gcqztrsm.sys [x]
R1 geqgpmcy;geqgpmcy;c:\windows\system32\drivers\geqgpmcy.sys;c:\windows\SYSNATIVE\drivers\geqgpmcy.sys [x]
R1 gjggsnbh;gjggsnbh;c:\windows\system32\drivers\gjggsnbh.sys;c:\windows\SYSNATIVE\drivers\gjggsnbh.sys [x]
R1 gjobbtuu;gjobbtuu;c:\windows\system32\drivers\gjobbtuu.sys;c:\windows\SYSNATIVE\drivers\gjobbtuu.sys [x]
R1 gnudlllq;gnudlllq;c:\windows\system32\drivers\gnudlllq.sys;c:\windows\SYSNATIVE\drivers\gnudlllq.sys [x]
R1 gpkvuoaa;gpkvuoaa;c:\windows\system32\drivers\gpkvuoaa.sys;c:\windows\SYSNATIVE\drivers\gpkvuoaa.sys [x]
R1 gpkybxbk;gpkybxbk;c:\windows\system32\drivers\gpkybxbk.sys;c:\windows\SYSNATIVE\drivers\gpkybxbk.sys [x]
R1 gsnxjgzk;gsnxjgzk;c:\windows\system32\drivers\gsnxjgzk.sys;c:\windows\SYSNATIVE\drivers\gsnxjgzk.sys [x]
R1 gstvopua;gstvopua;c:\windows\system32\drivers\gstvopua.sys;c:\windows\SYSNATIVE\drivers\gstvopua.sys [x]
R1 gtvffalc;gtvffalc;c:\windows\system32\drivers\gtvffalc.sys;c:\windows\SYSNATIVE\drivers\gtvffalc.sys [x]
R1 guermvvs;guermvvs;c:\windows\system32\drivers\guermvvs.sys;c:\windows\SYSNATIVE\drivers\guermvvs.sys [x]
R1 gutyjkeu;gutyjkeu;c:\windows\system32\drivers\gutyjkeu.sys;c:\windows\SYSNATIVE\drivers\gutyjkeu.sys [x]
R1 gvmzlyjl;gvmzlyjl;c:\windows\system32\drivers\gvmzlyjl.sys;c:\windows\SYSNATIVE\drivers\gvmzlyjl.sys [x]
R1 gwjbwpgr;gwjbwpgr;c:\windows\system32\drivers\gwjbwpgr.sys;c:\windows\SYSNATIVE\drivers\gwjbwpgr.sys [x]
R1 hadgavkm;hadgavkm;c:\windows\system32\drivers\hadgavkm.sys;c:\windows\SYSNATIVE\drivers\hadgavkm.sys [x]
R1 hgruwrxv;hgruwrxv;c:\windows\system32\drivers\hgruwrxv.sys;c:\windows\SYSNATIVE\drivers\hgruwrxv.sys [x]
R1 hmmuyobu;hmmuyobu;c:\windows\system32\drivers\hmmuyobu.sys;c:\windows\SYSNATIVE\drivers\hmmuyobu.sys [x]
R1 ibcifnlc;ibcifnlc;c:\windows\system32\drivers\ibcifnlc.sys;c:\windows\SYSNATIVE\drivers\ibcifnlc.sys [x]
R1 immdssoy;immdssoy;c:\windows\system32\drivers\immdssoy.sys;c:\windows\SYSNATIVE\drivers\immdssoy.sys [x]
R1 itkehngm;itkehngm;c:\windows\system32\drivers\itkehngm.sys;c:\windows\SYSNATIVE\drivers\itkehngm.sys [x]
R1 izvaipas;izvaipas;c:\windows\system32\drivers\izvaipas.sys;c:\windows\SYSNATIVE\drivers\izvaipas.sys [x]
R1 jbwweexf;jbwweexf;c:\windows\system32\drivers\jbwweexf.sys;c:\windows\SYSNATIVE\drivers\jbwweexf.sys [x]
R1 jhogjmgm;jhogjmgm;c:\windows\system32\drivers\jhogjmgm.sys;c:\windows\SYSNATIVE\drivers\jhogjmgm.sys [x]
R1 jvhefywd;jvhefywd;c:\windows\system32\drivers\jvhefywd.sys;c:\windows\SYSNATIVE\drivers\jvhefywd.sys [x]
R1 kdkjqvvk;kdkjqvvk;c:\windows\system32\drivers\kdkjqvvk.sys;c:\windows\SYSNATIVE\drivers\kdkjqvvk.sys [x]
R1 kpeguxql;kpeguxql;c:\windows\system32\drivers\kpeguxql.sys;c:\windows\SYSNATIVE\drivers\kpeguxql.sys [x]
R1 kteigpga;kteigpga;c:\windows\system32\drivers\kteigpga.sys;c:\windows\SYSNATIVE\drivers\kteigpga.sys [x]
R1 lbigmusp;lbigmusp;c:\windows\system32\drivers\lbigmusp.sys;c:\windows\SYSNATIVE\drivers\lbigmusp.sys [x]
R1 ldhdvmxv;ldhdvmxv;c:\windows\system32\drivers\ldhdvmxv.sys;c:\windows\SYSNATIVE\drivers\ldhdvmxv.sys [x]
R1 llnzndpt;llnzndpt;c:\windows\system32\drivers\llnzndpt.sys;c:\windows\SYSNATIVE\drivers\llnzndpt.sys [x]
R1 lmpnkosr;lmpnkosr;c:\windows\system32\drivers\lmpnkosr.sys;c:\windows\SYSNATIVE\drivers\lmpnkosr.sys [x]
R1 ltaqoqqa;ltaqoqqa;c:\windows\system32\drivers\ltaqoqqa.sys;c:\windows\SYSNATIVE\drivers\ltaqoqqa.sys [x]
R1 luwavqpw;luwavqpw;c:\windows\system32\drivers\luwavqpw.sys;c:\windows\SYSNATIVE\drivers\luwavqpw.sys [x]
R1 lvvrwxjs;lvvrwxjs;c:\windows\system32\drivers\lvvrwxjs.sys;c:\windows\SYSNATIVE\drivers\lvvrwxjs.sys [x]
R1 mavswkai;mavswkai;c:\windows\system32\drivers\mavswkai.sys;c:\windows\SYSNATIVE\drivers\mavswkai.sys [x]
R1 mxdxqmzm;mxdxqmzm;c:\windows\system32\drivers\mxdxqmzm.sys;c:\windows\SYSNATIVE\drivers\mxdxqmzm.sys [x]
R1 nibnwgav;nibnwgav;c:\windows\system32\drivers\nibnwgav.sys;c:\windows\SYSNATIVE\drivers\nibnwgav.sys [x]
R1 nmzcithh;nmzcithh;c:\windows\system32\drivers\nmzcithh.sys;c:\windows\SYSNATIVE\drivers\nmzcithh.sys [x]
R1 ntimxcsl;ntimxcsl;c:\windows\system32\drivers\ntimxcsl.sys;c:\windows\SYSNATIVE\drivers\ntimxcsl.sys [x]
R1 nvfkswah;nvfkswah;c:\windows\system32\drivers\nvfkswah.sys;c:\windows\SYSNATIVE\drivers\nvfkswah.sys [x]
R1 nxqhhqud;nxqhhqud;c:\windows\system32\drivers\nxqhhqud.sys;c:\windows\SYSNATIVE\drivers\nxqhhqud.sys [x]
R1 odttghon;odttghon;c:\windows\system32\drivers\odttghon.sys;c:\windows\SYSNATIVE\drivers\odttghon.sys [x]
R1 oeugmnaw;oeugmnaw;c:\windows\system32\drivers\oeugmnaw.sys;c:\windows\SYSNATIVE\drivers\oeugmnaw.sys [x]
R1 ofeqjuow;ofeqjuow;c:\windows\system32\drivers\ofeqjuow.sys;c:\windows\SYSNATIVE\drivers\ofeqjuow.sys [x]
R1 ogcgsdzl;ogcgsdzl;c:\windows\system32\drivers\ogcgsdzl.sys;c:\windows\SYSNATIVE\drivers\ogcgsdzl.sys [x]
R1 pfpiexlm;pfpiexlm;c:\windows\system32\drivers\pfpiexlm.sys;c:\windows\SYSNATIVE\drivers\pfpiexlm.sys [x]
R1 polztgny;polztgny;c:\windows\system32\drivers\polztgny.sys;c:\windows\SYSNATIVE\drivers\polztgny.sys [x]
R1 ppxerrgg;ppxerrgg;c:\windows\system32\drivers\ppxerrgg.sys;c:\windows\SYSNATIVE\drivers\ppxerrgg.sys [x]
R1 psmtacre;psmtacre;c:\windows\system32\drivers\psmtacre.sys;c:\windows\SYSNATIVE\drivers\psmtacre.sys [x]
R1 pwwayjlx;pwwayjlx;c:\windows\system32\drivers\pwwayjlx.sys;c:\windows\SYSNATIVE\drivers\pwwayjlx.sys [x]
R1 qctapsfv;qctapsfv;c:\windows\system32\drivers\qctapsfv.sys;c:\windows\SYSNATIVE\drivers\qctapsfv.sys [x]
R1 qeezmpvm;qeezmpvm;c:\windows\system32\drivers\qeezmpvm.sys;c:\windows\SYSNATIVE\drivers\qeezmpvm.sys [x]
R1 qhdxecoa;qhdxecoa;c:\windows\system32\drivers\qhdxecoa.sys;c:\windows\SYSNATIVE\drivers\qhdxecoa.sys [x]
R1 qkfiwpkm;qkfiwpkm;c:\windows\system32\drivers\qkfiwpkm.sys;c:\windows\SYSNATIVE\drivers\qkfiwpkm.sys [x]
R1 saduavcz;saduavcz;c:\windows\system32\drivers\saduavcz.sys;c:\windows\SYSNATIVE\drivers\saduavcz.sys [x]
R1 sewtjomv;sewtjomv;c:\windows\system32\drivers\sewtjomv.sys;c:\windows\SYSNATIVE\drivers\sewtjomv.sys [x]
R1 sliaqzbu;sliaqzbu;c:\windows\system32\drivers\sliaqzbu.sys;c:\windows\SYSNATIVE\drivers\sliaqzbu.sys [x]
R1 tigsdhvl;tigsdhvl;c:\windows\system32\drivers\tigsdhvl.sys;c:\windows\SYSNATIVE\drivers\tigsdhvl.sys [x]
R1 tjmnuuls;tjmnuuls;c:\windows\system32\drivers\tjmnuuls.sys;c:\windows\SYSNATIVE\drivers\tjmnuuls.sys [x]
R1 trgqfbqh;trgqfbqh;c:\windows\system32\drivers\trgqfbqh.sys;c:\windows\SYSNATIVE\drivers\trgqfbqh.sys [x]
R1 ujwtrxlv;ujwtrxlv;c:\windows\system32\drivers\ujwtrxlv.sys;c:\windows\SYSNATIVE\drivers\ujwtrxlv.sys [x]
R1 vrkjwmbo;vrkjwmbo;c:\windows\system32\drivers\vrkjwmbo.sys;c:\windows\SYSNATIVE\drivers\vrkjwmbo.sys [x]
R1 vvyhfcei;vvyhfcei;c:\windows\system32\drivers\vvyhfcei.sys;c:\windows\SYSNATIVE\drivers\vvyhfcei.sys [x]
R1 whjmobue;whjmobue;c:\windows\system32\drivers\whjmobue.sys;c:\windows\SYSNATIVE\drivers\whjmobue.sys [x]
R1 wrozzueo;wrozzueo;c:\windows\system32\drivers\wrozzueo.sys;c:\windows\SYSNATIVE\drivers\wrozzueo.sys [x]
