Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014
- Ran by Stefan (administrator) on STEFAN-PC on 01-06-2014 14:58:33
- Running from C:\Users\Stefan\Desktop
- Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
- Internet Explorer Version 8
- Boot Mode: Normal
- The only official download link for FRST:
- Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
- Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
- Download link from any site other than Bleeping Computer is unpermitted or outdated.
- See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (AMD) C:\Windows\System32\atiesrxx.exe
- (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
- (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
- (AMD) C:\Windows\System32\atieclxx.exe
- (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
- (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
- (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
- (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
- (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
- (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
- (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
- (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
- (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
- () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
- (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
- (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
- (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
- (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
- (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
- (Flux Software LLC) C:\Users\Stefan\AppData\Local\FluxSoftware\Flux\flux.exe
- (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
- (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
- (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
- (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
- (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
- (CPUID) C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
- (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
- (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
- (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
- (Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\java.exe
- (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
- (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
- (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
- (Microsoft Corporation) C:\Windows\System32\wlanext.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- ==================== Registry (Whitelisted) ==================
- HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-25] (IDT, Inc.)
- HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-08] (Synaptics Incorporated)
- HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [627360 2011-05-09] (Atheros Commnucations)
- HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-05-09] (Atheros Commnucations)
- HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-26] (Advanced Micro Devices, Inc.)
- HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
- HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-27] (AVAST Software)
- HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [75544 2012-03-08] (Hewlett-Packard Company)
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\Run: [F.lux] => C:\Users\Stefan\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\Run: [Facebook Update] => C:\Users\Stefan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-30] (Facebook Inc.)
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\Policies\system: [LogonHoursAction] 2
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\Policies\Explorer: [NoSMBalloonTip] 1
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\MountPoints2: {28fd4b1e-329e-11e3-aca9-08002700f459} - F:\autorun.exe
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\MountPoints2: {4ba583f1-6296-11e3-86df-08002700f459} - G:\SETUP.EXE
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\MountPoints2: {50b67864-c652-11e3-9313-101f74f76122} - F:\AutoRun.exe
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\MountPoints2: {50b67872-c652-11e3-9313-101f74f76122} - F:\AutoRun.exe
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\MountPoints2: {66f786a2-b961-11e2-b94d-cd273c2289cd} - F:\Windows\AutoRun.exe
- HKU\S-1-5-21-151311472-1113937884-442628346-1000\...\MountPoints2: {e57604c9-956b-11e3-aed9-08002700f459} - F:\AutoRun.exe
- IFEO\bitguard.exe: [Debugger] tasklist.exe
- IFEO\bprotect.exe: [Debugger] tasklist.exe
- IFEO\browsemngr.exe: [Debugger] tasklist.exe
- IFEO\browserdefender.exe: [Debugger] tasklist.exe
- IFEO\browsermngr.exe: [Debugger] tasklist.exe
- IFEO\browserprotect.exe: [Debugger] tasklist.exe
- IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
- IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
- IFEO\delta babylon.exe: [Debugger] tasklist.exe
- IFEO\delta tb.exe: [Debugger] tasklist.exe
- IFEO\delta2.exe: [Debugger] tasklist.exe
- IFEO\deltainstaller.exe: [Debugger] tasklist.exe
- IFEO\deltasetup.exe: [Debugger] tasklist.exe
- IFEO\deltatb.exe: [Debugger] tasklist.exe
- IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
- IFEO\iminentsetup.exe: [Debugger] tasklist.exe
- IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
- IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
- IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
- Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\act1.bat ()
- GroupPolicyUsers\S-1-5-21-151311472-1113937884-442628346-1004\User: Group Policy restriction detected <======= ATTENTION
- ==================== Internet (Whitelisted) ====================
- ProxyServer: proxy.rcub.bg.ac.rs:8080
- HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=119776&tt=gc_&babsrc=HP_ss_din2g&mntrId=0A3C68A3C4F5EB2E
- SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119776&tt=gc_&babsrc=SP_ss&mntrId=0A3C68A3C4F5EB2E
- SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
- BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
- BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
- BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
- BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
- BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
- Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
- Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
- Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
- Tcpip\..\Interfaces\{D13D906F-D045-4757-827E-541DB4C47B03}: [NameServer]8.8.8.8,8.8.4.4
- FireFox:
- ========
- FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
- FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
- FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
- FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
- FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
- FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
- FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
- FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
- FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
- FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
- FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Stefan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
- Chrome:
- =======
- CHR HomePage: hxxp://www.google.com/
- CHR StartupUrls: "hxxp://www.search.ask.com/?o=APN10640A&gct=hp&d=473-100&v=n9602-141&t=4"
- CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
- CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
- CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
- CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
- CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
- CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
- CHR Extension: (Angry Birds) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-12-03]
- CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
- CHR Extension: (YouTube) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-04]
- CHR Extension: (Google Search) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-04]
- CHR Extension: (LoL Stream Browser) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp [2013-04-11]
- CHR Extension: (AdBlock) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-01]
- CHR Extension: (Kanji Plus) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hamegjfmkdfedhjnpojefpfmogfckojb [2013-07-01]
- CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-04-23]
- CHR Extension: (rikaikun) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2013-04-11]
- CHR Extension: (Into The Mist) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2013-10-25]
- CHR Extension: (Graph.tk) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk [2013-03-29]
- CHR Extension: (Google Wallet) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
- CHR Extension: (Page Monitor) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2014-02-07]
- CHR Extension: (Gmail) - C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-04]
- CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [2012-11-04]
- ==================== Services (Whitelisted) =================
- S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
- R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-09] (Atheros)
- R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-01] (AVAST Software)
- R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
- S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
- S3 wampapache; C:\Program Files\wamp\bin\apache\apache2.4.2\bin\httpd.exe [24576 2012-05-13] (Apache Software Foundation)
- S3 wampmysqld; C:\Program Files\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] ()
- ==================== Drivers (Whitelisted) ====================
