Jump to content

pum.userWload and trojan.ransom problem

FreakinWeird
 Share

Recommended Posts

RPMcMurphy

RPMcMurphy

Posted
Posted

Hello and welcome. Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Link to post
Share on other sites
FreakinWeird

FreakinWeird

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2013 01

Ran by Rasa (administrator) on 01-06-2013 13:30:15

Running from C:\Users\Rasa\Desktop

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe

() C:\ProgramData\BetterSoft\ContinueToSave\ContinueToSave.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

() C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe

(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe

(WebCake LLC) C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)

HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)

AppInit_DLLs: [0 ] ()

SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File

SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.a-searchpage.info/?pid=943&r=2013/05/30&hid=1001736937&lg=EN&cc=RS&unqvl=18

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.a-searchpage.info/?pid=943&r=2013/05/30&hid=1001736937&lg=EN&cc=RS&unqvl=18

SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=943&r=2013/05/30&hid=1001736937&lg=EN&cc=RS&unqvl=18

HKCU SearchScopes: DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=943&r=2013/05/30&hid=1001736937&lg=EN&cc=RS&unqvl=18

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119776&tt=gc_&babsrc=SP_ss&mntrId=D4C70025223E40FD

SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=943&r=2013/05/30&hid=1001736937&lg=EN&cc=RS&unqvl=18

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)

BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: GretechBHO Class - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll (Gretech Corporation)

Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)

PDF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF ProfilePath: C:\Users\Rasa\AppData\Roaming\Mozilla\Firefox\Profiles\juokp1nz.default

FF NetworkProxy: "backup.ftp", "178.219.4.222"

FF NetworkProxy: "backup.ftp_port", 8080

FF NetworkProxy: "backup.socks", "178.219.4.222"

FF NetworkProxy: "backup.socks_port", 8080

FF NetworkProxy: "backup.ssl", "178.219.4.222"

FF NetworkProxy: "backup.ssl_port", 8080

FF NetworkProxy: "ftp", "193.232.174.65"

FF NetworkProxy: "ftp_port", 8080

FF NetworkProxy: "http", "193.232.174.65"

FF NetworkProxy: "http_port", 8080

FF NetworkProxy: "no_proxies_on", "localhist, 127.0.0.1"

FF NetworkProxy: "share_proxy_settings", true

FF NetworkProxy: "socks", "193.232.174.65"

FF NetworkProxy: "socks_port", 8080

FF NetworkProxy: "ssl", "193.232.174.65"

FF NetworkProxy: "ssl_port", 8080

FF NetworkProxy: "type", 4

FF Homepage: user_pref("browser.startup.homepage", );

FF Homepage: hxxp://websearch.a-searchpage.info/?pid=943&r=2013/05/30&hid=1001736937&lg=EN&cc=RS&unqvl=18

FF SelectedSearchEngine: WebSearch

FF Keyword.URL: hxxp://websearch.a-searchpage.info/?pid=943&r=2013/05/30&hid=1001736937&lg=EN&cc=RS&unqvl=18&l=1&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Extension: continuetosave - C:\Users\Rasa\AppData\Roaming\Mozilla\Firefox\Profiles\juokp1nz.default\Extensions\510b2559e750b@510b2559e7544.com

FF Extension: continuetosave - C:\Users\Rasa\AppData\Roaming\Mozilla\Firefox\Profiles\juokp1nz.default\Extensions\510b2672d6ac0@510b2672d6afa.com

FF Extension: No Name - C:\Users\Rasa\AppData\Roaming\Mozilla\Firefox\Profiles\juokp1nz.default\Extensions\ffxtlbr@babylon.com

FF Extension: WebCake - C:\Users\Rasa\AppData\Roaming\Mozilla\Firefox\Profiles\juokp1nz.default\Extensions\plugin@getwebcake.com

FF Extension: No Name - C:\Users\Rasa\AppData\Roaming\Mozilla\Firefox\Profiles\juokp1nz.default\Extensions\staged

FF Extension: Browse22save - C:\Users\Rasa\AppData\Roaming\Mozilla\Firefox\Profiles\juokp1nz.default\Extensions\vs5r-xdj@zcwmeiueyao.edu

