Премини към съдържанието

HackerX

Потребител
  • Публикации

    193
  • Регистрация

  • Последно онлайн

Харесвания

7 Неутрална репутация

4 Последователи

Всичко за HackerX

  • Титла
    Почетен потребител

Информация

  • Пол
    Мъж
  1. Няма ги налични във Велико Търново.
  2. Разглеждах телевизори до 1000лв и се спрях на SONY KDL-48WD650 (1, 2) Добър избор ли е както за филми, така и за игри на PS4? Като алтернатива има LG 49LH630V, той по-качествен ли е и струва ли си допълнителната разлика в цената?
  3. В момента 1060 3GB май никъде няма налична.
  4. 2.0 или 2.1 за филми, музика, игри

    Добре, а примерно този телевизор как може да се свърже към Logitech Z623, кои към кои портове се свързват? И да речем, че бюджетът може да се увеличи: (1) намерих Edifier S730, изглеждат хубави на хартия, но четох че баса не бил по-добър от този на Z623. Какво е вашето мнение, струват ли си? (2) с още малко увеличение мога все пак да премина на 5.1, от които си харесах EDIFIER S760D и JBL Cinema 610 с ресивър harman/kardon
  5. Здравейте, Дано съм уцелил раздела. Питането ми е следното: Какво озвучение бихте ми предложили до 300, най-много ~400лв. Ще се ползват няколко източника - отначало компютър, после сигурно ще искам да вържа и LED телевизор ако си взема. В заглавието съм писал 2.0 или 2.1, тъй като компютърът и мястото за телевизора са в ъгъла на стаята и не знам могат ли да се разположат оптимално 5.1. До 300лв гледам тези: Logitech Z623 (2.1), Microlab H-200 (2.1) или Microlab SOLO7C (2.0)
  6. Здравейте! Имам един лаптоп с Windows 7. На него потребител е получил в личната си електронна поща писмо, подобно на тези, описани в тази новина. Отворил е прикачения файл и по негови думи са се показали странни надписи. Какво е станало с лаптопа (видимо няма признаци за инфекция) и преинсталация ще го изчисти ли, ако има нещо? (има дялове C: и D:)
  7. Стана, благодаря! Инсталирах Facebook по този начин, но като го стартирам пише "Error opening Facebook ... you need more free storage..." Толкова е, но от тях имам свободни точно 8, другото са снимки, музика, игри...
  8. Здравейте! Имам Gigabyte Gsmart Guru G1. В момента има 8 GB свободни от вградената памет на телефона. Външна памет не се поддържа. Опитвам да инсталирам някое приложение и ми изписва, че трябва да освободя памет. Мисля, че се опитва да инсталира в оперативната памет, защото тя стои винаги пълна. Друго обяснение нямам. Как може да се оправи това?
  9. Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01 Ran by Ivo at 2015-05-24 12:15:14 Run:2 Running from C:\Users\Ivo\Desktop Loaded Profiles: Ivo (Available Profiles: Ivo) Boot Mode: Normal ============================================== fixlist content: ***************** start DeleteQuarantine: end ***************** "C:\FRST\Quarantine" => Removed successfully. ==== End of Fixlog 12:15:14 ==== # DelFix v1.010 - Logfile created 24/05/2015 at 12:18:12 # Updated 26/04/2015 by Xplode # Username : Ivo - IVO-PC # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\RegBackup Deleted : C:\ComboFix.txt Deleted : C:\TDSSKiller.3.0.0.44_18.05.2015_19.05.37_log.txt Deleted : HKLM\SOFTWARE\AdwCleaner Deleted : HKLM\SOFTWARE\Swearware Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #646 [ComboFix created restore point | 05/24/2015 09:10:50] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## Благодаря за помощта, вече съм спокоен че нямам malware в системата. Нещата с паметта изглеждат по-добре, ако се запълни пак вероятно причината ще е другаде.
  10. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 22.5.2015 г. Scan Time: 17:15:12 ч. Logfile: Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.05.22.03 Rootkit Database: v2015.05.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Ivo Scan Type: Threat Scan Result: Completed Objects Scanned: 439859 Time Elapsed: 9 min, 11 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application D:\Games\_Game Files\Anticheat systems\MyAC\myac_1.2.9.zip a variant of Generik.KWQQDQP trojan E:\Downloads\[ Software Install ]\ccsetup314.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application E:\Downloads\[ Software Install ]\CheatEngine64.exe a variant of Win32/OpenCandy.C potentially unsafe application E:\Downloads\[ Software Install ]\Core-Temp-setup.exe a variant of Win32/Complitly.A potentially unwanted application E:\Downloads\[ Software Install ]\Defraggler 2.11.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application E:\Downloads\[ Software Install ]\Defraggler 2.16.809.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\Downloads\[ Software Install ]\DriverSweeper_3.2.0.exe Win32/OpenCandy potentially unsafe application E:\Downloads\[ Software Install ]\driver_fusion_1.1.0.exe Win32/OpenCandy potentially unsafe application E:\Downloads\[ Software Install ]\FreeFileSync_6.8_Windows_Setup.exe Win32/OpenCandy potentially unsafe application E:\Downloads\[ Software Install ]\GOM Player 2.1.33.5071.EXE a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application E:\Downloads\[ Software Install ]\hwmonitor_1.19-setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\Downloads\[ Software Install ]\MediaCoder-x64-0.8.18.5353.exe Win32/OpenCandy potentially unsafe application E:\Downloads\[ Software Install ]\pscan13.exe Win32/NetTool.Portscan.AC potentially unsafe application E:\Downloads\[ Software Install ]\AUDIO\winamp563_full_emusic-7plus_en-us.exe Win32/OpenCandy potentially unsafe application E:\Downloads\[ Software Install ]\DAEMON Tools Lite\DAEMON Tools Lite v4.45.4 (with SPTD 1.81).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\Downloads\[ Software Install ]\Hiren’s BootCD v15.0\Hirens15.0.DTV.iso Win32/PSWTool.KonBoot.A potentially unsafe application
  11. ComboFix 15-05-19.01 - Ivo 05.2015 г. 11:39:46.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.16344.12284 [GMT 3:00] Running from: c:\users\Ivo\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\iun6002.exe c:\windows\PFRO.log c:\windows\SysWow64\bit4ipki.dll.conf c:\windows\SysWow64\tmp8A06.tmp c:\windows\SysWow64\tmp8A93.tmp c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2015-04-22 to 2015-05-22 ))))))))))))))))))))))))))))))) . . 2015-05-22 08:43 . 2015-05-22 08:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-05-22 08:21 . 2015-03-23 08:40 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E61C47E-E76B-4813-A72D-F58AC650D3CB}\gapaengine.dll 2015-05-22 08:21 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F29257CF-F763-4A49-A00B-503C80C85A15}\mpengine.dll 2015-05-20 17:23 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-05-19 14:45 . 2015-05-19 14:45 -------- d-----w- c:\users\Ivo\AppData\Local\GalaxyCommunicationService 2015-05-19 14:24 . 2015-05-19 14:24 -------- d-----w- C:\RegBackup 2015-05-19 14:18 . 2015-05-19 14:21 -------- d-----w- C:\AdwCleaner 2015-05-18 16:25 . 2015-05-18 16:25 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2015-05-18 16:25 . 2015-05-18 16:42 -------- d-----w- c:\programdata\RogueKiller 2015-05-18 15:00 . 2015-05-12 02:34 571024 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2015-05-18 13:35 . 2015-05-20 17:12 -------- d-----w- C:\FRST 2015-05-18 09:43 . 2015-05-18 09:44 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-05-18 09:43 . 2015-04-14 06:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-05-18 09:43 . 2015-05-18 13:24 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2015-05-18 09:43 . 2015-04-14 06:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-05-18 09:43 . 2015-04-14 06:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-05-16 17:11 . 2015-03-23 08:40 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F656DB19-562F-4FF6-937D-8587E78D55C3}\gapaengine.dll 2015-05-16 16:47 . 2015-05-16 16:47 -------- d-----w- c:\program files (x86)\Common Files\Microsoft 2015-05-16 16:47 . 2015-05-16 16:47 -------- d-----w- c:\program files (x86)\Windows Kits 2015-05-16 16:35 . 2014-08-26 14:16 746496 ----a-w- c:\windows\SysWow64\SyncBackSE.dll 2015-05-16 08:30 . 2015-05-16 08:30 -------- d-----w- c:\program files\Desktop Restore 2015-05-13 13:50 . 2015-04-22 01:48 815304 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe 2015-05-13 13:49 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll 2015-05-13 13:49 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll 2015-05-13 13:49 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll 2015-05-13 13:49 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe 2015-05-13 13:49 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll 2015-05-13 13:49 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll 2015-05-13 13:49 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe 2015-05-03 09:20 . 2015-05-03 09:20 -------- d-----w- c:\program files (x86)\BFVCC Server Manager 2015-04-30 21:06 . 2015-04-30 21:06 -------- d-----w- c:\programdata\GOG.com 2015-04-28 19:55 . 2015-04-28 19:55 -------- d-----w- c:\programdata\GRETECH 2015-04-28 19:55 . 2015-04-28 19:55 -------- d-----w- c:\users\Ivo\AppData\Roaming\GRETECH 2015-04-28 19:55 . 2015-04-28 19:55 -------- d-----w- c:\program files (x86)\GRETECH . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-05-21 18:13 . 2015-03-05 06:20 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin 2015-05-17 21:19 . 2012-05-12 20:13 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-05-17 21:19 . 2012-05-12 20:13 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-05-13 13:52 . 2012-05-13 12:29 140425016 ----a-w- c:\windows\system32\MRT.exe 2015-05-13 06:52 . 2015-01-23 13:16 1558848 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2015-05-12 06:27 . 2015-01-23 13:16 2971776 ----a-w- c:\windows\SysWow64\nvapi.dll 2015-05-12 06:27 . 