- R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-06] ()
- R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-01] ()
- R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-01] (AVAST Software)
- R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-01] (AVAST Software)
- R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-01] ()
- R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
- R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
- R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
- R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-01] ()
- S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
- R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-22] (Disc Soft Ltd)
- U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
- S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
- S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)
- S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-05] (Ralink Technology Corp.)
- S3 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [73552 2012-11-29] (Dataram, Inc.)
- R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1864328 2012-10-03] ()
- R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-12-08] (Duplex Secure Ltd.)
- U3 aoy05269; C:\Windows\System32\Drivers\aoy05269.sys [0 ] (Microsoft Corporation)
- S3 ALSysIO; \??\C:\Users\Stefan\AppData\Local\Temp\ALSysIO64.sys [X]
- S3 ARCVCAM; system32\DRIVERS\ArcSoftVCapture.sys [X]
- R3 cpuz135; \??\C:\Users\Stefan\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
- S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
- S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
- S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
- S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
- S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
- S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
- S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
- S3 massfilter; system32\drivers\massfilter.sys [X]
- U2 Messenger;
- S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
- S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
- S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
- S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
- S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
- ==================== NetSvcs (Whitelisted) ===================
- ==================== One Month Created Files and Folders ========
- 2014-06-01 14:58 - 2014-06-01 14:59 - 00019134 _____ () C:\Users\Stefan\Desktop\FRST.txt
- 2014-06-01 14:57 - 2014-06-01 14:58 - 00000000 ____D () C:\FRST
- 2014-06-01 14:56 - 2014-06-01 14:56 - 02067456 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe
- 2014-05-31 17:34 - 2014-05-31 17:34 - 00000862 _____ () C:\Windows\system32\termcap
- 2014-05-31 15:50 - 2014-05-31 17:52 - 00000738 _____ () C:\Users\Stefan\Desktop\kpr.c
- 2014-05-30 17:38 - 2014-05-30 17:39 - 01666691 _____ () C:\Users\Stefan\Downloads\Street Fighter II Turbo - Hyper Fighting (USA).zip
- 2014-05-30 17:30 - 2014-05-30 17:30 - 03734829 _____ () C:\Users\Stefan\Downloads\street_fighter_alpha_2.7z
- 2014-05-27 12:12 - 2014-05-27 12:12 - 00409914 _____ () C:\Users\Stefan\Downloads\Uvod u Veb i Internet Tehnologije.zip
- 2014-05-27 01:45 - 2014-05-27 01:45 - 00003170 _____ () C:\Windows\System32\Tasks\{534355F6-A44F-494A-969C-FF0CD20DC0C5}
- 2014-05-27 01:45 - 2014-05-27 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
- 2014-05-27 01:45 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
- 2014-05-27 01:45 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
- 2014-05-27 01:44 - 2014-05-27 01:44 - 00000000 ____D () C:\Program Files\Oracle
- 2014-05-26 18:16 - 2014-05-26 18:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Z-Net I
- 2014-05-26 18:16 - 2014-05-26 18:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Z-Net I
- 2014-05-26 18:16 - 2014-05-26 18:16 - 00000000 ____D () C:\Program Files (x86)\Z-Net I
- 2014-05-26 18:15 - 2014-05-27 18:31 - 00000000 ____D () C:\Users\Stefan\Desktop\zsnes
- 2014-05-26 18:15 - 2014-05-26 18:15 - 00668825 _____ (DarkAkuma of http://www.z-net.us/) C:\Users\Stefan\Downloads\Z-Net_I_v1.2.0.2_BETA_install.exe
- 2014-05-26 18:15 - 2014-05-26 18:15 - 00639711 _____ () C:\Users\Stefan\Downloads\zsnesw142.zip
- 2014-05-26 18:00 - 2014-05-26 18:00 - 00000000 ____D () C:\Users\Stefan\AppData\Local\LogMeIn
- 2014-05-26 18:00 - 2014-05-26 18:00 - 00000000 ____D () C:\ProgramData\LogMeIn
- 2014-05-25 01:18 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
- 2014-05-25 01:18 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
- 2014-05-24 19:40 - 2014-05-24 19:40 - 00685546 _____ () C:\Users\Stefan\Downloads\Kisa.zip
- 2014-05-22 22:35 - 2014-05-22 22:42 - 00000000 ____D () C:\Users\Stefan\Desktop\fxspace