R1 zchaffza;zchaffza;c:\windows\system32\drivers\zchaffza.sys;c:\windows\SYSNATIVE\drivers\zchaffza.sys [x]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\FantastiGames\X5XSEx_Pr143.Sys;c:\program files (x86)\FantastiGames\X5XSEx_Pr143.Sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 aswSP;aswSP; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 wStLib64;wStLib64;c:\windows\system32\drivers\wStLib64.sys;c:\windows\SYSNATIVE\drivers\wStLib64.sys [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 MoboroboDeviceService;Moborobo Device Service;c:\program files (x86)\Moborobo\MoboroboDeviceService.exe;c:\program files (x86)\Moborobo\MoboroboDeviceService.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 Update WebSparkle;Update WebSparkle;c:\program files (x86)\WebSparkle\updateWebSparkle.exe;c:\program files (x86)\WebSparkle\updateWebSparkle.exe [x]
S2 Util WebSparkle;Util WebSparkle;c:\program files (x86)\WebSparkle\bin\utilWebSparkle.exe;c:\program files (x86)\WebSparkle\bin\utilWebSparkle.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 14:38 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-21 13:27]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 14:34]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 14:34]
.
2014-03-26 c:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-2003735831-4074796972-7830778-1000Core.job
- c:\users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2013-08-21 21:43]
.
2014-03-27 c:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-2003735831-4074796972-7830778-1000UA.job
- c:\users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2013-08-21 21:43]
.
2014-03-27 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2013-08-21 12:44]
.
2014-03-26 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2013-08-21 12:43]
.
2014-03-27 c:\windows\Tasks\Start Registry Reviver for vedran-PC@vedran(logon).job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2013-09-10 10:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"c711029"="START" [X]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
iAimTV6
AsusACPI
vaiomediaplatform-photoserver-appserver
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://home.allgameshome.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1
IE: &Download All using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-04-14 18:30; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - c:\program files (x86)\Speed Test 127\ScriptHost.dll
BHO-{EB52E2E7-953C-B183-FDB7-7ED8A12C9BD4} - c:\programdata\Browse2savee\516e622b3f175.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-OM2_Monitor - c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKCU-Run-GoogleChromeAutoLaunch_E4B601A048BE9A47AC3681DB3BDC5E9F - c:\users\vedran\AppData\Local\Torch\Application\torch.exe
Wow6432Node-HKCU-Run-Exetender - c:\program files (x86)\FantastiGames\GPlayer.exe
Wow6432Node-HKLM-Run-AvastUI.exe - c:\program files\AVAST Software\Avast\AvastUI.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Wow6432Node-HKLM-Run-Avira Systray - c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe
Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\FantastiGames\GPlayer.exe
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShA64.dll
AddRemove-koyotesofttoolbarnew - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
AddRemove-Operation Return Gifts_is1 - c:\program files (x86)\AllGamesHome.com\Operation Return Gifts\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\System32\hale.exe
.
**************************************************************************
.
Completion time: 2014-03-27 14:46:57 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-27 13:46
.
Pre-Run: 85.323.587.584 bytes free
Post-Run: 84.991.250.432 bytes free
.
- - End Of File - - A3AB45B0CE9E697321FB4AFCACC23FE5
A36C5E4F47E84449FF07ED3517B43A31
|
|
|
|
|
Poslao: 27 Mar 2014 17:37
|
offline
- valentinag
- Novi MyCity građanin
- Pridružio: 22 Mar 2014
- Poruke: 13
|
ComboFix 14-03-24.01 - vedran 7.03.2014. 17:02:43.4.1 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.385.1033.18.1918.898 [GMT 1:00]
Running from: c:\users\vedran\Desktop\ComboFix.exe
Command switches used :: c:\users\vedran\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe"
"c:\program files\Software Informer\softinfo.exe"
"c:\users\vedran\AppData\Roaming\DMCache\slui.exe"
"c:\windows\system32\drivers\aczaiywv.sys"
"c:\windows\system32\drivers\ahbjsqzb.sys"
"c:\windows\system32\drivers\aitjqshv.sys"
"c:\windows\system32\drivers\amdjekvs.sys"
"c:\windows\system32\drivers\atajcetg.sys"
"c:\windows\system32\drivers\audhrgry.sys"
"c:\windows\system32\drivers\avfgyfsc.sys"
"c:\windows\system32\drivers\aychafcq.sys"
"c:\windows\system32\drivers\bfpkvffl.sys"
"c:\windows\system32\drivers\bgppadqf.sys"
"c:\windows\system32\drivers\bjjlxfkd.sys"
"c:\windows\system32\drivers\bxpfgoig.sys"
"c:\windows\system32\drivers\bzpoxrpx.sys"
"c:\windows\system32\drivers\cbwcymtu.sys"
"c:\windows\system32\drivers\cdrbjytk.sys"
"c:\windows\system32\drivers\cekcsypw.sys"
"c:\windows\system32\drivers\cswpgeou.sys"
"c:\windows\system32\drivers\ddoynkvh.sys"
"c:\windows\system32\drivers\dgwqbycy.sys"
"c:\windows\system32\drivers\dheqkdty.sys"
"c:\windows\system32\drivers\dixlmrkh.sys"
"c:\windows\system32\drivers\drqidbhj.sys"
"c:\windows\system32\drivers\dvqpxcia.sys"
"c:\windows\system32\drivers\dvzspiss.sys"
"c:\windows\system32\drivers\ebugeqrd.sys"
"c:\windows\system32\drivers\eeesbokw.sys"
"c:\windows\system32\drivers\eekasamo.sys"
"c:\windows\system32\drivers\egmqidwo.sys"
"c:\windows\system32\drivers\ekojwcuj.sys"
"c:\windows\system32\drivers\encxewum.sys"
"c:\windows\system32\drivers\eoftyzov.sys"
"c:\windows\system32\drivers\eslijtxa.sys"
"c:\windows\system32\drivers\etklyimd.sys"
"c:\windows\system32\drivers\eyxbtyrr.sys"
"c:\windows\system32\drivers\faaabzpm.sys"
"c:\windows\system32\drivers\fbqwbxvc.sys"
"c:\windows\system32\drivers\fhclpdvu.sys"
"c:\windows\system32\drivers\fialegxd.sys"
"c:\windows\system32\drivers\fqevxmtd.sys"
"c:\windows\system32\drivers\fqzkokze.sys"
"c:\windows\system32\drivers\gblducjz.sys"
"c:\windows\system32\drivers\gcqztrsm.sys"
"c:\windows\system32\drivers\geqgpmcy.sys"
"c:\windows\system32\drivers\gjggsnbh.sys"
"c:\windows\system32\drivers\gjobbtuu.sys"
"c:\windows\system32\drivers\gnudlllq.sys"
"c:\windows\system32\drivers\gpkvuoaa.sys"
"c:\windows\system32\drivers\gpkybxbk.sys"
"c:\windows\system32\drivers\gsnxjgzk.sys"
"c:\windows\system32\drivers\gstvopua.sys"
"c:\windows\system32\drivers\gtvffalc.sys"
"c:\windows\system32\drivers\guermvvs.sys"
"c:\windows\system32\drivers\gutyjkeu.sys"
"c:\windows\system32\drivers\gvmzlyjl.sys"
"c:\windows\system32\drivers\gwjbwpgr.sys"
"c:\windows\system32\drivers\hadgavkm.sys"
"c:\windows\system32\drivers\hgruwrxv.sys"