FF Extension: torntv2 - C:\Users\Rasa\AppData\Roaming\Mozilla\Firefox\Profiles\juokp1nz.default\Extensions\torntv2@torntv.com.xpi

Chrome:

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Extension: (Google Drive) - C:\Users\Rasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Rasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Rasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Website Blocker (Beta)) - C:\Users\Rasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib\0.2.0_0

CHR Extension: (Yulia Brodskaya) - C:\Users\Rasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko\2_0

CHR Extension: (YouTube Repeat) - C:\Users\Rasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\piicimoiaiblachamdicgngccadhlecl\1.0.1_0

CHR Extension: (Gmail) - C:\Users\Rasa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()

R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] ()

S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)

R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)

R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)

R2 WebCake Desktop Updater; C:\Users\Rasa\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-05-24] (WebCake LLC)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 s616bus; C:\Windows\System32\DRIVERS\s616bus.sys [108296 2007-04-03] (MCCI Corporation)

S3 s616mdfl; C:\Windows\System32\DRIVERS\s616mdfl.sys [19720 2007-04-03] (MCCI Corporation)

S3 s616mdm; C:\Windows\System32\DRIVERS\s616mdm.sys [144648 2007-04-03] (MCCI Corporation)

S3 s616unic; C:\Windows\System32\DRIVERS\s616unic.sys [130312 2007-04-03] (MCCI Corporation)

R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG)

R1 ElbyCDIO; System32\Drivers\ElbyCDIO.sys [x]

S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-01 13:16 - 2013-06-01 13:16 - 00000000 ____D C:\FRST

2013-06-01 13:13 - 2013-06-01 13:13 - 01916160 ____A (Farbar) C:\Users\Rasa\Desktop\FRST64.exe

2013-06-01 02:50 - 2013-06-01 02:51 - 00000000 ____D C:\Users\Rasa\Desktop\Malver

2013-06-01 01:41 - 2013-06-01 01:41 - 00791040 ____A C:\Users\Rasa\Desktop\RogueKillerX64.exe

2013-06-01 01:36 - 2013-06-01 01:36 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\AVG2013

2013-06-01 01:35 - 2013-06-01 01:35 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk

2013-06-01 01:35 - 2013-06-01 01:35 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\TuneUp Software

2013-06-01 01:34 - 2013-06-01 02:04 - 00000000 ____D C:\ProgramData\AVG2013

2013-06-01 01:34 - 2013-06-01 01:34 - 00000000 ___HD C:\$AVG

2013-06-01 01:34 - 2013-06-01 01:34 - 00000000 ____D C:\Program Files (x86)\AVG

2013-06-01 01:26 - 2013-06-01 13:11 - 00000000 ____D C:\ProgramData\MFAData

2013-06-01 01:26 - 2013-06-01 01:47 - 00000000 ____D C:\Users\Rasa\AppData\Local\Avg2013

2013-06-01 01:26 - 2013-06-01 01:26 - 00000000 ____D C:\Users\Rasa\AppData\Local\MFAData

2013-06-01 01:19 - 2013-06-01 01:20 - 04463288 ____A (AVG Technologies) C:\Users\Rasa\Downloads\avg_isct_stb_all_2013_3343.exe

2013-06-01 00:16 - 2013-06-01 01:24 - 00143217 ____A C:\Windows\System32\Drivers\sfi.dat

2013-06-01 00:16 - 2013-06-01 00:16 - 00000000 ____D C:\ProgramData\Comodo

2013-06-01 00:15 - 2013-06-01 01:17 - 00000000 ____D C:\Program Files\COMODO

2013-06-01 00:15 - 2013-06-01 00:15 - 00000000 ____D C:\ProgramData\Comodo Downloader

2013-05-31 23:44 - 2013-06-01 01:25 - 00101354 ____A C:\Windows\PFRO.log

2013-05-31 23:37 - 2013-05-31 23:37 - 00000005 ____A C:\Users\Rasa\AppData\Roaming\mbam.context.scan

2013-05-31 22:07 - 2013-06-01 13:08 - 00022244 ____A C:\Windows\WindowsUpdate.log