- 2014-05-21 01:55 - 2014-05-21 01:55 - 00000218 _____ () C:\Users\Stefan\AppData\Local\recently-used.xbel
- 2014-05-19 10:55 - 2014-05-19 10:55 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
- 2014-05-19 10:51 - 2014-05-31 13:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
- 2014-05-19 10:51 - 2014-05-19 10:51 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Microsoft Help
- 2014-05-16 14:03 - 2014-05-16 14:03 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
- 2014-05-16 14:03 - 2014-05-16 14:03 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
- 2014-05-16 14:01 - 2014-05-16 14:01 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
- 2014-05-15 22:45 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
- 2014-05-15 22:45 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
- 2014-05-15 22:45 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
- 2014-05-15 22:45 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
- 2014-05-15 22:45 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
- 2014-05-15 22:45 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
- 2014-05-15 22:45 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
- 2014-05-15 22:45 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
- 2014-05-15 22:45 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
- 2014-05-15 22:45 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
- 2014-05-15 22:45 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
- 2014-05-15 22:45 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
- 2014-05-15 22:45 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
- 2014-05-15 22:45 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
- 2014-05-15 22:45 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
- 2014-05-15 22:45 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
- 2014-05-15 22:45 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
- 2014-05-15 22:45 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
- 2014-05-15 22:45 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
- 2014-05-15 22:45 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
- 2014-05-15 22:45 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
- 2014-05-15 22:45 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
- 2014-05-15 22:45 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
- 2014-05-15 22:45 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
- 2014-05-15 22:45 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
- 2014-05-15 22:45 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
- 2014-05-15 22:45 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
- 2014-05-15 22:45 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
- 2014-05-15 22:45 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
- 2014-05-15 22:45 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
- 2014-05-15 22:45 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
- 2014-05-15 22:45 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
- 2014-05-15 22:45 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
- 2014-05-15 22:45 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
- 2014-05-15 22:45 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
- 2014-05-15 22:45 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
- 2014-05-15 22:45 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
- 2014-05-15 22:45 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
- 2014-05-15 22:45 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
- 2014-05-15 22:45 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
- 2014-05-15 22:45 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
- 2014-05-15 22:41 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
- 2014-05-15 22:41 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
- 2014-05-13 15:50 - 2014-05-13 15:50 - 00002254 _____ () C:\Users\Public\Desktop\JavaFX Scene Builder 1.1.lnk
- 2014-05-13 15:50 - 2014-05-13 15:50 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\JavaFX Scene Builder
- 2014-05-13 15:50 - 2014-05-13 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JavaFX Scene Builder
- 2014-05-13 15:49 - 2014-05-13 15:49 - 00000000 ____D () C:\Program Files (x86)\Oracle
- 2014-05-12 23:29 - 2014-05-13 00:09 - 00000452 _____ () C:\index.html
- ==================== One Month Modified Files and Folders =======
- 2014-06-01 14:59 - 2014-06-01 14:58 - 00019134 _____ () C:\Users\Stefan\Desktop\FRST.txt
- 2014-06-01 14:59 - 2012-11-04 00:11 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Temp
- 2014-06-01 14:58 - 2014-06-01 14:57 - 00000000 ____D () C:\FRST
- 2014-06-01 14:56 - 2014-06-01 14:56 - 02067456 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe
- 2014-06-01 14:34 - 2012-11-04 21:19 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Skype
- 2014-06-01 14:30 - 2012-11-04 18:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- 2014-06-01 13:20 - 2009-07-14 06:45 - 00026112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2014-06-01 13:20 - 2009-07-14 06:45 - 00026112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2014-06-01 13:17 - 2012-11-04 00:10 - 01959735 _____ () C:\Windows\WindowsUpdate.log
- 2014-06-01 13:08 - 2014-04-30 19:03 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-151311472-1113937884-442628346-1000UA.job
- 2014-06-01 13:07 - 2013-08-15 07:40 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Stefan
- 2014-06-01 13:05 - 2012-11-04 21:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
- 2014-06-01 00:07 - 2012-11-04 00:27 - 00007606 _____ () C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg
- 2014-05-31 22:30 - 2012-11-04 18:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- 2014-05-31 21:51 - 2014-04-30 21:50 - 00003512 _____ () C:\Windows\System32\Tasks\Windows Updater
- 2014-05-31 20:11 - 2012-11-29 00:14 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9FE42DBE-E0FD-4A2B-91E4-8E372C549CE2}
- 2014-05-31 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
- 2014-05-31 19:08 - 2014-04-30 19:03 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-151311472-1113937884-442628346-1000Core.job
- 2014-05-31 18:01 - 2012-11-04 00:49 - 00063472 _____ () C:\Users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT
- 2014-05-31 17:52 - 2014-05-31 15:50 - 00000738 _____ () C:\Users\Stefan\Desktop\kpr.c
- 2014-05-31 17:34 - 2014-05-31 17:34 - 00000862 _____ () C:\Windows\system32\termcap
- 2014-05-31 14:31 - 2014-03-15 21:37 - 00000000 ____D () C:\ProgramData\DatacardService
- 2014-05-31 14:26 - 2013-01-24 13:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
- 2014-05-31 14:26 - 2012-11-04 21:19 - 00000000 ____D () C:\ProgramData\Skype
- 2014-05-31 14:23 - 2009-07-14 07:13 - 00795818 _____ () C:\Windows\system32\PerfStringBackup.INI
- 2014-05-31 14:19 - 2012-11-09 19:47 - 00019037 _____ () C:\Windows\setupact.log
- 2014-05-31 14:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
- 2014-05-31 14:19 - 2009-07-14 06:45 - 00286632 _____ () C:\Windows\system32\FNTCACHE.DAT
- 2014-05-31 13:40 - 2014-05-19 10:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
- 2014-05-31 13:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
- 2014-05-30 17:39 - 2014-05-30 17:38 - 01666691 _____ () C:\Users\Stefan\Downloads\Street Fighter II Turbo - Hyper Fighting (USA).zip
- 2014-05-30 17:30 - 2014-05-30 17:30 - 03734829 _____ () C:\Users\Stefan\Downloads\street_fighter_alpha_2.7z
- 2014-05-28 20:00 - 2014-02-12 13:15 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\HexChat
- 2014-05-27 20:11 - 2012-11-06 21:30 - 00000000 ____D () C:\Users\Stefan\.VirtualBox
- 2014-05-27 18:31 - 2014-05-26 18:15 - 00000000 ____D () C:\Users\Stefan\Desktop\zsnes
- 2014-05-27 16:42 - 2014-04-30 17:17 - 00000000 ___RD () C:\Users\Stefan\Desktop\htmlpage
- 2014-05-27 12:12 - 2014-05-27 12:12 - 00409914 _____ () C:\Users\Stefan\Downloads\Uvod u Veb i Internet Tehnologije.zip
- 2014-05-27 01:45 - 2014-05-27 01:45 - 00003170 _____ () C:\Windows\System32\Tasks\{534355F6-A44F-494A-969C-FF0CD20DC0C5}
- 2014-05-27 01:45 - 2014-05-27 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
- 2014-05-27 01:44 - 2014-05-27 01:44 - 00000000 ____D () C:\Program Files\Oracle
- 2014-05-26 19:03 - 2012-11-07 22:40 - 00000000 ____D () C:\Program Files\CCleaner
- 2014-05-26 18:16 - 2014-05-26 18:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Z-Net I
- 2014-05-26 18:16 - 2014-05-26 18:16 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Z-Net I
- 2014-05-26 18:16 - 2014-05-26 18:16 - 00000000 ____D () C:\Program Files (x86)\Z-Net I
- 2014-05-26 18:15 - 2014-05-26 18:15 - 00668825 _____ (DarkAkuma of http://www.z-net.us/) C:\Users\Stefan\Downloads\Z-Net_I_v1.2.0.2_BETA_install.exe
- 2014-05-26 18:15 - 2014-05-26 18:15 - 00639711 _____ () C:\Users\Stefan\Downloads\zsnesw142.zip
- 2014-05-26 18:00 - 2014-05-26 18:00 - 00000000 ____D () C:\Users\Stefan\AppData\Local\LogMeIn
- 2014-05-26 18:00 - 2014-05-26 18:00 - 00000000 ____D () C:\ProgramData\LogMeIn
- 2014-05-26 09:03 - 2014-04-17 02:03 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
- 2014-05-25 21:31 - 2012-11-06 23:17 - 00000000 ____D () C:\Users\Stefan\AppData\Local\CrashDumps
- 2014-05-25 19:32 - 2013-07-27 16:12 - 00000000 ____D () C:\Users\Stefan\Desktop\Diana
- 2014-05-25 01:40 - 2014-04-23 00:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
- 2014-05-24 19:40 - 2014-05-24 19:40 - 00685546 _____ () C:\Users\Stefan\Downloads\Kisa.zip
- 2014-05-24 18:04 - 2014-02-24 22:58 - 00000000 ____D () C:\Users\Stefan\Desktop\eclipse
- 2014-05-24 18:03 - 2014-02-24 23:07 - 00000000 ____D () C:\Users\Stefan\Desktop\workspace
- 2014-05-22 22:42 - 2014-05-22 22:35 - 00000000 ____D () C:\Users\Stefan\Desktop\fxspace
- 2014-05-21 22:08 - 2012-12-09 21:14 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\QtProject
- 2014-05-21 01:55 - 2014-05-21 01:55 - 00000218 _____ () C:\Users\Stefan\AppData\Local\recently-used.xbel
- 2014-05-20 20:59 - 2012-11-05 01:16 - 00000000 ____D () C:\Users\Stefan\Documents\Bluetooth Folder
- 2014-05-20 20:32 - 2013-08-18 16:15 - 00000000 ____D () C:\Users\Stefan\AppData\Local\gtk-2.0
- 2014-05-20 16:40 - 2013-02-01 02:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
- 2014-05-19 10:55 - 2014-05-19 10:55 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
- 2014-05-19 10:51 - 2014-05-19 10:51 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Microsoft Help
- 2014-05-16 14:04 - 2014-05-27 01:45 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
- 2014-05-16 14:03 - 2014-05-27 01:45 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
- 2014-05-16 14:03 - 2014-05-16 14:03 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
- 2014-05-16 14:03 - 2014-05-16 14:03 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
- 2014-05-16 14:01 - 2014-05-16 14:01 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
- 2014-05-15 23:03 - 2013-06-20 23:41 - 00000632 __RSH () C:\Users\Stefan\ntuser.pol
- 2014-05-15 23:03 - 2012-11-04 00:11 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- 2014-05-15 23:03 - 2012-11-04 00:11 - 00000000 ___RD () C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- 2014-05-15 23:03 - 2012-11-04 00:11 - 00000000 ____D () C:\Users\Stefan
- 2014-05-15 23:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
- 2014-05-15 22:52 - 2013-07-22 20:05 - 00000000 ____D () C:\Windows\system32\MRT
- 2014-05-15 22:49 - 2012-11-06 00:56 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
- 2014-05-15 21:50 - 2014-01-27 11:00 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
- 2014-05-15 21:50 - 2012-11-04 21:29 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
- 2014-05-15 21:50 - 2012-11-04 21:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
- 2014-05-13 17:43 - 2013-05-07 19:07 - 00045270 _____ () C:\Users\Stefan\AppData\Roaming\room_v3.dat
- 2014-05-13 16:21 - 2013-05-07 19:00 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\GarenaPlus
- 2014-05-13 16:21 - 2013-05-07 19:00 - 00000000 ____D () C:\ProgramData\GarenaMessenger
- 2014-05-13 16:20 - 2013-05-07 19:00 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
- 2014-05-13 15:50 - 2014-05-13 15:50 - 00002254 _____ () C:\Users\Public\Desktop\JavaFX Scene Builder 1.1.lnk
- 2014-05-13 15:50 - 2014-05-13 15:50 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\JavaFX Scene Builder
- 2014-05-13 15:50 - 2014-05-13 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JavaFX Scene Builder
- 2014-05-13 15:49 - 2014-05-13 15:49 - 00000000 ____D () C:\Program Files (x86)\Oracle
- 2014-05-13 11:08 - 2013-05-09 23:27 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\Media Player Classic
- 2014-05-13 00:09 - 2014-05-12 23:29 - 00000452 _____ () C:\index.html
- 2014-05-09 22:25 - 2012-11-04 18:10 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
- 2014-05-09 22:25 - 2012-11-04 18:10 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
- 2014-05-09 08:14 - 2014-05-25 01:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
- 2014-05-09 08:11 - 2014-05-25 01:18 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
- 2014-05-05 09:42 - 2012-11-09 19:47 - 00399816 _____ () C:\Windows\PFRO.log
- 2014-05-03 14:55 - 2012-11-05 02:06 - 00000000 ____D () C:\Program Files (x86)\Games
- Files to move or delete:
- ====================
- C:\Users\Stefan\AppData\Roaming\CamLayout.ini
- C:\Users\Stefan\AppData\Roaming\CamShapes.ini
- Some content of TEMP:
- ====================
- C:\Users\Stefan\AppData\Local\Temp\ose00000.exe
- C:\Users\Stefan\AppData\Local\Temp\ose00001.exe
- C:\Users\Stefan\AppData\Local\Temp\tmp1CFA.tmp.exe
- C:\Users\Stefan\AppData\Local\Temp\tmp50E8.tmp.exe
- C:\Users\Stefan\AppData\Local\Temp\tmp7366.tmp.exe
- ==================== Bamital & volsnap Check =================
- C:\Windows\System32\winlogon.exe => MD5 is legit
- C:\Windows\System32\wininit.exe => MD5 is legit
- C:\Windows\SysWOW64\wininit.exe => MD5 is legit
- C:\Windows\explorer.exe => MD5 is legit
- C:\Windows\SysWOW64\explorer.exe => MD5 is legit
- C:\Windows\System32\svchost.exe => MD5 is legit
- C:\Windows\SysWOW64\svchost.exe => MD5 is legit
- C:\Windows\System32\services.exe => MD5 is legit
- C:\Windows\System32\User32.dll => MD5 is legit
- C:\Windows\SysWOW64\User32.dll => MD5 is legit
- C:\Windows\System32\userinit.exe => MD5 is legit
- C:\Windows\SysWOW64\userinit.exe => MD5 is legit
- C:\Windows\System32\rpcss.dll => MD5 is legit
- C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
- LastRegBack: 2014-05-29 21:11
- ==================== End Of Log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement