Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Occasional freezes, possibly infected

  1. 2014-07-30, 20:48 #1
    Notawiz
    Notawiz is offline
    Junior Member
    Join Date
    Jul 2014
    Posts
    7

    Default Occasional freezes, possibly infected

    My PC occasionally "freezes" for about 0.5-3 seconds at a time. During such a freeze, I can move the mouse and see the cursor moving, but if I mouse over a button, the button isn't highlighted. If I type, I'll only see the text I typed after the freeze ends. It happens often enough to be a nuisance, especially in games. I disabled as much bloat as possible, defragmented, scanned with MSE and spybot, and didn't manage to get rid of it. It wasn't happening when the PC was new, so I suspect a virus.

    The log files are too large to post, so I attached a zip.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
    Ran by ndjokic (administrator) on NDJOKIC-PC on 30-07-2014 19:12:15
    Running from C:\Users\ndjokic\Desktop
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
    HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
    HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
    HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\MountPoints2: {6a70d0d2-ff26-11e1-b4b9-806e6f6e6963} - F:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
    HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\MountPoints2: {daf1934d-3319-11e2-b636-930c393050a1} - H:\Setup.exe
    ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0623424AC3A4CD01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

    FireFox:
    ========
    FF ProfilePath: C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871
    FF Homepage: hxxp://www.google.co.uk/
    FF NetworkProxy: "autoconfig_url", "http://r-1.ch/twitch.pac"
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\ndjokic\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\ndjokic\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ndjokic\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ndjokic\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ndjokic\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
    FF Plugin ProgramFiles/Appdata: C:\Users\ndjokic\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\ndjokic\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: FoxyProxy Standard - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\foxyproxy@eric.h.jung [2014-02-04]
    FF Extension: Classic Theme Restorer - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-02]
    FF Extension: YouTube Center - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-09-15]
    FF Extension: Adblock Plus - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-19]
    FF Extension: Team Liquid Streams - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\{db09811d-efff-4339-a548-8550c7238a30}.xpi [2013-11-08]
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-30]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
    S4 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11264 2012-07-30] (Olof Lagerkvist) [File not signed]
    S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-12-13] (LogMeIn, Inc.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-10] ()
    S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
    S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
    S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
    S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
    S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH) [File not signed]
    S4 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]
    S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [18384 2012-02-16] (Olof Lagerkvist)
    R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [38416 2012-07-30] (Olof Lagerkvist)
    R0 johci; C:\Windows\System32\DRIVERS\johci.sys [26712 2011-01-18] (JMicron Technology Corp.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
    S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
    S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [105816 2012-09-13] (Oracle Corporation)
    R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-08-15] (VMware, Inc.)
    R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
    S3 ALSysIO; \??\C:\Users\ndjokic\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-07-30 19:12 - 2014-07-30 19:13 - 00016948 _____ () C:\Users\ndjokic\Desktop\FRST.txt
    2014-07-30 19:10 - 2014-07-30 19:12 - 00000000 ____D () C:\FRST
    2014-07-30 19:10 - 2014-07-30 19:10 - 02093568 _____ (Farbar) C:\Users\ndjokic\Desktop\FRST64.exe
    2014-07-30 19:09 - 2014-07-30 19:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NDJOKIC-PC-Microsoft-Windows-7-Professional-(64-bit).dat
    2014-07-30 19:08 - 2014-07-30 19:08 - 00000000 ____D () C:\RegBackup
    2014-07-30 19:07 - 2014-07-30 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-07-30 19:07 - 2014-07-30 19:07 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-07-30 19:07 - 2014-07-30 19:07 - 00000000 ____D () C:\Program Files (x86)\Registry Backup
    2014-07-29 22:10 - 2014-07-29 22:10 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\LOVE
    2014-07-29 22:02 - 2014-07-29 22:02 - 00000000 ____D () C:\Users\ndjokic\Desktop\mari0
    2014-07-28 18:52 - 2014-07-28 18:52 - 00000000 ____D () C:\Users\ndjokic\Desktop\movies
    2014-07-28 18:52 - 2014-07-28 18:52 - 00000000 ____D () C:\Users\ndjokic\Desktop\food
    2014-07-27 11:54 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-07-27 11:54 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-07-27 11:54 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-07-27 11:54 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-07-27 11:54 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-07-27 11:54 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2014-07-27 11:54 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-07-27 11:54 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2014-07-27 11:54 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-07-27 11:54 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2014-07-27 11:54 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-07-27 11:54 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-07-27 11:54 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-07-27 11:53 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-07-27 11:53 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2014-07-27 11:53 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-07-27 11:53 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-07-27 11:53 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-07-27 11:53 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-07-27 11:53 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-07-27 11:53 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-07-27 11:53 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-07-27 11:53 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-07-27 11:53 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-07-27 11:53 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2014-07-27 11:53 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-07-27 11:53 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-07-27 11:53 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-07-27 11:53 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-07-27 11:53 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-07-27 11:53 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-07-27 11:53 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-07-27 11:53 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-07-27 11:53 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-07-27 11:53 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2014-07-27 11:52 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-07-27 11:52 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-07-27 11:52 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-07-27 11:52 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-07-27 11:52 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-07-27 11:52 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-07-27 11:52 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-07-27 11:52 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-07-27 11:52 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-07-27 11:52 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-07-27 11:52 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-07-27 11:52 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-07-27 11:52 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-07-27 11:52 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-07-27 11:52 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-07-27 11:52 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-07-27 11:52 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-07-27 11:52 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-07-27 11:52 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-07-27 11:52 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-07-27 11:52 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-07-27 11:52 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-07-27 11:52 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-07-27 11:52 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-07-27 11:52 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-07-27 11:52 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-07-27 11:52 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-07-27 11:52 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-07-27 11:52 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-07-27 11:52 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-07-27 11:52 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-07-27 11:52 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-07-27 11:52 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-07-27 11:52 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-07-27 11:52 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-07-27 11:52 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-07-27 11:52 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-07-27 11:52 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-07-27 11:52 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-07-27 11:52 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-07-27 11:52 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-07-27 11:52 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-07-27 11:52 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-07-27 11:52 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-07-27 11:52 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-07-27 11:52 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-07-27 11:52 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-07-27 11:52 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-07-27 11:52 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-07-27 11:52 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-07-27 11:52 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-07-27 11:52 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-07-27 11:52 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-07-27 11:52 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-07-27 11:52 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-07-27 11:52 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-07-27 11:52 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-07-27 11:52 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-07-27 11:52 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-07-27 11:52 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-07-27 11:52 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-07-27 11:52 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2014-07-27 11:52 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2014-07-27 11:52 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-07-27 11:52 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-07-27 11:52 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-07-27 11:52 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-07-27 11:52 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-07-27 11:52 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-07-27 08:31 - 2014-07-27 08:46 - 00000169 _____ () C:\Users\ndjokic\Desktop\useless.txt
