Jump to content

Recommended Posts

Hello, I'm currently "fixing" my friend's PC (via TeamViewer - I'm writing this from his PC).

So today he told me that Avast found some malware and he asked me if I could check his PC. I found many weird programs that start up after the system boots + everytime I clicked a link a pop-up ad showed up. At this point I knew this isn't going to be easy as he had adware (I probably managed to get rid of that) and probably some malware too  - I'm interested in this topic, but I don't think I'm experienced enough to deal with that. So at first I "cleaned" up his PC (I've uninstalled some toolbars, uTorrent, disabled a few extensions. And yes -  the Java plugin is (or at least should be) disabled in web browsers.

Also it looks like he ran GotCLIP...

 

Logs:

 

DDS log BEFORE running Avast and MBAM (not really important):

 

DDS
Attach

 

After that I did a regular clean up (as I've already mentioned) and then I ran MBAM:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 25.3.2014
Scan Time: 21:13:24
Logfile: MBAM_log.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.25.07
Rootkit Database: v2014.03.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Honza

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 246585
Time Elapsed: 22 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\updateGreyGray.exe, 2608, , [a5d634d3bdbef3438d896bdf5ea36c94]
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\bin\utilGreyGray.exe, 2656, , [77044bbc3645ae88c94d6fdb71905ea2]

Modules: 0
(No malicious items detected)

Registry Keys: 41
PUP.Optional.GreyGray.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update GreyGray, , [a5d634d3bdbef3438d896bdf5ea36c94],
PUP.Optional.GreyGray.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util GreyGray, , [77044bbc3645ae88c94d6fdb71905ea2],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [f784a46318634beb7a166dcc24de7888],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [f784a46318634beb7a166dcc24de7888],
PUP.Optional.SearchResults.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0}, , [07748186cfac39fd0228d03461a11ee2],
PUP.Optional.SearchResults.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{377E5D4D-77E5-476A-8716-7E70A9272DA0}, , [07748186cfac39fd0228d03461a11ee2],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, , [84f73ccb7ffcf343bc6ae32961a1837d],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, , [84f73ccb7ffcf343bc6ae32961a1837d],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, , [84f73ccb7ffcf343bc6ae32961a1837d],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, , [84f73ccb7ffcf343bc6ae32961a1837d],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, , [84f73ccb7ffcf343bc6ae32961a1837d],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, , [84f73ccb7ffcf343bc6ae32961a1837d],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, , [84f73ccb7ffcf343bc6ae32961a1837d],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, , [84f73ccb7ffcf343bc6ae32961a1837d],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, , [84f73ccb7ffcf343bc6ae32961a1837d],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, , [84f73ccb7ffcf343bc6ae32961a1837d],
PUP.Optional.GreyGray.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ae60e6ed-49dd-4099-8b5e-386a4908d5d5}, , [94e7ac5b91ea5cdaa16abb80cc36936d],
PUP.Optional.GreyGray.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{48CA6E7D-E142-4B06-BF79-E3B243C51E88}, , [94e7ac5b91ea5cdaa16abb80cc36936d],
PUP.Optional.GreyGray.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{630BB364-173F-49E6-8510-6E0C86B25593}, , [94e7ac5b91ea5cdaa16abb80cc36936d],
PUP.Optional.GreyGray.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{630BB364-173F-49E6-8510-6E0C86B25593}, , [94e7ac5b91ea5cdaa16abb80cc36936d],
PUP.Optional.GreyGray.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FE34FA86-9846-47AA-8E21-108C4D3EB7B1}, , [94e7ac5b91ea5cdaa16abb80cc36936d],
PUP.Optional.GreyGray.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{48CA6E7D-E142-4B06-BF79-E3B243C51E88}, , [94e7ac5b91ea5cdaa16abb80cc36936d],
PUP.Optional.GreyGray.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FE34FA86-9846-47AA-8E21-108C4D3EB7B1}, , [94e7ac5b91ea5cdaa16abb80cc36936d],
PUP.Optional.GreyGray.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AE60E6ED-49DD-4099-8B5E-386A4908D5D5}, , [94e7ac5b91ea5cdaa16abb80cc36936d],
PUP.Optional.Bandoo.A, HKU\S-1-5-21-1166332735-1082075647-3807633924-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9D717F81-9148-4f12-8568-69135F087DB0}, , [6219e91e2754ef47a5f062d702009070],
PUP.Optional.GreyGray.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GreyGray, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, HKLM\SOFTWARE\WOW6432NODE\GreyGray, , [d2a914f33b40e74f86dbdfa0c83bad53],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MediaWatchV1home206, , [a5d67d8a2358f640d74c9af85fa4c33d],
Adware.InstallBrain, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService, , [aad10502b3c870c687d8ef62f211b24e],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, , [1d5e64a39be0de58626495e9b25105fb],
PUP.Optional.GreyGray.A, HKU\S-1-5-21-1166332735-1082075647-3807633924-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GreyGray, , [dba0fe096318fb3b461a225daa59ed13],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1166332735-1082075647-3807633924-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, , [bcbf25e28eed989eaf7dd6a78f74748c],
PUP.Optional.InstallBrain.A, HKU\S-1-5-21-1166332735-1082075647-3807633924-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, , [7cff58af7ffc999df3d30876ed16758b],
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WNLT, , [0f6cf6115625aa8c685658f4b54d827e],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MediaWatchV1home206, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2c6dd6e1-59be-4498-900b-9214f9edbb15}, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6377569e-8400-4c1e-a3b2-99a4105d5b84}, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{63C75504-F88F-465F-96DB-FFE0C0944027}, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{63C75504-F88F-465F-96DB-FFE0C0944027}, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6377569e-8400-4c1e-a3b2-99a4105d5b84}, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2C6DD6E1-59BE-4498-900B-9214F9EDBB15}, , [fd7ee12658233ef8071ff75cd92913ed],

Registry Values: 7
PUP.Optional.Incredibar, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403a-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, , [96e58384cfac2f07dd64186b2ad902fe]
PUP.Optional.Incredibar, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\Web Assistant\Firefox, , [bfbc64a33249f34371d1c1c216ed48b8]
PUP.Optional.Incredibar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403a-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, , [9ae16c9b2556b18559e8cfb4b84b7888]
PUP.Optional.Incredibar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\Web Assistant\Firefox, , [5e1d9c6b0d6e4bebdf63dda60ff4c43c]
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaWatchV1home206.net, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ff, , [14677691502b4aec8f952a6833d006fa]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, , [1d5e64a39be0de58626495e9b25105fb],
PUP.Optional.InstallBrain.A, HKU\S-1-5-21-1166332735-1082075647-3807633924-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, , [7cff58af7ffc999df3d30876ed16758b],

Registry Data: 0
(No malicious items detected)

Folders: 14
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\bin, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\bin\plugins, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation, , [0f6cf6115625aa8c685658f4b54d827e],
PUP.Optional.NextLive.A, C:\Users\Honza\AppData\Roaming\newnext.me, , [bfbcbb4cc0bb5adc6b59a8a5986a30d0],
PUP.Optional.NextLive.A, C:\Users\Honza\AppData\Roaming\newnext.me\cache, , [bfbcbb4cc0bb5adc6b59a8a5986a30d0],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ch, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ff, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ff\chrome, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ff\chrome\content, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ff\chrome\content\icons, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ff\chrome\content\icons\default, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ie, , [fd7ee12658233ef8071ff75cd92913ed],