2013-02-26 20:36 12849056 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2015-05-12 06:27 . 2012-11-14 09:38 3363224 ----a-w- c:\windows\system32\nvapi64.dll 2015-05-12 06:27 . 2012-11-14 09:38 17540416 ----a-w- c:\windows\system32\nvwgf2umx.dll 2015-05-12 03:30 . 2014-10-22 16:41 2558608 ----a-w- c:\windows\system32\nvsvcr.dll 2015-05-12 03:30 . 2013-07-22 07:47 937288 ----a-w- c:\windows\system32\nvvsvc.exe 2015-05-12 03:30 . 2013-07-22 07:47 62608 ----a-w- c:\windows\system32\nvshext.dll 2015-05-12 03:30 . 2013-07-22 07:47 385352 ----a-w- c:\windows\system32\nvmctray.dll 2015-05-12 03:30 . 2013-07-22 07:47 6872392 ----a-w- c:\windows\system32\nvcpl.dll 2015-05-12 03:30 . 2013-07-22 07:47 3490448 ----a-w- c:\windows\system32\nvsvc64.dll 2015-05-11 17:01 . 2013-07-22 07:47 4391871 ----a-w- c:\windows\system32\nvcoproc.bin 2015-05-08 00:35 . 2014-06-03 10:48 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll 2015-05-08 00:35 . 2013-10-29 14:18 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll 2015-05-08 00:34 . 2014-06-03 10:48 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll 2015-05-08 00:34 . 2013-10-29 14:18 1570672 ----a-w- c:\windows\system32\nvspcap64.dll 2015-04-27 19:04 . 2015-05-13 13:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-04-09 00:58 . 2015-04-13 18:59 1895568 ----a-w- c:\windows\system32\nvdispco6435012.dll 2015-04-09 00:58 . 2015-04-13 18:59 1557648 ----a-w- c:\windows\system32\nvdispgenco6435012.dll 2015-03-25 03:24 . 2015-04-15 06:57 98304 ----a-w- c:\windows\system32\wudriver.dll 2015-03-25 03:24 . 2015-04-15 06:57 37376 ----a-w- c:\windows\system32\wups2.dll 2015-03-25 03:24 . 2015-04-15 06:57 35328 ----a-w- c:\windows\system32\wups.dll 2015-03-25 03:24 . 2015-04-15 06:57 3298816 ----a-w- c:\windows\system32\wucltux.dll 2015-03-25 03:24 . 2015-04-15 06:57 2553856 ----a-w- c:\windows\system32\wuaueng.dll 2015-03-25 03:24 . 2015-04-15 06:57 191488 ----a-w- c:\windows\system32\wuwebv.dll 2015-03-25 03:24 . 2015-04-15 06:57 696320 ----a-w- c:\windows\system32\wuapi.dll 2015-03-25 03:24 . 2015-04-15 06:57 60416 ----a-w- c:\windows\system32\WinSetupUI.dll 2015-03-25 03:23 . 2015-04-15 06:57 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2015-03-25 03:23 . 2015-04-15 06:57 36864 ----a-w- c:\windows\system32\wuapp.exe 2015-03-25 03:23 . 2015-04-15 06:57 135168 ----a-w- c:\windows\system32\wuauclt.exe 2015-03-25 03:00 . 2015-04-15 06:57 92672 ----a-w- c:\windows\SysWow64\wudriver.dll 2015-03-25 03:00 . 2015-04-15 06:57 566784 ----a-w- c:\windows\SysWow64\wuapi.dll 2015-03-25 03:00 . 2015-04-15 06:57 29696 ----a-w- c:\windows\SysWow64\wups.dll 2015-03-25 03:00 . 2015-04-15 06:57 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll 2015-03-25 03:00 . 2015-04-15 06:57 33792 ----a-w- c:\windows\SysWow64\wuapp.exe 2015-03-23 08:40 . 2015-04-21 08:42 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2015-03-23 03:25 . 2015-04-15 06:57 726528 ----a-w- c:\windows\system32\generaltel.dll 2015-03-23 03:25 . 2015-04-15 06:57 769536 ----a-w- c:\windows\system32\invagent.dll 2015-03-23 03:24 . 2015-04-15 06:57 419840 ----a-w- c:\windows\system32\devinv.dll 2015-03-23 03:24 . 2015-04-15 06:57 957952 ----a-w- c:\windows\system32\appraiser.dll 2015-03-23 03:24 . 2015-04-15 06:57 30720 ----a-w- c:\windows\system32\acmigration.dll 2015-03-23 03:24 . 2015-04-15 06:57 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-03-23 03:24 . 2015-04-15 06:57 192000 ----a-w- c:\windows\system32\aepic.dll 2015-03-23 03:17 . 2015-04-15 06:57 1111552 ----a-w- c:\windows\system32\aeinv.dll 2015-03-13 19:41 . 2015-03-19 14:25 1896136 ----a-w- c:\windows\system32\nvdispco6434788.dll 2015-03-13 19:41 . 2015-03-19 14:25 1557648 ----a-w- c:\windows\system32\nvdispgenco6434788.dll 2015-03-10 03:25 . 2015-04-15 06:57 1882624 ----a-w- c:\windows\system32\msxml3.dll 2015-03-10 03:21 . 2015-04-15 06:57 2048 ----a-w- c:\windows\system32\msxml3r.dll 2015-03-10 03:08 . 2015-04-15 06:57 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll 2015-03-10 03:05 . 2015-04-15 06:57 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2015-03-05 05:12 . 2015-04-15 06:57 404480 ----a-w- c:\windows\system32\gdi32.dll 2015-03-05 04:05 . 2015-04-15 06:57 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2015-03-04 16:34 . 2015-03-04 16:34 280376 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2015-03-04 16:34 . 2014-11-15 11:46 124568 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2015-03-04 04:55 . 2015-04-15 06:57 367552 ----a-w- c:\windows\system32\clfs.sys 2015-03-04 04:41 . 2015-04-15 06:57 79360 ----a-w- c:\windows\system32\clfsw32.dll 2015-03-04 04:41 . 2015-05-13 13:49 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2015-03-04 04:41 . 2015-05-13 13:49 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2015-03-04 04:10 . 2015-04-15 06:57 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll 2015-03-04 04:10 . 2015-05-13 13:49 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2015-03-04 04:10 . 2015-05-13 13:49 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll 2015-03-04 04:06 . 2015-05-13 13:49 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2015-03-03 13:17 . 2012-05-12 19:31 295552 ------w- c:\windows\system32\MpSigStub.exe 2015-02-25 03:18 . 2015-04-15 06:57 754688 ----a-w- c:\windows\system32\drivers\http.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OscarX7Mouse5Mode"="c:\program files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe" [2011-10-21 3518976] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "dualmonitor"="c:\program files (x86)\Dual Monitor\DualMonitor.exe" [2013-02-18 478720] "OscarEditor"="c:\program files (x86)\GXStandard16-in-1\GXStandard16in1.exe" [2011-09-02 3343360] "Spotify Web Helper"="c:\users\Ivo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-01-22 1676344] "uTorrent"="c:\users\Ivo\AppData\Roaming\uTorrent\uTorrent.exe" [2015-05-11 1694560] "GalaxyClient"="c:\program files (x86)\GalaxyClient\GalaxyClient.exe" [2015-05-16 7402040] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-18 241789] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2011-08-29 1517056] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "bit4id csp store register (M)"="c:\windows\system32\bit4upki-store.dll" [2010-08-10 151552] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "pspNetSystray"="c:\program files (x86)\MGE\PersonalSolutionPac\mgenetsystray.exe" [2007-04-25 1208320] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2015-04-17 2669568] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\tray.exe" [2015-04-08 1010008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "3212083974"= 504b0304c239b7f8068374bfb511000000400000e269f63d73594f6202c9694280cc96a28bbd63516fe3c2d5f7a2ff87ac3a990c3ec3b2ed7b07716237a0dfb1dfb651f67e31cb2e7649f98d5e55e9b25b1a579794989b176c357bdcc11226bd6ecb7de8a63ea2165f6b31ead6b0a2a96a6e9d04b9b39f194ef52d48b088d4b6597f685a70ff6912914f86d8235681747da26cfd83223d3d248872c51095484634ebf976e4595f734bd35caf42b38dcf9e878af0be0a5e84b22940f721e8bbcdcbaa3e53607359252db16c0d6c38a142261bb4896d12a48c006cc3c21fdf717c155b2af0375d2545ee286c2aecb2955206ef25c82dc686f7eb83bb3072e94e1e59254b11a2e3628e1d98e177375b54e682a1c77f986e1907ffcb784accacb124189751d7ebbafc91d3a127f134a85e27f8c201d9082f621f5fffac09d2aab94a62f90bd74d6c96a8db6d42e4e98316449d202a4e24857673e2a50b7dfd9d5af72a21a19a922acc9675ba933a1c6ad4e0a11470fbb82eed7a79c5ca2dbb0bec5b2b43baa37373d3ef494726d7cf4a4aa8a3d6a5c206ced49148c0100bfa96b707be91b855151d8da8e0723dd1303325011b3951c9df7b10e9b153bced98376c4d7517f2e0e23a986914b2b0f978454441c47b5797d924ce9cd186d74d308099ee52f226e92de6b50e4a0691f75cfa9ce733494b8cafaeb4be4c65f6c9dffa34a3c2ed9d14f5844164be79b7a90495290350177b03aefa777ff519b624e3c75c219260ac447bba9a6db56f34b340a5f75837fab3c33831a3bc39c2914aeb87a39545bd7ed52450eb7e94d5380e2babce3f8ee6e3cdc9d4ed54d9889d9dbd0dc879caa2b121048a308a7f873252dad24ea8f8911ea0a3b202de930a9fc882cf1349ffe229016b2ebfd7821b8986d31deccbc296ba54fd6d864c915f1d77ac0734d96fe0ba43a669fab128026c7f90e9e1e0a7047f5a2378e4de0966eb6c217b3483194b2b21a3fa8a1cbef1d66a3fc8a5c863bcea6157981a11449bae3357f3287501cb9c24e0afb156f5ddfd6855cd8b7b43feabd9412c1c208b5de2330c469a59de5b490cc06bfd5a4900cb121eb967bc7185a9f00112a5b1e8d8028ca02b0f2b194af03cc1e172b70c9b88643e3c064b5406cf184ad9eba26736ef6feb30dac8ba400933a32a3c03230bd732fcbe16c4b3bdcc0b501616ce956d968b8da68b4a9a64238601e81e78095961580431361a4dd9fe963d3ceba5c21bba416c1cc9d94bb842c25b2fd12c8bf42c35948272965a3fecf6e9b92d32d7e84a402a0b6214a412a23427e4852ce607fd9f7ff8559bbb96a9ae577df0c19d108587d372470be0d3e27ed61feb442c2d65e55bac81c2786cf6b837eebc1b5af35634b29fd5d96347b5f9c747c8a9a83e7cb3c188d9042f08fbd4edeebd65de7c04b275b7fd74067a0ae3033752aa55a45a05355811416ea4a5101511e99305b700bd44742cbd6a9272b5cf4001505c4057866b57e4de5ef0ee9f88b41986a80119c962594972011fc0c39b4a74b74747f5116d896a0ebcbb4387685672899af54b80ae07008971ea1c997a898e33aab769e4e52fbbec97ebf199ce76454badbd4eab272f1d1caabb3b49b3aafc1e67d09ee8feb0580e414eb45f3f0c25fe88872312fec2341e7a6100b2e04ed25fce13a146098dce98446b2f3875ecb269a886795698619d337da612f19bf8d4fe3028e79a26548128d1595af0bf98ff320dc73d873f05ebd07c87cae28df067c00de3e53cc77e801e1304192ca7bf78ab28db40564328a108f9f0ddd8e1b0baeccf16bf1deb3cc5c4b5f5140f6b8a256e9128c203418aa3d93e3f08078977667dc02d830bb6869de92f29a65ac6d2689d0a5a90887a8643119dc9a68b5b00bd59d45da9d7ed5dae6ee6da6119243f77f51b263200f90abbb61cce9a951781ea2012a2c8d7200906439b08e7e76cf9c9536b2e6b560afd7cbaa5044791ee17ded45adfd9d359dac0a9f4ed15bf2cb2ea9b12b7cb11b597cf2e6e750a6c636fe2c4b144f6ff43ccffddae787be160b0a8b4282b35a6aeece165814e95ce7adbe416ef4e51860cb4f5d50af2a86aa4ee602a30aa54850e0cb4a38dc3a1c711b5d03b6a53ee102ac68e553d11e5fb3d0a8e0ef34266263ca4a3e0b76c55a92