    2014-07-26 07:28 - 2014-07-30 17:57 - 00000467 _____ () C:\Users\ndjokic\Desktop\db.txt
    2014-07-25 07:27 - 2014-07-25 07:27 - 00002376 _____ () C:\Users\ndjokic\Documents\MumbleAutomaticCertificateBackup.p12
    2014-07-25 07:22 - 2014-07-25 07:57 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\Mumble
    2014-07-25 03:30 - 2014-07-25 03:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
    2014-07-25 03:30 - 2014-07-25 03:30 - 00000000 ____D () C:\Program Files (x86)\Mumble
    2014-07-24 22:20 - 2014-07-24 23:01 - 00000007 _____ () C:\Users\ndjokic\Desktop\New Text Document.txt
    2014-07-24 15:05 - 2014-07-24 15:08 - 00000073 _____ () C:\Users\ndjokic\Desktop\acm reimb.txt
    2014-07-23 15:36 - 2014-07-23 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-22 19:00 - 2014-07-27 13:53 - 00000000 ____D () C:\Users\ndjokic\Desktop\bill
    2014-07-22 12:12 - 2014-07-30 06:09 - 00000840 _____ () C:\Windows\setupact.log
    2014-07-20 18:06 - 2014-07-20 18:06 - 00000000 ____D () C:\ProgramData\ATI
    2014-07-20 18:01 - 2014-07-20 18:01 - 00000000 ____D () C:\ProgramData\AMD
    2014-07-20 18:01 - 2014-07-20 18:01 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
    2014-07-20 18:00 - 2014-07-20 18:00 - 00056100 _____ () C:\Windows\SysWOW64\CCCInstall_201407201800525336.log
    2014-07-20 18:00 - 2014-07-20 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2014-07-20 17:54 - 2014-07-20 17:54 - 00000000 ____D () C:\Program Files\AMD
    2014-07-20 17:52 - 2014-07-20 17:52 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
    2014-07-20 00:48 - 2014-07-20 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
    2014-07-19 22:22 - 2014-07-19 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
    2014-07-18 01:09 - 2014-07-18 01:21 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\Hero_Siege
    2014-07-17 23:07 - 2014-07-17 23:38 - 00000065 _____ () C:\Users\ndjokic\Desktop\hercules pw.txt
    2014-07-14 19:26 - 2014-07-14 19:31 - 00000000 ____D () C:\Users\ndjokic\Desktop\hair progress
    2014-07-12 00:24 - 2014-07-20 17:52 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-07-12 00:18 - 2014-07-12 00:18 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\XGen Studios, Inc
    2014-07-12 00:18 - 2014-07-12 00:18 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\XGen Studios, Inc
    2014-07-11 22:46 - 2014-07-18 00:13 - 00000657 _____ () C:\Users\ndjokic\Desktop\local contest tasks.txt
    2014-07-03 21:29 - 2014-07-18 01:08 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-07-03 21:29 - 2014-07-03 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2014-07-03 00:10 - 2014-07-03 00:10 - 00000000 ____D () C:\ProgramData\WaLMaRT
    2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trendy Entertainment
    2014-07-02 14:20 - 2014-07-02 14:20 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-07-30 19:13 - 2014-07-30 19:12 - 00016948 _____ () C:\Users\ndjokic\Desktop\FRST.txt
    2014-07-30 19:12 - 2014-07-30 19:10 - 00000000 ____D () C:\FRST
    2014-07-30 19:10 - 2014-07-30 19:10 - 02093568 _____ (Farbar) C:\Users\ndjokic\Desktop\FRST64.exe
    2014-07-30 19:10 - 2013-02-02 21:17 - 00000000 ____D () C:\Users\ndjokic\Desktop\dls
    2014-07-30 19:09 - 2014-07-30 19:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NDJOKIC-PC-Microsoft-Windows-7-Professional-(64-bit).dat
    2014-07-30 19:08 - 2014-07-30 19:08 - 00000000 ____D () C:\RegBackup
    2014-07-30 19:07 - 2014-07-30 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-07-30 19:07 - 2014-07-30 19:07 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-07-30 19:07 - 2014-07-30 19:07 - 00000000 ____D () C:\Program Files (x86)\Registry Backup
    2014-07-30 18:56 - 2014-01-27 21:49 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-30 18:26 - 2014-06-29 22:21 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132009455-2026092721-3990303557-1000UA.job
    2014-07-30 17:57 - 2014-07-26 07:28 - 00000467 _____ () C:\Users\ndjokic\Desktop\db.txt
    2014-07-30 17:49 - 2013-12-19 10:13 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\Battle.net
    2014-07-30 16:52 - 2012-09-15 13:19 - 02006456 _____ () C:\Windows\WindowsUpdate.log
    2014-07-30 09:33 - 2014-01-27 21:49 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-30 09:30 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-30 09:30 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-30 09:25 - 2013-08-30 23:00 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-132009455-2026092721-3990303557-1000
    2014-07-30 09:25 - 2013-08-30 23:00 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-132009455-2026092721-3990303557-1000
    2014-07-30 09:24 - 2012-12-31 19:09 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\TSVNCache
    2014-07-30 06:09 - 2014-07-22 12:12 - 00000840 _____ () C:\Windows\setupact.log
    2014-07-30 06:09 - 2012-10-11 14:18 - 00000000 ____D () C:\ProgramData\VMware
    2014-07-30 06:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-29 22:30 - 2014-06-29 22:21 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132009455-2026092721-3990303557-1000Core.job
    2014-07-29 22:10 - 2014-07-29 22:10 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\LOVE
    2014-07-29 22:02 - 2014-07-29 22:02 - 00000000 ____D () C:\Users\ndjokic\Desktop\mari0
    2014-07-28 20:54 - 2012-09-18 08:37 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\Skype
    2014-07-28 18:52 - 2014-07-28 18:52 - 00000000 ____D () C:\Users\ndjokic\Desktop\movies
    2014-07-28 18:52 - 2014-07-28 18:52 - 00000000 ____D () C:\Users\ndjokic\Desktop\food
    2014-07-28 18:52 - 2014-06-18 20:37 - 00000134 _____ () C:\Users\ndjokic\Desktop\spb stuff.txt
    2014-07-28 18:52 - 2014-02-17 15:18 - 00000000 ____D () C:\Users\ndjokic\Desktop\stuff
    2014-07-28 18:52 - 2013-12-13 18:48 - 00000000 ____D () C:\Users\ndjokic\Desktop\games
    2014-07-27 13:53 - 2014-07-22 19:00 - 00000000 ____D () C:\Users\ndjokic\Desktop\bill
    2014-07-27 13:21 - 2012-10-11 21:28 - 00000000 ____D () C:\Users\ndjokic\.VirtualBox
    2014-07-27 12:13 - 2013-09-28 18:09 - 00000000 ____D () C:\Windows\pss
    2014-07-27 12:13 - 2012-12-02 18:20 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\LogMeIn Hamachi
    2014-07-27 12:06 - 2009-07-14 06:45 - 00268856 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-07-27 12:04 - 2014-05-06 06:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-07-27 12:04 - 2009-07-14 09:47 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-07-27 12:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-07-27 12:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-07-27 12:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-07-27 12:01 - 2013-07-22 03:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-27 11:28 - 2014-04-23 06:45 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-132009455-2026092721-3990303557-1000
    2014-07-27 11:27 - 2014-04-23 06:45 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-132009455-2026092721-3990303557-1000
    2014-07-27 08:46 - 2014-07-27 08:31 - 00000169 _____ () C:\Users\ndjokic\Desktop\useless.txt
    2014-07-26 16:02 - 2014-02-22 21:52 - 00000691 _____ () C:\Users\ndjokic\Desktop\6sm skipped.txt
    2014-07-25 23:04 - 2013-11-06 21:10 - 00001162 _____ () C:\Users\ndjokic\Desktop\blu.txt
    2014-07-25 07:57 - 2014-07-25 07:22 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\Mumble
    2014-07-25 07:27 - 2014-07-25 07:27 - 00002376 _____ () C:\Users\ndjokic\Documents\MumbleAutomaticCertificateBackup.p12
    2014-07-25 03:30 - 2014-07-25 03:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
    2014-07-25 03:30 - 2014-07-25 03:30 - 00000000 ____D () C:\Program Files (x86)\Mumble
    2014-07-25 00:17 - 2013-12-19 10:12 - 00000000 ____D () C:\Program Files (x86)\Battle.net
    2014-07-24 23:01 - 2014-07-24 22:20 - 00000007 _____ () C:\Users\ndjokic\Desktop\New Text Document.txt
    2014-07-24 15:08 - 2014-07-24 15:05 - 00000073 _____ () C:\Users\ndjokic\Desktop\acm reimb.txt
    2014-07-24 03:38 - 2012-09-15 13:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-07-23 15:37 - 2014-07-23 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-21 23:27 - 2013-10-04 22:23 - 00002108 _____ () C:\Users\ndjokic\Desktop\iou.txt
    2014-07-21 21:54 - 2013-02-01 13:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-07-20 22:40 - 2013-07-11 18:26 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\vlc
    2014-07-20 20:41 - 2012-09-18 10:23 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\uTorrent
    2014-07-20 19:37 - 2012-09-22 19:40 - 00000000 ____D () C:\movies
    2014-07-20 18:06 - 2014-07-20 18:06 - 00000000 ____D () C:\ProgramData\ATI
    2014-07-20 18:01 - 2014-07-20 18:01 - 00000000 ____D () C:\ProgramData\AMD
    2014-07-20 18:01 - 2014-07-20 18:01 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
    2014-07-20 18:00 - 2014-07-20 18:00 - 00056100 _____ () C:\Windows\SysWOW64\CCCInstall_201407201800525336.log
    2014-07-20 18:00 - 2014-07-20 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2014-07-20 18:00 - 2013-12-22 14:40 - 00000000 ____D () C:\Program Files\ATI Technologies
    2014-07-20 17:54 - 2014-07-20 17:54 - 00000000 ____D () C:\Program Files\AMD
    2014-07-20 17:52 - 2014-07-20 17:52 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
    2014-07-20 17:52 - 2014-07-12 00:24 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-07-20 17:44 - 2013-12-22 14:24 - 00000000 ____D () C:\AMD
    2014-07-20 00:48 - 2014-07-20 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
    2014-07-20 00:41 - 2012-09-15 16:09 - 00000000 ____D () C:\games
    2014-07-19 22:22 - 2014-07-19 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
    2014-07-18 01:21 - 2014-07-18 01:09 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\Hero_Siege
    2014-07-18 01:08 - 2014-07-03 21:29 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-07-18 00:13 - 2014-07-11 22:46 - 00000657 _____ () C:\Users\ndjokic\Desktop\local contest tasks.txt
    2014-07-17 23:38 - 2014-07-17 23:07 - 00000065 _____ () C:\Users\ndjokic\Desktop\hercules pw.txt
    2014-07-17 22:32 - 2012-11-20 23:07 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2014-07-16 16:01 - 2009-07-14 07:13 - 00786766 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-07-14 19:31 - 2014-07-14 19:26 - 00000000 ____D () C:\Users\ndjokic\Desktop\hair progress
    2014-07-13 13:58 - 2014-05-15 02:45 - 00000225 _____ () C:\Users\ndjokic\Desktop\topc.txt
    2014-07-12 00:18 - 2014-07-12 00:18 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\XGen Studios, Inc
    2014-07-12 00:18 - 2014-07-12 00:18 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\XGen Studios, Inc
    2014-07-06 03:18 - 2013-06-18 14:40 - 00000688 _____ () C:\Users\ndjokic\contestapplet.conf
    2014-07-06 03:14 - 2013-06-18 14:40 - 00000688 _____ () C:\Users\ndjokic\contestapplet.conf.bak
    2014-07-03 21:29 - 2014-07-03 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2014-07-03 00:10 - 2014-07-03 00:10 - 00000000 ____D () C:\ProgramData\WaLMaRT
    2014-07-02 23:20 - 2013-09-06 20:32 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\TS3Client
    2014-07-02 22:40 - 2012-12-13 23:02 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\SKIDROW
    2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trendy Entertainment
    2014-07-02 14:20 - 2014-07-02 14:20 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
    2014-07-02 14:20 - 2014-02-09 20:57 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
    2014-06-30 12:18 - 2014-05-12 21:58 - 00000046 _____ () C:\Users\ndjokic\jagex_cl_runescape_LIVE.dat
    2014-06-30 12:18 - 2014-05-12 21:58 - 00000024 _____ () C:\Users\ndjokic\random.dat
    2014-06-30 04:09 - 2014-07-27 11:54 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-06-30 04:04 - 2014-07-27 11:54 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