Files: 118
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\updateGreyGray.exe, , [a5d634d3bdbef3438d896bdf5ea36c94],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\bin\utilGreyGray.exe, , [77044bbc3645ae88c94d6fdb71905ea2],
PUP.Optional.SoftwareUpdater, C:\Users\Honza\AppData\Local\SwvUpdater\Updater.exe, , [84f73ccb7ffcf343bc6ae32961a1837d],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\GreyGrayBHO.dll, , [94e7ac5b91ea5cdaa16abb80cc36936d],
PUP.Optional.Amonetize, C:\Users\Honza\AppData\Local\Temp\awh75AC.tmp, , [cbb0ff081f5c90a66e6b1c0040c15da3],
PUP.Optional.Amonetize, C:\Users\Honza\AppData\Local\Temp\awhCE0A.tmp, , [7a01729597e454e28653de3e56ab4bb5],
PUP.Optional.MediaWatch.A, C:\Users\Honza\AppData\Local\Temp\set-app.exe, , [6f0c37d00477e65072f567c5e02405fb],
PUP.Optional.InstallMonetizer, C:\Users\Honza\AppData\Local\Temp\nsy7BB5.tmp\MobogenieSetup.exe, , [58237c8bb2c90333b919100f748d7888],
PUP.Optional.InstallMonetizer, C:\Users\Honza\AppData\Local\Temp\nsy7BB5.tmp\SeznamSetup.exe, , [54279275aecd61d53d9536e9aa57af51],
PUP.Optional.InstallMonetizer, C:\Users\Honza\AppData\Local\Temp\nsy7BB5.tmp\YontooSetup.exe, , [4833ee191b60da5c1fb31708af52c838],
PUP.Optional.NextLive.A, C:\Users\Honza\AppData\Local\genienext\nengine.dll, , [33480ef9c6b5fc3af49c410ab051da26],
PUP.Optional.MyStartSearch.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\searchplugins\MyStart Search.xml, , [eb90b255d3a8d462e4598aca758d1ce4],
PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, , [146725e28fecca6c0feb3434bb47ae52],
PUP.Optional.Searchqu.A, C:\Users\Honza\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, , [2457fa0d3d3e8aac7b96c8b0cf34867a],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\GreyGray.ico, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\ceiapeodjfjcbfkfkfbdpgbhbgiidjdb.crx, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\GreyGrayUninstall.exe, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\sqlite3.exe, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\updateGreyGray.InstallState, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\bin\GreyGray.BrowserFilter.Helper.dll, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\bin\GreyGray.BrowserFilter.Helper.dll.old.cc34edbc-d1f1-46fc-825a-2a56eac0c407, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\bin\GreyGrayBrowserFilter.exe, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\bin\sqlite3.dll, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\bin\utilGreyGray.InstallState, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\bin\plugins\GreyGray.Bromon.dll, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\bin\plugins\GreyGray.FFUpdate.dll, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\bin\plugins\GreyGray.GCUpdate.dll, , [adce08ffdf9cfa3cadb2374809fa817f],
PUP.Optional.GreyGray.A, C:\Program Files (x86)\GreyGray\bin\plugins\GreyGray.IEUpdate.dll, , [adce08ffdf9cfa3cadb2374809fa817f],
Adware.InstallBrain, C:\Windows\System32\dmwu.exe, , [aad10502b3c870c687d8ef62f211b24e],
PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\SKSetup.exe, , [0f6cf6115625aa8c685658f4b54d827e],
PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\uninstaller.exe, , [0f6cf6115625aa8c685658f4b54d827e],
PUP.Optional.InstallBrain.A, C:\Windows\SysWOW64\WNLT\Installation\WSSetup.exe, , [0f6cf6115625aa8c685658f4b54d827e],
PUP.Optional.NextLive.A, C:\Users\Honza\AppData\Roaming\newnext.me\nengine.cookie, , [bfbcbb4cc0bb5adc6b59a8a5986a30d0],
PUP.Optional.NextLive.A, C:\Users\Honza\AppData\Roaming\newnext.me\cache\spark.bin, , [bfbcbb4cc0bb5adc6b59a8a5986a30d0],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\uninstall.exe, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ch\MediaWatchV1home206.crx, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ff\chrome.manifest, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ff\install.rdf, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ff\chrome\content\ffMediaWatchV1home206.js, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ff\chrome\content\ffMediaWatchV1home206ffaction.js, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ff\chrome\content\overlay.xul, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ff\chrome\content\icons\Thumbs.db, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ff\chrome\content\icons\default\MediaWatchV1home206_32.png, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.MediaWatch.A, C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ie\MediaWatchV1home206.dll, , [fd7ee12658233ef8071ff75cd92913ed],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("CT3220468.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2") ;), ,[a5d6ad5a0774de583d516ac218ec7d83]
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI") ;), ,[651645c273088bab7717c5672ed656aa]
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("Smartbar.ConduitSearchUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2") ;), ,[017aa36480fbee488c02f13b4fb5e719]
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("smartbar.conduitHomepageList", "http://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI") ;), ,[7efd7a8d91ea79bdb8d6e34907fda060]
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2,http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN63631279078547707&UM=UM_ID&q=,http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN63631279078547707&UM=&q=") ;), ,[3645dc2b9ae137ff9ef00f1d857f6c94]
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "http://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI/|||8641363704771066") ;), ,[97e439ce3c3fa98dd0be6cc0cc38b34d]
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "http://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI/|#|old_value|||8641363705089498") ;), ,[5c1fd532b2c93600d3bb5ad257ad45bb]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.actvtyRptTime", "1362224022251") ;), ,[e79445c227541c1affda78b462a20cf4]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.admin", false) ;), ,[accf0cfb4a31d462a633ed3f33d17789]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c", "") ;), ,[fc7f16f1c6b5c67049905fcd6b990cf4]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c_wid", "2521; expires=Tue, 26 Feb 2013 20:20:45 GMT") ;), ,[9ae19770235814226772c3696e96ee12]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c_wid_to", "") ;), ,[f5869e695b206acc26b30e1e8f751fe1]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.aflt", "orgnl") ;), ,[7506f2150972b77f5980e3492adaca36]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.afterInstallRpt", "sent") ;), ,[47340007dd9efb3b02d79d8f828213ed]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.cntry", "CZ") ;), ,[bfbcf215ea91171fcc0de24ae51f7987]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.dfltLng", "EN") ;), ,[7ffc23e4b3c8fe3835a458d46f95af51]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.dfltSrch", false) ;), ,[92e9b94e1f5c36007a5f919b0004ca36]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.dfltsrch", "false") ;), ,[f586d235582378bea6335fcde123b749]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.did", "10671") ;), ,[cab14bbc6e0d35013f9a939982823ac6]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.envrmnt", "production") ;), ,[e19a61a6cbb0989eb5246fbdcc385da3]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.excTlbr", false) ;), ,[fb80798e126986b0e2f7cc606a9ab848]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.hdrMd5", "A1857DBCD780B67AF2F25E851F6AAEE5") ;), ,[fc7ffe092e4dda5c3a9fe14ba4607b85]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.hmpg", false) ;), ,[d5a652b5bcbfc76fc910929a9371a15f]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.hrdid", "e28e3687000000000000cc5d4e01cdd9") ;), ,[75067790e3986bcbaa2f60ccb2527f81]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.id", "e28e3687000000000000cc5d4e01cdd9") ;), ,[2d4e887f0b707eb8fddcaf7d7b89867a]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.installerproductid", "26") ;), ,[e2998186cdaeb383d108f43809fbe11f]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.instlDay", "15557") ;), ,[4437c542116a4de9c910111b48bc7f81]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.instlRef", "") ;), ,[2d4e8e796b105dd92aaf32fa8d774ab6]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.isDcmntCmplt", false) ;), ,[adced631ceadcd694693e646af5555ab]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.isdcmntcmplt", "false") ;), ,[3e3de3244b3062d41fba181444c0629e]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.keywordurl", "") ;), ,[c3b8cd3a6516a5915089101c38cc7a86]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1422:40:55") ;), ,[4b308582493287afb7224fdd966eac54]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.mntrvrsn", "1.2.0") ;), ,[96e55bacbcbf3afcb524cf5d7e86d927]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.newTab", false) ;), ,[d9a244c33c3fbf777861bf6dab592dd3]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.newtab", "false") ;), ,[74075ea995e60c2a9643d45822e250b0]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.newtaburl", "") ;), ,[6813b354522954e2ecedbd6ff50f6d93]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.noFFXTlbr", false) ;), ,[1d5e689f0972e84e23b66ebe22e29967]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.ppd", "77777106") ;), ,[b0cb8681710a41f539a066c61ce8a65a]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.prdct", "incredibar") ;), ,[582337d0fe7d79bd37a25cd0d72dbb45]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.productid", "26") ;), ,[64176c9b5e1d2f07cf0aa389dd2760a0]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.prtnrId", "Incredibar") ;), ,[a4d7ca3df78494a2518877b55ea6ad53]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.sg", "none") ;), ,[d4a70502cead40f62eab7fada75d21df]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.smplGrp", "none") ;), ,[fc7f2cdbbbc0e056b52487a5e22220e0]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.srch", "") ;), ,[63188a7dcbb0f14512c7f834e81c0000]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.srchprvdr", "") ;), ,[2952d7300a7180b609d0220a8282b749]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.tlbrId", "base") ;), ,[007b54b3f487c3732dac68c4a262629e]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6OyK8NA4O5&loc=IB_TB&i=26&search=") ;), ,[06757295d2a9a88ebd1c81ab58acdd23]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.upn2", "6OyK8NA4O5") ;), ,[a0db62a59dde280e8b4e9e8ef41015eb]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.upn2n", "92261880325975457") ;), ,[146751b62a5166d074657ab2f50f5da3]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.vrsn", "1.5.11.14") ;), ,[91ea4dba9edd280e8a4fbd6f877d59a7]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.vrsnTs", "1.5.11.1422:40:55") ;), ,[6714b750641786b0489147e58480b14f]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.vrsni", "1.5.11.14") ;), ,[15669b6c215a80b6627784a8e12339c7]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.aflt", "orgnl") ;), ,[87f414f35e1dec4a419851db956fe11f]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.dfltLng", "") ;), ,[1b60e225aad1c96de3f686a68b79be42]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.did", "10671") ;), ,[46351dea4c2feb4ba732022aa36107f9]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.excTlbr", false) ;), ,[03780205c4b743f3c217d458fb0932ce]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.id", "e28e3687000000000000cc5d4e01cdd9") ;), ,[166530d7bdbec5714c8d65c78a7a7789]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.installerproductid", "26") ;), ,[a3d83dca611a83b32eab67c5b84cff01]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.instlDay", "15557") ;), ,[bebd3acd7ffc9d9939a0e8441fe50000]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.instlRef", "") ;), ,[accfb057d5a691a5c6133bf1f60e29d7]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.ms_url_id", "") ;), ,[e39861a6552672c4a435f63608fc6b95]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.newTab", false) ;), ,[215a71960f6c65d10acf82aaef1529d7]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.ppd", "77777106") ;), ,[f784897e205b63d35f7ac963f31157a9]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.prdct", "incredibar") ;), ,[6e0d58afb3c82a0c4297c16b6b996d93]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.productid", "26") ;), ,[c1ba8c7b215a3105c3167cb030d4d52b]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.prtnrId", "Incredibar") ;), ,[116a94737cff26107a5fb478c83cfe02]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.smplGrp", "none") ;), ,[ee8d85828deefe38d504290313f1916f]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.tlbrId", "base") ;), ,[cdaed730fa8121156970220a49bb7c84]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6OyK8NA4O5&loc=IB_TB&i=26&search=") ;), ,[1f5c0cfbeb90eb4b05d48d9f867e37c9]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.upn2", "6OyK8NA4O5") ;), ,[4a3167a083f83bfb5584111b16ee13ed]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.upn2n", "92261880325975457") ;), ,[b0cb84838cef3006558419130df716ea]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsn", "1.5.11.14") ;), ,[2b507691ec8f67cf83561616ba4a8080]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:40:55") ;), ,[80fb3bcc8bf05dd94b8e59d346be0ef2]
PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsni", "1.5.11.14") ;), ,[7dfe25e208739a9c657486a65ba929d7]

Physical Sectors: 0
(No malicious items detected)

 

(I've quarantied everything it has found)

New DDS scan:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Honza at 21:47:20 on 2014-03-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.420.1029.18.8174.6165 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Mobogenie\MgAssist.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\ZyXEL\NWD2205\RtlService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ZyXEL\NWD2205\NWD2205.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Honza\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Users\Honza\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
C:\Users\Honza\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe
c:\users\honza\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


uDefault_Page_URL = www.hal3000.cz
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Pomocná služba pro přihlášení k účtu Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRunOnce: [seznamInstall-uninstall:3fbe18150a4a2edfd08b1c1b0943e4db] "C:\Users\Honza\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe" -c "C:\Users\Honza\AppData\Roaming\Seznam.cz"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\ZyXEL\NWD2205\NWD2205.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 192.168.1.20
TCP: Interfaces\{284462AD-3496-4DA7-B9A9-158A457503AA} : DHCPNameServer = 192.168.1.20
TCP: Interfaces\{BF1D677C-FBFF-434D-9545-1C0862700E1A} : DHCPNameServer = 192.168.1.20
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [shadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.id - e28e3687000000000000cc5d4e01cdd9
FF - user.js: extensions.incredibar_i.instlDay - 15557
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1422:40:55
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyK8NA4O5
FF - user.js: extensions.incredibar_i.upn2n - 92261880325975457
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10671
FF - user.js: extensions.incredibar_i.ppd - 77777106
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-7 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-5-7 208928]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-3 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-3 423240]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-3 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-25 50344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 MgAssistService;MgAssist Service;C:\Program Files (x86)\Mobogenie\MgAssist.exe [2014-1-13 70848]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-8 15129376]
R2 Realtek11nCU;Realtek11nCU;C:\Program Files (x86)\ZyXEL\NWD2205\RtlService.exe [2012-8-3 36864]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-16 411936]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-8-1 27760]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-24 84816]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-17 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-26 677480]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2010-8-12 748648]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2013-7-8 199384]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-8-1 2173552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-11-13 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-13 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-5 19456]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-5 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-5 30208]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-30 1255736]
.
=============== Created Last 30 ================
.
2014-03-25 20:38:16    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{48DAAD38-AADD-4575-96EB-FDCBCFE7577E}\offreg.dll
2014-03-25 19:49:03    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-25 19:48:53    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-25 19:48:53    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-03-25 19:48:53    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-03-25 19:48:53    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-03-25 19:48:53    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-25 19:11:36    --------    d-----r-    C:\Users\Honza\Dropbox
2014-03-25 19:09:48    --------    d-----w-    C:\Users\Honza\AppData\Roaming\DropboxMaster
2014-03-25 19:08:40    --------    d-----w-    C:\Users\Honza\AppData\Roaming\Dropbox
2014-03-25 18:56:40    43152    ----a-w-    C:\Windows\avastSS.scr
2014-03-25 18:43:10    --------    d-----w-    C:\Users\Honza\AppData\Roaming\uTorrent
2014-03-25 18:04:13    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{48DAAD38-AADD-4575-96EB-FDCBCFE7577E}\mpengine.dll
2014-03-24 18:55:20    --------    d-----w-    C:\Users\Honza\AppData\Roaming\TS3Client
2014-03-24 18:55:15    --------    d-----w-    C:\Program Files (x86)\TeamSpeak 3 Client
2014-03-22 18:42:03    --------    d-----w-    C:\Program Files (x86)\MediaWatchV1
2014-03-15 23:06:50    599840    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-03-13 15:51:06    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-13 15:50:59    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-13 15:50:59    353280    ----a-w-    C:\Program Files\Internet Explorer\IEShims.dll
2014-03-13 15:50:59    293080    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2014-03-13 15:50:59    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-13 15:50:58    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-13 14:45:59    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-13 14:45:59    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-13 14:45:29    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-03-13 14:45:29    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-03-13 14:45:29    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-03-13 14:45:29    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-03-13 14:44:34    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-13 14:44:34    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-06 19:42:39    --------    d-----w-    C:\Users\Honza\AppData\Local\Skype
2014-03-06 19:42:30    --------    d-----r-    C:\Program Files (x86)\Skype
2014-03-03 15:57:17    --------    d-----w-    C:\Program Files (x86)\WB Games
2014-02-25 20:43:47    --------    d-----w-    C:\Windows\Migration
.
==================== Find3M  ====================
.
2014-03-25 18:56:40    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-03-25 18:56:40    84816    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2014-03-25 18:56:40    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-25 18:56:40    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-03-25 18:56:40    208928    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-03-25 18:56:40    1039096    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-03-12 17:29:47    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 17:29:47    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-04 13:06:00    6714312    ----a-w-    C:\Windows\System32\nvcpl.dll
2014-03-04 13:06:00    3497816    ----a-w-    C:\Windows\System32\nvsvc64.dll
2014-03-04 13:05:58    922968    ----a-w-    C:\Windows\System32\nvvsvc.exe
2014-03-04 13:05:58    64968    ----a-w-    C:\Windows\System32\nvshext.dll
2014-03-04 13:05:58    2558808    ----a-w-    C:\Windows\System32\nvsvcr.dll
2014-03-04 13:05:57    386336    ----a-w-    C:\Windows\System32\nvmctray.dll
2014-03-04 13:05:53    3649185    ----a-w-    C:\Windows\System32\nvcoproc.bin
2014-03-01 05:17:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-01 04:52:55    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-01 04:11:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:52:43    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:00:08    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-08 18:34:51    1885472    ----a-w-    C:\Windows\System32\nvdispco6433489.dll
2014-02-08 18:34:51    1515296    ----a-w-    C:\Windows\System32\nvdispgenco6433489.dll
2014-01-16 00:42:40    608032    ----a-w-    C:\SecurityScanner.dll
.
============= FINISH: 21:47:38,35 ===============