"c:\windows\system32\drivers\hmmuyobu.sys"
"c:\windows\system32\drivers\ibcifnlc.sys"
"c:\windows\system32\drivers\immdssoy.sys"
"c:\windows\system32\drivers\itkehngm.sys"
"c:\windows\system32\drivers\izvaipas.sys"
"c:\windows\system32\drivers\jbwweexf.sys"
"c:\windows\system32\drivers\jhogjmgm.sys"
"c:\windows\system32\drivers\jvhefywd.sys"
"c:\windows\system32\drivers\kdkjqvvk.sys"
"c:\windows\system32\drivers\kpeguxql.sys"
"c:\windows\system32\drivers\kteigpga.sys"
"c:\windows\system32\drivers\lbigmusp.sys"
"c:\windows\system32\drivers\ldhdvmxv.sys"
"c:\windows\system32\drivers\llnzndpt.sys"
"c:\windows\system32\drivers\lmpnkosr.sys"
"c:\windows\system32\drivers\ltaqoqqa.sys"
"c:\windows\system32\drivers\luwavqpw.sys"
"c:\windows\system32\drivers\lvvrwxjs.sys"
"c:\windows\system32\drivers\mavswkai.sys"
"c:\windows\system32\drivers\mxdxqmzm.sys"
"c:\windows\system32\drivers\nibnwgav.sys"
"c:\windows\system32\drivers\nmzcithh.sys"
"c:\windows\system32\drivers\ntimxcsl.sys"
"c:\windows\system32\drivers\nvfkswah.sys"
"c:\windows\system32\drivers\nxqhhqud.sys"
"c:\windows\system32\drivers\odttghon.sys"
"c:\windows\system32\drivers\oeugmnaw.sys"
"c:\windows\system32\drivers\ofeqjuow.sys"
"c:\windows\system32\drivers\ogcgsdzl.sys"
"c:\windows\system32\drivers\pfpiexlm.sys"
"c:\windows\system32\drivers\polztgny.sys"
"c:\windows\system32\drivers\ppxerrgg.sys"
"c:\windows\system32\drivers\pwwayjlx.sys"
"c:\windows\system32\drivers\qctapsfv.sys"
"c:\windows\system32\drivers\qeezmpvm.sys"
"c:\windows\system32\drivers\qhdxecoa.sys"
"c:\windows\system32\drivers\qkfiwpkm.sys"
"c:\windows\system32\drivers\saduavcz.sys"
"c:\windows\system32\drivers\sewtjomv.sys"
"c:\windows\system32\drivers\sliaqzbu.sys"
"c:\windows\system32\drivers\tigsdhvl.sys"
"c:\windows\system32\drivers\tjmnuuls.sys"
"c:\windows\system32\drivers\trgqfbqh.sys"
"c:\windows\system32\drivers\ujwtrxlv.sys"
"c:\windows\system32\drivers\vrkjwmbo.sys"
"c:\windows\system32\drivers\vvyhfcei.sys"
"c:\windows\system32\drivers\whjmobue.sys"
"c:\windows\system32\drivers\wrozzueo.sys"
"c:\windows\system32\drivers\zchaffza.sys"
"c:\windows\system32\drivers\hhzsdunn.sys"
"c:\windows\System32\hale.exe"
"c:\windows\System32\mscoree.dll"
"c:\windows\Temp\2988524.exe"
"c:\windows\Temp\6979265.exe"
"c:\windows\Temp\7033900.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe
c:\program files (x86)\WebSparkle
c:\program files (x86)\WebSparkle\bin\7za.exe
c:\program files (x86)\WebSparkle\bin\BrowserAdapterS.7z
c:\program files (x86)\WebSparkle\bin\FilterApp_C64.exe
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.Bromon.dll
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.BrowserAdapterS.dll
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.CompatibilityChecker.dll
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.FFUpdate.dll
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.GCUpdate.dll
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.IEUpdate.dll
c:\program files (x86)\WebSparkle\bin\plugins\WebSparkle.PurBrowse.dll
c:\program files (x86)\WebSparkle\bin\sqlite3.dll
c:\program files (x86)\WebSparkle\bin\utilWebSparkle.exe
c:\program files (x86)\WebSparkle\bin\utilWebSparkle.InstallState
c:\program files (x86)\WebSparkle\bin\XTLS.dll
c:\program files (x86)\WebSparkle\bin\XTLSApp.dll
c:\program files (x86)\WebSparkle\bin\XTLSApp.exe
c:\program files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx
c:\program files (x86)\WebSparkle\updateWebSparkle.exe
c:\program files (x86)\WebSparkle\updateWebSparkle.InstallState
c:\program files (x86)\WebSparkle\WebSparkle.ico
c:\program files (x86)\WebSparkle\WebSparkleUninstall.exe
c:\program files\Software Informer\softinfo.exe
c:\users\vedran\AppData\Roaming\DMCache\slui.exe
c:\windows\system32\drivers\hhzsdunn.sys
c:\windows\System32\hale.exe
.
.
--------------- FCopy ---------------
.
c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --> c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_aczaiywv
-------\Service_ahbjsqzb
-------\Service_aitjqshv
-------\Service_amdjekvs
-------\Service_atajcetg
-------\Service_audhrgry
-------\Service_avfgyfsc
-------\Service_Avira.OE.ServiceHost
-------\Service_aychafcq
-------\Service_bfpkvffl
-------\Service_bgppadqf
-------\Service_bjjlxfkd
-------\Service_bxpfgoig
-------\Service_bzpoxrpx
-------\Service_cbwcymtu
-------\Service_cdrbjytk
-------\Service_cekcsypw
-------\Service_cswpgeou
-------\Service_ctmmkenz
-------\Service_ddoynkvh
-------\Service_dgwqbycy
-------\Service_dheqkdty
-------\Service_dixlmrkh
-------\Service_drqidbhj
-------\Service_dvqpxcia
-------\Service_dvzspiss
-------\Service_ebugeqrd
-------\Service_eeesbokw
-------\Service_eekasamo
-------\Service_egmqidwo
-------\Service_ekojwcuj
-------\Service_encxewum
-------\Service_eoftyzov
-------\Service_eslijtxa
-------\Service_etklyimd
-------\Service_eyxbtyrr
-------\Service_faaabzpm
-------\Service_fbqwbxvc
-------\Service_fhclpdvu
-------\Service_fialegxd
-------\Service_fqevxmtd
-------\Service_fqzkokze
-------\Service_gblducjz
-------\Service_gcqztrsm
-------\Service_geqgpmcy
-------\Service_gjggsnbh
-------\Service_gjobbtuu
-------\Service_gnudlllq
-------\Service_gpkvuoaa
-------\Service_gpkybxbk
-------\Service_gsnxjgzk
-------\Service_gstvopua
-------\Service_gtvffalc
-------\Service_guermvvs
-------\Service_gutyjkeu
-------\Service_gvmzlyjl
-------\Service_gwjbwpgr
-------\Service_hadgavkm
-------\Service_hgruwrxv
-------\Service_hmmuyobu
-------\Service_ibcifnlc
-------\Service_immdssoy
-------\Service_itkehngm
-------\Service_izvaipas
-------\Service_jbwweexf
-------\Service_jhogjmgm
-------\Service_jvhefywd
-------\Service_kdkjqvvk
-------\Service_kpeguxql
-------\Service_kteigpga
-------\Service_lbigmusp
-------\Service_ldhdvmxv
-------\Service_llnzndpt
-------\Service_lmpnkosr
-------\Service_ltaqoqqa
-------\Service_luwavqpw
-------\Service_lvvrwxjs
-------\Service_mavswkai
-------\Service_mxdxqmzm
-------\Service_nibnwgav
-------\Service_nmzcithh
-------\Service_ntimxcsl
-------\Service_nvfkswah
-------\Service_nxqhhqud
-------\Service_odttghon
-------\Service_oeugmnaw
-------\Service_ofeqjuow
-------\Service_ogcgsdzl
-------\Service_pfpiexlm
-------\Service_polztgny
-------\Service_ppxerrgg
-------\Service_psmtacre
-------\Service_pwwayjlx
-------\Service_qctapsfv
-------\Service_qeezmpvm
-------\Service_qhdxecoa
-------\Service_qkfiwpkm
-------\Service_saduavcz
-------\Service_sewtjomv
-------\Service_sliaqzbu
-------\Service_tigsdhvl
-------\Service_tjmnuuls
-------\Service_trgqfbqh
-------\Service_ujwtrxlv
-------\Service_Update WebSparkle
-------\Service_Util WebSparkle
-------\Service_vrkjwmbo
-------\Service_vvyhfcei
-------\Service_whjmobue
-------\Service_wrozzueo
-------\Service_zchaffza
.
.
((((((((((((((((((((((((( Files Created from 2014-02-27 to 2014-03-27 )))))))))))))))))))))))))))))))
.
.
2014-03-27 16:19 . 2014-03-27 16:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F96206B-C1B1-4A13-8BF2-81C72BD9ACA7}\offreg.dll
2014-03-27 16:12 . 2014-03-27 16:12 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2014-03-27 16:12 . 2014-03-27 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-27 11:56 . 2014-03-27 11:56 -------- d-----w- c:\programdata\Malwarebytes
2014-03-27 11:56 . 2014-03-27 12:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-27 11:56 . 2014-03-27 11:56 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-27 11:55 . 2014-03-27 11:55 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-26 22:40 . 2014-03-26 22:41 -------- d-----w- C:\FRST
2014-03-26 04:45 . 2014-03-17 09:16 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F96206B-C1B1-4A13-8BF2-81C72BD9ACA7}\mpengine.dll
2014-03-23 17:38 . 2014-03-23 17:38 -------- d-----w- c:\users\vedran\AppData\Roaming\DropboxMaster
2014-03-23 17:30 . 2014-03-23 19:49 -------- d-----w- c:\programdata\AVAST Software
2014-03-22 20:44 . 2014-03-22 21:04 -------- d-----w- C:\AdwCleaner
2014-03-22 04:49 . 2014-03-22 04:49 61120 ----a-w- c:\windows\system32\drivers\wStLib64.sys
2014-03-19 20:17 . 2014-03-19 20:17 -------- d-----w- c:\programdata\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-27 16:04 . 2009-07-13 23:38 1008128 ----a-w- c:\windows\system32\user32.dll
2014-03-24 13:00 . 2012-03-09 23:10 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2014-03-19 14:27 . 2014-02-17 13:41 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-19 14:27 . 2014-02-17 13:41 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-19 14:27 . 2014-02-17 13:41 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-19 14:27 . 2014-02-17 13:41 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-19 14:27 . 2014-02-17 13:41 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-19 14:27 . 2014-02-17 13:41 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-19 14:27 . 2014-02-17 13:40 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-19 14:27 . 2014-02-17 13:40 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-14 13:27 . 2012-10-21 11:58 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-14 13:27 . 2011-10-31 17:26 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 22:57 . 2014-02-20 22:57 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-02-20 22:57 . 2014-02-20 22:57 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-02-17 21:01 . 2014-02-17 21:01 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2014-02-17 21:01 . 2014-02-17 21:01 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2014-02-17 13:40 . 2014-02-17 13:40 43152 ----a-w- c:\windows\avastSS.scr
2014-01-14 14:13 . 2014-02-20 22:55 12072 ----a-w- c:\windows\SysWow64\drivers\MoborobAssDriver64.sys
2014-01-08 15:23 . 2009-07-13 23:52 65536 ----a-w- c:\windows\system32\sppuinotify.dll
2014-01-08 15:23 . 2014-01-08 15:23 381952 ----a-w- c:\windows\system32\sppcommdlg.dll
2014-01-08 15:21 . 2009-07-13 23:52 349696 ----a-w- c:\windows\system32\slui.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-08-27 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7600.16385] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2014-03-27 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}]
c:\program files (x86)\Speed Test 127\ScriptHost.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2009-11-25 19:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EB52E2E7-953C-B183-FDB7-7ED8A12C9BD4}]
c:\programdata\Browse2savee\516e622b3f175.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Boot Cleanup"="c:\users\vedran\AppData\Local\CCleaner\Bin\CCleaner.exe" [2013-05-03 151040]
"BrowserUid"="c:\users\vedran\AppData\Local\PlayFree Browser\Application\PlayFreeBrowser.exe" [2014-02-26 886568]
"MPCBrowser Update"="c:\users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe" [2014-02-26 120256]
"GoogleChromeAutoLaunch_BB3C84E317859ACDEF883F30197A9F9B"="c:\users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe" [2014-02-26 886568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Boot Cleanup"="c:\program files\CCleaner\Bin\CCleaner.exe" [2013-05-03 151040]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-08-21 105120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Component Manager"="c:\program files (x86)\HP\hpcoretech\hpcmpmgr.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\FantastiGames\X5XSEx_Pr143.Sys;c:\program files (x86)\FantastiGames\X5XSEx_Pr143.Sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 aswSP;aswSP; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 wStLib64;wStLib64;c:\windows\system32\drivers\wStLib64.sys;c:\windows\SYSNATIVE\drivers\wStLib64.sys [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 MoboroboDeviceService;Moborobo Device Service;c:\program files (x86)\Moborobo\MoboroboDeviceService.exe;c:\program files (x86)\Moborobo\MoboroboDeviceService.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 14:38 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-21 13:27]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 14:34]
.
2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-17 14:34]
.
2014-03-26 c:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-2003735831-4074796972-7830778-1000Core.job
- c:\users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2013-08-21 21:43]
.
2014-03-27 c:\windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-2003735831-4074796972-7830778-1000UA.job
- c:\users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [2013-08-21 21:43]
.
2014-03-27 c:\windows\Tasks\RMAutoUpdate.job
- c:\program files (x86)\PC Tools Registry Mechanic\SULauncher.exe [2013-08-21 12:44]
.
2014-03-26 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2013-08-21 12:43]
.
2014-03-27 c:\windows\Tasks\Start Registry Reviver for vedran-PC@vedran(logon).job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2013-09-10 10:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
c:\program files\AVAST Software\Avast\ashShA64.dll [BU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
iAimTV6
AsusACPI
vaiomediaplatform-photoserver-appserver
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://home.allgameshome.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2013-04-14 18:30; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Software Informer - c:\program files\Software Informer\softinfo.exe
AddRemove-koyotesofttoolbarnew - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
AddRemove-Operation Return Gifts_is1 - c:\program files (x86)\AllGamesHome.com\Operation Return Gifts\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Completion time: 2014-03-27 17:33:20 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-27 16:33
ComboFix2.txt 2014-03-27 13:47
.
Pre-Run: 84.042.686.464 bytes free
Post-Run: 83.990.962.176 bytes free
.
- - End Of File - - A4470FA254FD71300D115AD04202D3D2
A36C5E4F47E84449FF07ED3517B43A31
|
|
|
|
Poslao: 27 Mar 2014 17:48
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Deinstaliraj sledece programe:
McAfee Security Scan
TuneUpUtilities
PC Tools Registry Mechanic 11.1
Zatim pokreni FRST i postavi mi sveze logove (okaci uz poruku).
|
|
|
|
Poslao: 29 Mar 2014 11:07
|
offline
- valentinag
- Novi MyCity građanin
- Pridružio: 22 Mar 2014
- Poruke: 13
|
Napisano: 29 Mar 2014 11:06
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by vedran (administrator) on VEDRAN-PC on 29-03-2014 11:03:35
Running from C:\Users\vedran\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ReviverSoft LLC) C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe
(Piriform Ltd) C:\Users\vedran\AppData\Local\CCleaner\Bin\CCleaner.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
() C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
() C:\Program Files (x86)\Moborobo\MoboroboDeviceService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(MyPlayCity, Inc.) C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Farbar) C:\Users\vedran\Desktop\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [MobileConnect] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2060288 2008-03-13] (Vodafone)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Boot Cleanup] - C:\Program Files\CCleaner\Bin\CCleaner.exe [151040 2013-05-03] (Piriform Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2003735831-4074796972-7830778-1000\...\Run: [Boot Cleanup] - C:\Users\vedran\AppData\Local\CCleaner\Bin\CCleaner.exe [151040 2013-05-03] (Piriform Ltd)
HKU\S-1-5-21-2003735831-4074796972-7830778-1000\...\Run: [BrowserUid] - C:\Users\vedran\AppData\Local\PlayFree Browser\Application\PlayFreeBrowser.exe [886568 2014-02-26] (MyPlayCity, Inc.)
HKU\S-1-5-21-2003735831-4074796972-7830778-1000\...\Run: [MPCBrowser Update] - C:\Users\vedran\AppData\Local\MPCBrowser\Update\MPCBrowserUpdate.exe [120256 2014-02-26] (MyPlayCity, Inc.)
HKU\S-1-5-21-2003735831-4074796972-7830778-1000\...\Run: [GoogleChromeAutoLaunch_BB3C84E317859ACDEF883F30197A9F9B] - C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe [886568 2014-02-26] (MyPlayCity, Inc.)
==================== Internet (Whitelisted) ====================
ProxyServer: http=127.0.0.1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = home.allgameshome.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG2&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG2&q={searchTerms}
SearchScopes: HKLM-x32 - {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = search.mywebsearch.com/mywebsearch/GGmain.j.....searchfor={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG2&q={searchTerms}
SearchScopes: HKLM-x32 - {EF4D31BC-72C4-4B47-B1C7-DE12A4F68623} URL = home.allgameshome.com/results.php?category=web&s={searchTerms}
SearchScopes: HKCU - {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = search.mywebsearch.com/mywebsearch/GGmain.j.....searchfor={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = dts.search.ask.com/sr?src=ieb&gct=ds&appid=.....nrs=AG2&q={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO-x32: Speed Test 127 - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Browse2savee - {EB52E2E7-953C-B183-FDB7-7ED8A12C9BD4} - C:\ProgramData\Browse2savee\516e622b3f175.dll No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} content.systemrequirementslab.com.s3.amazon.....4.21.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files (x86)\FantastiGames\npExentCtl.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @omaha.playfree.org/MPCBrowser Update;version=3 - C:\Users\vedran\AppData\Local\MPCBrowser\Update\1.3.27.0\npGoogleUpdate3.dll (MyPlayCity, Inc.)
FF Plugin HKCU: @omaha.playfree.org/MPCBrowser Update;version=9 - C:\Users\vedran\AppData\Local\MPCBrowser\Update\1.3.27.0\npGoogleUpdate3.dll (MyPlayCity, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\searchplugins\allgameshome-search.xml
FF SearchPlugin: C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\searchplugins\allgameshome.xml
FF SearchPlugin: C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\searchplugins\myplaycity.xml
FF Extension: 4shared Desktop Plugin - C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\Extensions\4sharedCopyLinks.xpi [2013-03-14]
FF Extension: WebSparkle - C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\Extensions\{058899d6-9704-4de3-aae7-17e9fc44c761}.xpi [2014-03-23]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\vedran\AppData\Roaming\Mozilla\Firefox\Profiles\2y9pgrkr.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-22]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2014-02-15]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
CHR DefaultSearchProvider: Eazel
CHR DefaultSearchURL: google.com
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-17]
CHR Extension: (Google Drive) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-17]
CHR Extension: (YouTube) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Freemake Video Downloader) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-06-27]
CHR Extension: (Google Search) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-06-27]
CHR Extension: (WebSparkle) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikgojpdbiniccokkgadmdheobjfdbbcg [2014-03-23]
CHR Extension: (Freemake Video Converter) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-06-27]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-06-27]
CHR Extension: (Google Wallet) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Gmail) - C:\Users\vedran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-04-14]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [ddkpepdilbfaccbiljmaflabkcbgjfin] - C:\Program Files (x86)\Search Results Toolbar\Datamngr\chromeExtension.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [ikgojpdbiniccokkgadmdheobjfdbbcg] - C:\Program Files (x86)\WebSparkle\ikgojpdbiniccokkgadmdheobjfdbbcg.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-04-28]
==================== Services (Whitelisted) =================
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-04-25] (Freemake)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-04-01] (Ellora Assets Corp.)
R2 MoboroboDeviceService; C:\Program Files (x86)\Moborobo\MoboroboDeviceService.exe [70952 2014-01-14] ()
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [343032 2012-02-08] (Nitro PDF Software)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [24576 2008-03-13] (Vodafone)
S2 AsusACPI; %systemroot%\system32\wfxsvc.dll [X]
S2 iAimTV6; %systemroot%\system32\dlcg_device.dll [X]
S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [X]
S2 vaiomediaplatform-photoserver-appserver; %systemroot%\system32\roxmediadb9.dll [X]
==================== Drivers (Whitelisted) ====================
U5 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [78648 2014-03-19] (AVAST Software)
U5 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-19] ()
U5 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1038072 2014-03-19] (AVAST Software)
S4 aswSP; C:\Windows\System32\Drivers\aswSP.sys [421704 2014-03-19] (AVAST Software)
U5 aswStm; C:\Windows\System32\Drivers\aswStm.sys [80184 2014-03-19] (AVAST Software)
U5 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-19] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-07-24] (AnchorFree Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119000 2014-03-27] (Malwarebytes Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-22] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\FantastiGames\X5XSEx_Pr143.Sys [X]
==================== NetSvcs (Whitelisted) ===================
NETSVC: iAimTV6 -> C:\Windows\system32\dlcg_device.dll ==> No File.
NETSVC: AsusACPI -> C:\Windows\system32\wfxsvc.dll ==> No File.
NETSVC: vaiomediaplatform-photoserver-appserver -> C:\Windows\system32\roxmediadb9.dll ==> No File.
==================== One Month Created Files and Folders ========
2014-03-29 11:03 - 2014-03-29 11:03 - 02157056 _____ (Farbar) C:\Users\vedran\Desktop\FRST64(1).exe
2014-03-27 19:00 - 2014-03-28 19:05 - 00000416 _____ () C:\Windows\SysWOW64\AppLog.log
2014-03-27 17:33 - 2014-03-27 17:33 - 00029789 _____ () C:\ComboFix.txt
2014-03-27 13:31 - 2014-03-27 13:32 - 05192353 ____R (Swearware) C:\Users\vedran\Desktop\ComboFix.exe
2014-03-27 13:18 - 2014-03-27 13:19 - 00281720 _____ () C:\Windows\Minidump\032714-24211-01.dmp
2014-03-27 12:56 - 2014-03-27 13:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-27 12:56 - 2014-03-27 12:56 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 12:56 - 2014-03-27 12:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 12:55 - 2014-03-27 13:30 - 00000000 ____D () C:\Users\vedran\Desktop\mbar
2014-03-27 12:55 - 2014-03-27 12:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 12:54 - 2014-03-27 12:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\vedran\Desktop\mbar-1.07.0.1009.exe
2014-03-26 23:43 - 2014-03-29 11:03 - 00021418 _____ () C:\Users\vedran\Desktop\FRST.txt
2014-03-26 23:43 - 2014-03-26 23:43 - 00033294 _____ () C:\Users\vedran\Desktop\Addition.txt
2014-03-26 23:41 - 2014-03-26 23:41 - 00033294 _____ () C:\Users\vedran\Downloads\Addition.txt
2014-03-26 23:40 - 2014-03-29 11:03 - 00000000 ____D () C:\FRST
2014-03-26 23:40 - 2014-03-26 23:41 - 00053918 _____ () C:\Users\vedran\Downloads\FRST.txt
2014-03-26 23:39 - 2014-03-26 23:40 - 02157056 _____ (Farbar) C:\Users\vedran\Downloads\FRST64.exe
2014-03-26 23:39 - 2014-03-26 23:39 - 01145856 _____ (Farbar) C:\Users\vedran\Downloads\FRST.exe
2014-03-23 18:38 - 2014-03-23 18:38 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\DropboxMaster
2014-03-23 18:30 - 2014-03-23 20:49 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-23 15:57 - 2014-03-23 16:01 - 88551496 _____ (AVAST Software) C:\Users\vedran\Downloads\avast_free_antivirus_setup (2).exe
2014-03-22 23:43 - 2014-03-22 23:43 - 05190052 ____R (Swearware) C:\Users\vedran\Downloads\ComboFix(1).exe
2014-03-22 23:13 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-22 23:13 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-22 23:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-22 23:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-22 23:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-22 23:13 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-22 23:13 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-22 23:13 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-22 22:07 - 2014-03-22 22:07 - 00001672 _____ () C:\Users\vedran\Desktop\AdwCleaner[S1].txt
2014-03-22 22:03 - 2014-03-22 22:03 - 01950720 _____ () C:\Users\vedran\Desktop\AdwCleaner(1).exe
2014-03-22 21:44 - 2014-03-22 22:04 - 00000000 ____D () C:\AdwCleaner
2014-03-22 21:44 - 2014-03-22 21:44 - 01950720 _____ () C:\Users\vedran\Downloads\AdwCleaner.exe
2014-03-22 19:33 - 2014-03-22 19:33 - 00013114 _____ () C:\Users\vedran\Desktop\attach.txt
2014-03-22 19:33 - 2014-03-22 19:32 - 00021084 _____ () C:\Users\vedran\Desktop\dds.txt
2014-03-22 19:30 - 2014-03-22 19:30 - 00688992 _____ (Swearware) C:\Users\vedran\Downloads\dds (1).pif
2014-03-22 19:30 - 2014-03-22 19:30 - 00688992 _____ (Swearware) C:\Users\vedran\Downloads\dds (1).com
2014-03-22 19:24 - 2014-03-22 19:24 - 00688992 _____ (Swearware) C:\Users\vedran\Downloads\dds.pif
2014-03-22 19:23 - 2014-03-22 19:24 - 00688992 ____R (Swearware) C:\Users\vedran\Downloads\dds.com
2014-03-22 05:49 - 2014-03-22 05:49 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-19 21:18 - 2014-03-24 14:01 - 00001913 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-03-19 21:17 - 2014-03-19 21:17 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\vedran\Downloads\avira_en_av___ws (2).exe
2014-03-19 21:17 - 2014-03-19 21:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-19 21:16 - 2014-03-19 21:16 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\vedran\Downloads\avira_en_av___ws.exe
2014-03-19 21:16 - 2014-03-19 21:16 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\vedran\Downloads\avira_en_av___ws (1).exe
2014-03-19 15:22 - 2014-03-19 15:25 - 90578216 _____ (AVAST Software) C:\Users\vedran\Downloads\avast_free_antivirus_setup (1).exe
2014-03-16 22:54 - 2014-03-16 22:55 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh(2).exe
2014-03-16 22:53 - 2014-03-16 22:54 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh(1).exe
2014-03-16 22:45 - 2014-03-16 22:45 - 01161000 _____ () C:\Users\vedran\Downloads\farm_frenzy_3-gs_agh.exe
2014-03-16 22:44 - 2014-03-16 22:44 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh.exe
2014-03-16 22:44 - 2014-03-16 22:44 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh (1).exe
2014-03-08 22:39 - 2014-03-08 22:45 - 00000000 ____D () C:\Users\vedran\Desktop\Originals
2014-03-08 22:32 - 2014-03-08 22:32 - 00056856 _____ () C:\Users\vedran\Desktop\IMG_20140308_121157-bbbbbbbbbbbbbbbbbbb
==================== One Month Modified Files and Folders =======
2014-03-29 11:03 - 2014-03-29 11:03 - 02157056 _____ (Farbar) C:\Users\vedran\Desktop\FRST64(1).exe
2014-03-29 11:03 - 2014-03-26 23:43 - 00021418 _____ () C:\Users\vedran\Desktop\FRST.txt
2014-03-29 11:03 - 2014-03-26 23:40 - 00000000 ____D () C:\FRST
2014-03-29 11:02 - 2009-07-14 05:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-29 11:02 - 2009-07-14 05:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-29 10:56 - 2011-10-31 18:21 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-29 10:56 - 2011-04-17 15:34 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-29 10:55 - 2013-04-14 17:24 - 00000320 _____ () C:\Windows\Tasks\Start Registry Reviver for vedran-PC@vedran(logon).job
2014-03-29 10:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-29 10:55 - 2009-07-14 05:51 - 00144951 _____ () C:\Windows\setupact.log
2014-03-29 10:54 - 2011-04-17 12:45 - 01608979 _____ () C:\Windows\WindowsUpdate.log
2014-03-29 10:49 - 2013-06-26 13:30 - 00000000 ____D () C:\Users\vedran\Desktop\New folder (2)
2014-03-29 10:48 - 2013-08-21 12:19 - 00000952 _____ () C:\Windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-2003735831-4074796972-7830778-1000UA.job
2014-03-29 10:41 - 2011-04-17 15:34 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-29 10:38 - 2012-10-21 12:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-29 10:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-03-28 22:48 - 2013-08-21 12:19 - 00000900 _____ () C:\Windows\Tasks\MPCBrowserUpdateTaskUserS-1-5-21-2003735831-4074796972-7830778-1000Core.job
2014-03-28 19:05 - 2014-03-27 19:00 - 00000416 _____ () C:\Windows\SysWOW64\AppLog.log
2014-03-27 17:52 - 2013-05-26 13:34 - 00000000 ____D () C:\Users\vedran\Desktop\programi
2014-03-27 17:34 - 2014-02-15 22:37 - 00000000 ____D () C:\Qoobox
2014-03-27 17:33 - 2014-03-27 17:33 - 00029789 _____ () C:\ComboFix.txt
2014-03-27 17:25 - 2011-04-17 12:50 - 00000000 ____D () C:\Users\vedran\AppData\Local\VirtualStore
2014-03-27 17:16 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-27 17:14 - 2011-04-17 15:46 - 00639444 _____ () C:\Windows\PFRO.log
2014-03-27 17:13 - 2014-02-20 23:28 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\Software Informer
2014-03-27 17:13 - 2014-02-15 22:36 - 00000000 ____D () C:\Windows\erdnt
2014-03-27 17:13 - 2009-07-14 03:34 - 56328192 _____ () C:\Windows\system32\config\software.bak
2014-03-27 17:13 - 2009-07-14 03:34 - 16252928 _____ () C:\Windows\system32\config\system.bak
2014-03-27 17:13 - 2009-07-14 03:34 - 00233472 _____ () C:\Windows\system32\config\default.bak
2014-03-27 17:13 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2014-03-27 17:13 - 2009-07-14 03:34 - 00028672 _____ () C:\Windows\system32\config\security.bak
2014-03-27 17:10 - 2014-02-20 23:28 - 00000000 ____D () C:\Program Files\Software Informer
2014-03-27 17:10 - 2013-10-30 10:53 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\DMCache
2014-03-27 17:10 - 2013-02-22 19:55 - 00000000 ____D () C:\Program Files (x86)\PrivitizeVPN
2014-03-27 17:04 - 2009-07-14 00:38 - 01008128 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-03-27 14:47 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-27 14:15 - 2014-02-15 22:21 - 00000000 ____D () C:\Program Files (x86)\Speed Test 127
2014-03-27 14:15 - 2012-07-06 12:28 - 00000000 ____D () C:\Program Files (x86)\intellidownload
2014-03-27 13:36 - 2011-04-17 15:34 - 00003944 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 13:36 - 2011-04-17 15:34 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-27 13:32 - 2014-03-27 13:31 - 05192353 ____R (Swearware) C:\Users\vedran\Desktop\ComboFix.exe
2014-03-27 13:30 - 2014-03-27 12:55 - 00000000 ____D () C:\Users\vedran\Desktop\mbar
2014-03-27 13:19 - 2014-03-27 13:18 - 00281720 _____ () C:\Windows\Minidump\032714-24211-01.dmp
2014-03-27 13:18 - 2013-03-06 22:16 - 268491794 _____ () C:\Windows\MEMORY.DMP
2014-03-27 13:18 - 2013-03-06 22:16 - 00000000 ____D () C:\Windows\Minidump
2014-03-27 13:17 - 2014-03-27 12:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-27 13:13 - 2014-02-17 14:58 - 00000000 ___HD () C:\Windows\update.tray-7-0
2014-03-27 13:13 - 2011-12-12 18:15 - 00000000 ___HD () C:\Windows\update.tray-9-0
2014-03-27 12:56 - 2014-03-27 12:56 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 12:56 - 2014-03-27 12:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 12:55 - 2014-03-27 12:55 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 12:54 - 2014-03-27 12:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\vedran\Desktop\mbar-1.07.0.1009.exe
2014-03-26 23:43 - 2014-03-26 23:43 - 00033294 _____ () C:\Users\vedran\Desktop\Addition.txt
2014-03-26 23:41 - 2014-03-26 23:41 - 00033294 _____ () C:\Users\vedran\Downloads\Addition.txt
2014-03-26 23:41 - 2014-03-26 23:40 - 00053918 _____ () C:\Users\vedran\Downloads\FRST.txt
2014-03-26 23:40 - 2014-03-26 23:39 - 02157056 _____ (Farbar) C:\Users\vedran\Downloads\FRST64.exe
2014-03-26 23:39 - 2014-03-26 23:39 - 01145856 _____ (Farbar) C:\Users\vedran\Downloads\FRST.exe
2014-03-26 13:07 - 2012-10-21 12:00 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7CD55BEB-1BAE-46DE-A39E-B7B12D353F50}
2014-03-24 22:58 - 2014-02-17 14:58 - 00000000 ___HD () C:\Windows\update.tray-7-0-lnk
2014-03-24 22:58 - 2011-12-12 18:15 - 00000000 ___HD () C:\Windows\update.tray-9-0-lnk
2014-03-24 22:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-24 22:48 - 2014-02-22 12:32 - 00000000 ____D () C:\Users\vedran\AppData\Local\CrashDumps
2014-03-24 14:01 - 2014-03-19 21:18 - 00001913 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-03-24 14:00 - 2012-03-10 00:10 - 00000000 ___SH () C:\Windows\system32\dds_log_ad13.cmd
2014-03-24 14:00 - 2011-04-17 12:50 - 00000000 ____D () C:\Users\vedran
2014-03-24 06:08 - 2011-05-19 09:33 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-23 20:54 - 2011-04-17 12:45 - 00000000 ____D () C:\Recovery
2014-03-23 20:49 - 2014-03-23 18:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-23 19:14 - 2011-05-19 09:32 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\Dropbox
2014-03-23 19:08 - 2011-05-19 09:35 - 00000000 ___RD () C:\Users\vedran\Dropbox
2014-03-23 18:38 - 2014-03-23 18:38 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\DropboxMaster
2014-03-23 16:01 - 2014-03-23 15:57 - 88551496 _____ (AVAST Software) C:\Users\vedran\Downloads\avast_free_antivirus_setup (2).exe
2014-03-23 13:30 - 2009-07-14 06:08 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-22 23:43 - 2014-03-22 23:43 - 05190052 ____R (Swearware) C:\Users\vedran\Downloads\ComboFix(1).exe
2014-03-22 22:07 - 2014-03-22 22:07 - 00001672 _____ () C:\Users\vedran\Desktop\AdwCleaner[S1].txt
2014-03-22 22:04 - 2014-03-22 21:44 - 00000000 ____D () C:\AdwCleaner
2014-03-22 22:03 - 2014-03-22 22:03 - 01950720 _____ () C:\Users\vedran\Desktop\AdwCleaner(1).exe
2014-03-22 21:51 - 2009-07-14 03:34 - 00000857 _____ () C:\Windows\win.ini
2014-03-22 21:49 - 2011-04-18 09:40 - 00001045 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-22 21:49 - 2011-04-17 12:50 - 00000000 ___RD () C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 21:44 - 2014-03-22 21:44 - 01950720 _____ () C:\Users\vedran\Downloads\AdwCleaner.exe
2014-03-22 19:33 - 2014-03-22 19:33 - 00013114 _____ () C:\Users\vedran\Desktop\attach.txt
2014-03-22 19:32 - 2014-03-22 19:33 - 00021084 _____ () C:\Users\vedran\Desktop\dds.txt
2014-03-22 19:30 - 2014-03-22 19:30 - 00688992 _____ (Swearware) C:\Users\vedran\Downloads\dds (1).pif
2014-03-22 19:30 - 2014-03-22 19:30 - 00688992 _____ (Swearware) C:\Users\vedran\Downloads\dds (1).com
2014-03-22 19:24 - 2014-03-22 19:24 - 00688992 _____ (Swearware) C:\Users\vedran\Downloads\dds.pif
2014-03-22 19:24 - 2014-03-22 19:23 - 00688992 ____R (Swearware) C:\Users\vedran\Downloads\dds.com
2014-03-22 05:49 - 2014-03-22 05:49 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLib64.sys
2014-03-19 21:17 - 2014-03-19 21:17 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\vedran\Downloads\avira_en_av___ws (2).exe
2014-03-19 21:17 - 2014-03-19 21:17 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-19 21:16 - 2014-03-19 21:16 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\vedran\Downloads\avira_en_av___ws.exe
2014-03-19 21:16 - 2014-03-19 21:16 - 04050888 _____ (Avira Operations GmbH & Co. KG) C:\Users\vedran\Downloads\avira_en_av___ws (1).exe
2014-03-19 15:27 - 2014-02-17 14:41 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-19 15:27 - 2014-02-17 14:41 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-19 15:27 - 2014-02-17 14:41 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-19 15:27 - 2014-02-17 14:41 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-19 15:27 - 2014-02-17 14:41 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-19 15:27 - 2014-02-17 14:41 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-19 15:27 - 2014-02-17 14:40 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-19 15:27 - 2014-02-17 14:40 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-19 15:25 - 2014-03-19 15:22 - 90578216 _____ (AVAST Software) C:\Users\vedran\Downloads\avast_free_antivirus_setup (1).exe
2014-03-17 11:29 - 2012-07-10 22:45 - 00000000 ____D () C:\Users\vedran\AppData\Roaming\Awem
2014-03-16 22:55 - 2014-03-16 22:54 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh(2).exe
2014-03-16 22:54 - 2014-03-16 22:53 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh(1).exe
2014-03-16 22:45 - 2014-03-16 22:45 - 01161000 _____ () C:\Users\vedran\Downloads\farm_frenzy_3-gs_agh.exe
2014-03-16 22:44 - 2014-03-16 22:44 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh.exe
2014-03-16 22:44 - 2014-03-16 22:44 - 01161000 _____ () C:\Users\vedran\Downloads\letters_from_nowhere-gs_agh (1).exe
2014-03-15 15:54 - 2014-02-17 14:50 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 12:57 - 2009-07-14 06:13 - 00006382 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 14:28 - 2012-10-21 12:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-14 14:27 - 2012-10-21 12:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-14 14:27 - 2011-10-31 18:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-08 22:45 - 2014-03-08 22:39 - 00000000 ____D () C:\Users\vedran\Desktop\Originals
2014-03-08 22:35 - 2011-04-20 09:49 - 00056320 ____H () C:\Users\vedran\Desktop\photothumb.db
2014-03-08 22:32 - 2014-03-08 22:32 - 00056856 _____ () C:\Users\vedran\Desktop\IMG_20140308_121157-bbbbbbbbbbbbbbbbbbb
2014-02-27 09:52 - 2013-03-28 12:44 - 00000000 ____D () C:\Users\vedran\AppData\Local\PlayFree Browser
ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\9a9f1c46
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\9a9f1c46\@
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\9a9f1c46\X
Files to move or delete:
====================
C:\ProgramData\ISTask.dll
C:\ProgramData\RegistryReviver.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-24 14:26
==================== End Of Log ============================
Dopuna: 29 Mar 2014 11:07
Users shortcut scan result (x64) Version: 13-03-2014
Ran by vedran at 2014-03-29 11:04:53
Running from C:\Users\vedran\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\FantastiGames.lnk -> C:\Program Files (x86)\FantastiGames\GPlrLanc.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Rummy Royal.lnk -> C:\Rummy Royal\updater.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk -> C:\Windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk -> C:\Windows\Installer\{3A92A8D7-60F4-4BC0-892B-3AAE4481359D}\Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Uninstall Winamp.lnk -> C:\Program Files (x86)\Winamp\UninstWA.exe (Nullsoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\What's New.lnk -> C:\Program Files (x86)\Winamp\whatsnew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer\Software Informer.lnk -> C:\Program Files\Software Informer\softinfo.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer\Uninstall Software Informer.lnk -> C:\Program Files\Software Informer\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Windows\Installer\{5335DADB-34BA-4AE8-A519-648D78498846}\SkypeIcon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio\Samsung New PC Studio.lnk -> C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rummy Royal\Rummy Royal.lnk -> C:\Rummy Royal\updater.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft\Registry Reviver\Registry Reviver.lnk -> C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (ReviverSoft LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft\Registry Reviver\Uninstall.lnk -> C:\Program Files\ReviverSoft\Registry Reviver\Uninstall.exe (ReviverSoft LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\PhotoScape.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\Uninstall PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\uninstall.exe (Mooii)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Desinstalar Nero Burning ROM.lnk -> C:\Program Files (x86)\Nero\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Burning ROM.lnk -> C:\Program Files (x86)\Nero\Core\nero.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero ControlCenter 4.lnk -> C:\Program Files (x86)\Nero\Nero ControlCenter 4\ncc.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Online Upgrade.lnk -> C:\Program Files (x86)\Nero\Nero 9\Nero Online Upgrade\NeroOnlineUpgrade.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 9\Nero StartSmart Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moborobo\Moborobo.lnk -> C:\Program Files (x86)\Moborobo\Moborobo.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moborobo\Uninstall Moborobo.lnk -> C:\Program Files (x86)\Moborobo\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Language Settings.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Shop for HP Supplies.lnk -> C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe (Hewlett-Packard Development Company L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\GDSMux.lnk -> C:\Program Files (x86)\Haali\MatroskaSplitter\gdsmux.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Uninstall.lnk -> C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe (Freemake)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Youtube Mp3 Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\FreemakeYoutubeMP3Converter.exe (Freemake)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter\Free Video Converter.lnk -> C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe (Koyote Soft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter\Uninstall Free Video Converter.lnk -> C:\Program Files (x86)\Free Video Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Easy Audio Cutter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe (Koyote Soft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Free CD Ripper.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\FreeCDRipper.exe (Koyote Soft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Free Mp3 Wma Converter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Uninstall Audiopack.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free Studio Manager.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe (DvdVideoSoft Ltd. )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe (DVDVideoSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Rocket Subscription.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\SubscriptionOffer.exe (DVDVideoSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube Download.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe (DVDVideoSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe (DVDVideoSoft Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BearShare\BearShare.lnk -> C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\My Avira\Avira AntiVir.lnk -> C:\Windows\update.tray-8-0-lnk\svchost.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Wendy's Wellness\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Wendy's Wellness\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Wendy's Wellness\Wendy's Wellness Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Wendy's Wellness\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Wendy's Wellness\Wendy's Wellness.lnk -> C:\Program Files (x86)\AllGamesHome.com\Wendy's Wellness\Wendy's Wellness.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Wendy's Wellness\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Wendy's Wellness\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Wendy's Wellness\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Wendy's Wellness\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Vampire Saga - Pandora's Box\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Vampire Saga - Pandora's Box\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Vampire Saga - Pandora's Box\Vampire Saga - Pandora's Box Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Vampire Saga - Pandora's Box\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Vampire Saga - Pandora's Box\Vampire Saga - Pandora's Box.lnk -> C:\Program Files (x86)\AllGamesHome.com\Vampire Saga - Pandora's Box\Vampire Saga - Pandora's Box.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Vampire Saga - Pandora's Box\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Vampire Saga - Pandora's Box\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Vampire Saga - Pandora's Box\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Vampire Saga - Pandora's Box\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Treasures Of Montezuma\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Treasures Of Montezuma\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Treasures Of Montezuma\The Treasures Of Montezuma Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Treasures Of Montezuma\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Treasures Of Montezuma\The Treasures Of Montezuma.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Treasures Of Montezuma\The Treasures Of Montezuma.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Treasures Of Montezuma\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Treasures Of Montezuma\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Treasures Of Montezuma\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Treasures Of Montezuma\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Lost Kingdom Prophecy\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Lost Kingdom Prophecy\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Lost Kingdom Prophecy\The Lost Kingdom Prophecy Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Lost Kingdom Prophecy\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Lost Kingdom Prophecy\The Lost Kingdom Prophecy.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Lost Kingdom Prophecy\The Lost Kingdom Prophecy.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Lost Kingdom Prophecy\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Lost Kingdom Prophecy\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Lost Kingdom Prophecy\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Lost Kingdom Prophecy\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Joy of Farming\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Joy of Farming\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Joy of Farming\The Joy of Farming Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Joy of Farming\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Joy of Farming\The Joy of Farming.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Joy of Farming\The Joy of Farming.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Joy of Farming\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Joy of Farming\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Joy of Farming\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Joy of Farming\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Island - Castaway\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Island - Castaway\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Island - Castaway\The Island - Castaway Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Island - Castaway\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Island - Castaway\The Island - Castaway.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Island - Castaway\The Island - Castaway.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Island - Castaway\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Island - Castaway\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\The Island - Castaway\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Island - Castaway\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Settlement - Colossus\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Settlement - Colossus\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Settlement - Colossus\Settlement - Colossus Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Settlement - Colossus\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Settlement - Colossus\Settlement - Colossus.lnk -> C:\Program Files (x86)\AllGamesHome.com\Settlement - Colossus\Settlement - Colossus.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Settlement - Colossus\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Settlement - Colossus\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Settlement - Colossus\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Settlement - Colossus\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Operation Return Gifts\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Operation Return Gifts\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Operation Return Gifts\Operation Return Gifts Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Operation Return Gifts\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Operation Return Gifts\Operation Return Gifts.lnk -> C:\Program Files (x86)\AllGamesHome.com\Operation Return Gifts\Operation Return Gifts.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Operation Return Gifts\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Operation Return Gifts\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Operation Return Gifts\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Operation Return Gifts\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Legacy - World Adventure\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Legacy - World Adventure\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Legacy - World Adventure\Legacy - World Adventure Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Legacy - World Adventure\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Legacy - World Adventure\Legacy - World Adventure.lnk -> C:\Program Files (x86)\AllGamesHome.com\Legacy - World Adventure\Legacy - World Adventure.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Legacy - World Adventure\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Legacy - World Adventure\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Legacy - World Adventure\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Legacy - World Adventure\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Jewel Quest Heritage\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Jewel Quest Heritage\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Jewel Quest Heritage\Jewel Quest Heritage Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Jewel Quest Heritage\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Jewel Quest Heritage\Jewel Quest Heritage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Jewel Quest Heritage\Jewel Quest Heritage.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Jewel Quest Heritage\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Jewel Quest Heritage\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Jewel Quest Heritage\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Jewel Quest Heritage\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Home Sweet Home\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Home Sweet Home\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Home Sweet Home\Home Sweet Home Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Home Sweet Home\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Home Sweet Home\Home Sweet Home.lnk -> C:\Program Files (x86)\AllGamesHome.com\Home Sweet Home\Home Sweet Home.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Home Sweet Home\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Home Sweet Home\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Home Sweet Home\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Home Sweet Home\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Gourmania\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Gourmania\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Gourmania\Gourmania Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Gourmania\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Gourmania\Gourmania.lnk -> C:\Program Files (x86)\AllGamesHome.com\Gourmania\Gourmania.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Gourmania\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Gourmania\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Gourmania\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Gourmania\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Catch The Tune\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Catch The Tune\AllGamesHome.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Catch The Tune\Catch The Tune Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Catch The Tune\homepage.url (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Catch The Tune\Catch The Tune.lnk -> C:\Program Files (x86)\AllGamesHome.com\Catch The Tune\Catch The Tune.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Catch The Tune\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Catch The Tune\license.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Catch The Tune\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Catch The Tune\readme.txt (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Big Farm\AllGamesHome.com.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\AllGamesHome.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Big Farm\Big Farm Homepage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\homepage.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Big Farm\Big Farm.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\Big Farm.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Big Farm\Readme\License.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\license.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AllGamesHome.com\Big Farm\Readme\Readme.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4shared Tools\4shared Desktop.lnk -> C:\Program Files (x86)\4shared Desktop\desktop.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4shared Tools\Uninstall.lnk -> C:\Program Files (x86)\4shared Desktop\uninstall.exe (New IT Solutions)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Avira.lnk -> C:\Windows\update.tray-8-0-lnk\svchost.exe (No File)
Shortcut: C:\Users\Public\Desktop\Big Farm.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\Big Farm.exe ()
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Registry Reviver.lnk -> C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (ReviverSoft LLC)
Shortcut: C:\Users\Public\Desktop\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\vedran\Links\Desktop.lnk -> C:\Users\vedran\Desktop ()
Shortcut: C:\Users\vedran\Links\Downloads.lnk -> C:\Users\vedran\Downloads ()
Shortcut: C:\Users\vedran\Desktop\4shared Desktop.lnk -> C:\Program Files (x86)\4shared Desktop\desktop.exe ()
Shortcut: C:\Users\vedran\Desktop\Bonga.lnk -> C:\Users\vedran\AppData\Local\PlayFree Browser\Games\bonga-gs_agh\play.exe ()
Shortcut: C:\Users\vedran\Desktop\Kingdom's Heyday.lnk -> C:\Users\vedran\AppData\Local\PlayFree Browser\Games\kingdoms_heyday-gs_agh\play.exe ()
Shortcut: C:\Users\vedran\Desktop\razno\slike\mobiteL\Free YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe (DVDVideoSoft Ltd.)
Shortcut: C:\Users\vedran\Desktop\programi\Adobe Reader X.lnk -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\vedran\Desktop\programi\BearShare.lnk -> C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (No File)
Shortcut: C:\Users\vedran\Desktop\programi\DVDVideoSoft Free Studio.lnk -> C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe (DvdVideoSoft Ltd. )
Shortcut: C:\Users\vedran\Desktop\programi\Easy Audio Cutter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\Desktop\programi\Facebook.lnk -> C:\Users\vedran\AppData\Local\Torch\Application\torch.exe (No File)
Shortcut: C:\Users\vedran\Desktop\programi\Free CD Ripper.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\FreeCDRipper.exe (Koyote Soft)
Shortcut: C:\Users\vedran\Desktop\programi\Free Mp3 Wma Converter - Copy.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\Desktop\programi\Free Mp3 Wma Converter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\Desktop\programi\Free Video Converter.lnk -> C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\Desktop\programi\Free YouTube Download.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe (DVDVideoSoft Ltd.)
Shortcut: C:\Users\vedran\Desktop\programi\Free YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe (DVDVideoSoft Ltd.)
Shortcut: C:\Users\vedran\Desktop\programi\Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe (Freemake)
Shortcut: C:\Users\vedran\Desktop\programi\Freemake Youtube Mp3 Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\FreemakeYoutubeMP3Converter.exe (Freemake)
Shortcut: C:\Users\vedran\Desktop\programi\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\Users\vedran\Desktop\programi\Nitro Reader.lnk -> C:\Program Files (x86)\Nitro PDF\Reader 2\NitroPDFReader.exe (Nitro PDF)
Shortcut: C:\Users\vedran\Desktop\programi\Norton Installation Files.lnk -> C:\Users\Public\Downloads\Norton\{NISADM-B201-4abb-B07C-C084B04B4F12} ()
Shortcut: C:\Users\vedran\Desktop\programi\PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\PhotoScape.exe ()
Shortcut: C:\Users\vedran\Desktop\programi\Play Free Games.lnk -> C:\Program Files (x86)\Free Video Converter\fantastic\fantasticInst.exe ()
Shortcut: C:\Users\vedran\Desktop\programi\Registry Reviver.lnk -> C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (ReviverSoft LLC)
Shortcut: C:\Users\vedran\Desktop\programi\Torch.lnk -> C:\Users\vedran\AppData\Local\Torch\Application\torch.exe (No File)
Shortcut: C:\Users\vedran\Desktop\programi\Youtube.lnk -> C:\Users\vedran\AppData\Local\Torch\Application\torch.exe (No File)
Shortcut: C:\Users\vedran\Desktop\New folder (2)\slike\mobiteL\Free YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe (DVDVideoSoft Ltd.)
Shortcut: C:\Users\vedran\Desktop\New folder (2)\mobiteL\Free YouTube to MP3 Converter.lnk -> C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe (DVDVideoSoft Ltd.)
Shortcut: C:\Users\vedran\AppData\AppData - Shortcut.lnk -> C:\Users\vedran\AppData ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free mp3 Wma Converter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Video Converter.lnk -> C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk -> C:\Users\vedran\AppData\Local\Pokki\Engine\pokki.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk -> C:\Users\vedran\AppData\Local\Torch\Application\torch.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN\PrivitizeVPN.lnk -> C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN\Uninstall PrivitizeVPN.lnk -> C:\Program Files (x86)\PrivitizeVPN\uninstall.exe (OOO Industry)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Youtube Mp3 Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\Uninstall\unins000.exe ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\4shared Desktop.lnk -> C:\Program Files (x86)\4shared Desktop\desktop.exe ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk -> C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Big Farm.lnk -> C:\Program Files (x86)\AllGamesHome.com\Big Farm\Big Farm.exe ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Catch The Tune.lnk -> C:\Program Files (x86)\AllGamesHome.com\Catch The Tune\Catch The Tune.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Easy Audio Cutter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\FreeCDRipper.exe (Koyote Soft)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk -> C:\Program Files (x86)\Free Video Converter\FreeVideoConverter.exe (Koyote Soft)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gourmania.lnk -> C:\Program Files (x86)\AllGamesHome.com\Gourmania\Gourmania.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Home Sweet Home.lnk -> C:\Program Files (x86)\AllGamesHome.com\Home Sweet Home\Home Sweet Home.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Jewel Quest Heritage.lnk -> C:\Program Files (x86)\AllGamesHome.com\Jewel Quest Heritage\Jewel Quest Heritage.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Legacy - World Adventure.lnk -> C:\Program Files (x86)\AllGamesHome.com\Legacy - World Adventure\Legacy - World Adventure.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Operation Return Gifts.lnk -> C:\Program Files (x86)\AllGamesHome.com\Operation Return Gifts\Operation Return Gifts.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\PhotoScape.exe ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PlayFree Browser.lnk -> C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe (MyPlayCity, Inc.)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Registry Reviver.lnk -> C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (ReviverSoft LLC)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Rummy Royal.lnk -> C:\Rummy Royal\updater.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk -> C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Settlement - Colossus.lnk -> C:\Program Files (x86)\AllGamesHome.com\Settlement - Colossus\Settlement - Colossus.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\The Joy of Farming.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Joy of Farming\The Joy of Farming.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\The Lost Kingdom Prophecy.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Lost Kingdom Prophecy\The Lost Kingdom Prophecy.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\The Treasures Of Montezuma.lnk -> C:\Program Files (x86)\AllGamesHome.com\The Treasures Of Montezuma\The Treasures Of Montezuma.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk -> C:\Users\vedran\AppData\Local\Torch\Application\torch.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vampire Saga - Pandora's Box.lnk -> C:\Program Files (x86)\AllGamesHome.com\Vampire Saga - Pandora's Box\Vampire Saga - Pandora's Box.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wendy's Wellness.lnk -> C:\Program Files (x86)\AllGamesHome.com\Wendy's Wellness\Wendy's Wellness.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Installer for SoftSafe.lnk -> C:\Users\vedran\Downloads\Ranko Marinkovic Ruke pdf.exe (SoftSafe)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PlayFree Browser.lnk -> C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe (MyPlayCity, Inc.)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BearShare.lnk -> C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (No File)
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Moborobo.lnk -> C:\Program Files (x86)\Moborobo\Moborobo.exe ()
Shortcut: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp (Safe Mode).lnk -> C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft, Inc.) -> /SAFE=1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung New PC Studio\Uninstall Samsung New PC Studio.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe () -> -L2057 /removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rummy Royal\Uninstall Rummy Royal.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {479C85BE-93E3-49B7-A57D-C5D4EF374F4E}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Express.lnk -> C:\Program Files (x86)\Nero\Core\nero.exe (Nero AG) -> /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Save My Settings Wizard.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe () -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Application Recovery.lnk -> C:\Windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -c
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Media Splitter Settings.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> splitter.ax,Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Deinstalacija programa Google Earth.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Pokretanje programa Google Earth u DirectX naĊinu rada.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setDX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Pokretanje programa Google Earth u OpenGL naĊinu rada.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setOGL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\Avast.lnk -> C:\Windows\update.tray-7-0-lnk\svchost.exe (Cronosoft) -> tray 7-0 1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\vedran\Desktop\PlayFree Browser.lnk -> C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe (MyPlayCity, Inc.) -> --shortcut
ShortcutWithArgument: C:\Users\vedran\Desktop\razno\slike\best!\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\Users\vedran\Desktop\New folder (2)\slike\best!\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\Users\vedran\Desktop\New folder (2)\best!\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayFree Browser\PlayFree Browser.lnk -> C:\Users\vedran\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe (MyPlayCity, Inc.) -> --startmenu
ShortcutWithArgument: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\vedran\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\avast! Free Antivirus.lnk -> C:\Windows\update.tray-7-0-lnk\svchost.exe (Cronosoft) -> tray 7-0 1
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moborobo\Moborobo on the Web.url -> hxxp://www.moborobo.com
InternetURL: C:\Users\vedran\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\vedran\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\vedran\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\vedran\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\vedran\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\vedran\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\vedran\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\vedran\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\vedran\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\vedran\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\vedran\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\vedran\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\vedran\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\vedran\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\vedran\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\vedran\Favorites\Links\Suggested Sites.url -> ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\vedran\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\vedran\Desktop\programi\Get The Best Facebook Chat Messenger.url -> hxxp://lp.ftalk.com/?sysid=431&appid=120
InternetURL: C:\Users\vedran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com
InternetURL: C:\Users\vedran\AppData\Local\PlayFree Browser\Games\kingdoms_heyday-gs_agh\play.url -> hxxp://allgameshome.com/play.html?utm_source=gs_agh&utm_medium=play
InternetURL: C:\Users\vedran\AppData\Local\PlayFree Browser\Games\kingdoms_heyday-gs_agh\website.url -> hxxp://allgameshome.com/?utm_source=gs_agh&utm_medium=website
InternetURL: C:\Users\vedran\AppData\Local\PlayFree Browser\Games\bonga-gs_agh\play.url -> hxxp://allgameshome.com/play.html?utm_source=gs_agh&utm_medium=play
InternetURL: C:\Users\vedran\AppData\Local\PlayFree Browser\Games\bonga-gs_agh\website.url -> hxxp://allgameshome.com/?utm_source=gs_agh&utm_medium=website
==================== End of log =============================
|
|
|
|
|