    Files to move or delete:
    ====================
    C:\ProgramData\hash.dat
    C:\Users\ndjokic\jagex_cl_oldschool_LIVE.dat
    C:\Users\ndjokic\jagex_cl_runescape_LIVE.dat
    C:\Users\ndjokic\random.dat


    Some content of TEMP:
    ====================
    C:\Users\ndjokic\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
    C:\Users\ndjokic\AppData\Local\Temp\catalyst_mobility_64-bit_util.exe
    C:\Users\ndjokic\AppData\Local\Temp\jna5155314657774875577.dll
    C:\Users\ndjokic\AppData\Local\Temp\lowproc.exe
    C:\Users\ndjokic\AppData\Local\Temp\SIInvoker.exe
    C:\Users\ndjokic\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\ndjokic\AppData\Local\Temp\SRLDetectionLibrary5122638381083391501.dll
    C:\Users\ndjokic\AppData\Local\Temp\SRLDetectionLibrary6002148792366687404.dll
    C:\Users\ndjokic\AppData\Local\Temp\stubhelper.dll
    C:\Users\ndjokic\AppData\Local\Temp\swt-win32-3349.dll
    C:\Users\ndjokic\AppData\Local\Temp\Uninstall.exe
    C:\Users\ndjokic\AppData\Local\Temp\vlc-2.0.8-win32.exe
    C:\Users\ndjokic\AppData\Local\Temp\_unps.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-28 19:34

    ==================== End Of Log ============================

    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-07-30 19:28:26
    -----------------------------
    19:28:26.517 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:28:26.517 Number of processors: 4 586 0x2A07
    19:28:26.517 ComputerName: NDJOKIC-PC UserName: ndjokic
    19:28:28.005 Initialize success
    19:28:28.050 VM: initialized successfully
    19:28:28.073 VM: Intel CPU BiosDisabled
    19:28:37.973 VM: supported disk I/O iaStor.sys
    19:32:33.425 AVAST engine defs: 14073001
    19:33:42.590 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    19:33:42.590 Disk 0 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3
    19:33:44.135 Disk 0 MBR read successfully
    19:33:44.135 Disk 0 MBR scan
    19:33:44.135 Disk 0 Windows 7 default MBR code
    19:33:44.135 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
    19:33:44.135 Disk 0 default boot code
    19:33:44.150 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 455269 MB offset 616448
    19:33:44.197 Disk 0 Partition 3 00 07 HPFS/NTFS 16247 MB offset 933007360
    19:33:44.197 Disk 0 Partition 4 00 0C FAT32 LBA 5115 MB offset 966281216
    19:33:44.275 Disk 0 scanning C:\Windows\system32\drivers
    19:34:03.985 Service scanning
    19:34:47.861 Modules scanning
    19:34:47.861 Disk 0 trace - called modules:
    19:34:49.609 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
    19:34:49.610 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800971a060]
    19:34:49.610 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800956e870]
    19:34:49.610 5 hpdskflt.sys[fffff88001861361] -> nt!IofCallDriver -> [0xfffffa8007bb5e40]
    19:34:49.610 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007bbe050]
    19:34:51.098 AVAST engine scan C:\Windows
    19:34:54.612 AVAST engine scan C:\Windows\system32
    19:39:06.443 AVAST engine scan C:\Windows\system32\drivers
    19:39:29.664 AVAST engine scan C:\Users\ndjokic
    19:57:48.401 AVAST engine scan C:\ProgramData
    20:14:25.729 Scan finished successfully
    20:21:50.361 Disk 0 MBR has been saved successfully to "C:\Users\ndjokic\Desktop\july 2014 virus\MBR.dat"
    20:21:50.384 The log file has been saved successfully to "C:\Users\ndjokic\Desktop\july 2014 virus\aswMBR.txt"
    Attached Files Attached Files
    Last edited by tashi; 2014-07-31 at 07:15. Reason: Copy pasted two logs into topic
  2. 2014-07-31, 12:59 #2
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Not looking at anything earth shattering in your logs, what we can do is run a few scans to clean up your system and if no malware is found than I can link you to a good windows forum for help . I wanted to add that i see markers in your log for uTorrent, using any form of File Sharing is dangerous, the program itself is safe but your downloading that file from an unknown source and not all but a large percentage of those files can be infected, its like playing Russian Roulette malwarewise. Also it looks like you have a ton a games installed, these sometimes cause issues.