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3.8.2012 20:17:52
System Uptime: 25.3.2014 21:15:49 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P8H61-M LX2
Processor: Intel® Core i3-2120 CPU @ 3.30GHz | LGA1155 | 3168/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 715,754 GiB free.
D: is Removable
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP327: 13.3.2014 22:33:27 - Windows Update
RP328: 18.3.2014 18:25:17 - Windows Update
RP329: 18.3.2014 22:03:07 - Windows Update
RP330: 25.3.2014 19:03:04 - Windows Update
RP331: 25.3.2014 19:55:30 - avast! antivirus system restore point
RP332: 25.3.2014 20:24:32 - Before MBAM
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9) - Czech
Aktualizace NVIDIA 10.11.15
avast! Free Antivirus
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Dishonored
Dropbox
F1 2012
Fotogalerie
Fraps (remove only)
Garry's Mod
GeForce Experience NvStream Client Components
Google Drive
Google Chrome
Google Update Helper
Guild Wars 2
High-Definition Video Playback
Java 7 Update 45
Java 7 Update 45 (64-bit)
Java Auto Updater
Junk Mail filter update
Left 4 Dead 2
Loadout
Malwarebytes Anti-Malware verze 2.00.0.1000
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (CSY)
Microsoft .NET Framework 4.5.1 (čeština)
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010
Microsoft Office Klikni a spusť 2010
Microsoft Office Starter 2010 - čeština
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mobogenie
Movie Maker
Mozilla Firefox 27.0.1 (x86 cs)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.4
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BurnRights 10
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero DiscSpeed 10
Nero Express 10
Nero InfoTool 10
Nero MediaHub 10
Nero Multimedia Suite 10 Essentials
Nero Recode 10
Nero StartSmart 10
Nero Update
Nero Vision 10
NHL™ 09
NVIDIA GeForce Experience 1.8.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Ovladač řídící jednotky 3D Vision 335.21
NVIDIA Ovladač 3D Vision 335.23
NVIDIA Ovladač HD audia 1.3.30.1
NVIDIA Ovladače grafiky 335.23
NVIDIA PhysX
NVIDIA ShadowPlay 10.11.15
NVIDIA Stereoscopic 3D Driver
NVIDIA Systémový software PhysX 9.13.1220
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
Origin
Ovládací panel NVIDIA 335.23
Photo Common
Photo Gallery
Rockstar Games Social Club
Sandboxie 4.04 (64-bit)
Scooby-Doo! Počátky strachu
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
SHIELD Streaming
Skype™ 6.14
Sleeping Dogs™
Steam
TeamSpeak 3 Client
The Sims™ 3
The Sims™ 3 Cestovní horečka
The Sims™ 3 Domácí mazlíčci
The Sims™ 3 Obludárium
The Sims™ 3 Roční období
The Sims™ 3 Sladké radosti Katy Perry
Thief
TSST OEM Content
Ubisoft Game Launcher
Vegas Pro 12.0 (64-bit)
VLC media player 2.1.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker
Wireless N USB Utility
.
==== End Of File ===========================

Mobogiene doesn't seem legit to me but I decided it would be better to let you decide what to do with it.

Thank you so much for your help!

Link to post
Share on other sites

Welcome to the forum.

1: Uninstall Mobogenie

2: Disable Defender, you have Avast running.

Having two anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

How to Disable Defender

Dangers of running 2 anti-virus programs

3: Did you have MB quarantine all of those items???

4: Please run a Quick Scan with Malwarebytes like this and post the log:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

---------------------

Then........

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

1: Uninstall Mobogenie

2: Disable Defender, you have Avast running.

3: Did you have MB quarantine all of those items???

4: Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

 

Hello! Thank you for the swift reply!

 

1. Uninstalled

2. Ah yes - I haven't noticed that. Disabled!

3. Yeah

4. I'm using 2.0 and I couldn't remove the items - so I just quarantied them

 

MBAM log:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 26.3.2014

Scan Time: 17:34:54

Logfile: MBAM_log2.txt

Administrator: Yes

Version: 2.00.0.1000

Malware Database: v2014.03.26.05

Rootkit Database: v2014.03.25.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Honza

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 246205

Time Elapsed: 6 min, 7 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 4

PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-1166332735-1082075647-3807633924-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [23ba65a26318fa3c41c9f70d946e669a],

PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-1166332735-1082075647-3807633924-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, Ë?¶stâ?FDG¨+xTA«=p¶, , [23ba65a26318fa3c41c9f70d946e669a]

PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-1166332735-1082075647-3807633924-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [23ba65a26318fa3c41c9f70d946e669a],

PUP.Optional.UTorrentControl.A, HKU\S-1-5-21-1166332735-1082075647-3807633924-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, , [a23bba4d1f5ce155d139af5522e0f010],

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 30

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.dfltlng", "EN");), ,[a03d3ec994e72b0b3b7fe44b9c6811ef]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.instlday", "15557");), ,[6974e027b7c4d6607347141b669eb44c]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.instlref", "");), ,[15c840c7502b35012298012eac58cc34]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.prtnrid", "Incredibar");), ,[d60752b55c1f40f67d3d8ca326def50b]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.smplgrp", "none");), ,[479627e01962a195cded1619d43032ce]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.tlbrid", "base");), ,[7b62c5428eed8fa7a01a89a6a0642bd5]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.tlbrsrchurl", "http://mystart.Incredibar.com/?a=6OyK8NA4O5&loc=IB_TB&i=26&search=");), ,[746982850f6c8da95a6055dabd47c23e]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar.vrsnts", "1.5.11.1422:40:55");), ,[f1ec9770a9d2ab8b308a43ec60a41ae6]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.aflt", "orgnl");), ,[2ab32bdcfc7f3105f1c9cb648a7a4ab6]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.dfltLng", "");), ,[b62728df532863d36357df509b690ff1]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.did", "10671");), ,[f7e69d6aa2d92f07a614bb743cc8c13f]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.excTlbr", false);), ,[06d7788f0972ec4a5e5c909f7391e818]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.id", "e28e3687000000000000cc5d4e01cdd9");), ,[2fae3dca3348ef473c7ed857bf4543bd]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.installerproductid", "26");), ,[65783dcaf38895a1dddde44b659f17e9]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.instlDay", "15557");), ,[c9144dba0e6dc96d37832807758fc53b]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.instlRef", "");), ,[f8e5b6517b0045f197230d22907448b8]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.ms_url_id", "");), ,[c01d7394f08b41f522982906d0349c64]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.newTab", false);), ,[1fbeed1a502bea4c9129e04f91739070]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.ppd", "77777106");), ,[528b14f3631891a5c3f766c9e71d8e72]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.prdct", "incredibar");), ,[a73630d759220531c5f548e7e81c1be5]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.productid", "26");), ,[efeed136502b7fb79c1e32fd00047f81]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.prtnrId", "Incredibar");), ,[6c7135d29cdf8da9c9f176b95da7e31d]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.smplGrp", "none");), ,[e7f6ee190b70ed492f8b3df244c0b749]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.tlbrId", "base");), ,[d00d29debebdfb3bdedcca6590745fa1]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6OyK8NA4O5&loc=IB_TB&i=26&search=");), ,[a6377592c4b75bdbb604b47b06fe9a66]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.upn2", "6OyK8NA4O5");), ,[fae3e324215aec4a8238ca6583812fd1]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.upn2n", "92261880325975457");), ,[7568ea1d9cdf7bbb11a98ba454b040c0]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");), ,[7f5e38cfbebd0b2bfbbfd25df80c7a86]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:40:55");), ,[4e8fba4d8bf02f0758623bf47b89cd33]

PUP.Optional.Incredibar.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js, Good: (), Bad: (user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");), ,[af2ed92eb3c8d46207b338f76d9756aa]

Physical Sectors: 0

(No malicious items detected)

(end)

 

RogueKiller log:

 

RogueKiller V8.8.14 _x64_ [Mar 26 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Honza [Admin rights]

Mode : Scan -- Date : 03/26/2014 17:55:30

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤

[V2][sUSP UNIC] {27BAE160-45DA-4052-9ED9-0C2157688600} : C:\Program Files (x86)\Electronic Arts\The Lord of the Rings - Conquest?\Conquest.exe [x] -> FOUND

[V2][sUSP UNIC] {CFD0FCE5-9CAF-47F8-98BF-7F32A85E68A1} : C:\Program Files (x86)\Electronic Arts\The Lord of the Rings - Conquest?\Conquest.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

[Address] EAT @explorer.exe (AppCacheCheckManifest) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAAD2BC)

[Address] EAT @explorer.exe (AppCacheCloseHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAAA1D8)

[Address] EAT @explorer.exe (AppCacheDeleteGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD1BE0)

[Address] EAT @explorer.exe (AppCacheDeleteIEGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD1C38)

[Address] EAT @explorer.exe (AppCacheDuplicateHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAAA2BC)

[Address] EAT @explorer.exe (AppCacheFinalize) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD1C90)

[Address] EAT @explorer.exe (AppCacheFreeDownloadList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD1CE8)

[Address] EAT @explorer.exe (AppCacheFreeGroupList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB15488)

[Address] EAT @explorer.exe (AppCacheFreeIESpace) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAD8570)

[Address] EAT @explorer.exe (AppCacheFreeSpace) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD1DCC)

[Address] EAT @explorer.exe (AppCacheGetDownloadList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD1E24)

[Address] EAT @explorer.exe (AppCacheGetFallbackUrl) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD1E7C)

[Address] EAT @explorer.exe (AppCacheGetGroupList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB15464)

[Address] EAT @explorer.exe (AppCacheGetIEGroupList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD1ED4)

[Address] EAT @explorer.exe (AppCacheGetInfo) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD1F2C)

[Address] EAT @explorer.exe (AppCacheGetManifestUrl) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAABB30)

[Address] EAT @explorer.exe (AppCacheLookup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAC56B8)

[Address] EAT @explorer.exe (CommitUrlCacheEntryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAB5F8C)

[Address] EAT @explorer.exe (CommitUrlCacheEntryBinaryBlob) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA6BF24)

[Address] EAT @explorer.exe (CommitUrlCacheEntryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA71F50)

[Address] EAT @explorer.exe (CreateMD5SSOHash) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBA9180)

[Address] EAT @explorer.exe (CreateUrlCacheContainerA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAD3808)

[Address] EAT @explorer.exe (CreateUrlCacheContainerW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAD36B8)

[Address] EAT @explorer.exe (CreateUrlCacheEntryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAB5CC0)

[Address] EAT @explorer.exe (CreateUrlCacheEntryExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB17200)

[Address] EAT @explorer.exe (CreateUrlCacheEntryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB171DC)

[Address] EAT @explorer.exe (CreateUrlCacheGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD2E4C)

[Address] EAT @explorer.exe (DeleteIE3Cache) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD7394)

[Address] EAT @explorer.exe (DeleteUrlCacheContainerA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAD8BE0)

[Address] EAT @explorer.exe (DeleteUrlCacheContainerW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAC94D0)

[Address] EAT @explorer.exe (DeleteUrlCacheEntry) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFADBD40)

[Address] EAT @explorer.exe (DeleteUrlCacheEntryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFADBD40)

[Address] EAT @explorer.exe (DeleteUrlCacheEntryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFADA1B0)

[Address] EAT @explorer.exe (DeleteUrlCacheGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD2F4C)

[Address] EAT @explorer.exe (DeleteWpadCacheForNetworks) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB90270)

[Address] EAT @explorer.exe (DetectAutoProxyUrl) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB90694)

[Address] EAT @explorer.exe (DispatchAPICall) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA514E8)

[Address] EAT @explorer.exe (DllCanUnloadNow) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFACDC70)

[Address] EAT @explorer.exe (DllGetClassObject) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA67470)

[Address] EAT @explorer.exe (DllInstall) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB0CD10)

[Address] EAT @explorer.exe (DllRegisterServer) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB72E30)

[Address] EAT @explorer.exe (DllUnregisterServer) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB72E64)

[Address] EAT @explorer.exe (FindCloseUrlCache) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA5553C)

[Address] EAT @explorer.exe (FindFirstUrlCacheContainerA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA7183C)

[Address] EAT @explorer.exe (FindFirstUrlCacheContainerW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA5E8C8)

[Address] EAT @explorer.exe (FindFirstUrlCacheEntryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFACC580)

[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA564A0)

[Address] EAT @explorer.exe (FindFirstUrlCacheEntryExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA689FC)

[Address] EAT @explorer.exe (FindFirstUrlCacheEntryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAD2DE0)

[Address] EAT @explorer.exe (FindFirstUrlCacheGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD3044)

[Address] EAT @explorer.exe (FindNextUrlCacheContainerA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA71CA0)

[Address] EAT @explorer.exe (FindNextUrlCacheContainerW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA5EB5C)

[Address] EAT @explorer.exe (FindNextUrlCacheEntryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFACC704)

[Address] EAT @explorer.exe (FindNextUrlCacheEntryExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD318C)

[Address] EAT @explorer.exe (FindNextUrlCacheEntryExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD335C)

[Address] EAT @explorer.exe (FindNextUrlCacheEntryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA68680)

[Address] EAT @explorer.exe (FindNextUrlCacheGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD352C)

[Address] EAT @explorer.exe (ForceNexusLookup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBA9390)

[Address] EAT @explorer.exe (ForceNexusLookupExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBA93E0)

[Address] EAT @explorer.exe (FreeUrlCacheSpaceA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD3648)

[Address] EAT @explorer.exe (FreeUrlCacheSpaceW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAD78B8)

[Address] EAT @explorer.exe (FtpCommandA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7D968)

[Address] EAT @explorer.exe (FtpCommandW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB81494)

[Address] EAT @explorer.exe (FtpCreateDirectoryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7DA4C)

[Address] EAT @explorer.exe (FtpCreateDirectoryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB81630)

[Address] EAT @explorer.exe (FtpDeleteFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7DAEC)

[Address] EAT @explorer.exe (FtpDeleteFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB81798)

[Address] EAT @explorer.exe (FtpFindFirstFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7DB8C)

[Address] EAT @explorer.exe (FtpFindFirstFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB81900)

[Address] EAT @explorer.exe (FtpGetCurrentDirectoryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7DDF8)

[Address] EAT @explorer.exe (FtpGetCurrentDirectoryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB81AD8)

[Address] EAT @explorer.exe (FtpGetFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7DEB8)

[Address] EAT @explorer.exe (FtpGetFileEx) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB81C60)

[Address] EAT @explorer.exe (FtpGetFileSize) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7E0DC)

[Address] EAT @explorer.exe (FtpGetFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB81DF4)

[Address] EAT @explorer.exe (FtpOpenFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7E36C)

[Address] EAT @explorer.exe (FtpOpenFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB81EF8)

[Address] EAT @explorer.exe (FtpPutFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7E44C)

[Address] EAT @explorer.exe (FtpPutFileEx) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB81F88)

[Address] EAT @explorer.exe (FtpPutFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB820EC)

[Address] EAT @explorer.exe (FtpRemoveDirectoryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7E7CC)

[Address] EAT @explorer.exe (FtpRemoveDirectoryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB821C0)

[Address] EAT @explorer.exe (FtpRenameFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7E86C)

[Address] EAT @explorer.exe (FtpRenameFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8231C)

[Address] EAT @explorer.exe (FtpSetCurrentDirectoryA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7E920)

[Address] EAT @explorer.exe (FtpSetCurrentDirectoryW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8253C)

[Address] EAT @explorer.exe (GetProxyDllInfo) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB68D3C)

[Address] EAT @explorer.exe (GetUrlCacheConfigInfoA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD3868)

[Address] EAT @explorer.exe (GetUrlCacheConfigInfoW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAD73F4)

[Address] EAT @explorer.exe (GetUrlCacheEntryBinaryBlob) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFACB510)

[Address] EAT @explorer.exe (GetUrlCacheEntryInfoA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD3B04)

[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD3CBC)

[Address] EAT @explorer.exe (GetUrlCacheEntryInfoExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFABAB20)

[Address] EAT @explorer.exe (GetUrlCacheEntryInfoW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAB9C80)

[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD3F04)

[Address] EAT @explorer.exe (GetUrlCacheGroupAttributeW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD416C)

[Address] EAT @explorer.exe (GetUrlCacheHeaderData) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA836A0)

[Address] EAT @explorer.exe (GopherCreateLocatorA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8A424)

[Address] EAT @explorer.exe (GopherCreateLocatorW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8A424)

[Address] EAT @explorer.exe (GopherFindFirstFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8A424)

[Address] EAT @explorer.exe (GopherFindFirstFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8A424)

[Address] EAT @explorer.exe (GopherGetAttributeA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8A424)

[Address] EAT @explorer.exe (GopherGetAttributeW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8A424)

[Address] EAT @explorer.exe (GopherGetLocatorTypeA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8A424)

[Address] EAT @explorer.exe (GopherGetLocatorTypeW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8A424)

[Address] EAT @explorer.exe (GopherOpenFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8A424)

[Address] EAT @explorer.exe (GopherOpenFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8A424)

[Address] EAT @explorer.exe (HttpAddRequestHeadersA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA7C8C0)

[Address] EAT @explorer.exe (HttpAddRequestHeadersW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA82A20)

[Address] EAT @explorer.exe (HttpCheckDavCompliance) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB95078)

[Address] EAT @explorer.exe (HttpCloseDependencyHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFABBD00)

[Address] EAT @explorer.exe (HttpDuplicateDependencyHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFABBE60)

[Address] EAT @explorer.exe (HttpEndRequestA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAB56C0)

[Address] EAT @explorer.exe (HttpEndRequestW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB95714)

[Address] EAT @explorer.exe (HttpGetServerCredentials) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBAD5FC)

[Address] EAT @explorer.exe (HttpGetTunnelSocket) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB77BD4)

[Address] EAT @explorer.exe (HttpOpenDependencyHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAC6090)

[Address] EAT @explorer.exe (HttpOpenRequestA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB95D6C)

[Address] EAT @explorer.exe (HttpOpenRequestW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA7ABE0)

[Address] EAT @explorer.exe (HttpPushClose) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB788B4)

[Address] EAT @explorer.exe (HttpPushEnable) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB78964)

[Address] EAT @explorer.exe (HttpPushWait) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB789BC)

[Address] EAT @explorer.exe (HttpQueryInfoA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA7F8B0)

[Address] EAT @explorer.exe (HttpQueryInfoW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA8F3A0)

[Address] EAT @explorer.exe (HttpSendRequestA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB12A14)

[Address] EAT @explorer.exe (HttpSendRequestExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB95814)

[Address] EAT @explorer.exe (HttpSendRequestExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAB54A4)

[Address] EAT @explorer.exe (HttpSendRequestW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA8287C)

[Address] EAT @explorer.exe (HttpWebSocketClose) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBA5E40)

[Address] EAT @explorer.exe (HttpWebSocketCompleteUpgrade) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBA63CC)

[Address] EAT @explorer.exe (HttpWebSocketQueryCloseStatus) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBA5F88)

[Address] EAT @explorer.exe (HttpWebSocketReceive) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBA6878)

[Address] EAT @explorer.exe (HttpWebSocketSend) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBA6DBC)

[Address] EAT @explorer.exe (HttpWebSocketShutdown) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBA707C)

[Address] EAT @explorer.exe (IncrementUrlCacheHeaderData) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAA04A4)

[Address] EAT @explorer.exe (InternetAlgIdToStringA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBB2440)

[Address] EAT @explorer.exe (InternetAlgIdToStringW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBB2618)

[Address] EAT @explorer.exe (InternetAttemptConnect) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6CC48)

[Address] EAT @explorer.exe (InternetAutodial) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB71EF0)

[Address] EAT @explorer.exe (InternetAutodialCallback) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6955C)

[Address] EAT @explorer.exe (InternetAutodialHangup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB71F88)

[Address] EAT @explorer.exe (InternetCanonicalizeUrlA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6CCB0)

[Address] EAT @explorer.exe (InternetCanonicalizeUrlW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6E0CC)

[Address] EAT @explorer.exe (InternetCheckConnectionA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6CDBC)

[Address] EAT @explorer.exe (InternetCheckConnectionW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6E1DC)

[Address] EAT @explorer.exe (InternetClearAllPerSiteCookieDecisions) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB967F8)

[Address] EAT @explorer.exe (InternetCloseHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA78400)

[Address] EAT @explorer.exe (InternetCombineUrlA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6D288)

[Address] EAT @explorer.exe (InternetCombineUrlW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA74DA8)

[Address] EAT @explorer.exe (InternetConfirmZoneCrossing) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBB33E4)

[Address] EAT @explorer.exe (InternetConfirmZoneCrossingA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBB33E4)

[Address] EAT @explorer.exe (InternetConfirmZoneCrossingW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB0FA00)

[Address] EAT @explorer.exe (InternetConnectA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6D3A0)

[Address] EAT @explorer.exe (InternetConnectW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA81460)

[Address] EAT @explorer.exe (InternetCrackUrlA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA9C300)

[Address] EAT @explorer.exe (InternetCrackUrlW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAD1DD0)

[Address] EAT @explorer.exe (InternetCreateUrlA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6D4CC)

[Address] EAT @explorer.exe (InternetCreateUrlW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA74880)

[Address] EAT @explorer.exe (InternetDial) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB72018)

[Address] EAT @explorer.exe (InternetDialA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB72018)

[Address] EAT @explorer.exe (InternetDialW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB720D0)

[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB96804)

[Address] EAT @explorer.exe (InternetEnumPerSiteCookieDecisionW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB9686C)

[Address] EAT @explorer.exe (InternetErrorDlg) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBB349C)

[Address] EAT @explorer.exe (InternetFindNextFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB80DF0)

[Address] EAT @explorer.exe (InternetFindNextFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB83160)

[Address] EAT @explorer.exe (InternetFortezzaCommand) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB78A14)

[Address] EAT @explorer.exe (InternetFreeCookies) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAB1254)

[Address] EAT @explorer.exe (InternetFreeProxyInfoList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAE3098)

[Address] EAT @explorer.exe (InternetGetCertByURL) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA521A8)

[Address] EAT @explorer.exe (InternetGetCertByURLA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA521A8)

[Address] EAT @explorer.exe (InternetGetConnectedState) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA73FF0)

[Address] EAT @explorer.exe (InternetGetConnectedStateEx) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB161B4)

[Address] EAT @explorer.exe (InternetGetConnectedStateExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB161B4)

[Address] EAT @explorer.exe (InternetGetConnectedStateExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA912A4)

[Address] EAT @explorer.exe (InternetGetCookieA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB97B40)

[Address] EAT @explorer.exe (InternetGetCookieEx2) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAB1224)

[Address] EAT @explorer.exe (InternetGetCookieExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB97B64)

[Address] EAT @explorer.exe (InternetGetCookieExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAB126C)

[Address] EAT @explorer.exe (InternetGetCookieW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB97E70)

[Address] EAT @explorer.exe (InternetGetLastResponseInfoA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6D564)

[Address] EAT @explorer.exe (InternetGetLastResponseInfoW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6E2D0)

[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB96950)

[Address] EAT @explorer.exe (InternetGetPerSiteCookieDecisionW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB969A0)

[Address] EAT @explorer.exe (InternetGetProxyForUrl) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAE2DE0)

[Address] EAT @explorer.exe (InternetGetSecurityInfoByURL) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6D704)

[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6D704)

[Address] EAT @explorer.exe (InternetGetSecurityInfoByURLW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6E48C)

[Address] EAT @explorer.exe (InternetGoOnline) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7217C)

[Address] EAT @explorer.exe (InternetGoOnlineA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB7217C)

[Address] EAT @explorer.exe (InternetGoOnlineW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB72220)

[Address] EAT @explorer.exe (InternetHangUp) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB722B8)

[Address] EAT @explorer.exe (InternetInitializeAutoProxyDll) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA6A100)

[Address] EAT @explorer.exe (InternetLockRequestFile) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFABB8D0)

[Address] EAT @explorer.exe (InternetOpenA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA946D0)

[Address] EAT @explorer.exe (InternetOpenUrlA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6D81C)

[Address] EAT @explorer.exe (InternetOpenUrlW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6E590)

[Address] EAT @explorer.exe (InternetOpenW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA94540)

[Address] EAT @explorer.exe (InternetQueryDataAvailable) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA70660)

[Address] EAT @explorer.exe (InternetQueryFortezzaStatus) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB78A74)

[Address] EAT @explorer.exe (InternetQueryOptionA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA76F40)

[Address] EAT @explorer.exe (InternetQueryOptionW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA774F0)

[Address] EAT @explorer.exe (InternetReadFile) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA901F0)

[Address] EAT @explorer.exe (InternetReadFileExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAC6D90)

[Address] EAT @explorer.exe (InternetReadFileExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAC6D00)

[Address] EAT @explorer.exe (InternetSecurityProtocolToStringA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBB27F0)

[Address] EAT @explorer.exe (InternetSecurityProtocolToStringW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBB2960)

[Address] EAT @explorer.exe (InternetSetCookieA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB97E90)

[Address] EAT @explorer.exe (InternetSetCookieEx2) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB97EB8)

[Address] EAT @explorer.exe (InternetSetCookieExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB97F18)

[Address] EAT @explorer.exe (InternetSetCookieExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA9BDA0)

[Address] EAT @explorer.exe (InternetSetCookieW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB97FBC)

[Address] EAT @explorer.exe (InternetSetDialState) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB72338)

[Address] EAT @explorer.exe (InternetSetDialStateA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB72338)

[Address] EAT @explorer.exe (InternetSetDialStateW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB72390)

[Address] EAT @explorer.exe (InternetSetFilePointer) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB1763C)

[Address] EAT @explorer.exe (InternetSetOptionA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA75EB0)

[Address] EAT @explorer.exe (InternetSetOptionExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6EBA4)

[Address] EAT @explorer.exe (InternetSetOptionExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6ECA0)

[Address] EAT @explorer.exe (InternetSetOptionW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA76370)

[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB96A38)

[Address] EAT @explorer.exe (InternetSetPerSiteCookieDecisionW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB96AD0)

[Address] EAT @explorer.exe (InternetSetStatusCallback) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA964B0)

[Address] EAT @explorer.exe (InternetSetStatusCallbackA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA964B0)

[Address] EAT @explorer.exe (InternetSetStatusCallbackW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFADB9BC)

[Address] EAT @explorer.exe (InternetShowSecurityInfoByURL) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6D8B0)

[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6D8B0)

[Address] EAT @explorer.exe (InternetShowSecurityInfoByURLW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB6E73C)

[Address] EAT @explorer.exe (InternetTimeFromSystemTime) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAC7860)

[Address] EAT @explorer.exe (InternetTimeFromSystemTimeA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAC7860)

[Address] EAT @explorer.exe (InternetTimeFromSystemTimeW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB2D9A8)

[Address] EAT @explorer.exe (InternetTimeToSystemTime) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB13590)

[Address] EAT @explorer.exe (InternetTimeToSystemTimeA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB13590)

[Address] EAT @explorer.exe (InternetTimeToSystemTimeW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB134C0)

[Address] EAT @explorer.exe (InternetUnlockRequestFile) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFABB644)

[Address] EAT @explorer.exe (InternetWriteFile) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAB5760)

[Address] EAT @explorer.exe (InternetWriteFileExA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8A424)

[Address] EAT @explorer.exe (InternetWriteFileExW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8A424)

[Address] EAT @explorer.exe (IsHostInProxyBypassList) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA99E94)

[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD43A0)

[Address] EAT @explorer.exe (IsUrlCacheEntryExpiredW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB173E4)

[Address] EAT @explorer.exe (LoadUrlCacheContent) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB8A424)

[Address] EAT @explorer.exe (ParseX509EncodedCertificateForListBoxEntry) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBB2AD0)

[Address] EAT @explorer.exe (PrivacyGetZonePreferenceW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA9D40C)

[Address] EAT @explorer.exe (PrivacySetZonePreferenceW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB0CF94)

[Address] EAT @explorer.exe (ReadUrlCacheEntryStream) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAB46E4)

[Address] EAT @explorer.exe (ReadUrlCacheEntryStreamEx) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD44F0)

[Address] EAT @explorer.exe (RegisterUrlCacheNotification) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA52A20)

[Address] EAT @explorer.exe (ResumeSuspendedDownload) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB713F8)

[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD4600)

[Address] EAT @explorer.exe (RetrieveUrlCacheEntryFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD47DC)

[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD49B4)

[Address] EAT @explorer.exe (RetrieveUrlCacheEntryStreamW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB15FD0)

[Address] EAT @explorer.exe (RunOnceUrlCache) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA521A8)

[Address] EAT @explorer.exe (SetUrlCacheConfigInfoA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD4BB8)

[Address] EAT @explorer.exe (SetUrlCacheConfigInfoW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD4CEC)

[Address] EAT @explorer.exe (SetUrlCacheEntryGroup) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD4DEC)

[Address] EAT @explorer.exe (SetUrlCacheEntryGroupA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD4DEC)

[Address] EAT @explorer.exe (SetUrlCacheEntryGroupW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA989B0)

[Address] EAT @explorer.exe (SetUrlCacheEntryInfoA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAA8EE8)

[Address] EAT @explorer.exe (SetUrlCacheEntryInfoW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD4FB8)

[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5174)

[Address] EAT @explorer.exe (SetUrlCacheGroupAttributeW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5364)

[Address] EAT @explorer.exe (SetUrlCacheHeaderData) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5524)

[Address] EAT @explorer.exe (ShowCertificate) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBB2AD0)

[Address] EAT @explorer.exe (ShowClientAuthCerts) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBB2AD0)

[Address] EAT @explorer.exe (ShowSecurityInfo) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBB2AF0)

[Address] EAT @explorer.exe (ShowX509EncodedCertificate) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBB2C80)

[Address] EAT @explorer.exe (UnlockUrlCacheEntryFile) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5644)

[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileA) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5644)

[Address] EAT @explorer.exe (UnlockUrlCacheEntryFileW) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD577C)

[Address] EAT @explorer.exe (UnlockUrlCacheEntryStream) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFADFA10)

[Address] EAT @explorer.exe (UpdateUrlCacheContentPath) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD58BC)

[Address] EAT @explorer.exe (UrlCacheCheckEntriesExist) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD59DC)

[Address] EAT @explorer.exe (UrlCacheCloseEntryHandle) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5A34)

[Address] EAT @explorer.exe (UrlCacheContainerSetEntryMaximumAge) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5A80)

[Address] EAT @explorer.exe (UrlCacheCreateContainer) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFA5EC5C)

[Address] EAT @explorer.exe (UrlCacheFindFirstEntry) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAD8948)

[Address] EAT @explorer.exe (UrlCacheFindNextEntry) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFB18A90)

[Address] EAT @explorer.exe (UrlCacheFreeEntryInfo) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAE0A60)

[Address] EAT @explorer.exe (UrlCacheGetContentPaths) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5AD8)

[Address] EAT @explorer.exe (UrlCacheGetEntryInfo) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFACC358)

[Address] EAT @explorer.exe (UrlCacheGetGlobalLimit) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5B30)

[Address] EAT @explorer.exe (UrlCacheReadEntryStream) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5B88)

[Address] EAT @explorer.exe (UrlCacheReloadSettings) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5BE8)

[Address] EAT @explorer.exe (UrlCacheRetrieveEntryFile) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5C40)

[Address] EAT @explorer.exe (UrlCacheRetrieveEntryStream) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5C98)

[Address] EAT @explorer.exe (UrlCacheSetGlobalLimit) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBD5CF8)

[Address] EAT @explorer.exe (UrlCacheUpdateEntryExtraData) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFAC2E78)

[Address] EAT @explorer.exe (UrlZonesDetach) : NSI.dll -> HOOKED (C:\Windows\system32\WININET.dll @ 0xFFBAD998)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EALX-009BA0 +++++

--- User ---

[MBR] bebead858282028365347600fcfcd7cc

[bSP] 8c5b0b8572be38297969cbeeea642b95 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 968 MB

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1984512 | Size: 952899 MB

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Multi Flash Reader USB Device +++++

Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )

User = LL1 ... OK!

Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

Finished : << RKreport[0]_S_03262014_175530.txt >>

 

Thank you again for your help!

Link to post
Share on other sites

Start with this: (make sure you have created a new system restore point)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next.........

Please run a Quick Scan with Malwarebytes like this:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

 

Last...............

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites

Hello, is it okay to delete this?:

 

I'm not sure about this:

Folder Found C:\Windows\System32\ARFC
Folder Found C:\Windows\SysWOW64\ARFC
Folder Found C:\Windows\SysWOW64\jmdp
Folder Found C:\Windows\SysWOW64\WNLT

But they appear to be empty...

 

# AdwCleaner v3.022 - Report created 26/03/2014 at 19:17:27
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Honza - HONZA-PC
# Running from : C:\Users\Honza\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\searchplugins\Askcom.xml
File Found : C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\searchplugins\askcomsearch.xml
File Found : C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\searchplugins\ask-search.xml
File Found : C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\searchplugins\Search_Results.xml
File Found : C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\user.js
File Found : C:\Windows\System32\ImhxxpComm.dll
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Perion
Folder Found C:\ProgramData\apn
Folder Found C:\Users\Honza\AppData\Local\Conduit
Folder Found C:\Users\Honza\AppData\Local\genienext
Folder Found C:\Users\Honza\AppData\Local\Mobogenie
Folder Found C:\Users\Honza\AppData\Local\PackageAware
Folder Found C:\Users\Honza\AppData\Local\SwvUpdater
Folder Found C:\Users\Honza\AppData\Local\Temp\apn
Folder Found C:\Users\Honza\AppData\LocalLow\Conduit
Folder Found C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\Smartbar
Folder Found C:\Users\Honza\Documents\Mobogenie
Folder Found C:\Windows\System32\ARFC
Folder Found C:\Windows\SysWOW64\ARFC
Folder Found C:\Windows\SysWOW64\jmdp
Folder Found C:\Windows\SysWOW64\WNLT

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\smarttweak
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : [x64] HKCU\Software\smarttweak
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\Software\iLividSRTB
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\Software\Web Assistant
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Web Assistant
Key Found : [x64] HKLM\SOFTWARE\wnlt
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (cs)

[ File : C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\prefs.js ]

Line Found : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2MzcwMTk5MSwidXVpZCI6MjUwNDMzMTA3MDYzNTU1LCJzZXFfaWQiOjU2LCJzc2IiOjEzNTgwMzMxODZ9");
Line Found : user_pref("CT3220468.BT_Usage.enc", "eyJ1dWlkIjoyNTA0MzMxMDcwNjM1NTUsInNlcV9pZCI6MTF9");
Line Found : user_pref("CT3220468.CBOpenMAMSettings.enc", "MA==");
Line Found : user_pref("CT3220468.Facebook_Mode.enc", "Mg==");
Line Found : user_pref("CT3220468.Facebook_User_Locale.enc", "ZW4=");
Line Found : user_pref("CT3220468.FirstTime", "true");
Line Found : user_pref("CT3220468.FirstTimeFF3", "true");
Line Found : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Line Found : user_pref("CT3220468.PG_ENABLE.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3220468.RevertSettingsEnabled", true);
Line Found : user_pref("CT3220468.UserID", "UN63631279078547707");
Line Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3220468.autoDisableScopes", 0);
Line Found : user_pref("CT3220468.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT3220468.cb_experience_000.enc", "MQ==");
Line Found : user_pref("CT3220468.cb_user_id_000.enc", "Q0I3NzAxOTM4NjU2MDlfMTM2MDc3MjMzODg4NF9GaXJlZm94");
Line Found : user_pref("CT3220468.cbcountry_001.enc", "Q1o=");
Line Found : user_pref("CT3220468.cbfirsttime.enc", "U3VuIEphbiAxMyAyMDEzIDAwOjI2OjI3IEdNVCswMTAw");
Line Found : user_pref("CT3220468.defaultSearch", "true");
Line Found : user_pref("CT3220468.enableAlerts", "always");
Line Found : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Line Found : user_pref("CT3220468.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3220468.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundError", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3220468.fixUrls", true);
Line Found : user_pref("CT3220468.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Line Found : user_pref("CT3220468.hxxp___toolbar_utorrent_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsc2F2ZXJlc2l6ZWRzaXplPTAsdGl0bGViYXI9MCxjbG9zZW9uZXh0ZXJuYWxjbGljaz0xLHNhdmVsb2NhdGlvbj0wLG9wZW5wb3NpdGlvbj1vZmZ[...]
Line Found : user_pref("CT3220468.installType", "xpe");
Line Found : user_pref("CT3220468.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3220468.isNewTabEnabled", true);
Line Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT3220468.keyword", true);
Line Found : user_pref("CT3220468.lastVersion", "10.14.370.524");
Line Found : user_pref("CT3220468.mam_gk_CouponBuddy_appState.enc", "b24=");
Line Found : user_pref("CT3220468.mam_gk_PriceGong_appState.enc", "b24=");
Line Found : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2MzY5NzU3MTYzMQ==");
Line Found : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Found : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjQzZmVjMDg1LWNkMzktNGQyZi05MDZhLTAyNTdkZjM2YzlhYiIsImRvbWFpbnMiOls[...]
Line Found : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjMuMg==");
Line Found : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2MzY5NzU3MTMwMA==");
Line Found : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3220468.mam_gk_settings1.4.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Found : user_pref("CT3220468.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Found : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3220468.mam_gk_userId.enc", "AA==");
Line Found : user_pref("CT3220468.mam_gk_user_apps_selection.enc", "AA==");
Line Found : user_pref("CT3220468.migrateAppsAndComponents", true);
Line Found : user_pref("CT3220468.openThankYouPage", "true");
Line Found : user_pref("CT3220468.openUninstallPage", "false");
Line Found : user_pref("CT3220468.revertSettingsEnabled", "false");
Line Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Line Found : user_pref("CT3220468.search.searchCount", "2");
Line Found : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1363535675386");
Line Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1363702109178");
Line Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362923242591");
Line Found : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1363702109333");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1362421307534");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1363702110625");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363186148966");
Line Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362923242643");
Line Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1363702109325");
Line Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1363702109056");
Line Found : user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1363186149290");
Line Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362923242545");
Line Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1363702109228");
Line Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1363702109717");
Line Found : user_pref("CT3220468.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate", "1363619755965");
Line Found : user_pref("CT3220468.serviceLayer_services_userApps_lastUpdate", "1363619755972");
Line Found : user_pref("CT3220468.settingsINI", true);
Line Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Line Found : user_pref("CT3220468.smartbar.Uninstall", "0");
Line Found : user_pref("CT3220468.smartbar.homepage", true);
Line Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Line Found : user_pref("CT3220468.toolbarBornServerTime", "13-1-2013");
Line Found : user_pref("CT3220468.toolbarCurrentServerTime", "19-3-2013");
Line Found : user_pref("CT3220468.toolbarLoginClientTime", "Wed Mar 13 2013 16:41:14 GMT+0100");
Line Found : user_pref("CT3220468.url_history0001.enc", "aHR0cDovL3d3dy5mYWNlYm9vay5jb20vcGhvdG8ucGhwP2ZiaWQ9NTIwMTczODU0NzAxNTk5JnNldD1wY2IuNTIwMTc0MzE4MDM0ODg2JnR5cGU9MSZ0aGVhdGVyIzo6OmNsaWNraGFuZGxlcjo6OjEzNjM2[...]
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");

Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
Line Found : user_pref("extensions.incredibar.dfltlng", "EN");
Line Found : user_pref("extensions.incredibar.instlday", "15557");
Line Found : user_pref("extensions.incredibar.instlref", "");
Line Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Line Found : user_pref("extensions.incredibar.smplgrp", "none");
Line Found : user_pref("extensions.incredibar.tlbrid", "base");

Line Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.1422:40:55");
Line Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Found : user_pref("extensions.incredibar_i.dfltLng", "");
Line Found : user_pref("extensions.incredibar_i.did", "10671");
Line Found : user_pref("extensions.incredibar_i.excTlbr", false);
Line Found : user_pref("extensions.incredibar_i.id", "e28e3687000000000000cc5d4e01cdd9");
Line Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Found : user_pref("extensions.incredibar_i.instlDay", "15557");
Line Found : user_pref("extensions.incredibar_i.instlRef", "");
Line Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Found : user_pref("extensions.incredibar_i.newTab", false);
Line Found : user_pref("extensions.incredibar_i.ppd", "77777106");
Line Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Found : user_pref("extensions.incredibar_i.productid", "26");
Line Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Found : user_pref("extensions.incredibar_i.tlbrId", "base");

Line Found : user_pref("extensions.incredibar_i.upn2", "6OyK8NA4O5");
Line Found : user_pref("extensions.incredibar_i.upn2n", "92261880325975457");
Line Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:40:55");
Line Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Found : user_pref("smartBar.searchInNewTabOwner", "CT3220468");
Line Found : user_pref("smartbar.machineId", "NQ8S7G5QLLHRLRRC11NUKFCBWD+HHG5ZPPU4/YC05OULE4E8KINHFA0CQ9SH3GOYLL23L7PHIPNHGR1ZQD1OZW");


Line Found : user_pref("smartbar.originalSearchEngine", "Google");
Line Found : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]

-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [17542 octets] - [26/03/2014 19:17:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [17603 octets] ##########
 

Link to post
Share on other sites

AdwCleaner: Everything deleted

 

JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Honza on źt 27.03.2014 at 15:51:19,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1166332735-1082075647-3807633924-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8B63BCF3-5EFE-4FDE-A3B1-DA265C5093A7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D4CEFDDD-CD1B-4C23-BD7A-F02ADC78CCC5}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Honza\appdata\local\cre"



~~~ FireFox

Successfully deleted the following from C:\Users\Honza\AppData\Roaming\mozilla\firefox\profiles\a4yfwsll.default\prefs.js



Emptied folder: C:\Users\Honza\AppData\Roaming\mozilla\firefox\profiles\a4yfwsll.default\minidumps [212 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 27.03.2014 at 15:57:02,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27.3.2014
Scan Time: 16:10:45
Logfile: MBAM_logg3.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.27.04
Rootkit Database: v2014.03.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Honza

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 246371
Time Elapsed: 6 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\toolbarImages, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],

Files: 71
PUP.Optional.uTorrentControl.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\searchplugins\utorrentcontrolv2-customized-web-search.xml, Quarantined, [d868ad5bc4b7f145c2cd045104feca36],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\conduit.xml, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468.129813684258939747.search.history, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468.129813684258939747.search.selectedEngineId, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468.129813684258939747.search.settings, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468.appOptions, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468.cookiesRepo, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468.NotificationSettings, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468.NOTIFICATION_ID.notifications-repository, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468.NOTIFICATION_ID.notifications-servicemap, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468.NOTIFICATION_ID.notifications-service_1647765, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468.pg_conf_global, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468.searchProtectorData, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468.skin, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_appsMetadata, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_RAW.serviceLayer_services_translation, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_RAW.serviceLayer_services_userApps, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_gottenAppsContextMenu, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_login, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_otherAppsContextMenu, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_searchAPI, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_serviceMap, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_toolbarContextMenu, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_toolbarSettings, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_translation, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_userApps, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.370.524.serviceLayer_services_appsMetadata, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.370.524.serviceLayer_services_appTrackingFirstTime, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.370.524.serviceLayer_services_gottenAppsContextMenu, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.370.524.serviceLayer_services_location, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.370.524.serviceLayer_services_login, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.370.524.serviceLayer_services_otherAppsContextMenu, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.370.524.serviceLayer_services_searchAPI, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.13.40.15.serviceLayer_services_appTrackingFirstTime, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.370.524.serviceLayer_services_serviceMap, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.65.43.serviceLayer_services_serviceMap, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_RAW.serviceLayer_services_toolbarSettings, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.65.43.serviceLayer_services_setupAPI, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.65.43.serviceLayer_services_toolbarContextMenu, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.65.43.serviceLayer_services_toolbarSettings, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.65.43.serviceLayer_services_translation, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.65.43.serviceLayer_services_userApps, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_RAW.serviceLayer_services_appsMetadata, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_RAW.serviceLayer_services_appTrackingFirstTime, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_RAW.serviceLayer_services_gottenAppsContextMenu, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_RAW.serviceLayer_services_location, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_RAW.serviceLayer_services_login, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_RAW.serviceLayer_services_otherAppsContextMenu, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_RAW.serviceLayer_services_searchAPI, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_RAW.serviceLayer_services_serviceMap, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_RAW.serviceLayer_services_setupAPI, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_RAW.serviceLayer_services_toolbarContextMenu, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.370.524.serviceLayer_services_toolbarContextMenu, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.370.524.serviceLayer_services_toolbarSettings, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.370.524.serviceLayer_services_translation, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.370.524.serviceLayer_services_userApps, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.65.43.serviceLayer_services_appsMetadata, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.65.43.serviceLayer_services_appTrackingFirstTime, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.65.43.serviceLayer_services_gottenAppsContextMenu, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.65.43.serviceLayer_services_location, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.65.43.serviceLayer_services_login, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.65.43.serviceLayer_services_otherAppsContextMenu, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\CT3220468_10.14.65.43.serviceLayer_services_searchAPI, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\serviceLayer_userApps_added, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\serviceLayer_userApps_removed, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\toolbar_initializing_logger.txt, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\uninstallData, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\uninstallUrl, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\toolbarImages\http___storage_conduit_com_53_307_CT3072253_Images_634520779497696087.png, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],
PUP.Optional.Conduit.A, C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\CT3220468\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif, Quarantined, [2e12b157e09b072f43fbf362a35f7f81],

Physical Sectors: 0
(No malicious items detected)


(end)

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Honza (administrator) on HONZA-PC on 27-03-2014 16:17:08
Running from C:\Users\Honza\Downloads\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek) C:\Program Files (x86)\ZyXEL\NWD2205\RtlService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ZyXEL) C:\Program Files (x86)\ZyXEL\NWD2205\NWD2205.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Users\Honza\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Honza\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Users\Honza\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe
(TeamViewer GmbH) c:\users\honza\appdata\local\temp\teamviewer\version8\TeamViewer_Desktop.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-25] (AVAST Software)
HKU\S-1-5-21-1166332735-1082075647-3807633924-1000\...\MountPoints2: {b4fb61e0-4dbf-11e2-b5d2-c86000861116} - F:\autorun.exe
HKU\S-1-5-21-1166332735-1082075647-3807633924-1000\...\MountPoints2: {b4fb6203-4dbf-11e2-b5d2-c86000861116} - G:\Setup.exe
HKU\S-1-5-21-1166332735-1082075647-3807633924-1000\...\MountPoints2: {b4fb6206-4dbf-11e2-b5d2-c86000861116} - H:\Setup.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.20

FireFox:
========
FF ProfilePath: C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default

FF SearchEngineOrder.1: Ask Search

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: WOT - C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: Adblock Plus - C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\a4yfwsll.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-03]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Extension: (PenÄženka Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR HKLM-x32\...\Chrome\Extension: [ceiapeodjfjcbfkfkfbdpgbhbgiidjdb] - C:\Program Files (x86)\GreyGray\ceiapeodjfjcbfkfkfbdpgbhbgiidjdb.crx [2013-09-05]
CHR HKLM-x32\...\Chrome\Extension: [ckbpfhmffbbmllibiibkpjgleabgfali] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ch\MediaWatchV1home206.crx [2013-09-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-25] (AVAST Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 Realtek11nCU; C:\Program Files (x86)\ZyXEL\NWD2205\RtlService.exe [36864 2010-04-16] (Realtek)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-09-07] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-25] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-25] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-25] ()
S3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [8192 2005-03-29] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                           )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
S4 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-27 16:16 - 2014-03-27 16:17 - 00000000 ____D () C:\Users\Honza\Downloads\FRST
2014-03-27 16:13 - 2014-03-27 16:17 - 00000000 ____D () C:\FRST
2014-03-27 15:57 - 2014-03-27 15:57 - 00001895 _____ () C:\Users\Honza\Desktop\JRT.txt
2014-03-27 15:51 - 2014-03-27 15:51 - 00000000 ____D () C:\Windows\ERUNT
2014-03-26 19:26 - 2014-03-26 19:27 - 01038974 _____ (Thisisu) C:\Users\Honza\Downloads\JRT.exe
2014-03-26 19:17 - 2014-03-27 15:47 - 00000000 ____D () C:\AdwCleaner
2014-03-26 19:11 - 2014-03-26 19:12 - 01950720 _____ () C:\Users\Honza\Downloads\AdwCleaner.exe
2014-03-26 17:55 - 2014-03-26 17:55 - 00036979 _____ () C:\Users\Honza\Desktop\RKreport[0]_S_03262014_175530.txt
2014-03-26 17:53 - 2014-03-26 17:55 - 00000000 ____D () C:\Users\Honza\Desktop\RK_Quarantine
2014-03-26 17:42 - 2014-03-26 17:42 - 00000000 ____D () C:\Users\Honza\AppData\Local\CrashDumps
2014-03-26 17:27 - 2014-03-26 17:28 - 04493824 _____ () C:\Users\Honza\Downloads\RogueKillerX64.exe
2014-03-25 21:47 - 2014-03-25 21:47 - 00019137 _____ () C:\Users\Honza\Desktop\dds.txt
2014-03-25 21:47 - 2014-03-25 21:47 - 00004918 _____ () C:\Users\Honza\Desktop\attach.txt
2014-03-25 20:49 - 2014-03-27 16:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 20:48 - 2014-03-25 20:48 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 20:48 - 2014-03-25 20:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 20:48 - 2014-03-25 20:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-25 20:48 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-25 20:48 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-25 20:48 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-25 20:11 - 2014-03-25 21:21 - 00000000 ___RD () C:\Users\Honza\Dropbox
2014-03-25 20:11 - 2014-03-25 20:11 - 00001047 _____ () C:\Users\Honza\Desktop\Dropbox.lnk
2014-03-25 20:09 - 2014-03-25 20:11 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\DropboxMaster
2014-03-25 20:09 - 2014-03-25 20:09 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-25 20:08 - 2014-03-25 21:18 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Dropbox
2014-03-25 19:56 - 2014-03-25 19:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-25 19:43 - 2014-03-25 19:47 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\uTorrent
2014-03-25 19:33 - 2014-02-14 00:16 - 00000426 _____ () C:\AVScanner.ini
2014-03-25 19:10 - 2014-03-25 19:10 - 00688992 ____R (Swearware) C:\Users\Honza\Downloads\dds.com
2014-03-24 19:55 - 2014-03-24 21:46 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\TS3Client
2014-03-24 19:55 - 2014-03-24 19:55 - 00001173 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-03-24 19:55 - 2014-03-24 19:55 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-03-22 19:42 - 2014-03-22 19:42 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2014-03-16 00:06 - 2014-03-04 12:32 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-16 00:02 - 2014-03-04 15:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-16 00:02 - 2014-03-04 15:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-16 00:02 - 2014-03-04 15:35 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-15 22:47 - 2014-03-15 22:47 - 00000000 ____D () C:\Users\Honza\Documents\Thief
2014-03-13 16:51 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 16:51 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 16:51 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 16:51 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 16:51 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 16:51 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 16:51 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 16:51 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 16:51 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 16:51 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 16:51 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 16:51 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 16:51 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 16:51 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 16:51 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 16:51 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 16:51 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 16:51 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 16:51 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 16:51 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 16:51 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 16:51 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 16:51 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 16:51 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 16:51 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 16:51 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 16:51 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 16:51 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 16:51 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 16:51 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 16:51 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 16:51 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 16:51 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 16:51 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 16:50 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 16:50 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 16:50 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 16:50 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 16:50 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 16:50 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 15:45 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 15:45 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 15:45 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 15:45 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 15:45 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 15:45 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 15:44 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 15:44 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-06 20:42 - 2014-03-06 20:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 20:42 - 2014-03-06 20:42 - 00000000 ____D () C:\Users\Honza\AppData\Local\Skype
2014-03-03 16:57 - 2014-03-03 16:57 - 00002032 _____ () C:\Users\Public\Desktop\Scooby-Doo Počátky strachu.lnk
2014-03-03 16:57 - 2014-03-03 16:57 - 00000000 ____D () C:\Program Files (x86)\WB Games

==================== One Month Modified Files and Folders =======

2014-03-27 16:17 - 2014-03-27 16:16 - 00000000 ____D () C:\Users\Honza\Downloads\FRST
2014-03-27 16:17 - 2014-03-27 16:13 - 00000000 ____D () C:\FRST
2014-03-27 16:04 - 2014-03-25 20:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 15:57 - 2014-03-27 15:57 - 00001895 _____ () C:\Users\Honza\Desktop\JRT.txt
2014-03-27 15:55 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 15:55 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 15:51 - 2014-03-27 15:51 - 00000000 ____D () C:\Windows\ERUNT
2014-03-27 15:51 - 2012-08-03 19:17 - 01180796 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 15:48 - 2012-08-03 19:36 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 15:48 - 2012-08-03 19:21 - 00000258 _____ () C:\Windows\Tasks\RtlVistaStart.job
2014-03-27 15:48 - 2012-08-01 11:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-27 15:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 15:48 - 2009-07-14 05:51 - 00158607 _____ () C:\Windows\setupact.log
2014-03-27 15:47 - 2014-03-26 19:17 - 00000000 ____D () C:\AdwCleaner
2014-03-27 15:45 - 2013-01-10 15:06 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Mumble
2014-03-27 15:27 - 2012-08-03 19:29 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 15:20 - 2012-08-03 19:36 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 14:39 - 2012-08-03 19:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-26 19:27 - 2014-03-26 19:26 - 01038974 _____ (Thisisu) C:\Users\Honza\Downloads\JRT.exe
2014-03-26 19:12 - 2014-03-26 19:11 - 01950720 _____ () C:\Users\Honza\Downloads\AdwCleaner.exe
2014-03-26 19:10 - 2012-12-24 17:16 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\TeamViewer
2014-03-26 19:09 - 2012-08-03 19:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-26 19:07 - 2010-11-21 04:47 - 00505442 _____ () C:\Windows\PFRO.log
2014-03-26 17:55 - 2014-03-26 17:55 - 00036979 _____ () C:\Users\Honza\Desktop\RKreport[0]_S_03262014_175530.txt
2014-03-26 17:55 - 2014-03-26 17:53 - 00000000 ____D () C:\Users\Honza\Desktop\RK_Quarantine
2014-03-26 17:42 - 2014-03-26 17:42 - 00000000 ____D () C:\Users\Honza\AppData\Local\CrashDumps
2014-03-26 17:37 - 2013-02-13 19:43 - 00000000 ____D () C:\Users\Honza\AppData\Local\Sony
2014-03-26 17:28 - 2014-03-26 17:27 - 04493824 _____ () C:\Users\Honza\Downloads\RogueKillerX64.exe
2014-03-25 21:47 - 2014-03-25 21:47 - 00019137 _____ () C:\Users\Honza\Desktop\dds.txt
2014-03-25 21:47 - 2014-03-25 21:47 - 00004918 _____ () C:\Users\Honza\Desktop\attach.txt
2014-03-25 21:42 - 2013-02-21 19:33 - 00000000 ____D () C:\Windows\pss
2014-03-25 21:42 - 2012-08-03 19:18 - 00000000 ___RD () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-25 21:29 - 2014-01-13 15:19 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Seznam.cz
2014-03-25 21:28 - 2014-01-13 15:19 - 00000000 ____D () C:\Program Files (x86)\Seznam.cz
2014-03-25 21:21 - 2014-03-25 20:11 - 00000000 ___RD () C:\Users\Honza\Dropbox
2014-03-25 21:18 - 2014-03-25 20:08 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Dropbox
2014-03-25 21:15 - 2012-04-30 14:30 - 00000000 ____D () C:\Windows\Panther
2014-03-25 20:52 - 2013-09-29 12:17 - 00162816 ___SH () C:\Users\Honza\Desktop\Thumbs.db
2014-03-25 20:48 - 2014-03-25 20:48 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-25 20:48 - 2014-03-25 20:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 20:48 - 2014-03-25 20:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-25 20:11 - 2014-03-25 20:11 - 00001047 _____ () C:\Users\Honza\Desktop\Dropbox.lnk
2014-03-25 20:11 - 2014-03-25 20:09 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\DropboxMaster
2014-03-25 20:11 - 2012-08-03 19:17 - 00000000 ____D () C:\Users\Honza
2014-03-25 20:09 - 2014-03-25 20:09 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-25 19:56 - 2014-03-25 19:56 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-25 19:56 - 2013-12-24 20:10 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-03-25 19:56 - 2013-05-07 18:41 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-25 19:56 - 2013-05-07 18:41 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-25 19:56 - 2012-08-03 19:35 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-25 19:56 - 2012-08-03 19:35 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-25 19:56 - 2012-08-03 19:35 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-25 19:56 - 2012-08-03 19:35 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-25 19:56 - 2012-08-03 19:35 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-25 19:56 - 2012-08-03 19:35 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-25 19:47 - 2014-03-25 19:43 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\uTorrent
2014-03-25 19:32 - 2013-02-13 19:46 - 00000995 _____ () C:\Users\Honza\Desktop\Sandbox webový prohlížeč.lnk
2014-03-25 19:10 - 2014-03-25 19:10 - 00688992 ____R (Swearware) C:\Users\Honza\Downloads\dds.com
2014-03-24 22:45 - 2012-08-17 20:05 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\Skype
2014-03-24 21:46 - 2014-03-24 19:55 - 00000000 ____D () C:\Users\Honza\AppData\Roaming\TS3Client
2014-03-24 19:55 - 2014-03-24 19:55 - 00001173 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-03-24 19:55 - 2014-03-24 19:55 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-03-22 21:20 - 2013-11-22 15:10 - 00000000 ____D () C:\Users\Honza\Desktop\Guild Wars 2
2014-03-22 19:42 - 2014-03-22 19:42 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2014-03-22 19:42 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-22 19:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-18 22:04 - 2013-07-25 12:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 22:03 - 2012-04-30 14:05 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-16 00:06 - 2012-09-12 15:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-15 22:47 - 2014-03-15 22:47 - 00000000 ____D () C:\Users\Honza\Documents\Thief
2014-03-15 19:22 - 2012-08-03 19:41 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 16:45 - 2009-07-14 05:45 - 00276128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 16:44 - 2013-03-13 22:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 16:44 - 2013-03-13 22:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 18:29 - 2012-08-03 19:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 18:29 - 2012-08-03 19:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 18:29 - 2012-08-03 19:29 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 15:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-06 20:42 - 2014-03-06 20:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 20:42 - 2014-03-06 20:42 - 00000000 ____D () C:\Users\Honza\AppData\Local\Skype
2014-03-06 20:42 - 2013-01-29 19:47 - 00002731 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-06 20:42 - 2012-04-30 13:47 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 09:26 - 2014-03-25 20:48 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-25 20:48 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-25 20:48 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 15:35 - 2014-03-16 00:02 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 18302384 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-04 15:35 - 2014-03-16 00:02 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 00832936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-04 15:35 - 2014-03-16 00:02 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-04 15:35 - 2013-10-08 19:59 - 15783992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-04 15:35 - 2013-02-25 23:32 - 14709720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-04 15:35 - 2013-02-25 23:32 - 03093280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-04 15:35 - 2013-02-25 23:32 - 02715264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-04 15:35 - 2013-02-25 23:32 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-04 15:35 - 2012-08-01 11:14 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-04 14:06 - 2011-04-07 22:19 - 06714312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-04 14:06 - 2011-04-07 22:18 - 03497816 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-04 14:05 - 2012-11-18 15:19 - 03649185 _____ () C:\Windows\system32\nvcoproc.bin
2014-03-04 14:05 - 2011-04-07 22:19 - 02558808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-03-04 14:05 - 2011-04-07 22:19 - 00922968 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-04 14:05 - 2011-04-07 22:19 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-04 14:05 - 2011-04-07 22:19 - 00064968 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-04 12:32 - 2014-03-16 00:06 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-03 17:03 - 2012-08-04 13:24 - 00000000 ____D () C:\Users\Honza\Documents\My Games
2014-03-03 17:02 - 2012-04-30 13:45 - 01103812 _____ () C:\Windows\DirectX.log
2014-03-03 16:57 - 2014-03-03 16:57 - 00002032 _____ () C:\Users\Public\Desktop\Scooby-Doo Počátky strachu.lnk
2014-03-03 16:57 - 2014-03-03 16:57 - 00000000 ____D () C:\Program Files (x86)\WB Games
2014-03-03 16:57 - 2012-08-03 19:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-01 07:05 - 2014-03-13 16:50 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 16:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 16:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 16:51 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 16:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 16:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 16:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 16:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 16:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 16:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 16:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 16:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 16:51 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 16:50 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 16:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 16:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 16:50 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 16:50 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 16:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 16:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 16:51 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 16:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 16:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 16:51 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 16:51 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 16:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 16:51 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 16:51 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 16:51 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 16:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 16:51 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 16:50 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 16:51 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 16:51 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 16:51 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 16:51 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 16:51 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 16:51 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 16:51 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 16:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-27 14:40 - 2009-07-14 06:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-26 22:44 - 2012-04-30 14:18 - 01560892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 22:44 - 2011-04-12 09:34 - 00669334 _____ () C:\Windows\system32\perfh005.dat
2014-02-26 22:44 - 2011-04-12 09:34 - 00141736 _____ () C:\Windows\system32\perfc005.dat
2014-02-26 22:43 - 2009-07-14 06:13 - 01560892 _____ () C:\Windows\system32\PerfStringBackup.INI

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Honza\AppData\Local\Temp\APNSetup.exe
C:\Users\Honza\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Honza\AppData\Local\Temp\drm_dyndata_7370012.dll
C:\Users\Honza\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Honza\AppData\Local\Temp\drm_dyndata_7380007.dll
C:\Users\Honza\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpprra17.dll
C:\Users\Honza\AppData\Local\Temp\Gw2.exe
C:\Users\Honza\AppData\Local\Temp\i4jdel0.exe
C:\Users\Honza\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Honza\AppData\Local\Temp\MP3_Launcher_1_27_0_0.exe
C:\Users\Honza\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Honza\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Honza\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Honza\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Honza\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Honza\AppData\Local\Temp\nvStInst.exe
C:\Users\Honza\AppData\Local\Temp\Quarantine.exe
C:\Users\Honza\AppData\Local\Temp\Setup-a.exe
C:\Users\Honza\AppData\Local\Temp\Setup1.exe
C:\Users\Honza\AppData\Local\Temp\Setup2.exe
C:\Users\Honza\AppData\Local\Temp\ubi11CC.tmp.exe
C:\Users\Honza\AppData\Local\Temp\ubi2626.tmp.exe
C:\Users\Honza\AppData\Local\Temp\_is7406.exe
C:\Users\Honza\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-22 20:48

==================== End Of Log ============================

 

Addition.txt::

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Honza at 2014-03-27 16:17:23
Running from C:\Users\Honza\Downloads\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Aktualizace NVIDIA 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2016 - Avast Software)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dishonored (HKLM-x32\...\Steam App 217980) (Version: 1.0 - Bethesda Softworks)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
F1 2012 (HKLM-x32\...\F1 2012_is1) (Version: 1.0 - Codemasters)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
High-Definition Video Playback (x32 Version: 7.1.13900.47.0 - Nero AG) Hidden
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Malwarebytes Anti-Malware verze 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (CSY) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klikni a spusť 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1011 - Microsoft Corporation)
Microsoft Office Klikni a spusť 2010 (Version: 14.0.4763.1011 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - čeština (HKLM-x32\...\{90140011-0066-0405-0000-0000000FF1CE}) (Version: 14.0.4763.1011 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 cs)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM-x32\...\{FD8F9644-A572-44AD-84B0-21CA46CB7DC6}) (Version: 1.2.4 - Thorvald Natvig)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0 - Nero AG) Hidden
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero Control Center 10 (x32 Version: 10.2.11100.1.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.17800.8.5 - Nero AG) Hidden
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.11400.11.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12400.25.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.12900.31.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{7E21FC0E-E116-44BD-A38E-3149F5E14496}) (Version: 10.5.10400 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.8.10400.3.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11300.12.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.2.15500.17.100 - Nero AG)
NHL™ 09 (HKLM-x32\...\{827B97A9-B347-4110-9F89-37AF2B758F94}) (Version: 2.0.1.0 - Electronic Arts)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Ovladač 3D Vision 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systémový software PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Sandboxie 4.04 (64-bit) (HKLM\...\Sandboxie) (Version: 4.04 - Sandboxie Holdings, LLC)
Scooby-Doo! Počátky strachu (HKLM-x32\...\{A3D11978-F110-419E-8981-2CCFC17ADE64}) (Version: 1.00 - WB Games)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)
The Sims™ 3 Cestovní horečka (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 3 Domácí mazlíčci (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Obludárium (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Roční období (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Sladké radosti Katy Perry (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
TSST OEM Content (HKLM-x32\...\{885AFEC2-0809-47CE-8B3F-00AEC19DDD5F}) (Version: 10.0.10300.0.0 - Nero AG)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - společnost Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - společnost Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{068B46A0-8858-4CEB-80BC-A4AE787A05FC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Movie Maker (HKLM\...\Windows Movie Maker) (Version: 6.0.6002.18005 - Microsoft Corporation)
Wireless N USB Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0154 - )

==================== Restore Points  =========================

25-03-2014 18:03:04 Windows Update
25-03-2014 18:55:30 avast! antivirus system restore point
25-03-2014 19:24:32 Before MBAM
26-03-2014 16:37:04 Removed Vegas Pro 12.0 (64-bit)
27-03-2014 14:43:55 AdwCleaner
27-03-2014 14:45:21 AdwCleaner

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {23A3A74E-5E9A-4BAD-9EB3-D0932F76727A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03] (Google Inc.)
Task: {2B903B4F-F2D9-4854-BC70-B8C5AC2D713E} - System32\Tasks\{C6866B53-1871-4ED0-9361-4396B8481092} => C:\Program Files (x86)\Nordic Games\Gothic 3\Gothic3.exe
Task: {ABA1243C-B891-4E0A-98FD-C595678B9D9F} - System32\Tasks\{CFD0FCE5-9CAF-47F8-98BF-7F32A85E68A1} => C:\Program Files (x86)\Electronic Arts\The Lord of the Rings - Conquest™\Conquest.exe
Task: {C3B41CF1-FC1F-49BA-87D1-FF0038868773} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {E20D4D70-B0A1-4903-A49E-1FF4562CE16E} - System32\Tasks\{27BAE160-45DA-4052-9ED9-0C2157688600} => C:\Program Files (x86)\Electronic Arts\The Lord of the Rings - Conquest™\Conquest.exe
Task: {F3E7B9D1-5F5C-488F-B684-BC90BC32D24B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-25] (AVAST Software)
Task: {FA3F5DFA-700A-47DE-9765-CF412961DEA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-03] (Google Inc.)
Task: {FFF3D45E-1139-4E2A-AE24-1C00D27F0DD3} - System32\Tasks\RtlVistaStart => C:\Program Files (x86)\ZyXEL\NWD2205\NWD2205.exe [2010-08-31] (ZyXEL)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RtlVistaStart.job => C:\Program Files (x86)\ZyXEL\NWD2205\NWD2205.exe

==================== Loaded Modules (whitelisted) =============

2011-04-07 22:19 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-26 19:09 - 2014-03-26 19:09 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032602\algo.dll
2012-08-03 19:21 - 2009-12-09 20:20 - 00126976 _____ () C:\Program Files (x86)\ZyXEL\NWD2205\EnumDevLib.dll
2012-08-03 19:21 - 2010-08-19 08:56 - 14409728 _____ () C:\Program Files (x86)\ZyXEL\NWD2205\ZyXELIMG.dll
2013-12-24 20:10 - 2013-12-24 20:10 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-15 15:48 - 2014-02-15 15:48 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Honza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: 4StoryPrePatch => C:\Program Files (x86)\Gameforge4D\4Story_CZ\PrePatch.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Facebook Update => "C:\Users\Honza\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: SDP => C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8174.3 MB
Available physical RAM: 6033.3 MB
Total Pagefile: 16346.78 MB
Available Pagefile: 14082.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.57 GB) (Free:714.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3C704BF6)
Partition 1: (Active) - (Size=968 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Thank you again for your help!

 

 

 

 

Link to post
Share on other sites

Sorry for the delay, some how I missed your reply.

Clean out temp files:

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

http://www.bleepingcomputer.com/download/tfc/dl/92/

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then.........

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Last...............

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

MrC

Link to post
Share on other sites

Sorry for the long delay - I had to wait for the friend to return.

 

TFC: Done

FRST fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Honza at 2014-03-28 15:27:38 Run:1
Running from C:\Users\Honza\Downloads\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\hash.dat
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR HKLM-x32\...\Chrome\Extension: [ceiapeodjfjcbfkfkfbdpgbhbgiidjdb] - C:\Program Files (x86)\GreyGray\ceiapeodjfjcbfkfkfbdpgbhbgiidjdb.crx [2013-09-05]
CHR HKLM-x32\...\Chrome\Extension: [ckbpfhmffbbmllibiibkpjgleabgfali] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ch\MediaWatchV1home206.crx [2013-09-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

*****************

C:\ProgramData\hash.dat => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ceiapeodjfjcbfkfkfbdpgbhbgiidjdb => Key deleted successfully.
"C:\Program Files (x86)\GreyGray\ceiapeodjfjcbfkfkfbdpgbhbgiidjdb.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ckbpfhmffbbmllibiibkpjgleabgfali => Key deleted successfully.
"C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home206\ch\MediaWatchV1home206.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

MBAM log:

Clean

Link to post
Share on other sites

OK..Good, lets take care of any malware now:

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Mozilla Firefox AvastSvc.exe -?-   
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````



Seems like Java & Adobe Reader is outdated - but the Java web-plugin is disabled so it's not THAT bad, right?

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 45 <---please update, shoud be Update 51
Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

-------------------------------------------

Adobe Reader 10.1.9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.