f75f921cd61a5363e5db7737874d57c653d63457260b67b1df330827b2921c29fda0045bbe7404e40985039f7db153f52b2c941a56e922dcfb60b89dbee327ed6f5c1e438270f766a6ed1730fc581a4aebcfe3b7726b27d6b092cf5a0b6954196cb4cc2788b8722338ee189d9e22692595f0d5b333b0f715cb8d94a08afb631dbb1be79a773e8f1a4eaf7220c24222dda431b91d9175dfa0c6ae81e8c4c879d64446cf56faefe1487ca6739a776aee42ef8be40a612f95cde3b1feeac1e1e41a24c92ed8b0152e247239e5a8bc903679ca8c7b94659ad5b1d10551f460d924fb60882fc90508c3723420f86f4cf100387e808133cc429883c0e3ace91651c075cd19d106e0b437b0363048ca1feaaf929b87aed90afde281edca0fa0cc7b5a7f03807fa5ac41b1ed73130eac1117c631c1818142f24d420f6776cb53d4d0326b9fc3008c3ca03fc649d87d37fa617b74f2865c75298bed54b7d8dc676e2210374d8bf194ae2feda62b4798933c764ccddf845330721fc21e68c0695ca73285103e22ae68da440326dfef9a80d17d0a7c3f920e7b0aa806ee9b7549ed9878b6cfb505ac69e8e8d3cfa718675764cfb03861d32afaae1d918be87f6a9ac0d815c57ad3e167d642f5fcddc25d4ba3ac3e67c26a4deaa17797b3c0654f271eaaa442a71cbe19372adcbde3df8b3fe491e5a76a79d1291a0de317ffbf927f42782fa48270f2c969563b183a4b0112f3497dd3c2a423ec83498bdbaac928910a9fb7fe5788e454c027a28f4a91af2bf09e261f85b0eee4f7929e63c4062496cb09534bb6d03ff69ed2915d0ea215b4fb3d1044e86eb87dfb4898bcbd50e5c4ddfbdb83b9410e1adf91446c43c959e0e341d67a5a7ef8712586de3b8b9c5b6f80f42f235bf68900ebfe6304bb0d9f67408b76201ec26180b4bd76500de4f0df86df4a063aececca69ddf8a162b67a4b9800fa7570d5b551ac2703adc0ffced00650a96cd81ec4187b90c6b2140ce99c1937c40587ea72899897e628115bcab73b3d9f425860b109a67347b8a121f65d0968d56a3dde6b8171cea61b08ae568b9d03c398977ce86f75055230ef370cabf67c9cf97c3223719555403f3e0bd2af0e1e8742decb05fadb0227f15d40ee2d6dc5a49fe1e6bc9e6cedde74294c3bb6fd5c5fedfad672df1dffd219bd8bc1ec39158eab507998755f553441d01cd26a5501f6fb2db4f3597510f85b93a542514c8013eedbbfc913dcce8b20a5759665bdfd9919eb22a89163d8656386d857c5bfc7c241c1d726cd94ab0f92d5b0fefcf1d4abdd26fbc6c17a4ccacf2d31e5e713059de93c59d3b8d3e8d03b5d663f9dfadb03e093cb84fcf500a1f0e2e5ba1c9d81db12cc799c6539af0cc35682d95cb789c745a452bd8b38e6cf08e0579da1ab43ad0858d0305f961b15a79c1090f4867040ea2bd36cf6512aab44ce5a1098efe039134f23bf057777fef3e68e45827b0487924cad4e5f0b1c3b4f5a0e3853b39640eb0782d78888fe92c3b68624e84ff6a5eded87be62d34ce858f34e5fffbba75f014df0f648988b51a72de1ff54d5c7a4b8ecb10c5e9ef51de98c01ef8c406f9824a0c15a29e16b5a53e3643b0065a4263ecae50d2cb976d3d2ea6255a65f1c6cc86167f1784a27b832037db4ce1e262475334f3b2430f86c7a24456eea82ab678aba91bb4c0cc82c877b80b6d3574007257272c3e126c17a8b36aa8aa9431ff01bf658f82d8153eddea6804cdc564a3f5e9967b08feeb823d3db9356a4acdd80e883ca58a1c661d01d145f80a3ab67e8036c0bae1bb7bc43204eb0cf38214bc74a9aef036a31d5a9c552d93a25c0e84057bce5437b1634680d04a77472d631432d2baa7a3acd64220efcf9e7848f8fd9801bef7561a470a1822032160eb59edc0f977882dce4fb2872d89d27ff076dba74a9672f86909956579c28853fa8de7002cc8458d09256d42a39f1a4bdb6b56d36d51488e7368686e54c1bbbfff48884e0d536be362e59bd7f18329a4b82aed396e4f92865f594d0da38f7cace7a4603af60c1a53bdfd19476094aac6e4a8f31fc1257d48d03bb0ef515d8460b9441532c8b5043d0531d5881adb6d997bb184fd8caf4d8e6c759c3f7143b9e32bc7a0ec6234b68adf4111ca1d136721438e5e6d7125d480ce982d84aea7703b4010cd27867d6ddc5e0c970385196f020e48eddb24c56972f9e61e6cc29c1712551583828f899534aacfffc66f99999ea2ba2731d52a7fd2fa262a22b075da52a5aa58f5b41aa9cdc9181406717f3f75e7c475090121966838125236e4dc6291ae3874968e8208b983aadb03ca60acd935e6da1b829407f70a77340e4439f22fdc2fc4218de0f25d2f886c0aaeb693c2b23db0eab9953bf806c2173e0bc9d0d7ef0e763775bc1432ff48d6035b1214294c81b71cd98c42831014090cd99cb74929ae853f88132e559104d4fea98ad40f17da4100a909a6981bad9efb240a79520927aa12232a56f4d8893bff92bfc2bd42cf3dc09bdc484dfdba3a10c609186104ce33e3024f44000be34814ff5dc9872d44b4157fb3a6655b985f6cc5ef4586f2abfee12dcbdb90181b396f95fe3213f094d1f3dd3d7fed800f4ed21290f613b62048e0fc1f1328d9f87a5653b489d36f727be9d755523def0472f1c1d5ac90ee665379ff39d06e863c244890f5333a0b89b92022c1a8198029fe5f8c203b3dd211d4398958ee190108dd50b7850e20d8abe2b927d53d28f3b8ca26be81bc6b83c0e2b3b1dda28066c63860cea89df82708ef21d4d36b84663e87b4385a3e37bd3ff1eb2bf64184c44723490669af4da092d45ba21a569a352e513d9a9b43e9cd4b812055822626efc55f950009232b8b3bb2d63d44a8b0bd9bd4e84c5a724496a2326f63c97dbcb235366ec0cf6096b5f4988d073c34bd3a084130cea8d6ee22e542b411c1e18599667b3fd6dde0669ad82c85a1c10ca5862213cb1bb277e6c4f6564f20a9bcea1b48170504c47235d78ed0a0441987c8c17d90d7b56cf487c46733ba4a6848fec42b97ce4048f3c6d9c493322f052ef93f02f142b3940a10921bd15c911e7a97aa4a20dc383c62cd288d252ba937b3f60761e6653568a01241bb573664de04811cf3f59b4c2d7e8a6c55da16f468383456aa751697697397c2a5e5abfa0f1099d80447d49da509aa1347f3943ee9baa1fdad2a0e69410b34253ad4991282d0e952260f52ab9f02a3d00b37098cf60354424f862066e45e92ac475c99a00e7380766e589abf66271619142795cf7a7fbd138a6cc5bd7e135122341d1f06eb5b436c59be0adedc71bc03d7c63c16751ad56c69e36decfe9e8214c719fcdf2e9fe2dc971f03c1c2ad6b6d368fe8b11d0389650c73d1c7e73708145fa05992a150e6a909656ea786e244bdf1cd71f4b0fd05b1335d703182ffa9d96c99108297b1fe327a83bf4f69d2a9c3d1eb73a9dd8cee2b3220904ac31011fd6407a5ba427facb46227fdedb13d1ca6443ded3dc3b6cf06a59dc9b9226fbf357334abf58412605fd206e7b6125fa19e5d68f75783fa08205b05c0a12d1830068317f6105958c4eb37bcb1beae6a401c267641aa58274a410d76b4d2a03e418020869b6886bb81964761b3fcd8ea68050ad6cff99649cde8fa53f04b0c96e271c0b092e24d81ea2d723775799e713ea9da6967ef57aaafe1c6732f2f047556027f021c65fc20c1c3bcb392acf8ff7a9e14d9728a5aaacd255fc3866b041e9c96dcf592083d78c9e405ddd7991d2e2536d2eb1ba0f0ece3dfb6a34c2665cfac2d1850fd478f617fdd4e9dd4492c553bd375cfd33f4744d642006f3a5216a1ff7d73643ed751caecdfdcb56247aa2f66fbcb8315daaa86006a99e0350a72d5d5260d6bb77ac53cdd7abacb859586c279b7facdf076c922ac27f3e907fb3b4ec977ca634a28df064162165222dcce674dab60a4e9d48e7fcea267abb1f8e0a2012aa6db532a4ce74fbaf583e2c292fa1b56be585d14ee073cdafe3fc0c19050e698ec41b9d27f5db41a779208118a5d3f8f74333b2ad2fe3cee273bbfea485ead817effedf1260c1a125070589b6f0f31984ed498cbd273e84a718f54c82cbc2747e678f8437dde23c9ea3c877823034b7c70731c2d01cc09d11d3364e7945b6480b9b416acb54cd1194b46c6d2e147619ac1c1fa915af80a5098647247ebcf0449634f69c96afc740bce61993228183d98d0f85406d8ffd934 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer8"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 MGE Service module;MGE Service module;c:\program files (x86)\MGE\PersonalSolutionPac\RunSC.exe;c:\program files (x86)\MGE\PersonalSolutionPac\RunSC.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys;c:\windows\SYSNATIVE\DRIVERS\a38ccid.sys [x] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] R3 atillk64;atillk64;c:\program files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys;c:\program files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R3 cxbu0x64;OMNIKEY 6121;c:\windows\system32\DRIVERS\cxbu0x64.sys;c:\windows\SYSNATIVE\DRIVERS\cxbu0x64.sys [x] R3 GalaxyClientService;GalaxyClientService;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe [x] R3 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x] R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\atBIOS\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\atBIOS\GPCIDrv64.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2015-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 21:19] . 2015-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 20:09] . 2015-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 20:09] . 2015-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-466484426-2456408593-1200989562-1000Core.job - c:\users\Ivo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 20:25] . 2015-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-466484426-2456408593-1200989562-1000UA.job - c:\users\Ivo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 20:25] . 2015-05-21 c:\windows\Tasks\InfoNotary Configurator for Mozilla Updates.job - c:\program files (x86)\InfoNotary\Mozilla Setup\updater.exe [2011-11-10 15:06] . 2015-05-19 c:\windows\Tasks\InfoNotary Smart Card Manager Updates.job - c:\program files\InfoNotary\SCManager2\updater.exe [2012-03-09 13:21] . 2015-04-30 c:\windows\Tasks\InfoNotary updater.job - c:\program files (x86)\InfoNotary\PNPInstaller\InfoNotaryUpdater.exe [2015-04-09 15:15] . 2015-05-19 c:\windows\Tasks\Update InfoNotary e-Doc Signer.job - c:\program files (x86)\InfoNotary\INSigner\INSignerUpdater.exe [2012-03-08 06:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-12 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-12 398104] "AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\btvstack.exe" [2012-06-28 1023104] "AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\athbttray.exe" [2012-06-28 801920] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-05-08 1570672] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-05-08 2685072] "bit4id csp store register (M x64)"="c:\windows\system32\bit4upki-store.dll" [2010-08-10 176128] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://cs-bg.info/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Download All by FlashGet - c:\program files (x86)\FlashGet\jc_all.htm IE: Download using FlashGet - c:\program files (x86)\FlashGet\jc_link.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 8.8.4.4 8.8.8.8 FF - ProfilePath - c:\users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.bg/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKCU-Run-GarminExpressTrayApp - c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe AddRemove-BFVCC Server Manager1.00_A Beta - c:\windows\iun6002.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-466484426-2456408593-1200989562-1000\Software\SecuROM\License information*] "datasecu"=hex:a2,43,ee,c6,21,5e,03,6c,f3,ed,f3,1f,da,eb,82,c1,6b,8a,23,64,5a, 1b,10,47,b1,ab,69,ee,2e,00,d7,22,8e,78,4b,bf,24,a9,8d,ec,25,22,6a,6d,21,ae,\ "rkeysecu"=hex:58,d5,fd,9b,ae,23,6b,89,7b,31,1d,1d,05,01,9f,00 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.17" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-05-22 11:44:41 ComboFix-quarantined-files.txt 2015-05-22 08:44 . Pre-Run: 9 234 640 896 bytes free Post-Run: 9 064 804 352 bytes free . - - End Of File - - 01785B19E88105A1CE09E4E931EED366 97D6290A850A0EAE136460E263650E7C