2013-05-31 22:07 - 2013-05-31 22:07 - 00143680 ____A C:\Users\Rasa\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-31 22:06 - 2013-05-31 22:06 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\NCdownloader

2013-05-31 22:04 - 2013-06-01 13:05 - 00000392 ____A C:\Windows\setupact.log

2013-05-31 22:04 - 2013-05-31 22:07 - 05050776 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-31 22:04 - 2013-05-31 22:04 - 00000000 ____A C:\Windows\setuperr.log

2013-05-31 18:24 - 2013-05-31 18:24 - 00878509 ____A C:\Users\Rasa\Desktop\mario pejzazna.dwg

2013-05-30 22:02 - 2013-06-01 13:05 - 00000000 ____D C:\Program Files (x86)\WebSearch

2013-05-30 22:02 - 2013-06-01 02:09 - 00000000 ____D C:\ProgramData\SearchNewTab

2013-05-30 22:02 - 2013-05-30 22:02 - 00000000 ____D C:\ProgramData\StarApp

2013-05-30 22:00 - 2013-06-01 02:09 - 00000000 ____D C:\ProgramData\contoinuetosaivey

2013-05-30 22:00 - 2013-05-31 22:31 - 00000000 ____D C:\Program Files (x86)\Solibo Ltd

2013-05-30 18:13 - 2013-05-30 19:10 - 00081957 ____A C:\Users\Rasa\Desktop\nemam pojma.dwg

2013-05-30 02:37 - 2013-05-30 02:48 - 02107817 ____A C:\Users\Rasa\Desktop\maks.skp

2013-05-29 18:59 - 2013-05-29 22:07 - 00000132 ____A C:\Users\Rasa\AppData\Roaming\Adobe Targa Format CS5 Prefs

2013-05-29 16:56 - 2008-09-19 20:33 - 72096675 ____A C:\Users\Rasa\Desktop\srtm_40_03.tif

2013-05-29 16:56 - 2008-09-19 20:33 - 00001135 ____A C:\Users\Rasa\Desktop\srtm_40_03.hdr

2013-05-29 16:56 - 2008-09-19 20:33 - 00000156 ____A C:\Users\Rasa\Desktop\srtm_40_03.tfw

2013-05-29 16:48 - 2013-05-29 16:48 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\MICRODEM

2013-05-29 16:48 - 2013-05-29 16:48 - 00000000 ____D C:\Program Files (x86)\Borland

2013-05-29 16:48 - 2001-11-05 09:30 - 00165376 ____A C:\Windows\UNWISE.EXE

2013-05-29 16:41 - 2013-05-29 16:47 - 31980290 ____A C:\Users\Rasa\Desktop\srtm_40_03.zip

2013-05-29 16:12 - 2013-05-29 17:49 - 00000000 ____D C:\mapdata

2013-05-29 16:12 - 2013-05-29 16:48 - 00000000 ____D C:\microdem

2013-05-29 16:11 - 2013-05-29 16:11 - 00000000 ____D C:\Windows\Downloaded Installations

2013-05-29 14:31 - 2013-05-29 14:31 - 00002551 ____A C:\Users\Rasa\Desktop\srtm41.kmz

2013-05-29 14:17 - 2013-05-29 14:38 - 100520391 ____A (Petmar Triilobite Breeding Ranch ) C:\Users\Rasa\Downloads\microdem_setup.exe

2013-05-29 13:46 - 2013-05-29 14:02 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\HandBrake

2013-05-29 13:46 - 2013-05-29 13:46 - 00000000 ____D C:\Users\Rasa\AppData\Local\HandBrake

2013-05-29 13:46 - 2013-05-29 13:46 - 00000000 ____D C:\Program Files (x86)\Handbrake

2013-05-29 12:50 - 2013-05-29 12:50 - 00000000 ____D C:\ProgramData\shctxex.vb

2013-05-29 12:50 - 2012-06-01 21:22 - 00060273 ____A (Open Source Software community project) C:\Windows\SysWOW64\pthreadGC2.dll

2013-05-29 12:50 - 2005-09-01 15:13 - 00245408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll

2013-05-29 12:50 - 2005-02-02 16:07 - 01773568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll

2013-05-29 12:50 - 2003-12-22 08:20 - 00344064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll

2013-05-29 12:50 - 2003-12-22 08:20 - 00004608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\W95INF32.DLL

2013-05-29 12:50 - 2003-12-22 08:20 - 00002272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\W95INF16.DLL

2013-05-29 12:50 - 2002-01-05 15:48 - 00974848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll

2013-05-29 12:50 - 2002-01-05 14:40 - 00332288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll

2013-05-29 12:50 - 1998-06-17 00:00 - 00516173 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp60d.dll

2013-05-29 12:50 - 1998-06-17 00:00 - 00385100 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL

2013-05-28 23:25 - 2013-05-28 23:25 - 00000000 ____D C:\Windows\SysWOW64\searchplugins

2013-05-28 23:25 - 2013-05-28 23:25 - 00000000 ____D C:\Windows\SysWOW64\Extensions

2013-05-28 23:15 - 2013-05-28 23:15 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-28 23:15 - 2013-05-28 23:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-28 23:15 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-05-28 22:50 - 2013-05-28 22:51 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rasa\Downloads\mbam-setup-1.75.0.1300.exe

2013-05-28 22:19 - 2013-05-28 22:19 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\Babylon

2013-05-28 22:19 - 2013-05-28 22:19 - 00000000 ____D C:\ProgramData\Babylon

2013-05-28 22:18 - 2013-05-31 22:33 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\WebCake

2013-05-28 22:18 - 2013-05-28 22:18 - 00000000 ____D C:\Program Files (x86)\WebCake

2013-05-28 22:11 - 2013-05-29 14:07 - 00000000 ____D C:\Users\Rasa\Desktop\marija kompresovano

2013-05-28 14:10 - 2013-05-28 14:10 - 00000000 ____D C:\Users\Rasa\Documents\RailClone

2013-05-28 14:08 - 2013-05-28 14:08 - 00000000 ____D C:\ProgramData\Itoo Software

2013-05-28 10:31 - 2013-05-31 01:48 - 00000000 ____D C:\Program Files (x86)\Itoo Software

2013-05-28 02:20 - 2013-05-28 02:20 - 01823449 ____A C:\Users\Rasa\Documents\AutoSave_Untitled.skp

2013-05-28 01:56 - 2013-05-31 02:50 - 00161120 ____A C:\Users\Rasa\Desktop\teren 3d.dwg

2013-05-28 01:56 - 2013-03-13 00:30 - 00517584 ____A C:\Users\Rasa\Desktop\teren bre.dwg

2013-05-27 12:43 - 2013-05-27 12:43 - 00112942 ____A C:\Users\Rasa\Downloads\3docean HDRi - Pack 005.torrent

2013-05-26 20:50 - 2013-05-26 20:50 - 38930953 ____A C:\Users\Rasa\Desktop\detaljno.dae

2013-05-26 16:45 - 2013-05-26 16:46 - 00000000 ____D C:\Users\Rasa\Desktop\bekap

2013-05-26 16:05 - 2013-05-29 16:40 - 00000000 ____D C:\Program Files (x86)\SpeedFan

2013-05-26 16:05 - 2013-05-26 16:05 - 00001011 ____A C:\Users\Rasa\Desktop\SpeedFan.lnk

2013-05-26 16:05 - 2013-05-26 16:05 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo

2013-05-26 15:03 - 2013-05-26 21:23 - 00000000 ____D C:\Users\Rasa\Documents\Lumion 3

2013-05-26 15:02 - 2013-05-26 16:47 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\Quest3D

2013-05-25 19:47 - 2013-05-25 19:47 - 00017966 ____A C:\Users\Rasa\Downloads\Lumion 3.01 Pro 64bit , includes patch.torrent

2013-05-25 19:10 - 2013-05-25 19:10 - 00028898 ____A C:\Users\Rasa\Downloads\Grasshopper Tutorials.torrent

2013-05-18 18:15 - 2013-05-18 18:17 - 23168812 ____A C:\Users\Rasa\Downloads\mere tehnicke zastite.psd

2013-05-16 09:40 - 2013-05-16 09:40 - 00303104 ____A C:\Users\Rasa\Downloads\Model.max