    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean







    =============================================================




    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2014-07-31, 13:24 #3
    Notawiz
    Notawiz is offline
    Junior Member
    Join Date
    Jul 2014
    Posts
    7

    Default

    Thanks. TFC removed about 2GB total.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 31/07/2014
    Scan Time: 13:14:35
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.31.04
    Rootkit Database: v2014.07.17.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: ndjokic

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 291297
    Time Elapsed: 8 min, 11 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, , [35db9610403b1a1ccfbdb43ec33f48b8],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
  4. 2014-07-31, 13:30 #4
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    This is a good read about P2P (File Sharing)

    http://www.zonealarm.com/blog/2014/0...-file-sharing/



    -AdwCleaner-by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Scan.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    ===============================================================================


    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.





    Then when your done run a new scan with FRST and post the logs please, besure to check Additions
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2014-07-31, 14:25 #5
    Notawiz
    Notawiz is offline
    Junior Member
    Join Date
    Jul 2014
    Posts
    7

    Default

    The file is called C:\AdwCleaner\AdwCleaner[S0].txt for me, not C:\AdwCleaner[S1].txt.

    # AdwCleaner v3.302 - Report created 31/07/2014 at 13:51:09
    # Updated 30/07/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : ndjokic - NDJOKIC-PC
    # Running from : C:\Users\ndjokic\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207


    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [ File : C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\prefs.js ]


    *************************

    AdwCleaner[R0].txt - [1120 octets] - [31/07/2014 13:50:14]
    AdwCleaner[S0].txt - [1052 octets] - [31/07/2014 13:51:09]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1112 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Professional x64
    Ran by ndjokic on 31/07/2014 at 13:58:16.38
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ FireFox

    Emptied folder: C:\Users\ndjokic\AppData\Roaming\mozilla\firefox\profiles\arbmcia9.default-1362714903871\minidumps [772 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 31/07/2014 at 14:02:10.51
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
    Ran by ndjokic (administrator) on NDJOKIC-PC on 31-07-2014 14:12:09
    Running from C:\Users\ndjokic\Desktop\july 2014 virus
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
    (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
    HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
    HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\MountPoints2: {6a70d0d2-ff26-11e1-b4b9-806e6f6e6963} - F:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
    HKU\S-1-5-21-132009455-2026092721-3990303557-1000\...\MountPoints2: {daf1934d-3319-11e2-b636-930c393050a1} - H:\Setup.exe
    ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0623424AC3A4CD01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