  12. Благодаря, изпълних указанията. Въпреки това продължавам да забелязвам висока употреба на RAM памет от операционната система, не се разбира от кой процес (прикачвам снимки). Fixlog.txt
  13. Прикачвам логовете. aswMBR.txt TDSSKiller.3.0.0.44_18.05.2015_19.05.37_log.txt RKreport.txt
  14. Здравейте! Ето че отново ми се налага да търся помощ във връзка с операционната система. Напоследък редовно забелязвам, че оперативната ми памет се запълва постепенно все повече, като снощи ми бяха останали около 130 MB от общо 16 GB, без да е пусната игра или тежка програма. Днес реших да сканирам за вируси, като антивирусната на Microsoft не откри нищо. След това сканирах с Malwarebytes, който намери: Registry Values: 1 Trojan.Zaccess, HKU\S-1-5-21-466484426-2456408593-1200989562-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^a?®a?¤, , [b2674d481e6cb284601232d04cb4cb35], Следват логовете от FRST64: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02 Ran by Ivo (administrator) on IVO-PC on 18-05-2015 16:35:26 Running from C:\Users\Ivo\Desktop Loaded Profiles: Ivo (Available profiles: Ivo) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Atheros Commnucations) C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\MGE\PersonalSolutionPac\RunSC.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe () C:\Program Files (x86)\MGE\PersonalSolutionPac\PCtl.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\MGE\PersonalSolutionPac\BIL.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files (x86)\MGE\PersonalSolutionPac\CilUSB.exe (2BrightSparks Pte Ltd) C:\Program Files (x86)\2BrightSparks\SyncBackSE\SyncBackSE.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Atheros Commnucations) C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe () C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files (x86)\GXStandard16-in-1\GXStandard16in1.exe (Spotify Ltd) C:\Users\Ivo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (BitTorrent Inc.) C:\Users\Ivo\AppData\Roaming\uTorrent\uTorrent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe () C:\Program Files (x86)\MGE\PersonalSolutionPac\mgenetsystray.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe (GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\extensions\adbhelper@mozilla.org\win32\adb.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Atheros\Bluetooth Suite\btvstack.exe [1023104 2012-06-28] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Atheros\Bluetooth Suite\athbttray.exe [801920 2012-06-28] (Atheros Commnucations) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation) HKLM\...\Run: [bit4id csp store register (M x64)] => "RUNDLL32.EXE" "C:\Windows\system32\bit4upki-store.dll",RegisterMyPhysicalStore HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [bit4id csp store register (M)] => "C:\Windows\SysWOW64\RUNDLL32.EXE" "C:\Windows\system32\bit4upki-store.dll",RegisterMyPhysicalStore HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [pspNetSystray] => C:\Program Files (x86)\MGE\PersonalSolutionPac\mgenetsystray.exe [1208320 2007-04-25] () HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2669568 2015-04-17] (Sony Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKLM\...\Policies\Explorer: [3212083974] 0x504B0304C239B7F8068374BFB511000000400000E269F63D73594F6202C9694280CC96A28BBD63516FE3C2D5F7A2FF87AC3A990C3EC3B2ED7B07716237A0DFB1DFB651F67E31CB2E7649F98D5E55E9B25B1A579794989B176C357BDCC11226BD6ECB7DE8A63EA2165F6B31EAD6B0A2A96A6E9D04B9B39F194EF52D48B088D4B6597F685A70FF6912914F86D8235681747DA26CFD83223D3D248872C51095484634EBF976E4595F734BD35CAF42B38DCF9E878AF0BE0A5E84B22940F721E8BBCDCBAA3E53607359252DB16C0D6C38A142261BB4896D12A48C006CC3C21FDF717C155B2AF0375D2545EE286C2AECB2955206EF25C82DC686F7EB83BB3072E94E1E59254B11A2E3628E1D98E177375B54E682A1C77F986E1907FFCB784ACCACB124189751D7EBBAFC91D3A127F134A85E27F8C201D9082F621F5FFFAC09D2AAB94A62F90BD74D6C96A8DB6D42E4E98316449D202A4E24857673E2A50B7DFD9D5AF72A21A19A922ACC9675BA933A1C6AD4E0A11470FBB82EED7A79C5CA2DBB0BEC5B2B43BAA37373D3EF494726D7CF4A4AA8A3D6A5C206CED49148C0100BFA96B707BE91B855151D8DA8E0723DD1303325011B3951C9DF7B10E9B153BCED98376C4D7517F2E0E23A986914B2B0F978454441C47B5797D924CE9CD186D74D308099EE52F226E92DE6B50E4A0691F75CFA9CE733494B8CAFAEB4BE4C65F6C9DFFA34A3C2ED9D14F5844164BE79B7A90495290350177B03AEFA777FF519B624E3C75C219260AC447BBA9A6DB56F34B340A5F75837FAB3C33831A3BC39C2914AEB87A39545BD7ED52450EB7E94D5380E2BABCE3F8EE6E3CDC9D4ED54D9889D9DBD0DC879CAA2B121048A308A7F873252DAD24EA8F8911EA0A3B202DE930A9FC882CF1349FFE229016B2EBFD7821B8986D31DECCBC296BA54FD6D864C915F1D77AC0734D96FE0BA43A669FAB128026C7F90E9E1E0A7047F5A2378E4DE0966EB6C217B3483194B2B21A3FA8A1CBEF1D66A3FC8A5C863BCEA6157981A11449BAE3357F3287501CB9C24E0AFB156F5DDFD6855CD8B7B43FEABD9412C1C208B5DE2330C469A59DE5B490CC06BFD5A4900CB121EB967BC7185A9F00112A5B1E8D8028CA02B0F2B194AF03CC1E172B70C9B88643E3C064B5406CF184AD9EBA26736EF6FEB30DAC8BA400933A32A3C03230BD732FCBE16C4B3BDCC0B501616CE956D968B8DA68B4A9A64238601E81E78095961580431361A4DD9FE963D3CEBA5C21BBA416C1CC9D94BB842C25B2FD12C8BF42C35948272965A3FECF6E9B92D32D7E84A402A0B6214A412A23427E4852CE607FD9F7FF8559BBB96A9AE577DF0C19D108587D372470BE0D3E27ED61FEB442C2D65E55BAC81C2786CF6B837EEBC1B5AF35634B29FD5D96347B5F9C747C8A9A83E7CB3C188D9042F08FBD4EDEEBD65DE7C04B275B7FD74067A0AE3033752AA55A45A05355811416EA4A5101511E99305B700BD44742CBD6A9272B5CF4001505C4057866B57E4DE5EF0EE9F88B41986A80119C962594972011FC0C39B4A74B74747F5116D896A0EBCBB4387685672899AF54B80AE07008971EA1C997A898E33AAB769E4E52FBBEC97EBF199CE76454BADBD4EAB272F1D1CAABB3B49B3AAFC1E67D09EE8FEB0580E414EB45F3F0C25FE88872312FEC2341E7A6100B2E04ED25FCE13A146098DCE98446B2F3875ECB269A886795698619D337DA612F19BF8D4FE3028E79A26548128D1595AF0BF98FF320DC73D873F05EBD07C87CAE28DF067C00DE3E53CC77E801E1304192CA7BF78AB28DB40564328A108F9F0DDD8E1B0BAECCF16BF1DEB3CC5C4B5F5140F6B8A256E9128C203418AA3D93E3F08078977667DC02D830BB6869DE92F29A65AC6D2689D0A5A90887A8643119DC9A68B5B00BD59D45DA9D7ED5DAE6EE6DA6119243F77F51B263200F90ABBB61CCE9A951781EA2012A2C8D7200906439B08E7E76CF9C9536B2E6B560AFD7CBAA5044791EE17DED45ADFD9D359DAC0A9F4ED15BF2CB2EA9B12B7CB11B597CF2E6E750A6C636FE2C4B144F6FF43CCFFDDAE787BE160B0A8B4282B35A6AEECE165814E95CE7ADBE416EF4E51860CB4F5D50AF2A86AA4EE602A30AA54850E0CB4A38DC3A1C711B5D03B6A53EE102AC68E553D11E5FB3D0A8E0EF34266263CA4A3E0B76C55A92F75F921CD61A5363E5DB7737874D57C653D63457260B67B1DF330827B2921C29FDA0045BBE7404E40985039F7DB153F52B2C941A56E922DCFB60B89DBEE327ED6F5C1E438270F766A6ED1730FC581A4AEBCFE3B7726B27D6B092CF5A0B6954196CB4CC2788B8722338EE189D9E22692595F0D5B333B0F715CB8D94A08AFB631DBB1BE79A773E8F1A4EAF7220C24222DDA431B91D9175DFA0C6AE81E8C4C879D64446CF56FAEFE1487CA6739A776AEE42EF8BE40A612F95CDE3B1FEEAC1E1E41A24C92ED8B0152E247239E5A8BC903679CA8C7B94659AD5B1D10551F460D924FB60882FC90508C3723420F86F4CF100387E808133CC429883C0E3ACE91651C075CD19D106E0B437B0363048CA1FEAAF929B87AED90AFDE281EDCA0FA0CC7B5A7F03807FA5AC41B1ED73130EAC1117C631C1818142F24D420F6776CB53D4D0326B9FC3008C3CA03FC649D87D37FA617B74F2865C75298BED54B7D8DC676E2210374D8BF194AE2FEDA62B4798933C764CCDDF845330721FC21E68C0695CA73285103E22AE68DA440326DFEF9A80D17D0A7C3F920E7B0AA806EE9B7549ED9878B6CFB505AC69E8E8D3CFA718675764CFB03861D32AFAAE1D918BE87F6A9AC0D815C57AD3E167D642F5FCDDC25D4BA3AC3E67C26A4DEAA17797B3C0654F271EAAA442A71CBE19372ADCBDE3DF8B3FE491E5A76A79D1291A0DE317FFBF927F42782FA48270F2C969563B183A4B0112F3497DD3C2A423EC83498BDBAAC928910A9FB7FE5788E454C027A28F4A91AF2BF09E261F85B0EEE4F7929E63C4062496CB09534BB6D03FF69ED2915D0EA215B4FB3D1044E86EB87DFB4898BCBD50E5C4DDFBDB83B9410E1ADF91446C43C959E0E341D67A5A7EF8712586DE3B8B9C5B6F80F42F235BF68900EBFE6304BB0D9F67408B76201EC26180B4BD76500DE4F0DF86DF4A063AECECCA69DDF8A162B67A4B9800FA7570D5B551AC2703ADC0FFCED00650A96CD81EC4187B90C6B2140CE99C1937C40587EA72899897E628115BCAB73B3D9F425860B109A67347B8A121F65D0968D56A3DDE6B8171CEA61B08AE568B9D03C398977CE86F75055230EF370CABF67C9CF97C3223719555403F3E0BD2AF0E1E8742DECB05FADB0227F15D40EE2D6DC5A49FE1E6BC9E6CEDDE74294C3BB6FD5C5FEDFAD672DF1DFFD219BD8BC1EC39158EAB507998755F553441D01CD26A5501F6FB2DB4F3597510F85B93A542514C8013EEDBBFC913DCCE8B20A5759665BDFD9919EB22A89163D8656386D857C5BFC7C241C1D726CD94AB0F92D5B0FEFCF1D4ABDD26FBC6C17A4CCACF2D31E5E713059DE93C59D3B8D3E8D03B5D663F9DFADB03E093CB84FCF500A1F0E2E5BA1C9D81DB12CC799C6539AF0CC35682D95CB789C745A452BD8B38E6CF08E0579DA1AB43AD0858D0305F961B15A79C1090F4867040EA2BD36CF6512AAB44CE5A1098EFE039134F23BF057777FEF3E68E45827B0487924CAD4E5F0B1C3B4F5A0E3853B39640EB0782D78888FE92C3B68624E84FF6A5EDED87BE62D34CE858F34E5FFFBBA75F014DF0F648988B51A72DE1FF54D5C7A4B8ECB10C5E9EF51DE98C01EF8C406F9824A0C15A29E16B5A53E3643B0065A4263ECAE50D2CB976D3D2EA6255A65F1C6CC86167F1784A27B832037DB4CE1E262475334F3B2430F86C7A24456EEA82AB678ABA91BB4C0CC82C877B80B6D3574007257272C3E126C17A8B36AA8AA9431FF01BF658F82D8153EDDEA6804CDC564A3F5E9967B08FEEB823D3DB9356A4ACDD80E883CA58A1C661D01D145F80A3AB67E8036C0BAE1BB7BC43204EB0CF38214BC74A9AEF036A31D5A9C552D93A25C0E84057BCE5437B1634680D04A77472D631432D2BAA7A3ACD64220EFCF9E7848F8FD9801BEF7561A470A1822032160EB59EDC0F977882DCE4FB2872D89D27FF076DBA74A9672F86909956579C28853FA8DE7002CC8458D09256D42A39F1A4BDB6B56D36D51488E7368686E54C1BBBFFF48884E0D536BE362E59BD7F18329A4B82AED396E4F92865F594D0DA38F7CACE7A4603AF60C1A53BDFD19476094AAC6E4A8F31FC1257D48D03BB0EF515D8460B9441532C8B5043D0531D5881ADB6D997BB184FD8CAF4D8E6C759C3F7143B9E32BC7A0EC6234B68ADF4111CA1D136721438E5E6D7125D480CE982D84AEA7703B4010CD27867D6DDC5E0C970385196F020E48EDDB24C56972F9E61E6CC29C1712551583828F899534AACFFFC66F99999EA2BA2731D52A7FD2FA262A22B075DA52A5AA58F5B41AA9CDC9181406717F3F75E7C475090121966838125236E4DC6291AE3874968E8208B983AADB03CA60ACD935E6DA1B829407F70A77340E4439F22FDC2FC4218DE0F25D2F886C0AAEB693C2B23DB0EAB9953BF806C2173E0BC9D0D7EF0E763775BC1432FF48D6035B1214294C81B71CD98C42831014090CD99CB74929AE853F88132E559104D4FEA98AD40F17DA4100A909A6981BAD9EFB240A79520927AA12232A56F4D8893BFF92BFC2BD42CF3DC09BDC484DFDBA3A10C609186104CE33E3024F44000BE34814FF5DC9872D44B4157FB3A6655B985F6CC5EF4586F2ABFEE12DCBDB90181B396F95FE3213F094D1F3DD3D7FED800F4ED21290F613B62048E0FC1F1328D9F87A5653B489D36F727BE9D755523DEF0472F1C1D5AC90EE665379FF39D06E863C244890F5333A0B89B92022C1A8198029FE5F8C203B3DD211D4398958EE190108DD50B7850E20D8ABE2B927D53D28F3B8CA26BE81BC6B83C0E2B3B1DDA28066C63860CEA89DF82708EF21D4D36B84663E87B4385A3E37BD3FF1EB2BF64184C44723490669AF4DA092D45BA21A569A352E513D9A9B43E9CD4B812055822626EFC55F950009232B8B3BB2D63D44A8B0BD9BD4E84C5A724496A2326F63C97DBCB235366EC0CF6096B5F4988D073C34BD3A084130CEA8D6EE22E542B411C1E18599667B3FD6DDE0669AD82C85A1C10CA5862213CB1BB277E6C4F6564F20A9BCEA1B48170504C47235D78ED0A0441987C8C17D90D7B56CF487C46733BA4A6848FEC42B97CE4048F3C6D9C493322F052EF93F02F142B3940A10921BD15C911E7A97AA4A20DC383C62CD288D252BA937B3F60761E6653568A01241BB573664DE04811CF3F59B4C2D7E8A6C55DA16F468383456AA751697697397C2A5E5ABFA0F1099D80447D49DA509AA1347F3943EE9BAA1FDAD2A0E69410B34253AD4991282D0E952260F52AB9F02A3D00B37098CF60354424F862066E45E92AC475C99A00E7380766E589ABF66271619142795CF7A7FBD138A6CC5BD7E135122341D1F06EB5B436C59BE0ADEDC71BC03D7C63C16751AD56C69E36DECFE9E8214C719FCDF2E9FE2DC971F03C1C2AD6B6D368FE8B11D0389650C73D1C7E73708145FA05992A150E6A909656EA786E244BDF1CD71F4B0FD05B1335D703182FFA9D96C99108297B1FE327A83BF4F69D2A9C3D1EB73A9DD8CEE2B3220904AC31011FD6407A5BA427FACB46227FDEDB13D1CA6443DED3DC3B6CF06A59DC9B9226FBF357334ABF58412605FD206E7B6125FA19E5D68F75783FA08205B05C0A12D1830068317F6105958C4EB37BCB1BEAE6A401C267641AA58274A410D76B4D2A03E418020869B6886BB81964761B3FCD8EA68050AD6CFF99649CDE8FA53F04B0C96E271C0B092E24D81EA2D723775799E713EA9DA6967EF57AAAFE1C6732F2F047556027F021C65FC20C1C3BCB392ACF8FF7A9E14D9728A5AAACD255FC3866B041E9C96DCF592083D78C9E405DDD7991D2E2536D2EB1BA0F0ECE3DFB6A34C2665CFAC2D1850FD478F617FDD4E9DD4492C553BD375CFD33F4744D642006F3A5216A1FF7D73643ED751CAECDFDCB56247AA2F66FBCB8315DAAA86006A99E0350A72D5D5260D6BB77AC53CDD7ABACB859586C279B7FACDF076C922AC27F3E907FB3B4EC977CA634A28DF064162165222DCCE674DAB60A4E9D48E7FCEA267ABB1F8E0A2012AA6DB532A4CE74FBAF583E2C292FA1B56BE585D14EE073CDAFE3FC0C19050E698EC41B9D27F5DB41A779208118A5D3F8F74333B2AD2FE3CEE273BBFEA485EAD817EFFEDF1260C1A125070589B6F0F31984ED498CBD273E84A718F54C82CBC2747E678F8437DDE23C9EA3C877823034B7C70731C2D01CC09D11D3364E7945B6480B9B416ACB54CD1194B46C6D2E147619AC1C1FA915AF80A5098647247EBCF0449634F69C96AFC740BCE61993228183D98D0F85406D8FFD934 HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Run: [OscarX7Mouse5Mode] => C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe [3518976 2011-10-21] () HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd) HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Run: [Google Update] => C:\Users\Ivo\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-14] (Google Inc.) HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Run: [] => [X] HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Run: [Clownfish] => [X] HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Run: [dualmonitor] => C:\Program Files (x86)\Dual Monitor\DualMonitor.exe [478720 2013-02-18] (Cristi) HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\GXStandard16-in-1\GXStandard16in1.exe [3343360 2011-09-02] () HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Run: [Spotify Web Helper] => C:\Users\Ivo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-22] (Spotify Ltd) HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Run: [uTorrent] => C:\Users\Ivo\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-12] (BitTorrent Inc.) HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7402040 2015-05-16] (GOG.com) HKU\S-1-5-21-466484426-2456408593-1200989562-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-466484426-2456408593-1200989562-1000] => localhost:8080 HKU\S-1-5-21-466484426-2456408593-1200989562-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs-bg.info/ HKU\S-1-5-21-466484426-2456408593-1200989562-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: IeCatch5 Class -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\FlashGet\Jccatch.dll [2006-05-16] (FlashGet) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll [2012-06-28] (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation) BHO-x32: gFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\FlashGet\getflash.dll [2006-09-12] () Toolbar: HKLM-x32 - FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\fgiebar.dll [2005-06-07] (Amaze Soft) DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {A996E48C-D3DC-4244-89F7-AFA33EC60679} https://e-fibank.bg/EBank/CAPICOM/capicom.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default FF Homepage: https://www.google.bg/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] () FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( ) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-466484426-2456408593-1200989562-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ivo\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin HKU\S-1-5-21-466484426-2456408593-1200989562-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ivo\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF user.js: detected! => C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\user.js [2015-02-18] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\searchplugins\-bg.xml [2012-05-12] FF SearchPlugin: C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\searchplugins\cs-bg--1.xml [2015-01-31] FF SearchPlugin: C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\searchplugins\cs-bg--2.xml [2015-01-31] FF SearchPlugin: C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\searchplugins\cs-bg-.xml [2015-01-31] FF SearchPlugin: C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\searchplugins\wolframalpha.xml [2012-05-13] FF Extension: ADB Helper - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\adbhelper@mozilla.org [2015-02-27] FF Extension: Bulgarian Dictionary - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\bg-BG@dictionaries.addons.mozilla.org [2012-05-12] FF Extension: Garmin Communicator - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19] FF Extension: ColorZilla - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012-08-02] FF Extension: Installer Management - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\{A95ECCE5-EF19-46bf-847B-3761F41FC4A5} [2014-06-29] FF Extension: Page Speed - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-04-22] FF Extension: Firebug - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\firebug@software.joehewitt.com.xpi [2012-05-12] FF Extension: Ghostery - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\firefox@ghostery.com.xpi [2013-08-17] FF Extension: FoxReplace - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\fox@replace.fx.xpi [2012-05-12] FF Extension: Groundspeed - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\gspeed@wobot.org.xpi [2013-11-20] FF Extension: NetExport - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\netexport@getfirebug.com.xpi [2014-11-07] FF Extension: SQLite Manager - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2012-12-01] FF Extension: YSlow - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\yslow@yahoo-inc.com.xpi [2012-05-12] FF Extension: FlashGot - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-05-12] FF Extension: English-Bulgarian Dictionary - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\{36089900-776c-11de-85d8-0002a5d5c51b}.xpi [2013-11-20] FF Extension: NoScript - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-05-12] FF Extension: ReloadEvery - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2014-01-20] FF Extension: RESTClient - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\{ad0d925d-88f8-47f1-85ea-8463569e756e}.xpi [2013-11-20] FF Extension: Web Developer - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-05-12] FF Extension: Adblock Plus - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-12] FF Extension: BetterPrivacy - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-05-12] FF Extension: HackBar - C:\Users\Ivo\AppData\Roaming\Mozilla\Firefox\Profiles\tr4kckig.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi [2012-05-12] FF HKLM-x32\...\Firefox\Extensions: [infonotary-mozilla-setup@infonotary.com] - C:\Program Files (x86)\InfoNotary\Mozilla Setup FF Extension: InfoNotary Configurator for Mozilla - C:\Program Files (x86)\InfoNotary\Mozilla Setup [2012-05-14] FF HKLM-x32\...\Seamonkey\Extensions: [infonotary-mozilla-setup@infonotary.com] - C:\Program Files (x86)\InfoNotary\Mozilla Setup FF HKLM-x32\...\Thunderbird\Extensions: [infonotary-mozilla-setup@infonotary.com] - C:\Program Files (x86)\InfoNotary\Mozilla Setup Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "https://mail.google.com/mail/#inbox", "https://twitter.com/", "https://plus.google.com/b/113573695439657623600/" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Ivo\AppData\Local\Google\Chrome\Application\42.0.2311.135\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ivo\AppData\Local\Google\Chrome\Application\42.0.2311.135\pdf.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Ivo\AppData\Local\Google\Chrome\Application\42.0.2311.135\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (MicrosoftВ® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (IntelВ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (IntelВ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Google Update) - C:\Users\Ivo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Profile: C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (https://plus.google.com/b/113573695439657623600/) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfnmkmopenaomdjigneogogcgkfmoak [2012-06-01] CHR Extension: (YouTube) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-14] CHR Extension: (Adblock Plus) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-05-14] CHR Extension: (Google Search) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-14] CHR Extension: (Postman - REST Client) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm [2013-11-29] CHR Extension: (Cut the Rope) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2012-08-06] CHR Extension: (Bookmark Manager) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-05] CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2012-12-06] CHR Extension: (Bitly Unleash the power of the link) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2012-05-14] CHR Extension: (Isoball 3) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj [2012-08-26] CHR Extension: (Google Analytics Debugger) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkmfdileelhofjcijamephohjechhna [2012-12-06] CHR Extension: (Cargo Bridge) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2012-08-06] CHR Extension: (Siege Hero – Viking Vengeance) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfomhlbnciicmciejodphlggfbmhbbbo [2012-08-26] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20] CHR Extension: (Twitter) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddagfjihimnacaabfnfagjcokfmnekc [2012-06-01] CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2014-11-28] CHR Extension: (Lagoonia) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjcaihkcddgdgaghmnmfpkkfilombbm [2012-08-26] CHR Extension: (Google Wallet) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (SEO for Chrome) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2012-12-06] CHR Extension: (Gmail) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-14] CHR Extension: (Wolf Toss) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjlncddmdljpioccbmempchonhlifakc [2012-08-26] CHR Extension: (Spot The Differences!) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pniinickecbjegedmgagmgikbolfgaij [2012-08-26] CHR Profile: C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Google Drive) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-10] CHR Extension: (YouTube) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-10] CHR Extension: (Google Search) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-10] CHR Extension: (Window Resizer) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2013-01-08] CHR Extension: (Gmail) - C:\Users\Ivo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-10] CHR HKU\S-1-5-21-466484426-2456408593-1200989562-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Ivo\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found] CHR HKU\S-1-5-21-466484426-2456408593-1200989562-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.FOZQT3I2HPCX4ZMFW2BXJZXXGM - C:\Users\Ivo\AppData\Local\Google\Chrome\Application\chrome.exe Opera: ======= OPR Extension: (The Weather) - C:\Users\Ivo\AppData\Roaming\Opera Software\Opera Stable\Extensions\lnejmennopimdkhecilfhkmmjolebocd [2013-09-27] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [128640 2012-06-28] (Atheros Commnucations) [File not signed] S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-05-12] (Creative Labs) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-05-12] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed] R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation) S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1744952 2015-05-16] (GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6507576 2015-05-16] (GOG.com) R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MGE Service module; C:\Program Files (x86)\MGE\PersonalSolutionPac\RunSC.exe [126976 2007-04-25] () [File not signed] R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [494592 2015-04-17] (Sony Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [792016 2015-02-09] (Tunngle.net GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [45824 2009-12-16] (Advanced Card Systems Ltd.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] () S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [173952 2010-01-25] (HID Global Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-14] (DT Soft Ltd) S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-06] (Intel(R) Corporation) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2012-04-12] (Oracle Corporation) S3 atillk64; \??\C:\Program Files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys [X] S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X] S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X] S3 GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\atBIOS\GPCIDrv64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-18 16:35 - 2015-05-18 16:35 - 00042833 _____ () C:\Users\Ivo\Desktop\FRST.txt 2015-05-18 16:35 - 2015-05-18 16:35 - 00000000 ____D () C:\FRST 2015-05-18 16:34 - 2015-05-18 16:34 - 02107392 _____ (Farbar) C:\Users\Ivo\Desktop\FRST64.exe 2015-05-18 16:26 - 2015-05-18 16:26 - 00000000 ___RD () C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-05-18 16:23 - 2015-05-18 16:23 - 00001208 _____ () C:\Users\Ivo\Desktop\scanresults.txt 2015-05-18 12:43 - 2015-05-18 16:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-05-18 12:43 - 2015-05-18 12:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-18 12:43 - 2015-05-18 12:43 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-05-18 12:43 - 2015-05-18 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-05-18 12:43 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-05-18 12:43 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-05-18 12:43 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-05-18 12:42 - 2015-05-18 12:42 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ivo\Desktop\mbam-setup-2.1.6.1022.exe 2015-05-16 19:47 - 2015-05-16 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2015-05-16 19:47 - 2015-05-16 19:47 - 00000000 ____D () C:\Program Files (x86)\Windows Kits 2015-05-16 19:35 - 2014-08-26 17:16 - 00746496 _____ () C:\Windows\SysWOW64\SyncBackSE.dll 2015-05-16 18:03 - 2015-05-16 18:03 - 00000000 ____D () C:\Users\Ivo\Documents\Hitman Blood Money 2015-05-16 17:38 - 2015-05-16 17:38 - 00000000 ____D () C:\Users\Ivo\Documents\Codemasters 2015-05-16 17:35 - 2015-05-16 17:35 - 00000762 _____ () C:\Users\Public\Desktop\Race Driver GRID.lnk 2015-05-16 11:30 - 2015-05-16 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Restore 2015-05-16 11:30 - 2015-05-16 11:30 - 00000000 ____D () C:\Program Files\Desktop Restore 2015-05-16 11:19 - 2015-05-16 11:22 - 00000000 ____D () C:\Users\Ivo\Desktop\stuff 2015-05-16 11:09 - 2015-05-16 11:21 - 00000000 ____D () C:\Users\Ivo\Desktop\ToDo 2015-05-15 12:01 - 2015-05-16 19:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-13 16:51 - 2015-05-01 16:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 16:51 - 2015-05-01 16:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 16:51 - 2015-04-22 05:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 16:51 - 2015-04-22 04:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 16:51 - 2015-04-21 20:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 16:51 - 2015-04-21 19:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 16:51 - 2015-04-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 16:51 - 2015-04-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 16:51 - 2015-04-21 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 16:51 - 2015-04-21 19:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 16:51 - 2015-04-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 16:51 - 2015-04-21 19:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 16:51 - 2015-04-21 19:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-13 16:51 - 2015-04-21 19:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-13 16:51 - 2015-04-21 19:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-13 16:51 - 2015-04-21 19:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 16:51 - 2015-04-21 19:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-13 16:51 - 2015-04-21 18:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 16:51 - 2015-04-21 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-13 16:51 - 2015-04-21 18:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 16:51 - 2015-04-21 18:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 16:51 - 2015-04-21 18:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 16:51 - 2015-04-21 18:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 16:51 - 2015-04-21 18:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 16:51 - 2015-04-21 17:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 16:51 - 2015-04-21 17:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-13 16:50 - 2015-05-05 04:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 16:50 - 2015-05-05 04:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 16:50 - 2015-04-27 22:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 16:50 - 2015-04-27 22:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-13 16:50 - 2015-04-27 22:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-13 16:50 - 2015-04-27 22:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-13 16:50 - 2015-04-27 22:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-13 16:50 - 2015-04-27 22:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-13 16:50 - 2015-04-27 22:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-13 16:50 - 2015-04-27 22:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-13 16:50 - 2015-04-27 22:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-13 16:50 - 2015-04-27 22:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-13 16:50 - 2015-04-27 22:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-13 16:50 - 2015-04-27 22:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-13 16:50 - 2015-04-27 22:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-13 16:50 - 2015-04-27 22:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-13 16:50 - 2015-04-27 22:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-13 16:50 - 2015-04-27 22:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-13 16:50 - 2015-04-27 22:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 22:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-13 16:50 - 2015-04-27 22:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-13 16:50 - 2015-04-27 22:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-13 16:50 - 2015-04-27 22:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-13 16:50 - 2015-04-27 22:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-13 16:50 - 2015-04-27 22:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-13 16:50 - 2015-04-27 22:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-13 16:50 - 2015-04-27 22:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-13 16:50 - 2015-04-27 22:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-13 16:50 - 2015-04-27 22:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-13 16:50 - 2015-04-27 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-13 16:50 - 2015-04-27 22:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-13 16:50 - 2015-04-27 22:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-13 16:50 - 2015-04-27 22:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-13 16:50 - 2015-04-27 22:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-13 16:50 - 2015-04-27 22:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-13 16:50 - 2015-04-27 22:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-13 16:50 - 2015-04-27 22:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-13 16:50 - 2015-04-27 22:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-13 16:50 - 2015-04-27 22:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-13 16:50 - 2015-04-27 22:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-13 16:50 - 2015-04-27 22:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-13 16:50 - 2015-04-27 22:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-13 16:50 - 2015-04-27 22:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-13 16:50 - 2015-04-27 22:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-13 16:50 - 2015-04-27 22:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-13 16:50 - 2015-04-27 22:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-13 16:50 - 2015-04-27 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 21:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-13 16:50 - 2015-04-27 20:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-13 16:50 - 2015-04-27 20:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-13 16:50 - 2015-04-27 20:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 20:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 20:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-13 16:50 - 2015-04-27 20:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-13 16:50 - 2015-04-21 20:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 16:50 - 2015-04-21 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 16:50 - 2015-04-21 19:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 16:50 - 2015-04-21 19:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 16:50 - 2015-04-21 19:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 16:50 - 2015-04-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 16:50 - 2015-04-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 16:50 - 2015-04-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 16:50 - 2015-04-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 16:50 - 2015-04-21 19:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 16:50 - 2015-04-21 19:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 16:50 - 2015-04-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 16:50 - 2015-04-21 19:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 16:50 - 2015-04-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 16:50 - 2015-04-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 16:50 - 2015-04-21 19:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 16:50 - 2015-04-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 16:50 - 2015-04-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 16:50 - 2015-04-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 16:50 - 2015-04-21 19:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 16:50 - 2015-04-21 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 16:50 - 2015-04-21 18:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 16:50 - 2015-04-21 18:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 16:50 - 2015-04-21 18:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-13 16:50 - 2015-04-21 18:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 16:50 - 2015-04-21 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 16:50 - 2015-04-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 16:50 - 2015-04-21 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 16:50 - 2015-04-21 18:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 16:50 - 2015-04-21 18:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-13 16:50 - 2015-04-21 18:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 16:50 - 2015-04-21 18:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 16:50 - 2015-04-21 18:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-13 16:50 - 2015-04-21 18:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 16:50 - 2015-04-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 16:50 - 2015-04-21 18:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 16:50 - 2015-04-20 06:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 16:50 - 2015-04-20 06:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 16:50 - 2015-04-20 05:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 16:50 - 2015-04-20 05:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 16:50 - 2015-04-18 06:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 16:50 - 2015-04-18 05:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 16:50 - 2015-04-13 06:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 16:50 - 2015-04-08 06:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 16:50 - 2015-04-08 06:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-13 16:50 - 2015-02-18 10:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-13 16:50 - 2015-02-18 10:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 16:50 - 2015-01-29 06:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 16:50 - 2015-01-29 06:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-13 16:49 - 2015-03-04 07:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 16:49 - 2015-03-04 07:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 16:49 - 2015-03-04 07:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 16:49 - 2015-03-04 07:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 16:49 - 2015-03-04 07:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-13 16:49 - 2015-03-04 07:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-13 16:49 - 2015-03-04 07:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-05 17:20 - 2015-05-05 17:20 - 00000637 _____ () C:\Users\Ivo\Desktop\Call of Duty Multiplayer.lnk 2015-05-05 17:20 - 2015-05-05 17:20 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty 2015-05-05 17:17 - 2015-05-05 17:20 - 00000733 _____ () C:\Windows\CoD.INI 2015-05-03 12:20 - 2015-05-03 12:20 - 00737280 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe 2015-05-03 12:20 - 2015-05-03 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BFVCC Server Manager 2015-05-03 12:20 - 2015-05-03 12:20 - 00000000 ____D () C:\Program Files (x86)\BFVCC Server Manager 2015-05-01 00:06 - 2015-05-01 00:06 - 00001055 _____ () C:\Users\Public\Desktop\GOG Galaxy.lnk 2015-05-01 00:06 - 2015-05-01 00:06 - 00000000 ____D () C:\ProgramData\GOG.com 2015-04-28 22:55 - 2015-04-28 22:55 - 00001209 _____ () C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk 2015-04-28 22:55 - 2015-04-28 22:55 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\GRETECH 2015-04-28 22:55 - 2015-04-28 22:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player 2015-04-28 22:55 - 2015-04-28 22:55 - 00000000 ____D () C:\ProgramData\GRETECH 2015-04-28 22:55 - 2015-04-28 22:55 - 00000000 ____D () C:\Program Files (x86)\GRETECH 2015-04-28 00:13 - 2015-04-27 23:27 - 64438020 _____ () C:\Users\Ivo\Documents\сватба.MOV 2015-04-21 11:42 - 2015-04-21 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm 2015-04-21 11:40 - 2015-05-13 17:00 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-04-21 11:40 - 2015-05-13 17:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2015-04-21 10:09 - 2015-05-13 17:00 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-04-19 20:31 - 2015-04-19 20:25 - 264873812 _____ () C:\Users\Ivo\Documents\луди.MOV ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-18 16:34 - 2013-10-13 19:14 - 00692084 _____ () C:\Windows\system32\perfh007.dat 2015-05-18 16:34 - 2013-10-13 19:14 - 00149996 _____ () C:\Windows\system32\perfc007.dat 2015-05-18 16:34 - 2012-05-13 17:09 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\uTorrent 2015-05-18 16:34 - 2009-07-14 08:13 - 01628736 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-18 16:31 - 2009-07-14 07:45 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-18 16:31 - 2009-07-14 07:45 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-18 16:27 - 2012-05-12 20:14 - 01096472 _____ () C:\Windows\WindowsUpdate.log 2015-05-18 16:26 - 2012-05-15 13:16 - 00000000 ____D () C:\Users\Ivo\AppData\Local\CrashDumps 2015-05-18 16:25 - 2013-03-25 23:09 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-18 16:25 - 2012-07-12 12:36 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-05-18 16:25 - 2012-05-12 22:39 - 00322668 _____ () C:\Windows\PFRO.log 2015-05-18 16:25 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-18 16:25 - 2009-07-14 07:51 - 00139878 _____ () C:\Windows\setupact.log 2015-05-18 16:00 - 2013-03-25 23:09 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-18 15:55 - 2012-05-12 23:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-18 15:46 - 2012-05-14 23:25 - 00001000 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-466484426-2456408593-1200989562-1000UA.job 2015-05-18 12:46 - 2012-05-14 23:25 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-466484426-2456408593-1200989562-1000Core.job 2015-05-18 12:41 - 2012-05-14 23:25 - 00003966 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-466484426-2456408593-1200989562-1000UA 2015-05-18 12:41 - 2012-05-14 23:25 - 00003570 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-466484426-2456408593-1200989562-1000Core 2015-05-18 12:08 - 2012-05-13 00:13 - 00000000 ____D () C:\Users\Ivo\AppData\Local\Last.fm 2015-05-18 11:53 - 2014-08-21 10:57 - 00000000 ____D () C:\Users\Ivo\AppData\Local\Adobe 2015-05-18 00:20 - 2012-05-12 23:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-18 00:19 - 2012-05-12 23:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-18 00:19 - 2012-05-12 23:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-18 00:17 - 2015-04-03 20:34 - 00000000 ____D () C:\ProgramData\Tunngle 2015-05-18 00:17 - 2012-09-23 22:26 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\Tunngle 2015-05-18 00:17 - 2012-05-12 23:48 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\Skype 2015-05-17 12:59 - 2012-05-17 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft 2015-05-17 12:59 - 2012-05-12 20:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-05-17 12:42 - 2012-05-17 12:31 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-05-17 11:55 - 2013-03-25 23:09 - 00003994 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-17 11:55 - 2013-03-25 23:09 - 00003742 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-16 20:18 - 2012-05-14 11:30 - 00662204 _____ () C:\Windows\DirectX.log 2015-05-16 20:03 - 2012-05-13 15:12 - 00007656 _____ () C:\Users\Ivo\AppData\Local\Resmon.ResmonCfg 2015-05-16 19:58 - 2012-05-12 22:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-16 19:47 - 2013-03-04 23:11 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-16 19:47 - 2009-07-14 08:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-05-16 17:38 - 2012-06-30 12:07 - 00000000 ____D () C:\ProgramData\Codemasters 2015-05-16 17:36 - 2009-07-14 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-05-16 17:35 - 2012-06-08 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2015-05-16 13:04 - 2012-05-18 12:52 - 00000000 ____D () C:\Users\Ivo\Documents\My Games 2015-05-16 11:15 - 2015-02-14 14:22 - 00000000 ____D () C:\Users\Ivo\Documents\Nexus Mod Manager 2015-05-16 11:15 - 2015-02-14 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager 2015-05-16 11:15 - 2015-02-14 14:22 - 00000000 ____D () C:\Program Files\Nexus Mod Manager 2015-05-16 11:15 - 2014-10-25 12:36 - 00000000 ____D () C:\Users\Ivo\AppData\Local\Skyrim 2015-05-15 16:41 - 2015-04-14 10:00 - 00000080 _____ () C:\Users\Ivo\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 2015-05-15 12:54 - 2012-05-14 16:13 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\FileZilla 2015-05-14 22:16 - 2014-10-12 14:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-14 14:01 - 2012-05-14 13:25 - 00000390 _____ () C:\Windows\Tasks\InfoNotary Configurator for Mozilla Updates.job 2015-05-14 12:04 - 2012-05-12 23:48 - 00000000 ____D () C:\ProgramData\Skype 2015-05-13 22:24 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache 2015-05-13 17:26 - 2009-07-14 07:45 - 04907248 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-13 17:25 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-13 17:00 - 2012-05-14 13:08 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-13 17:00 - 2012-05-12 22:39 - 00002155 _____ () C:\Windows\epplauncher.mif 2015-05-13 16:59 - 2013-07-11 12:09 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 16:52 - 2012-05-13 15:29 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-12 11:23 - 2012-05-14 13:25 - 00000386 _____ () C:\Windows\Tasks\Update InfoNotary e-Doc Signer.job 2015-05-12 11:23 - 2012-05-14 13:24 - 00000354 _____ () C:\Windows\Tasks\InfoNotary Smart Card Manager Updates.job 2015-05-05 17:20 - 2014-09-05 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty 2015-05-03 12:20 - 2012-10-04 11:40 - 00000758 _____ () C:\Windows\eReg.dat 2015-05-03 12:18 - 2012-05-24 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2015-05-02 11:14 - 2009-07-14 08:08 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-01 00:06 - 2014-10-21 18:26 - 00000000 ____D () C:\Program Files (x86)\GalaxyClient 2015-04-30 14:05 - 2012-05-14 13:22 - 00000406 _____ () C:\Windows\Tasks\InfoNotary updater.job 2015-04-29 12:43 - 2012-05-14 13:25 - 00003092 _____ () C:\Windows\System32\Tasks\InfoNotary Configurator for Mozilla Updates 2015-04-29 12:43 - 2012-05-14 13:22 - 00003116 _____ () C:\Windows\System32\Tasks\InfoNotary updater 2015-04-29 12:43 - 2012-05-14 13:22 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\InfoNotary 2015-04-29 12:43 - 2012-05-14 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfoNotary 2015-04-29 12:43 - 2012-05-14 13:22 - 00000000 ____D () C:\Program Files (x86)\InfoNotary 2015-04-29 10:54 - 2012-05-12 22:17 - 00000000 ____D () C:\Users\Ivo\AppData\Roaming\Atheros 2015-04-28 22:38 - 2012-05-12 22:17 - 00000000 ____D () C:\Users\Ivo\Documents\Bluetooth Folder 2015-04-28 16:22 - 2014-12-26 12:14 - 00003820 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1380308315 2015-04-28 16:22 - 2013-09-27 01:27 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-04-28 16:01 - 2014-12-25 12:08 - 00001962 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk 2015-04-28 16:01 - 2014-12-25 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home 2015-04-28 16:00 - 2013-12-26 00:14 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation 2015-04-28 16:00 - 2013-12-26 00:12 - 00000000 ____D () C:\Program Files\Common Files\Sony Shared 2015-04-21 11:42 - 2012-05-13 00:13 - 00000000 ____D () C:\Program Files (x86)\Last.fm 2015-04-20 16:33 - 2012-05-15 01:09 - 00000600 _____ () C:\Users\Ivo\AppData\Local\PUTTY.RND ==================== Files in the root of some directories ======= 2012-09-21 14:15 - 2012-09-21 14:15 - 0000132 _____ () C:\Users\Ivo\AppData\Roaming\Adobe PNG Format CS5 Prefs 2012-05-12 23:40 - 2014-01-12 14:20 - 0000415 _____ () C:\Users\Ivo\AppData\Roaming\All CPU Meter_Settings.ini 2012-05-12 23:39 - 2014-02-05 21:12 - 0001527 _____ () C:\Users\Ivo\AppData\Roaming\Network Meter_Settings.ini 2012-08-31 17:20 - 2015-04-02 16:13 - 0001456 _____ () C:\Users\Ivo\AppData\Local\Adobe Save for Web 12.0 Prefs 2012-11-22 17:44 - 2013-09-10 14:40 - 0130123 _____ () C:\Users\Ivo\AppData\Local\ars.cache 2012-11-22 17:44 - 2013-09-10 14:40 - 1008153 _____ () C:\Users\Ivo\AppData\Local\census.cache 2012-06-28 12:07 - 2015-01-04 14:45 - 0008704 _____ () C:\Users\Ivo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-06-26 10:11 - 2015-01-31 19:21 - 0586752 _____ () C:\Users\Ivo\AppData\Local\file__0.localstorage 2012-11-22 17:38 - 2012-11-22 17:38 - 0000036 _____ () C:\Users\Ivo\AppData\Local\housecall.guid.cache 2013-01-08 12:34 - 2013-01-08 12:34 - 0004096 ____H () C:\Users\Ivo\AppData\Local\keyfile3.drm 2012-05-15 01:09 - 2015-04-20 16:33 - 0000600 _____ () C:\Users\Ivo\AppData\Local\PUTTY.RND 2012-05-13 15:12 - 2015-05-16 20:03 - 0007656 _____ () C:\Users\Ivo\AppData\Local\Resmon.ResmonCfg 2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\Ivo\AppData\Local\setup.txt 2015-04-02 15:31 - 2015-04-02 15:31 - 0000114 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc Some content of TEMP: ==================== C:\Users\Ivo\AppData\Local\Temp\AutoRun.exe C:\Users\Ivo\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Ivo\AppData\Local\Temp\drm_dialogs.dll C:\Users\Ivo\AppData\Local\Temp\drm_dyndata_7400008.dll C:\Users\Ivo\AppData\Local\Temp\ExPromo.exe C:\Users\Ivo\AppData\Local\Temp\First15.exe C:\Users\Ivo\AppData\Local\Temp\i4jdel0.exe C:\Users\Ivo\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\Ivo\AppData\Local\Temp\Nexus Mod Manager-0.54.10.exe C:\Users\Ivo\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Ivo\AppData\Local\Temp\nvStInst.exe C:\Users\Ivo\AppData\Local\Temp\ose00000.exe C:\Users\Ivo\AppData\Local\Temp\VP6Install.exe C:\Users\Ivo\AppData\Local\Temp\VP6VFW.dll C:\Users\Ivo\AppData\Local\Temp\_is18FC.exe C:\Users\Ivo\AppData\Local\Temp\_is2B34.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-15 13:12 ==================== End Of Log ============================ Addition.txt malwarebytes_scan.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.