2013-05-16 02:38 - 2013-05-26 20:51 - 20085493 ____A C:\Users\Rasa\Downloads\detaljno.skp

2013-05-16 02:33 - 2013-05-16 02:37 - 00000000 ____D C:\ProgramData\ASGVIS

2013-05-12 20:46 - 2013-05-13 17:50 - 00001456 ____A C:\Users\Rasa\AppData\Local\Adobe Save for Web 12.0 Prefs

2013-05-12 19:56 - 2013-05-12 19:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-12 14:40 - 2013-05-10 06:06 - 00011043 ____A C:\Users\Rasa\AppData\Roaming\photo.jpeg

2013-05-11 18:51 - 2013-05-11 18:51 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-05-11 18:51 - 2013-05-11 18:51 - 00000000 ____D C:\Program Files\CCleaner

2013-05-11 04:19 - 2013-05-11 04:19 - 00000000 ____D C:\ProgramData\ALM

2013-05-11 04:19 - 2013-05-11 04:19 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player

2013-05-10 13:57 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-05-10 13:57 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-05-10 13:57 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-05-10 13:56 - 2013-05-10 13:57 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-05-07 22:30 - 2013-05-07 22:30 - 00000000 ____D C:\Program Files (x86)\DC7

2013-05-07 12:10 - 2013-05-28 03:00 - 00000000 ____D C:\Users\Rasa\Desktop\nasledje 2

==================== One Month Modified Files and Folders =======

2013-06-01 13:28 - 2012-11-16 03:10 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\Skype

2013-06-01 13:16 - 2013-06-01 13:16 - 00000000 ____D C:\FRST

2013-06-01 13:15 - 2012-11-16 17:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-01 13:13 - 2013-06-01 13:13 - 01916160 ____A (Farbar) C:\Users\Rasa\Desktop\FRST64.exe

2013-06-01 13:13 - 2009-07-14 06:45 - 00021808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-01 13:13 - 2009-07-14 06:45 - 00021808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-01 13:11 - 2013-06-01 01:26 - 00000000 ____D C:\ProgramData\MFAData

2013-06-01 13:08 - 2013-05-31 22:07 - 00022244 ____A C:\Windows\WindowsUpdate.log

2013-06-01 13:05 - 2013-05-31 22:04 - 00000392 ____A C:\Windows\setupact.log

2013-06-01 13:05 - 2013-05-30 22:02 - 00000000 ____D C:\Program Files (x86)\WebSearch

2013-06-01 13:05 - 2013-02-01 03:51 - 00000426 ___AH C:\Windows\Tasks\schedule!1143840799.job

2013-06-01 13:05 - 2013-02-01 03:51 - 00000000 ____D C:\Program Files (x86)\ContinueToSave

2013-06-01 13:05 - 2013-01-17 04:01 - 00000000 ____D C:\Program Files (x86)\SaveByClick

2013-06-01 13:05 - 2012-11-16 02:13 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-01 13:05 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-01 02:51 - 2013-06-01 02:50 - 00000000 ____D C:\Users\Rasa\Desktop\Malver

2013-06-01 02:09 - 2013-05-30 22:02 - 00000000 ____D C:\ProgramData\SearchNewTab

2013-06-01 02:09 - 2013-05-30 22:00 - 00000000 ____D C:\ProgramData\contoinuetosaivey

2013-06-01 02:09 - 2013-02-01 03:50 - 00000000 ____D C:\ProgramData\continuetosave

2013-06-01 02:04 - 2013-06-01 01:34 - 00000000 ____D C:\ProgramData\AVG2013

2013-06-01 02:04 - 2012-11-16 02:13 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-01 01:47 - 2013-06-01 01:26 - 00000000 ____D C:\Users\Rasa\AppData\Local\Avg2013

2013-06-01 01:41 - 2013-06-01 01:41 - 00791040 ____A C:\Users\Rasa\Desktop\RogueKillerX64.exe

2013-06-01 01:36 - 2013-06-01 01:36 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\AVG2013

2013-06-01 01:35 - 2013-06-01 01:35 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk

2013-06-01 01:35 - 2013-06-01 01:35 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\TuneUp Software

2013-06-01 01:34 - 2013-06-01 01:34 - 00000000 ___HD C:\$AVG

2013-06-01 01:34 - 2013-06-01 01:34 - 00000000 ____D C:\Program Files (x86)\AVG

2013-06-01 01:26 - 2013-06-01 01:26 - 00000000 ____D C:\Users\Rasa\AppData\Local\MFAData

2013-06-01 01:25 - 2013-05-31 23:44 - 00101354 ____A C:\Windows\PFRO.log

2013-06-01 01:24 - 2013-06-01 00:16 - 00143217 ____A C:\Windows\System32\Drivers\sfi.dat

2013-06-01 01:20 - 2013-06-01 01:19 - 04463288 ____A (AVG Technologies) C:\Users\Rasa\Downloads\avg_isct_stb_all_2013_3343.exe

2013-06-01 01:17 - 2013-06-01 00:15 - 00000000 ____D C:\Program Files\COMODO

2013-06-01 00:16 - 2013-06-01 00:16 - 00000000 ____D C:\ProgramData\Comodo

2013-06-01 00:15 - 2013-06-01 00:15 - 00000000 ____D C:\ProgramData\Comodo Downloader

2013-06-01 00:00 - 2012-11-17 23:58 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\GarenaPlus

2013-06-01 00:00 - 2012-11-17 08:27 - 00000000 ____D C:\ProgramData\GarenaMessenger

2013-05-31 23:37 - 2013-05-31 23:37 - 00000005 ____A C:\Users\Rasa\AppData\Roaming\mbam.context.scan

2013-05-31 22:33 - 2013-05-28 22:18 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\WebCake

2013-05-31 22:31 - 2013-05-30 22:00 - 00000000 ____D C:\Program Files (x86)\Solibo Ltd

2013-05-31 22:17 - 2009-07-14 07:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-31 22:07 - 2013-05-31 22:07 - 00143680 ____A C:\Users\Rasa\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-31 22:07 - 2013-05-31 22:04 - 05050776 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-31 22:06 - 2013-05-31 22:06 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\NCdownloader

2013-05-31 22:04 - 2013-05-31 22:04 - 00000000 ____A C:\Windows\setuperr.log

2013-05-31 18:24 - 2013-05-31 18:24 - 00878509 ____A C:\Users\Rasa\Desktop\mario pejzazna.dwg

2013-05-31 02:50 - 2013-05-28 01:56 - 00161120 ____A C:\Users\Rasa\Desktop\teren 3d.dwg

2013-05-31 01:48 - 2013-05-28 10:31 - 00000000 ____D C:\Program Files (x86)\Itoo Software

2013-05-30 22:13 - 2013-01-17 04:01 - 00000000 ____D C:\ProgramData\InstallMate

2013-05-30 22:12 - 2013-02-01 03:55 - 00000000 ____D C:\ProgramData\BetterSoft

2013-05-30 22:11 - 2012-11-16 03:53 - 00000000 ____D C:\Program Files\Autodesk

2013-05-30 22:02 - 2013-05-30 22:02 - 00000000 ____D C:\ProgramData\StarApp

2013-05-30 19:10 - 2013-05-30 18:13 - 00081957 ____A C:\Users\Rasa\Desktop\nemam pojma.dwg

2013-05-30 13:30 - 2012-11-16 05:22 - 00000000 ____D C:\ProgramData\boost_interprocess

2013-05-30 02:48 - 2013-05-30 02:37 - 02107817 ____A C:\Users\Rasa\Desktop\maks.skp

2013-05-30 02:25 - 2012-11-20 08:25 - 00045270 ____A C:\Users\Rasa\AppData\Roaming\room_v3.dat

2013-05-30 00:53 - 2012-11-17 08:27 - 00000000 ____D C:\Program Files (x86)\Garena Plus

2013-05-29 22:07 - 2013-05-29 18:59 - 00000132 ____A C:\Users\Rasa\AppData\Roaming\Adobe Targa Format CS5 Prefs

2013-05-29 17:49 - 2013-05-29 16:12 - 00000000 ____D C:\mapdata

2013-05-29 16:48 - 2013-05-29 16:48 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\MICRODEM

2013-05-29 16:48 - 2013-05-29 16:48 - 00000000 ____D C:\Program Files (x86)\Borland

2013-05-29 16:48 - 2013-05-29 16:12 - 00000000 ____D C:\microdem

2013-05-29 16:47 - 2013-05-29 16:41 - 31980290 ____A C:\Users\Rasa\Desktop\srtm_40_03.zip

2013-05-29 16:40 - 2013-05-26 16:05 - 00000000 ____D C:\Program Files (x86)\SpeedFan

2013-05-29 16:11 - 2013-05-29 16:11 - 00000000 ____D C:\Windows\Downloaded Installations

2013-05-29 14:38 - 2013-05-29 14:17 - 100520391 ____A (Petmar Triilobite Breeding Ranch ) C:\Users\Rasa\Downloads\microdem_setup.exe

2013-05-29 14:31 - 2013-05-29 14:31 - 00002551 ____A C:\Users\Rasa\Desktop\srtm41.kmz

2013-05-29 14:07 - 2013-05-28 22:11 - 00000000 ____D C:\Users\Rasa\Desktop\marija kompresovano

2013-05-29 14:02 - 2013-05-29 13:46 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\HandBrake

2013-05-29 13:46 - 2013-05-29 13:46 - 00000000 ____D C:\Users\Rasa\AppData\Local\HandBrake

2013-05-29 13:46 - 2013-05-29 13:46 - 00000000 ____D C:\Program Files (x86)\Handbrake

2013-05-29 12:50 - 2013-05-29 12:50 - 00000000 ____D C:\ProgramData\shctxex.vb

2013-05-28 23:25 - 2013-05-28 23:25 - 00000000 ____D C:\Windows\SysWOW64\searchplugins

2013-05-28 23:25 - 2013-05-28 23:25 - 00000000 ____D C:\Windows\SysWOW64\Extensions

2013-05-28 23:15 - 2013-05-28 23:15 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-28 23:15 - 2013-05-28 23:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-28 23:10 - 2013-04-01 02:47 - 00000000 ____D C:\Program Files (x86)\BrowseToSave

2013-05-28 22:51 - 2013-05-28 22:50 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Rasa\Downloads\mbam-setup-1.75.0.1300.exe

2013-05-28 22:44 - 2013-04-01 02:46 - 00000000 ____D C:\ProgramData\Browse22save

2013-05-28 22:44 - 2013-01-17 04:01 - 00000000 ____D C:\ProgramData\SaveByclick

2013-05-28 22:19 - 2013-05-28 22:19 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\Babylon

2013-05-28 22:19 - 2013-05-28 22:19 - 00000000 ____D C:\ProgramData\Babylon

2013-05-28 22:18 - 2013-05-28 22:18 - 00000000 ____D C:\Program Files (x86)\WebCake

2013-05-28 14:10 - 2013-05-28 14:10 - 00000000 ____D C:\Users\Rasa\Documents\RailClone

2013-05-28 14:08 - 2013-05-28 14:08 - 00000000 ____D C:\ProgramData\Itoo Software

2013-05-28 03:00 - 2013-05-07 12:10 - 00000000 ____D C:\Users\Rasa\Desktop\nasledje 2

2013-05-28 02:20 - 2013-05-28 02:20 - 01823449 ____A C:\Users\Rasa\Documents\AutoSave_Untitled.skp

2013-05-27 12:43 - 2013-05-27 12:43 - 00112942 ____A C:\Users\Rasa\Downloads\3docean HDRi - Pack 005.torrent

2013-05-26 21:23 - 2013-05-26 15:03 - 00000000 ____D C:\Users\Rasa\Documents\Lumion 3

2013-05-26 20:51 - 2013-05-16 02:38 - 20085493 ____A C:\Users\Rasa\Downloads\detaljno.skp

2013-05-26 20:50 - 2013-05-26 20:50 - 38930953 ____A C:\Users\Rasa\Desktop\detaljno.dae

2013-05-26 16:47 - 2013-05-26 15:02 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\Quest3D

2013-05-26 16:46 - 2013-05-26 16:45 - 00000000 ____D C:\Users\Rasa\Desktop\bekap

2013-05-26 16:05 - 2013-05-26 16:05 - 00001011 ____A C:\Users\Rasa\Desktop\SpeedFan.lnk

2013-05-26 16:05 - 2013-05-26 16:05 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo

2013-05-26 15:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF

2013-05-26 14:52 - 2013-01-25 00:45 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\vlc

2013-05-26 11:20 - 2012-11-16 03:10 - 00000000 ____D C:\ProgramData\Skype

2013-05-25 19:47 - 2013-05-25 19:47 - 00017966 ____A C:\Users\Rasa\Downloads\Lumion 3.01 Pro 64bit , includes patch.torrent

2013-05-25 19:10 - 2013-05-25 19:10 - 00028898 ____A C:\Users\Rasa\Downloads\Grasshopper Tutorials.torrent

2013-05-22 09:43 - 2012-11-16 02:17 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs

2013-05-22 00:59 - 2012-11-16 01:44 - 00000000 ____D C:\Users\Rasa\AppData\Local\VirtualStore

2013-05-19 20:25 - 2012-12-19 02:42 - 00000000 ____D C:\Program Files (x86)\DotAlicious Gaming Client

2013-05-18 18:17 - 2013-05-18 18:15 - 23168812 ____A C:\Users\Rasa\Downloads\mere tehnicke zastite.psd

2013-05-16 10:34 - 2013-03-07 13:08 - 00001507 ____A C:\Users\Rasa\Documents\plot.log

2013-05-16 09:40 - 2013-05-16 09:40 - 00303104 ____A C:\Users\Rasa\Downloads\Model.max

2013-05-16 02:37 - 2013-05-16 02:33 - 00000000 ____D C:\ProgramData\ASGVIS

2013-05-15 23:17 - 2012-11-16 07:17 - 00000000 ____D C:\Windows\pss

2013-05-15 20:16 - 2012-11-16 17:17 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-15 20:16 - 2012-11-16 17:17 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-15 17:30 - 2013-01-31 08:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-05-13 17:50 - 2013-05-12 20:46 - 00001456 ____A C:\Users\Rasa\AppData\Local\Adobe Save for Web 12.0 Prefs

2013-05-12 20:45 - 2012-11-16 01:53 - 00000000 ____D C:\Users\Rasa\AppData\Roaming\Adobe

2013-05-12 19:56 - 2013-05-12 19:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-05-12 17:48 - 2012-11-16 01:55 - 00000000 ____D C:\Users\Rasa\AppData\Local\Adobe

2013-05-12 17:44 - 2012-11-16 18:41 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe

2013-05-12 17:43 - 2012-11-16 01:53 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-05-11 18:53 - 2012-11-16 10:38 - 00000000 ____D C:\Windows\Panther

2013-05-11 18:51 - 2013-05-11 18:51 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-05-11 18:51 - 2013-05-11 18:51 - 00000000 ____D C:\Program Files\CCleaner

2013-05-11 04:19 - 2013-05-11 04:19 - 00000000 ____D C:\ProgramData\ALM

2013-05-11 04:19 - 2013-05-11 04:19 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player

2013-05-11 04:18 - 2012-11-16 01:53 - 00000000 ____D C:\ProgramData\Adobe

2013-05-10 13:57 - 2013-05-10 13:56 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log

2013-05-10 13:57 - 2013-03-20 02:09 - 00000000 ____D C:\Program Files (x86)\Java

2013-05-10 06:06 - 2013-05-12 14:40 - 00011043 ____A C:\Users\Rasa\AppData\Roaming\photo.jpeg

2013-05-07 22:30 - 2013-05-07 22:30 - 00000000 ____D C:\Program Files (x86)\DC7

2013-05-02 02:06 - 2010-11-21 05:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-24 01:52

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites
RPMcMurphy

RPMcMurphy

Posted
Posted

Sorry for the delay - I missed my notification that you replied. Please do this:

icon11.gif Download Combofix from HERE, and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.

.

Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:

  • ComboFix log

Link to post
Share on other sites
RPMcMurphy

RPMcMurphy

Posted
Posted

Please do this next:

icon11.gif Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

  • AdwCleaner log
  • MBAM log

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.