    FireFox:
    ========
    FF ProfilePath: C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871
    FF Homepage: hxxp://www.google.co.uk/
    FF NetworkProxy: "autoconfig_url", "http://r-1.ch/twitch.pac"
    FF NetworkProxy: "socks_remote_dns", true
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\ndjokic\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\ndjokic\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ndjokic\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ndjokic\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ndjokic\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
    FF Plugin ProgramFiles/Appdata: C:\Users\ndjokic\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\ndjokic\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Extension: FoxyProxy Standard - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\foxyproxy@eric.h.jung [2014-02-04]
    FF Extension: Classic Theme Restorer - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-02]
    FF Extension: YouTube Center - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-09-15]
    FF Extension: Adblock Plus - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-19]
    FF Extension: Team Liquid Streams - C:\Users\ndjokic\AppData\Roaming\Mozilla\Firefox\Profiles\arbmcia9.default-1362714903871\Extensions\{db09811d-efff-4339-a548-8550c7238a30}.xpi [2013-11-08]
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-30]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
    S4 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11264 2012-07-30] (Olof Lagerkvist) [File not signed]
    S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-12-13] (LogMeIn, Inc.)
    S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-10] ()
    S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
    S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
    S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
    S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
    S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [759192 2013-09-03] (Tunngle.net GmbH) [File not signed]
    S4 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed]
    S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [18384 2012-02-16] (Olof Lagerkvist)
    R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [38416 2012-07-30] (Olof Lagerkvist)
    R0 johci; C:\Windows\System32\DRIVERS\johci.sys [26712 2011-01-18] (JMicron Technology Corp.)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
    S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
    S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [105816 2012-09-13] (Oracle Corporation)
    R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-08-15] (VMware, Inc.)
    R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.)
    S3 ALSysIO; \??\C:\Users\ndjokic\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-07-31 14:02 - 2014-07-31 14:02 - 00000846 _____ () C:\Users\ndjokic\Desktop\JRT.txt
    2014-07-31 13:58 - 2014-07-31 13:58 - 00000000 ____D () C:\Windows\ERUNT
    2014-07-31 13:55 - 2014-07-31 13:55 - 01016261 _____ (Thisisu) C:\Users\ndjokic\Desktop\JRT.exe
    2014-07-31 13:50 - 2014-07-31 13:51 - 00000000 ____D () C:\AdwCleaner
    2014-07-31 13:49 - 2014-07-31 13:49 - 01361309 _____ () C:\Users\ndjokic\Desktop\AdwCleaner.exe
    2014-07-31 13:12 - 2014-07-31 13:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-31 13:11 - 2014-07-31 13:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-31 13:11 - 2014-07-31 13:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-31 13:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-07-31 13:11 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-07-31 13:11 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-07-31 13:02 - 2014-07-31 13:02 - 00448512 _____ (OldTimer Tools) C:\Users\ndjokic\Desktop\TFC.exe
    2014-07-30 19:27 - 2014-07-31 14:12 - 00000000 ____D () C:\Users\ndjokic\Desktop\july 2014 virus
    2014-07-30 19:10 - 2014-07-31 14:12 - 00000000 ____D () C:\FRST
    2014-07-30 19:09 - 2014-07-30 19:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NDJOKIC-PC-Microsoft-Windows-7-Professional-(64-bit).dat
    2014-07-30 19:08 - 2014-07-30 19:08 - 00000000 ____D () C:\RegBackup
    2014-07-30 19:07 - 2014-07-30 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-07-30 19:07 - 2014-07-30 19:07 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-07-30 19:07 - 2014-07-30 19:07 - 00000000 ____D () C:\Program Files (x86)\Registry Backup
    2014-07-29 22:10 - 2014-07-29 22:10 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\LOVE
    2014-07-29 22:02 - 2014-07-29 22:02 - 00000000 ____D () C:\Users\ndjokic\Desktop\mari0
    2014-07-28 18:52 - 2014-07-28 18:52 - 00000000 ____D () C:\Users\ndjokic\Desktop\movies
    2014-07-28 18:52 - 2014-07-28 18:52 - 00000000 ____D () C:\Users\ndjokic\Desktop\food
    2014-07-27 11:54 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-07-27 11:54 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-07-27 11:54 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-07-27 11:54 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-07-27 11:54 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-07-27 11:54 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2014-07-27 11:54 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-07-27 11:54 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2014-07-27 11:54 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-07-27 11:54 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2014-07-27 11:54 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-07-27 11:54 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-07-27 11:54 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-07-27 11:53 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-07-27 11:53 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2014-07-27 11:53 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-07-27 11:53 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-07-27 11:53 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-07-27 11:53 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-07-27 11:53 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-07-27 11:53 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-07-27 11:53 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-07-27 11:53 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-07-27 11:53 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-07-27 11:53 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-07-27 11:53 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2014-07-27 11:53 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-07-27 11:53 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-07-27 11:53 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-07-27 11:53 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-07-27 11:53 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-07-27 11:53 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-07-27 11:53 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-07-27 11:53 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-07-27 11:53 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-07-27 11:53 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-07-27 11:53 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2014-07-27 11:52 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-07-27 11:52 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-07-27 11:52 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-07-27 11:52 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-07-27 11:52 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-07-27 11:52 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-07-27 11:52 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-07-27 11:52 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-07-27 11:52 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-07-27 11:52 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-07-27 11:52 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-07-27 11:52 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-07-27 11:52 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-07-27 11:52 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-07-27 11:52 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-07-27 11:52 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-07-27 11:52 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-07-27 11:52 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-07-27 11:52 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-07-27 11:52 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-07-27 11:52 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-07-27 11:52 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-07-27 11:52 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-07-27 11:52 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-07-27 11:52 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-07-27 11:52 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-07-27 11:52 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-07-27 11:52 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-07-27 11:52 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-07-27 11:52 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-07-27 11:52 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-07-27 11:52 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-07-27 11:52 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-07-27 11:52 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-07-27 11:52 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-07-27 11:52 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-07-27 11:52 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-07-27 11:52 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-07-27 11:52 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-07-27 11:52 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-07-27 11:52 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-07-27 11:52 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-07-27 11:52 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-07-27 11:52 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-07-27 11:52 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-07-27 11:52 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-07-27 11:52 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-07-27 11:52 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-07-27 11:52 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-07-27 11:52 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-07-27 11:52 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-07-27 11:52 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-07-27 11:52 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-07-27 11:52 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-07-27 11:52 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-07-27 11:52 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-07-27 11:52 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-07-27 11:52 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-07-27 11:52 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-07-27 11:52 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-07-27 11:52 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-07-27 11:52 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2014-07-27 11:52 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2014-07-27 11:52 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-07-27 11:52 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-07-27 11:52 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-07-27 11:52 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-07-27 11:52 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-07-27 11:52 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-07-27 08:31 - 2014-07-27 08:46 - 00000169 _____ () C:\Users\ndjokic\Desktop\useless.txt
    2014-07-26 07:28 - 2014-07-30 17:57 - 00000467 _____ () C:\Users\ndjokic\Desktop\db.txt
    2014-07-25 07:27 - 2014-07-25 07:27 - 00002376 _____ () C:\Users\ndjokic\Documents\MumbleAutomaticCertificateBackup.p12
    2014-07-25 07:22 - 2014-07-25 07:57 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\Mumble
    2014-07-25 03:30 - 2014-07-25 03:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
    2014-07-25 03:30 - 2014-07-25 03:30 - 00000000 ____D () C:\Program Files (x86)\Mumble
    2014-07-24 22:20 - 2014-07-24 23:01 - 00000007 _____ () C:\Users\ndjokic\Desktop\New Text Document.txt
    2014-07-24 15:05 - 2014-07-24 15:08 - 00000073 _____ () C:\Users\ndjokic\Desktop\acm reimb.txt
    2014-07-23 15:36 - 2014-07-23 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-22 19:00 - 2014-07-27 13:53 - 00000000 ____D () C:\Users\ndjokic\Desktop\bill
    2014-07-22 12:12 - 2014-07-31 13:52 - 00001008 _____ () C:\Windows\setupact.log
    2014-07-20 18:06 - 2014-07-20 18:06 - 00000000 ____D () C:\ProgramData\ATI
    2014-07-20 18:01 - 2014-07-20 18:01 - 00000000 ____D () C:\ProgramData\AMD
    2014-07-20 18:01 - 2014-07-20 18:01 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
    2014-07-20 18:00 - 2014-07-20 18:00 - 00056100 _____ () C:\Windows\SysWOW64\CCCInstall_201407201800525336.log
    2014-07-20 18:00 - 2014-07-20 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2014-07-20 17:54 - 2014-07-20 17:54 - 00000000 ____D () C:\Program Files\AMD
    2014-07-20 17:52 - 2014-07-20 17:52 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
    2014-07-20 00:48 - 2014-07-20 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
    2014-07-19 22:22 - 2014-07-19 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
    2014-07-18 01:09 - 2014-07-18 01:21 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\Hero_Siege
    2014-07-17 23:07 - 2014-07-17 23:38 - 00000065 _____ () C:\Users\ndjokic\Desktop\hercules pw.txt
    2014-07-14 19:26 - 2014-07-14 19:31 - 00000000 ____D () C:\Users\ndjokic\Desktop\hair progress
    2014-07-12 00:24 - 2014-07-20 17:52 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-07-12 00:18 - 2014-07-12 00:18 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\XGen Studios, Inc
    2014-07-12 00:18 - 2014-07-12 00:18 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\XGen Studios, Inc
    2014-07-11 22:46 - 2014-07-18 00:13 - 00000657 _____ () C:\Users\ndjokic\Desktop\local contest tasks.txt
    2014-07-03 21:29 - 2014-07-18 01:08 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-07-03 21:29 - 2014-07-03 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2014-07-03 00:10 - 2014-07-03 00:10 - 00000000 ____D () C:\ProgramData\WaLMaRT
    2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trendy Entertainment
    2014-07-02 14:20 - 2014-07-02 14:20 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-07-31 14:12 - 2014-07-30 19:27 - 00000000 ____D () C:\Users\ndjokic\Desktop\july 2014 virus
    2014-07-31 14:12 - 2014-07-30 19:10 - 00000000 ____D () C:\FRST
    2014-07-31 14:02 - 2014-07-31 14:02 - 00000846 _____ () C:\Users\ndjokic\Desktop\JRT.txt
    2014-07-31 13:59 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-31 13:59 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-31 13:58 - 2014-07-31 13:58 - 00000000 ____D () C:\Windows\ERUNT
    2014-07-31 13:57 - 2014-01-27 21:49 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-31 13:57 - 2013-11-06 21:10 - 00001189 _____ () C:\Users\ndjokic\Desktop\blu.txt
    2014-07-31 13:56 - 2013-02-02 21:17 - 00000000 ____D () C:\Users\ndjokic\Desktop\dls
    2014-07-31 13:56 - 2012-09-15 13:19 - 02058417 _____ () C:\Windows\WindowsUpdate.log
    2014-07-31 13:55 - 2014-07-31 13:55 - 01016261 _____ (Thisisu) C:\Users\ndjokic\Desktop\JRT.exe
    2014-07-31 13:54 - 2014-07-31 13:12 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-07-31 13:54 - 2013-08-30 23:00 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-132009455-2026092721-3990303557-1000
    2014-07-31 13:54 - 2013-08-30 23:00 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-132009455-2026092721-3990303557-1000
    2014-07-31 13:53 - 2014-01-27 21:49 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-31 13:52 - 2014-07-22 12:12 - 00001008 _____ () C:\Windows\setupact.log
    2014-07-31 13:52 - 2012-10-11 14:18 - 00000000 ____D () C:\ProgramData\VMware
    2014-07-31 13:52 - 2012-09-15 13:09 - 00162976 _____ () C:\Windows\PFRO.log
    2014-07-31 13:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-31 13:51 - 2014-07-31 13:50 - 00000000 ____D () C:\AdwCleaner
    2014-07-31 13:49 - 2014-07-31 13:49 - 01361309 _____ () C:\Users\ndjokic\Desktop\AdwCleaner.exe
    2014-07-31 13:43 - 2013-12-19 10:13 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\Battle.net
    2014-07-31 13:26 - 2014-06-29 22:21 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132009455-2026092721-3990303557-1000UA.job
    2014-07-31 13:11 - 2014-07-31 13:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-07-31 13:11 - 2014-07-31 13:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-31 13:03 - 2012-09-18 08:37 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\Skype
    2014-07-31 13:02 - 2014-07-31 13:02 - 00448512 _____ (OldTimer Tools) C:\Users\ndjokic\Desktop\TFC.exe
    2014-07-31 08:01 - 2014-04-23 06:45 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-132009455-2026092721-3990303557-1000
    2014-07-31 08:01 - 2014-04-23 06:45 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-132009455-2026092721-3990303557-1000
    2014-07-31 08:01 - 2012-12-31 19:09 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\TSVNCache
    2014-07-30 22:39 - 2014-06-29 22:21 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132009455-2026092721-3990303557-1000Core.job
    2014-07-30 20:12 - 2014-04-17 03:31 - 00000428 _____ () C:\Users\ndjokic\Desktop\gns.txt
    2014-07-30 19:09 - 2014-07-30 19:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NDJOKIC-PC-Microsoft-Windows-7-Professional-(64-bit).dat
    2014-07-30 19:08 - 2014-07-30 19:08 - 00000000 ____D () C:\RegBackup
    2014-07-30 19:07 - 2014-07-30 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-07-30 19:07 - 2014-07-30 19:07 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-07-30 19:07 - 2014-07-30 19:07 - 00000000 ____D () C:\Program Files (x86)\Registry Backup
    2014-07-30 17:57 - 2014-07-26 07:28 - 00000467 _____ () C:\Users\ndjokic\Desktop\db.txt
    2014-07-29 22:10 - 2014-07-29 22:10 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\LOVE
    2014-07-29 22:02 - 2014-07-29 22:02 - 00000000 ____D () C:\Users\ndjokic\Desktop\mari0
    2014-07-28 18:52 - 2014-07-28 18:52 - 00000000 ____D () C:\Users\ndjokic\Desktop\movies
    2014-07-28 18:52 - 2014-07-28 18:52 - 00000000 ____D () C:\Users\ndjokic\Desktop\food
    2014-07-28 18:52 - 2014-06-18 20:37 - 00000134 _____ () C:\Users\ndjokic\Desktop\spb stuff.txt
    2014-07-28 18:52 - 2014-02-17 15:18 - 00000000 ____D () C:\Users\ndjokic\Desktop\stuff
    2014-07-28 18:52 - 2013-12-13 18:48 - 00000000 ____D () C:\Users\ndjokic\Desktop\games
    2014-07-27 13:53 - 2014-07-22 19:00 - 00000000 ____D () C:\Users\ndjokic\Desktop\bill
    2014-07-27 13:21 - 2012-10-11 21:28 - 00000000 ____D () C:\Users\ndjokic\.VirtualBox
    2014-07-27 12:13 - 2013-09-28 18:09 - 00000000 ____D () C:\Windows\pss
    2014-07-27 12:13 - 2012-12-02 18:20 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\LogMeIn Hamachi
    2014-07-27 12:06 - 2009-07-14 06:45 - 00268856 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-07-27 12:04 - 2014-05-06 06:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-07-27 12:04 - 2009-07-14 09:47 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-07-27 12:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-07-27 12:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-07-27 12:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-07-27 12:01 - 2013-07-22 03:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-27 08:46 - 2014-07-27 08:31 - 00000169 _____ () C:\Users\ndjokic\Desktop\useless.txt
    2014-07-26 16:02 - 2014-02-22 21:52 - 00000691 _____ () C:\Users\ndjokic\Desktop\6sm skipped.txt
    2014-07-25 07:57 - 2014-07-25 07:22 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\Mumble
    2014-07-25 07:27 - 2014-07-25 07:27 - 00002376 _____ () C:\Users\ndjokic\Documents\MumbleAutomaticCertificateBackup.p12
    2014-07-25 03:30 - 2014-07-25 03:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
    2014-07-25 03:30 - 2014-07-25 03:30 - 00000000 ____D () C:\Program Files (x86)\Mumble
    2014-07-25 00:17 - 2013-12-19 10:12 - 00000000 ____D () C:\Program Files (x86)\Battle.net
    2014-07-24 23:01 - 2014-07-24 22:20 - 00000007 _____ () C:\Users\ndjokic\Desktop\New Text Document.txt
    2014-07-24 15:08 - 2014-07-24 15:05 - 00000073 _____ () C:\Users\ndjokic\Desktop\acm reimb.txt
    2014-07-24 03:38 - 2012-09-15 13:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-07-23 15:37 - 2014-07-23 15:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-21 23:27 - 2013-10-04 22:23 - 00002108 _____ () C:\Users\ndjokic\Desktop\iou.txt
    2014-07-21 21:54 - 2013-02-01 13:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-07-20 22:40 - 2013-07-11 18:26 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\vlc
    2014-07-20 20:41 - 2012-09-18 10:23 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\uTorrent
    2014-07-20 19:37 - 2012-09-22 19:40 - 00000000 ____D () C:\movies
    2014-07-20 18:06 - 2014-07-20 18:06 - 00000000 ____D () C:\ProgramData\ATI
    2014-07-20 18:01 - 2014-07-20 18:01 - 00000000 ____D () C:\ProgramData\AMD
    2014-07-20 18:01 - 2014-07-20 18:01 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
    2014-07-20 18:00 - 2014-07-20 18:00 - 00056100 _____ () C:\Windows\SysWOW64\CCCInstall_201407201800525336.log
    2014-07-20 18:00 - 2014-07-20 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2014-07-20 18:00 - 2013-12-22 14:40 - 00000000 ____D () C:\Program Files\ATI Technologies
    2014-07-20 17:54 - 2014-07-20 17:54 - 00000000 ____D () C:\Program Files\AMD
    2014-07-20 17:52 - 2014-07-20 17:52 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
    2014-07-20 17:52 - 2014-07-12 00:24 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-07-20 17:44 - 2013-12-22 14:24 - 00000000 ____D () C:\AMD
    2014-07-20 00:48 - 2014-07-20 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
    2014-07-20 00:41 - 2012-09-15 16:09 - 00000000 ____D () C:\games
    2014-07-19 22:22 - 2014-07-19 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
    2014-07-18 01:21 - 2014-07-18 01:09 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\Hero_Siege
    2014-07-18 01:08 - 2014-07-03 21:29 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-07-18 00:13 - 2014-07-11 22:46 - 00000657 _____ () C:\Users\ndjokic\Desktop\local contest tasks.txt
    2014-07-17 23:38 - 2014-07-17 23:07 - 00000065 _____ () C:\Users\ndjokic\Desktop\hercules pw.txt
    2014-07-17 22:32 - 2012-11-20 23:07 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2014-07-16 16:01 - 2009-07-14 07:13 - 00786766 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-07-14 19:31 - 2014-07-14 19:26 - 00000000 ____D () C:\Users\ndjokic\Desktop\hair progress
    2014-07-13 13:58 - 2014-05-15 02:45 - 00000225 _____ () C:\Users\ndjokic\Desktop\topc.txt
    2014-07-12 00:18 - 2014-07-12 00:18 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\XGen Studios, Inc
    2014-07-12 00:18 - 2014-07-12 00:18 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\XGen Studios, Inc
    2014-07-06 03:18 - 2013-06-18 14:40 - 00000688 _____ () C:\Users\ndjokic\contestapplet.conf
    2014-07-06 03:14 - 2013-06-18 14:40 - 00000688 _____ () C:\Users\ndjokic\contestapplet.conf.bak
    2014-07-03 21:29 - 2014-07-03 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2014-07-03 00:10 - 2014-07-03 00:10 - 00000000 ____D () C:\ProgramData\WaLMaRT
    2014-07-02 23:20 - 2013-09-06 20:32 - 00000000 ____D () C:\Users\ndjokic\AppData\Roaming\TS3Client
    2014-07-02 22:40 - 2012-12-13 23:02 - 00000000 ____D () C:\Users\ndjokic\AppData\Local\SKIDROW
    2014-07-02 22:37 - 2014-07-02 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trendy Entertainment
    2014-07-02 14:20 - 2014-07-02 14:20 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
    2014-07-02 14:20 - 2014-02-09 20:57 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab

    Files to move or delete:
    ====================
    C:\ProgramData\hash.dat
    C:\Users\ndjokic\jagex_cl_oldschool_LIVE.dat
    C:\Users\ndjokic\jagex_cl_runescape_LIVE.dat
    C:\Users\ndjokic\random.dat


    Some content of TEMP:
    ====================
    C:\Users\ndjokic\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-07-28 19:34

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
    Ran by ndjokic at 2014-07-31 14:13:27
    Running from C:\Users\ndjokic\Desktop\july 2014 virus
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Torrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
    ŋ*̈͌ CrazyStone DLO (HKLM-x32\...\{F051B726-4DFD-4DDC-B999-496D27E14AD2}) (Version: 1.00.0000 - UNBALANCE)
    3DMark (HKLM-x32\...\{F1A6C690-C12C-4E7A-B4BD-958678215418}) (Version: 1.0 - Futuremark)
    Ÿٵ 2.0 (HKLM-x32\...\Ÿٵ 2.0) (Version: - )
    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
    Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)
    Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.16.0 - Alcor Micro Corp.) Hidden
    AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
    AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
    AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
    AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
    Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
    Banished 1.0 (HKLM-x32\...\Banished 1.0) (Version: 1.0 - Cat-A-Cat)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
    Celemony Melodyne version 2.1 (HKLM\...\Celemony Melodyne_is1) (Version: - Copyright (C) 2001-2012 Celemony Software GmbH)
    Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
    Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
    DirectVobSub 2.41.7036 (HKLM-x32\...\vsfilter_is1) (Version: 2.41.7036 - MPC-HC Team)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    Dungeon Defenders (HKLM-x32\...\Dungeon Defenders_is1) (Version: - )
    Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.01 - Ubisoft)
    FTL version 1.03.3 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.03.3 - Subset Games)
    Fur Fighters PC (HKLM-x32\...\{9E49481C-37C8-4EEF-9AA1-45103A547462}) (Version: 1.00.0000 - Acclaim Entertainment Inc.)
    Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
    Goat Simulator (HKLM-x32\...\R29hdFNpbXVsYXRvcg==_is1) (Version: 1 - )
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
    HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
    HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
    ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: - )
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
    Jamestown (HKLM-x32\...\JamestownFinal) (Version: Final - AllSmartGames)
    Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
    Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.20.00 - JMicron Technology Corp.)
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.56.1 - JMicron Technology Corp.)
    K-Lite Codec Pack 9.9.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    LEGO Rock Raiders (HKLM-x32\...\LEGO Rock Raiders) (Version: - )
    Liquid War 5.6.4 (HKLM-x32\...\Liquid_War_5) (Version: - )
    Livestreamer 1.6.1 (HKLM-x32\...\Livestreamer) (Version: - )
    Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.114 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.2.0.114 - LogMeIn, Inc.) Hidden
    LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
    MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Many Faces of Go 12 (HKLM-x32\...\{59772D11-9D88-4020-838C-6F4864D0DE8A}) (Version: 12.0 - Smart Games)
    MATLAB R2011a (HKLM\...\MatlabR2011a) (Version: 7.12 - The MathWorks, Inc.)
    Mercury (HKLM\...\{69ebe133-29a9-4c62-ae28-1509b988d81e}.sdb) (Version: - )
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Games for Windows - LIVE (HKLM-x32\...\{F112F66E-25CA-42DD-983C-6118EB38F606}) (Version: 3.0.89.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
    Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
    Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
    Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    Mozilla Thunderbird 17.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 17.0.3 (x86 en-GB)) (Version: 17.0.3 - Mozilla)
    MultiGo Version 4 (HKLM-x32\...\MultiGo 4_is1) (Version: - )
    Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
    Opera Stable 16.0.1196.62 (HKLM-x32\...\Opera 16.0.1196.62) (Version: 16.0.1196.62 - Opera Software ASA)
    Oracle VM VirtualBox 4.2.0 (HKLM\...\{8ECC12DC-7819-402A-B54E-A991558C81B1}) (Version: 4.2.0 - Oracle Corporation)
    Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
    PartyPoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
    PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
    Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Python 2.7.5 (HKLM-x32\...\{DBDD570E-0952-475f-9453-AB88F3DD5659}) (Version: 2.7.5150 - Python Software Foundation)
    QuickTime (HKLM-x32\...\QuickTime) (Version: - )
    Rayman Legends (HKLM-x32\...\UmF5bWFuTGVnZW5kcw==_is1) (Version: 1 - )
    Rayman Origins (HKLM-x32\...\{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}) (Version: 1.00 - Ubisoft)
    Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
    RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Red Faction Guerrilla (HKLM-x32\...\InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}) (Version: 1.00.0000 - Volition Inc.)
    Red Faction Guerrilla (x32 Version: 1.00.0000 - Volition Inc.) Hidden
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
    Rogue Legacy (HKLM-x32\...\GOGPACKROGUELEGACY_is1) (Version: 2.0.0.4 - GOG.com)
    Skype 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Sonic Generations (HKLM-x32\...\Sonic Generations_is1) (Version: 1.0 - SEGA)
    Spelunky HD 1.0 (HKLM-x32\...\Spelunky HD 1.0) (Version: 1.0 - Cat-A-Cat)
    Spiral Knights (HKCU\...\Spiral Knights) (Version: - )
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
    StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.1.1 - Krzysztof Kowalczyk)
    Super Motherload ver. 1.3.1.0 (HKLM-x32\...\{70D31D4C-D93B-4AB1-B4E3-A1AB216EEBC3}_is1) (Version: 1.3.1.0 - XGen Studios)
    Super Panda Adventures 1.0 (HKLM-x32\...\Super Panda Adventures 1.0) (Version: 1.0 - Cat-A-Cat)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
    System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
    System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH)
    Terrafirma (HKLM-x32\...\{72E80496-C446-4389-B4F2-CC46DF704A7F}) (Version: 1.9.8 - Sean Kasun)
    TextCrawler 2.4 (HKLM-x32\...\TextCrawler) (Version: 2.4 - DigitalVolcano Software)
    The Stanley Parable (HKLM-x32\...\The Stanley Parable_is1) (Version: - )
    Thumbnail me 3.0 (HKCU\...\Thumbnail me 3.0) (Version: - )
    Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.03 - Ubisoft)
    tools-linux (x32 Version: 9.2.0.812388 - VMware, Inc.) Hidden
    TortoiseSVN 1.7.11.23600 (64 bit) (HKLM\...\{6B13A3F1-F66A-42FB-9E62-98952D582187}) (Version: 1.7.23600 - TortoiseSVN)
    Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
    TygemBaduk Remove (HKLM-x32\...\Tygem Baduk) (Version: - )
    United States-International - Programming (HKLM\...\{FCF2574C-AFE2-42BA-BBD6-7263C3BDA308}) (Version: 1.0.3.40 - Company)
    United States-International (no dead keys) (HKLM\...\{17C35B8C-73BD-448B-A89B-70AE5D2873DC}) (Version: 1.0.3.40 - Freeman2222)
    Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
    Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
    VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
    VMware Player (HKLM-x32\...\VMware_Player) (Version: 5.0.0 - VMware, Inc)
    VMwarePlayer_x64 (Version: 5.0.0 - VMware, Inc.) Hidden
    Wanderlust: Rebirth (HKLM-x32\...\Steam App 211580) (Version: - Yeti Trunk)
    Warcraft III eSK 1.26.0.6401 (HKLM-x32\...\Warcraft III eSK 1.26.0.6401) (Version: - )
    WinHTTrack Website Copier 3.47-11 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.11 - HTTrack)
    WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
    WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-132009455-2026092721-3990303557-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\ndjokic\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-132009455-2026092721-3990303557-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ndjokic\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 04:34 - 2013-03-29 20:50 - 00445162 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 www.123fporn.info
    127.0.0.1 123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0FEC6997-2F06-4811-A458-48203A8BC7F4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-132009455-2026092721-3990303557-1000UA => C:\Users\ndjokic\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
    Task: {126B21B3-2A9D-421D-A962-ECB0D47649D2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-132009455-2026092721-3990303557-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {23F39ACE-F555-4759-A059-ADADFB6DC44F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
    Task: {2B8BE232-7CB1-4BCB-BC68-CF862AA71A61} - System32\Tasks\{71778D02-BE03-44C6-BC77-3AB1822E4347} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.2...=tsProgressBar
    Task: {3883A749-F225-46AD-9657-84686314A48E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-132009455-2026092721-3990303557-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {49755AD9-FA2D-4509-ABE3-B846DED1129B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-132009455-2026092721-3990303557-1000Core => C:\Users\ndjokic\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-19] (Google Inc.)
    Task: {870352A1-50AD-40CF-837D-0D7B70403B2B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-132009455-2026092721-3990303557-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {874F78F7-679A-4687-ABB6-0CC7BFB87BCC} - System32\Tasks\{BDA6F1C7-BBAD-4388-A0B7-F4354809B991} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.2...=tsProgressBar
    Task: {95716BD6-F91B-428B-B77D-462AE7A2F557} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-132009455-2026092721-3990303557-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {AB1C1E3A-449B-475B-8A2C-026256128654} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
    Task: {B3C27511-508E-4779-9DC2-4492D1F75CEB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-132009455-2026092721-3990303557-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {B67B9C05-5E05-44E5-A938-0F3D2283DDB0} - System32\Tasks\{3175FDAB-0B7B-4511-8EDD-E83A1649A565} => Firefox.exe http://ui.skype.com/ui/0/6.1.0.129.2...=tsProgressBar
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132009455-2026092721-3990303557-1000Core.job => C:\Users\ndjokic\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-132009455-2026092721-3990303557-1000UA.job => C:\Users\ndjokic\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-08-04 19:44 - 2014-02-10 00:57 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2012-12-12 22:37 - 2012-12-12 22:37 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
    2013-02-01 13:30 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
    2013-02-01 13:30 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2013-02-01 13:30 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2013-02-01 13:30 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2013-02-01 13:30 - 2012-11-13 15:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:BC359956

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AESTFilters => 2
    MSCONFIG\Services: AgereModemAudio => 2
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: btwdins => 2
    MSCONFIG\Services: Futuremark SystemInfo Service => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: Hamachi2Svc => 2
    MSCONFIG\Services: HPDrvMntSvc.exe => 2
    MSCONFIG\Services: hpHotkeyMonitor => 2
    MSCONFIG\Services: hpqwmiex => 3
    MSCONFIG\Services: hpsrv => 2
    MSCONFIG\Services: IAStorDataMgrSvc => 2
    MSCONFIG\Services: ImDskSvc => 2
    MSCONFIG\Services: LMIGuardianSvc => 2
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
    MSCONFIG\Services: rpcapd => 3
    MSCONFIG\Services: SDScannerService => 2
    MSCONFIG\Services: SDUpdateService => 2
    MSCONFIG\Services: SDWSCService => 2
    MSCONFIG\Services: STacSV => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: TunngleService => 3
    MSCONFIG\Services: UNS => 2
    MSCONFIG\Services: vcsFPService => 2
    MSCONFIG\Services: VMAuthdService => 2
    MSCONFIG\Services: VMUSBArbService => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^ndjokic^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: Google Update => "C:\Users\ndjokic\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    MSCONFIG\startupreg: QLBController => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

    ==================== Faulty Device Manager Devices =============

    Name: Broadcom 2070 Bluetooth
    Description: Broadcom 2070 Bluetooth
    Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Manufacturer: Broadcom
    Service: BTHUSB
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: TAP-Win32 Adapter V9 (Tunngle)
    Description: TAP-Win32 Adapter V9 (Tunngle)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Win32 Provider V9 (Tunngle)
    Service: tap0901t
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Percentage of memory in use: 17%
    Total physical RAM: 8142.36 MB
    Available physical RAM: 6710.07 MB
    Total Pagefile: 16282.9 MB
    Available Pagefile: 14863.91 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:444.6 GB) (Free:71.6 GB) NTFS
    Drive h: (Dungeon Defender) (CDROM) (Total:1.76 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5893164C)
    Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=445 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)

    ==================== End Of Log ============================
  6. 2014-07-31, 14:47 #6
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Did you set these proxies

    FF NetworkProxy: "autoconfig_url", "http://r-1.ch/twitch.pac"
    FF NetworkProxy: "socks_remote_dns", true
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  7. 2014-07-31, 14:54 #7
    Notawiz
    Notawiz is offline
    Junior Member
    Join Date
    Jul 2014
    Posts
    7

    Default

    I don't recognize either of those names.
  8. 2014-07-31, 15:18 #8
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64)

    Start
    FF NetworkProxy: "autoconfig_url", "http://r-1.ch/twitch.pac"
    FF NetworkProxy: "socks_remote_dns", true
    C:\ProgramData\hash.dat
    C:\Users\ndjokic\jagex_cl_oldschool_LIVE.dat
    C:\Users\ndjokic\jagex_cl_runescape_LIVE.dat
    C:\Users\ndjokic\random.dat
    C:\Users\ndjokic\AppData\Local\Temp\Quarantine.exe
    Hosts:
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Then open FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply



    Let me know if you see any improvement to your system ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  9. 2014-07-31, 15:46 #9
    Notawiz
    Notawiz is offline
    Junior Member
    Join Date
    Jul 2014
    Posts
    7

    Default

    I'm still having the same problem.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 01
    Ran by ndjokic at 2014-07-31 15:35:00 Run:1
    Running from C:\Users\ndjokic\Desktop\july 2014 virus
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    FF NetworkProxy: "autoconfig_url", "http://r-1.ch/twitch.pac"
    FF NetworkProxy: "socks_remote_dns", true
    C:\ProgramData\hash.dat
    C:\Users\ndjokic\jagex_cl_oldschool_LIVE.dat
    C:\Users\ndjokic\jagex_cl_runescape_LIVE.dat
    C:\Users\ndjokic\random.dat
    C:\Users\ndjokic\AppData\Local\Temp\Quarantine.exe
    Hosts:
    End

    *****************

    Firefox Proxy settings were reset.
    Firefox Proxy settings were reset.
    C:\ProgramData\hash.dat => Moved successfully.
    C:\Users\ndjokic\jagex_cl_oldschool_LIVE.dat => Moved successfully.
    C:\Users\ndjokic\jagex_cl_runescape_LIVE.dat => Moved successfully.
    C:\Users\ndjokic\random.dat => Moved successfully.
    C:\Users\ndjokic\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.

    ==== End of Fixlog ====
  10. 2014-07-31, 16:04 #10
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I'm going to have you run one more program, read the instructions as I only want to see the report, sometimes rootkit type of infections hide from us and this may find one if present. Take your time as I will be offline until maybe mid afternoon

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • when the window opens, click on Change Parameters
    • under Additional options, put a check mark in the box next to Detect TDLFS File System
    • click OK
    • Press Start Scan
      • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules