Премини към съдържанието

lannister

Потребител
  • Публикации

    175
  • Регистрация

  • Последно онлайн

Харесвания

24 Добра репутация

1 Последовател

Всичко за lannister

  • Титла
    Почетен потребител

Информация

  • Пол
    Мъж
  1. Здравейте колеи,наскоро един приятел ми подари няколко плочки РАМ(ДДР3) които да пробвам,дали ще станат на моя компютър,но уви,само една от тях работи.Имам една моя си 4 гб плочка,мога ли да ги ползвам в тандем за да работят в Двуканален режим?
  2. А за Н400 какво ще кажете?Излиза по-евтино поради факта,че не трябва да купувам Вентилатор,и до колкото виждам може да побере Охладителя.Също мисля да променя местоположението на компютъра,надявайки се това да помогне. Мерси предварително и също така се извинявам за това колко досаден и невеж съм .
  3. Да,аз също се чудя и си блъскам главата много над този въпрос и се дразня. Това е така,но аз по принцип съм доста бос в тези среди,първо,че няма да мога да локализирам проблема,и второ,че дори и да го локализирам няма да мога да го размонтирам,че да го пратя. Точно заради това искам всичко да е от Никем,но като гледам не вярвам,че ще стане. PP:Мислех си за нещо такова: Thermaltake Commander MS-III USB3.0 VO100A1W2N CM HYPER 212 EVO CM 120MM CASE FAN/ SLEEVE Обща стойност - 166.34 лв. с ДДС Какво ще кажете? Това също е опция,стига да не е много назад от 212ката
  4. С някаква гадна кутия Делукс (Мг-416 мисля,че беше) и стоков охладител.И ако е възможно всичко да е от Никем,защото не искам да пискам като им го пращам за поправка(Колко изисквания станаха...).
  5. Здравейте Колеги,тъй като лятната жега идва и не мога да геймя заради температурите (при натоварване от 20% ФХ-6300 ми дига 60 градуса...) Единственото ми желание е кутията да има кейбъл мениджмент,също желая и куулъра за процесора да е 212 ево. Както вече казах крайния бюджет е 150 лв(до 10 отгоре,криза е за учениците хаха). Мерси предварително. Пп:Прозорец на кутията е желателен,но не е задължителен.
  6. Заглавието казва всичко.Не мога да ги открия никъде.Открих някакви от Driverscape.com но не мога да ги инсталирам (няма ехе файл).
  7. ComboFix 15-03-14.03 - Karim 03/20/2015 16:28:31.2.6 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4079.2759 [GMT 2:00] Running from: c:\users\Karim\Desktop\ComboFix.exe Command switches used :: c:\users\Karim\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\webTinstMKTN.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_hycetuje -------\Service_hyjigyby -------\Service_kezotoby -------\Service_silykubo -------\Service_wygovexo . . ((((((((((((((((((((((((( Files Created from 2015-02-20 to 2015-03-20 ))))))))))))))))))))))))))))))) . . 2015-03-20 14:36 . 2015-03-20 14:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-03-19 13:46 . 2015-03-16 15:21 295808 ----a-w- c:\windows\SysWow64\BDL.dll 2015-03-19 13:33 . 2015-03-19 14:33 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-03-19 13:33 . 2015-03-19 13:33 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2015-03-19 13:33 . 2015-03-19 13:33 -------- d-----w- c:\programdata\Malwarebytes 2015-03-19 13:33 . 2014-11-21 04:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-03-19 13:33 . 2014-11-21 04:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-03-19 13:33 . 2014-11-21 04:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-03-18 17:56 . 2015-03-18 17:56 -------- d-----w- c:\users\Karim\AppData\Roaming\The Creative Assembly 2015-03-17 09:42 . 2015-03-19 13:53 -------- d-----w- C:\AdwCleaner 2015-03-14 13:58 . 2015-03-14 13:58 -------- d-----w- c:\users\Karim\AppData\Local\calibre-cache 2015-03-14 13:56 . 2015-03-14 13:58 -------- d-----w- c:\users\Karim\AppData\Roaming\calibre 2015-03-14 13:56 . 2015-03-14 13:56 -------- d-----w- c:\program files\Calibre2 2015-03-11 18:44 . 2015-03-11 18:44 -------- d-----w- c:\programdata\atjs 2015-02-21 07:20 . 2015-02-21 07:20 -------- d-----w- c:\users\Karim\AppData\Local\Steam 2015-02-18 17:16 . 2015-02-18 17:17 -------- d-----w- C:\WheelOfTime . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-02-05 17:02 . 2014-03-08 12:51 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-02-05 17:02 . 2014-03-08 12:51 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\programdata\atjs ---- . 2015-03-11 18:44 . 2015-03-19 13:33 48 ----a-w- c:\programdata\atjs\atjs.dat . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 152544 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 152544 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 152544 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-02-18 2874048] "Spotify Web Helper"="c:\users\Karim\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-03-20 1964088] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200] "Viber"="c:\users\Karim\AppData\Local\Viber\Viber.exe" [2014-09-02 936656] "Spotify"="c:\users\Karim\AppData\Roaming\Spotify\Spotify.exe" [2015-03-20 6701624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Syncios device service"="c:\program files (x86)\Syncios\SynciosDeviceService.exe" [2014-05-14 736768] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-30 507776] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200] . c:\users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Karim\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-3-5 42560368] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140606.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [x] R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\ccSetx64.sys [x] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\Ironx64.SYS [x] R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x] R3 GPU-Z;GPU-Z;c:\users\Karim\AppData\Local\Temp\GPU-Z.sys;c:\users\Karim\AppData\Local\Temp\GPU-Z.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMEFA64.SYS [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140611.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140611.001\IDSvia64.sys [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1405000.01C\SYMNETS.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 Mobiola Wave Service;Mobiola Wave Service;c:\program files (x86)\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe;c:\program files (x86)\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys;c:\windows\SYSNATIVE\drivers\mobiolawave.sys [x] S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\DRIVERS\mobiolavs.sys;c:\windows\SYSNATIVE\DRIVERS\mobiolavs.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-03-12 18:30 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-08 17:02] . 2015-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23 17:56] . 2015-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23 17:56] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com mDefault_Search_URL = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com TCP: DhcpNameServer = 217.9.239.90 192.168.1.254 FF - ProfilePath - c:\users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\0h02st8j.default-1426705279436\ . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Hard Disk Sentinel\HDSentinel.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\users\Karim\AppData\Roaming\Dropbox\bin\Dropbox.exe c:\users\Karim\AppData\Roaming\Spotify\SpotifyCrashService.exe c:\program files (x86)\Steam\bin\steamwebhelper.exe c:\program files (x86)\Common Files\Steam\SteamService.exe c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Completion time: 2015-03-20 16:51:28 - machine was rebooted ComboFix-quarantined-files.txt 2015-03-20 14:51 ComboFix2.txt 2015-03-20 09:15 . Pre-Run: 48,335,806,464 bytes free Post-Run: 47,875,592,192 bytes free . - - End Of File - - B36A3BFE54BDDEFF292D25AB142574A4 A36C5E4F47E84449FF07ED3517B43A31
  8. ComboFix 15-03-14.03 - Karim 03/20/2015 10:51:23.1.6 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4079.2874 [GMT 2:00] Running from: c:\users\Karim\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\2K Games\6738ddf7-17a9-41e9-a087-c6023826c667.dll c:\program files (x86)\Adobe\2aa7591c-4c36-4241-959e-365c2f159548.dll c:\programdata\ntuser.pol c:\users\Karim\AppData\Roaming\03000200-1426705280-0500-0006-000700080009 c:\users\Karim\AppData\Roaming\03000200-1426705280-0500-0006-000700080009\Uninstall.exe c:\users\Karim\AppData\Roaming\03000200-1426705280-0500-0006-000700080009\vnsw4C9D.tmp c:\windows\msdownld.tmp . . ((((((((((((((((((((((((( Files Created from 2015-02-20 to 2015-03-20 ))))))))))))))))))))))))))))))) . . 2015-03-19 13:47 . 2015-03-19 13:47 50800 ----a-w- c:\windows\system32\drivers\webTinstMKTN.sys 2015-03-19 13:46 . 2015-03-16 15:21 295808 ----a-w- c:\windows\SysWow64\BDL.dll 2015-03-19 13:33 . 2015-03-19 14:33 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-03-19 13:33 . 2015-03-19 13:33 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2015-03-19 13:33 . 2015-03-19 13:33 -------- d-----w- c:\programdata\Malwarebytes 2015-03-19 13:33 . 2014-11-21 04:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-03-19 13:33 . 2014-11-21 04:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-03-19 13:33 . 2014-11-21 04:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-03-18 17:56 . 2015-03-18 17:56 -------- d-----w- c:\users\Karim\AppData\Roaming\The Creative Assembly 2015-03-17 09:42 . 2015-03-19 13:53 -------- d-----w- C:\AdwCleaner 2015-03-14 13:58 . 2015-03-14 13:58 -------- d-----w- c:\users\Karim\AppData\Local\calibre-cache 2015-03-14 13:56 . 2015-03-14 13:58 -------- d-----w- c:\users\Karim\AppData\Roaming\calibre 2015-03-14 13:56 . 2015-03-14 13:56 -------- d-----w- c:\program files\Calibre2 2015-03-11 18:44 . 2015-03-11 18:44 -------- d-----w- c:\programdata\atjs 2015-02-21 07:20 . 2015-02-21 07:20 -------- d-----w- c:\users\Karim\AppData\Local\Steam 2015-02-18 17:16 . 2015-02-18 17:17 -------- d-----w- C:\WheelOfTime . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-02-05 17:02 . 2014-03-08 12:51 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-02-05 17:02 . 2014-03-08 12:51 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 152544 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 152544 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-02-11 01:12 152544 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-02-18 2874048] "Spotify Web Helper"="c:\users\Karim\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-03-20 1964088] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200] "Viber"="c:\users\Karim\AppData\Local\Viber\Viber.exe" [2014-09-02 936656] "Spotify"="c:\users\Karim\AppData\Roaming\Spotify\Spotify.exe" [2015-03-20 6701624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Syncios device service"="c:\program files (x86)\Syncios\SynciosDeviceService.exe" [2014-05-14 736768] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-30 507776] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200] . c:\users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Karim\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-3-5 42560368] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140606.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [x] R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\ccSetx64.sys [x] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\Ironx64.SYS [x] R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 hycetuje;Portal Ctrl;c:\users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\jnsb9838.tmp;c:\users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\jnsb9838.tmp [x] R2 hyjigyby;Email Receipt;c:\users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009\cnsi47FC.tmp;c:\users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009\cnsi47FC.tmp [x] R2 kezotoby;Single Quotes Photocopier;c:\users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009\insrD848.tmp;c:\users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009\insrD848.tmp [x] R2 silykubo;Post Text;c:\users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009\snsc820C.tmp;c:\users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009\snsc820C.tmp [x] R2 wygovexo;NOT Numerical Order;c:\users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\nsz7EEA.tmp;c:\users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\nsz7EEA.tmp [x] R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x] R3 GPU-Z;GPU-Z;c:\users\Karim\AppData\Local\Temp\GPU-Z.sys;c:\users\Karim\AppData\Local\Temp\GPU-Z.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x] R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\SYMEFA64.SYS [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140611.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140611.001\IDSvia64.sys [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1405000.01C\SYMNETS.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 Mobiola Wave Service;Mobiola Wave Service;c:\program files (x86)\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe;c:\program files (x86)\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [x] S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 MOBIOLA_Wave;Mobiola Wave Audio Device (WDM);c:\windows\system32\drivers\mobiolawave.sys;c:\windows\SYSNATIVE\drivers\mobiolawave.sys [x] S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\DRIVERS\mobiolavs.sys;c:\windows\SYSNATIVE\DRIVERS\mobiolavs.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-03-12 18:30 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-08 17:02] . 2015-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23 17:56] . 2015-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23 17:56] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com mDefault_Search_URL = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com TCP: DhcpNameServer = 217.9.239.90 192.168.1.254 FF - ProfilePath - c:\users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\0h02st8j.default-1426705279436\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-mca64Launcher 1.8.9.99 - c:\users\Karim\Desktop\mca64Launcher 1.8.9.99\mca64Launcher.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.5.0.28\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hycetuje] "ImagePath"="c:\users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\jnsb9838.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hyjigyby] "ImagePath"="c:\users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009\cnsi47FC.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\kezotoby] "ImagePath"="c:\users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009\insrD848.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\silykubo] "ImagePath"="c:\users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009\snsc820C.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wygovexo] "ImagePath"="c:\users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\nsz7EEA.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Hard Disk Sentinel\HDSentinel.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\users\Karim\AppData\Roaming\Dropbox\bin\Dropbox.exe c:\users\Karim\AppData\Roaming\Spotify\SpotifyCrashService.exe c:\program files (x86)\Steam\bin\steamwebhelper.exe c:\program files (x86)\Common Files\Steam\SteamService.exe c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe c:\program files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe . ************************************************************************** . Completion time: 2015-03-20 11:14:53 - machine was rebooted ComboFix-quarantined-files.txt 2015-03-20 09:14 . Pre-Run: 48,485,220,352 bytes free Post-Run: 48,273,580,032 bytes free . - - End Of File - - 46E6D6FCF63A053B7932EAD5B876A5C8 A36C5E4F47E84449FF07ED3517B43A31
  9. ﻡ؛؟Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Karim at 2015-03-19 18:40:38 Run:1 Running from C:\Users\Karim\Desktop\FRST Loaded Profiles: Karim (Available profiles: Karim) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CreateRestorePoint: CloseProcesses: C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\jnsb9838.tmp C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009\cnsi47FC.tmp C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009\insrD848.tmp C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\nscB3A9.tmp C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009\snsc820C.tmp HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\MountPoints2: D - D:\setup.exe HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\MountPoints2: {edac0b0c-a778-11e3-b55d-bc5ff4ea1fd6} - D:\Setup.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppppppp HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppppppp HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppppppp HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppppppp HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppppppp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKU\S-1-5-21-2626116539-3406074552-2945403318-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File CHR HomePage: Default -> ?type=hppppppp CHR StartupUrls: Default -> "?type=hppppppp" CHR DefaultSearchKeyword: Default -> mystartsearch CHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=ds&ts=1426772800&from=cmi&uid=ST500DM002-1BD142_W3T186Q9XXXXW3T186Q9&q={searchTerms} CHR Extension: (cfkohgkpafhkpdcnfadadcibfboapggi) - C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi [2015-03-15] CHR Extension: (No Name) - C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggenplpeibingacbafpkeijppfncdbe [2015-03-19] hycetuje; C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\jnsb9838.tmp C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\jnsb9838.tmp hyjigyby; C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009\cnsi47FC.tmp C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009\cnsi47FC.tmp kezotoby; C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009\insrD848.tmp C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009\insrD848.tmp meseguse; C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\nscB3A9.tmp C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\nscB3A9.tmp silykubo; C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009\snsc820C.tmp C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009\snsc820C.tmp C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009 C:\Program Files (x86)\6738ddf7-17a9-41e9-a087-c6023826c667 C:\Users\Karim\AppData\Roaming\03000200-1426771955-0500-0006-000700080009 C:\Program Files (x86)\2aa7591c-4c36-4241-959e-365c2f159548 C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009 C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009 C:\Windows\System32\Tasks\{A5325DBB-B3E0-489F-B41B-09D4055DCBB0} C:\Users\Karim\AppData\Local\03000200-1426592150-0500-0006-000700080009 C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009 C:\Users\Karim\AppData\Roaming\adJRyzE C:\Users\Karim\AppData\Roaming\9A89wPC C:\Users\Karim\AppData\Roaming\20hv2u9 C:\Windows\System32\Tasks\eNREyvYnh8uaXcm C:\Windows\System32\Tasks\qTAIalyPYxdvCQ5 C:\Windows\System32\Tasks\iMbgUjgKK6U1bpz C:\Users\Karim\AppData\Local\Temp\4FC60DFD-82B2-1E36-3F94-B632EFCB2F10.exe C:\Users\Karim\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe C:\Users\Karim\AppData\Local\Temp\ConnectPC.exe C:\Users\Karim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoyi8al.dll C:\Users\Karim\AppData\Local\Temp\F4B65721-2380-607A-54A9-406638CAF61A.dll C:\Users\Karim\AppData\Local\Temp\F4B65721-2380-607A-54A9-406638CAF61A.exe C:\Users\Karim\AppData\Local\Temp\Gre9185.exe C:\Users\Karim\AppData\Local\Temp\OnlineBackup.exe C:\Users\Karim\AppData\Local\Temp\passwordfinder.exe C:\Users\Karim\AppData\Local\Temp\Quarantine.exe C:\Users\Karim\AppData\Local\Temp\SearchProtectC_Installer.exe C:\Users\Karim\AppData\Local\Temp\SkypeSetup.exe C:\Users\Karim\AppData\Local\Temp\SpOrder.dll C:\Users\Karim\AppData\Local\Temp\sqlite3.dll C:\Users\Karim\AppData\Local\Temp\Steelcut_Installer.exe C:\Users\Karim\AppData\Local\Temp\WebbionT_Installer.exe C:\Users\Karim\AppData\Local\Temp\ZoomWeb_Installer.exe AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7 CMD: ipconfig /flushdns emptytemp: end ***************** Restore point was successfully created. Processes closed successfully. C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\jnsb9838.tmp => Moved successfully. C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009\cnsi47FC.tmp => Moved successfully. C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009\insrD848.tmp => Moved successfully. "C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\nscB3A9.tmp" => File/Directory not found. C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009\snsc820C.tmp => Moved successfully. "HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => Key deleted successfully. "HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edac0b0c-a778-11e3-b55d-bc5ff4ea1fd6}" => Key deleted successfully. HKCR\CLSID\{edac0b0c-a778-11e3-b55d-bc5ff4ea1fd6} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully. HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. Chrome HomePage deleted successfully. Chrome StartupUrls deleted successfully. Chrome DefaultSearchKeyword deleted successfully. Chrome DefaultSearchURL deleted successfully. C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi => Moved successfully. C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggenplpeibingacbafpkeijppfncdbe directory not found. hycetuje; C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\jnsb9838.tmp => Error: No automatic fix found for this entry. "C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\jnsb9838.tmp" => File/Directory not found. hyjigyby; C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009\cnsi47FC.tmp => Error: No automatic fix found for this entry. "C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009\cnsi47FC.tmp" => File/Directory not found. kezotoby; C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009\insrD848.tmp => Error: No automatic fix found for this entry. "C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009\insrD848.tmp" => File/Directory not found. meseguse; C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\nscB3A9.tmp => Error: No automatic fix found for this entry. "C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\nscB3A9.tmp" => File/Directory not found. silykubo; C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009\snsc820C.tmp => Error: No automatic fix found for this entry. "C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009\snsc820C.tmp" => File/Directory not found. C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009 => Moved successfully. C:\Program Files (x86)\6738ddf7-17a9-41e9-a087-c6023826c667 => Moved successfully. C:\Users\Karim\AppData\Roaming\03000200-1426771955-0500-0006-000700080009 => Moved successfully. C:\Program Files (x86)\2aa7591c-4c36-4241-959e-365c2f159548 => Moved successfully. C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009 => Moved successfully. C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009 => Moved successfully. C:\Windows\System32\Tasks\{A5325DBB-B3E0-489F-B41B-09D4055DCBB0} => Moved successfully. C:\Users\Karim\AppData\Local\03000200-1426592150-0500-0006-000700080009 => Moved successfully. C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009 => Moved successfully. C:\Users\Karim\AppData\Roaming\adJRyzE => Moved successfully. C:\Users\Karim\AppData\Roaming\9A89wPC => Moved successfully. C:\Users\Karim\AppData\Roaming\20hv2u9 => Moved successfully. C:\Windows\System32\Tasks\eNREyvYnh8uaXcm => Moved successfully. C:\Windows\System32\Tasks\qTAIalyPYxdvCQ5 => Moved successfully. C:\Windows\System32\Tasks\iMbgUjgKK6U1bpz => Moved successfully. C:\Users\Karim\AppData\Local\Temp\4FC60DFD-82B2-1E36-3F94-B632EFCB2F10.exe => Moved successfully. C:\Users\Karim\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe => Moved successfully. C:\Users\Karim\AppData\Local\Temp\ConnectPC.exe => Moved successfully. C:\Users\Karim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoyi8al.dll => Moved successfully. C:\Users\Karim\AppData\Local\Temp\F4B65721-2380-607A-54A9-406638CAF61A.dll => Moved successfully. C:\Users\Karim\AppData\Local\Temp\F4B65721-2380-607A-54A9-406638CAF61A.exe => Moved successfully. C:\Users\Karim\AppData\Local\Temp\Gre9185.exe => Moved successfully. C:\Users\Karim\AppData\Local\Temp\OnlineBackup.exe => Moved successfully. C:\Users\Karim\AppData\Local\Temp\passwordfinder.exe => Moved successfully. C:\Users\Karim\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Karim\AppData\Local\Temp\SearchProtectC_Installer.exe => Moved successfully. C:\Users\Karim\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. C:\Users\Karim\AppData\Local\Temp\SpOrder.dll => Moved successfully. C:\Users\Karim\AppData\Local\Temp\sqlite3.dll => Moved successfully. C:\Users\Karim\AppData\Local\Temp\Steelcut_Installer.exe => Moved successfully. C:\Users\Karim\AppData\Local\Temp\WebbionT_Installer.exe => Moved successfully. C:\Users\Karim\AppData\Local\Temp\ZoomWeb_Installer.exe => Moved successfully. C:\ProgramData\TEMP => ":8C35AEA7" ADS removed successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => Removed 700.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 18:41:53 ==== -------------- aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software Run date: 2015-03-19 20:40:04 ----------------------------- 20:40:04.426 OS Version: Windows x64 6.1.7600 20:40:04.426 Number of processors: 6 586 0x200 20:40:04.426 ComputerName: KARIM-PC UserName: Karim 20:40:05.229 Initialize success 20:40:05.325 VM: initialized successfully 20:40:05.327 VM: Amd CPU supported 20:43:44.985 AVAST engine defs: 15031900 20:49:30.386 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 20:49:30.391 Disk 0 Vendor: ST500DM002-1BD142 KC48 Size: 476940MB BusType: 11 20:49:30.509 Disk 0 MBR read successfully 20:49:30.514 Disk 0 MBR scan 20:49:30.521 Disk 0 Windows 7 default MBR code 20:49:30.533 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 20:49:30.555 Disk 0 default boot code 20:49:30.564 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848 20:49:30.592 Disk 0 scanning C:\Windows\system32\drivers 20:49:39.569 File: C:\Windows\system32\drivers\webTinstMKTN.sys **INFECTED** Win32:GenMaliciousA-DLP [Adw] 20:49:39.835 Disk 0 statistics 99551/0/0 @ 9.14 MB/s 20:49:39.850 Scan finished successfully 20:49:55.654 Disk 0 MBR has been saved successfully to "C:\Users\Karim\Desktop\MBR.dat" 20:49:55.659 The log file has been saved successfully to "C:\Users\Karim\Desktop\aswMBR.txt" ------------------------- TDS Killer не откри нищо.
  10. От скоро на компютъра ми се качиха някакви гадни програмки,променящи браузера ми на Itsasurf.Хубаво,махнах ги с adwarecleaner и грешката се оправи,но на другият ден пак.Пак ги махнах и така вече си играя 2-3 дни да ги махам с адуерклийнър. Обаче пак и пак се инсталират,и стават все повече.Преди малко даже ми даде инсталатор,на който опцията "Кенсъл" не можеше да се използва! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Karim (administrator) on KARIM-PC on 19-03-2015 16:01:05 Running from C:\Users\Karim\Downloads Loaded Profiles: Karim (Available profiles: Karim) Platform: Windows 7 Professional (X64) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\jnsb9838.tmp () C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009\cnsi47FC.tmp () C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009\insrD848.tmp () C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\nscB3A9.tmp () C:\Program Files (x86)\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009\snsc820C.tmp (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Spotify Ltd) C:\Users\Karim\AppData\Roaming\Spotify\SpotifyWebHelper.exe () C:\Users\Karim\AppData\Local\Viber\Viber.exe () C:\Program Files (x86)\Syncios\SynciosDeviceService.exe (Dropbox, Inc.) C:\Users\Karim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [736768 2014-05-14] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation) HKLM-x32\...\Run: [mca64Launcher 1.8.9.99] => C:\Users\Karim\Desktop\mca64Launcher 1.8.9.99\mca64Launcher.exe HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd) HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-19] (Valve Corporation) HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\Run: [Spotify Web Helper] => C:\Users\Karim\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-04] (Spotify Ltd) HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\Run: [Viber] => C:\Users\Karim\AppData\Local\Viber\Viber.exe [936656 2014-09-02] () HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\Run: [Spotify] => C:\Users\Karim\AppData\Roaming\Spotify\Spotify.exe [6611512 2015-03-04] (Spotify Ltd) HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\MountPoints2: D - D:\setup.exe HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\MountPoints2: {edac0b0c-a778-11e3-b55d-bc5ff4ea1fd6} - D:\Setup.exe Startup: C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Karim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppppppp HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppppppp HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppppppp HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppppppp HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppppppp HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-10-10] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-10-10] (Oracle Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll [2014-04-29] (Symantec Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll [2014-04-29] (Symantec Corporation) Toolbar: HKU\S-1-5-21-2626116539-3406074552-2945403318-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Winsock: Catalog9 01 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.) Winsock: Catalog9 02 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.) Winsock: Catalog9 03 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.) Winsock: Catalog9 04 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.) Winsock: Catalog9 15 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.) Tcpip\Parameters: [DhcpNameServer] 217.9.239.90 192.168.1.254 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\0h02st8j.default-1426705279436 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-10-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-10-10] (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] () FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2626116539-3406074552-2945403318-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-01-16] (Sony Network Entertainment International LLC) FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn [2014-11-18] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF [2014-05-28] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> ?type=hppppppp CHR StartupUrls: Default -> "?type=hppppppp" CHR DefaultSearchKeyword: Default -> mystartsearch CHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=ds&ts=1426772800&from=cmi&uid=ST500DM002-1BD142_W3T186Q9XXXXW3T186Q9&q={searchTerms} CHR Profile: C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (cfkohgkpafhkpdcnfadadcibfboapggi) - C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi [2015-03-15] CHR Extension: (No Name) - C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggenplpeibingacbafpkeijppfncdbe [2015-03-19] CHR Extension: (WatchClient for Twitter Real Time Twitter Update) - C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\febjffjimfjehaekdkniojehjngaeajf [2014-11-28] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23] CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [Not Found] StartMenuInternet: Google Chrome - Chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-11-12] (EasyAntiCheat Ltd) S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [772608 2014-09-19] (FileZilla Project) [File not signed] R2 hycetuje; C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\jnsb9838.tmp [124416 2015-03-17] () [File not signed] R2 hyjigyby; C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009\cnsi47FC.tmp [95744 2015-03-17] () [File not signed] R2 kezotoby; C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009\insrD848.tmp [103936 2015-03-19] () [File not signed] R2 meseguse; C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\nscB3A9.tmp [125440 2015-03-18] () [File not signed] R2 Mobiola Wave Service; C:\Program Files (x86)\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe [125088 2011-04-11] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-29] () R2 silykubo; C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009\snsc820C.tmp [100352 2015-03-17] () [File not signed] S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-03-09] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140611.001\IDSvia64.sys [525016 2014-05-27] (Symantec Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-19] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140611.032\ENG64.SYS [126040 2014-06-09] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140611.032\EX64.SYS [2099288 2014-06-09] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-05-29] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 GPU-Z; \??\C:\Users\Karim\AppData\Local\Temp\GPU-Z.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 16:00 - 2015-03-19 16:00 - 00000000 ____D () C:\Users\Karim\Downloads\FRST-OlderVersion 2015-03-19 15:54 - 2015-03-19 15:54 - 00000000 ____D () C:\Users\Karim\Desktop\Old Firefox Data 2015-03-19 15:47 - 2015-03-19 15:47 - 00050800 _____ () C:\Windows\system32\Drivers\webTinstMKTN.sys 2015-03-19 15:47 - 2015-03-19 15:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf 2015-03-19 15:46 - 2015-03-19 15:48 - 00008656 _____ () C:\Windows\SysWOW64\BasementDusterOff.ini 2015-03-19 15:46 - 2015-03-19 15:48 - 00008656 _____ () C:\Windows\system32\BasementDusterOff.ini 2015-03-19 15:46 - 2015-03-16 17:21 - 00295808 _____ (BD Inc.) C:\Windows\SysWOW64\BDL.dll 2015-03-19 15:45 - 2015-03-19 15:45 - 00000000 ____D () C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009 2015-03-19 15:33 - 2015-03-19 15:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-19 15:33 - 2015-03-19 15:33 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-03-19 15:33 - 2015-03-19 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-03-19 15:33 - 2015-03-19 15:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-19 15:33 - 2015-03-19 15:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-03-19 15:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-19 15:33 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-19 15:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-19 15:32 - 2015-03-19 15:45 - 00000000 ____D () C:\Program Files (x86)\6738ddf7-17a9-41e9-a087-c6023826c667 2015-03-19 15:32 - 2015-03-19 15:32 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\03000200-1426771955-0500-0006-000700080009 2015-03-19 15:31 - 2015-03-19 15:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Karim\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-18 21:01 - 2015-03-18 21:01 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\03000200-1426705280-0500-0006-000700080009 2015-03-18 20:04 - 2015-03-19 15:45 - 00000000 ____D () C:\Program Files (x86)\2aa7591c-4c36-4241-959e-365c2f159548 2015-03-18 19:20 - 2015-03-19 15:49 - 00001557 _____ () C:\Users\Public\Desktop\Total War Attila.lnk 2015-03-18 19:20 - 2015-03-19 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War Attila 2015-03-18 18:12 - 2015-03-18 18:47 - 1997101056 ____R () C:\Users\Karim\Downloads\Total War Attila-RePack.iso 2015-03-17 11:42 - 2015-03-19 15:53 - 00000000 ____D () C:\AdwCleaner 2015-03-17 11:42 - 2015-03-17 11:42 - 02171392 _____ () C:\Users\Karim\Downloads\adwcleaner_4.112.exe 2015-03-17 11:38 - 2015-03-19 15:55 - 00000000 ____D () C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009 2015-03-17 11:38 - 2015-03-17 11:38 - 00000000 ____D () C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009 2015-03-17 11:37 - 2015-03-17 11:37 - 00003146 _____ () C:\Windows\System32\Tasks\{A5325DBB-B3E0-489F-B41B-09D4055DCBB0} 2015-03-17 11:35 - 2015-03-17 11:35 - 00000000 ____D () C:\Users\Karim\AppData\Local\03000200-1426592150-0500-0006-000700080009 2015-03-17 11:34 - 2015-03-18 19:57 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009 2015-03-15 14:52 - 2015-03-15 14:58 - 124925992 _____ () C:\Users\Karim\Desktop\BFLFIFA11v1.1.exe 2015-03-14 15:58 - 2015-03-14 15:58 - 00000000 ____D () C:\Users\Karim\AppData\Local\calibre-cache 2015-03-14 15:56 - 2015-03-16 20:55 - 00000000 ____D () C:\Users\Karim\Documents\Calibre Library 2015-03-14 15:56 - 2015-03-14 15:58 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\calibre 2015-03-14 15:56 - 2015-03-14 15:56 - 00000930 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2015-03-14 15:56 - 2015-03-14 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2015-03-14 15:56 - 2015-03-14 15:56 - 00000000 ____D () C:\Program Files\Calibre2 2015-03-14 15:51 - 2015-03-14 15:52 - 69660672 _____ () C:\Users\Karim\Downloads\calibre-64bit-2.21.0.msi 2015-03-14 15:40 - 2015-03-14 20:51 - 00000000 ____D () C:\Users\Karim\Desktop\Wheel of Time 2015-03-14 15:38 - 2015-03-14 15:39 - 12953959 ____R () C:\Users\Karim\Downloads\Колелото на Времето.Wheel of Time.COMPLETE PACK.rar 2015-03-14 11:02 - 2015-03-14 11:02 - 00971795 _____ () C:\Users\Karim\Downloads\Fxodor_Dostoevski_-_Bratja_Karamazovi_-306-b.txt.zip 2015-03-14 10:57 - 2015-03-14 10:57 - 00998308 _____ () C:\Users\Karim\Downloads\Dzhordzh_R._R._Martin_-_Igra_na_tronove_-1349-b.epub 2015-03-14 10:56 - 2015-03-14 10:56 - 00668949 _____ () C:\Users\Karim\Downloads\Artyr_Konan_Dojl_-_Sherlok_Holms_-_Tom_3-3740-b.epub 2015-03-14 10:55 - 2015-03-14 10:56 - 00744594 _____ () C:\Users\Karim\Downloads\Artyr_Konan_Dojl_-_Sherlok_Holms_-_Tom_2-4234-b.epub 2015-03-14 10:55 - 2015-03-14 10:55 - 00634811 _____ () C:\Users\Karim\Downloads\Artyr_Konan_Dojl_-_Sherlok_Holms_-_Tom_1-4217-b.epub 2015-03-13 20:25 - 2015-03-19 15:49 - 00001290 _____ () C:\Users\Karim\Desktop\Google Chrome.lnk 2015-03-12 16:57 - 2015-03-12 16:57 - 06208736 _____ (Tim Kosse) C:\Users\Karim\Downloads\FileZilla_3.10.2_win32-setup.exe 2015-03-11 23:27 - 2015-03-11 23:28 - 01376898 _____ () C:\Users\Karim\Downloads\Robyrt_Dzhordan_Brandyn_Sandyrsyn_-_Burja_se_nadiga_-3254-b.epub 2015-03-11 22:23 - 2015-03-11 22:29 - 00000000 ____D () C:\Users\Karim\Downloads\Yu-Gi-Oh! Sezon 1 - Kralstvoto na duelite 2015-03-11 20:45 - 2015-03-19 15:33 - 00000237 _____ () C:\Users\Karim\AppData\Local\recently-fix.db 2015-03-11 20:44 - 2015-03-19 15:45 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\adJRyzE 2015-03-11 20:44 - 2015-03-19 15:45 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\9A89wPC 2015-03-11 20:44 - 2015-03-19 15:45 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\20hv2u9 2015-03-11 20:44 - 2015-03-11 20:44 - 00003282 _____ () C:\Windows\System32\Tasks\eNREyvYnh8uaXcm 2015-03-11 20:44 - 2015-03-11 20:44 - 00003240 _____ () C:\Windows\System32\Tasks\qTAIalyPYxdvCQ5 2015-03-11 20:44 - 2015-03-11 20:44 - 00003238 _____ () C:\Windows\System32\Tasks\iMbgUjgKK6U1bpz 2015-03-11 20:44 - 2015-03-11 20:44 - 00000000 ____D () C:\ProgramData\atjs 2015-03-07 21:56 - 2015-03-07 21:56 - 01288423 _____ () C:\Users\Karim\Downloads\Robert_Jordan_-_KNV_-_11._Nozh_ot_bljanove-2832.epub 2015-03-06 15:07 - 2015-03-06 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-01 21:58 - 2015-03-01 21:58 - 00811088 _____ () C:\Users\Karim\Downloads\Robert_Jordan_-_KNV_-_10._Krystopytishta_po_zdrach-9243.epub 2015-02-28 18:37 - 2015-02-28 18:38 - 00000000 ____D () C:\Users\Karim\Downloads\The.Grand.Budapest.Hotel.2014.BDRip.XviD-REFLUX 2015-02-22 13:47 - 2015-02-22 13:47 - 00000000 ____D () C:\Users\Karim\Downloads\RSD 2015-02-21 12:21 - 2015-02-21 12:21 - 00754700 _____ () C:\Users\Karim\Downloads\Robert_Jordan_-_KNV_-_9._Syrtseto_na_zimata-9035.epub 2015-02-21 09:20 - 2015-02-21 09:20 - 00000000 ____D () C:\Users\Karim\AppData\Local\Steam 2015-02-18 19:38 - 2015-02-18 19:38 - 00000000 ____D () C:\Users\Karim\Downloads\The Wheel of Time-CrackFIX 2015-02-18 19:17 - 2015-02-18 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wheel of Time 2015-02-18 19:16 - 2015-02-18 19:17 - 00000000 ____D () C:\WheelOfTime 2015-02-18 19:00 - 2015-02-18 19:04 - 00000000 ____D () C:\Users\Karim\Downloads\The Wheel of Time ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 16:01 - 2014-05-29 12:06 - 00018950 _____ () C:\Users\Karim\Downloads\FRST.txt 2015-03-19 16:01 - 2014-05-29 12:06 - 00000000 ____D () C:\FRST 2015-03-19 16:00 - 2014-05-29 12:04 - 02095616 _____ (Farbar) C:\Users\Karim\Downloads\FRST64.exe 2015-03-19 15:56 - 2014-03-08 13:50 - 02034730 _____ () C:\Windows\WindowsUpdate.log 2015-03-19 15:54 - 2014-09-21 19:16 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\ViberPC 2015-03-19 15:54 - 2014-04-30 15:56 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\Spotify 2015-03-19 15:54 - 2014-04-30 15:56 - 00000000 ____D () C:\Users\Karim\AppData\Local\Spotify 2015-03-19 15:53 - 2014-04-09 15:25 - 00000000 ___RD () C:\Users\Karim\Dropbox 2015-03-19 15:53 - 2014-04-09 15:24 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\Dropbox 2015-03-19 15:52 - 2014-09-21 19:15 - 00000000 ____D () C:\Users\Karim\AppData\Local\Viber 2015-03-19 15:52 - 2014-04-04 12:03 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-03-19 15:50 - 2015-01-24 10:50 - 00378782 _____ () C:\Windows\PFRO.log 2015-03-19 15:50 - 2015-01-24 10:50 - 00007669 _____ () C:\Windows\setupact.log 2015-03-19 15:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-19 15:49 - 2014-04-23 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-19 15:49 - 2014-03-09 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 2015-03-19 15:49 - 2014-03-08 14:05 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-19 15:49 - 2014-03-08 14:05 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-19 15:49 - 2014-03-08 13:49 - 00001176 _____ () C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-19 15:49 - 2014-03-08 13:49 - 00000989 _____ () C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-03-19 15:47 - 2014-05-29 14:27 - 00000000 ____D () C:\Users\Karim\AppData\Local\CrashDumps 2015-03-19 15:45 - 2014-09-08 10:39 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-03-19 15:45 - 2014-04-18 12:36 - 00000000 ____D () C:\Program Files (x86)\2K Games 2015-03-19 15:30 - 2014-04-23 19:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-18 22:00 - 2014-03-09 14:17 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\Skype 2015-03-18 21:02 - 2014-11-12 15:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-18 20:47 - 2014-05-15 17:19 - 00000000 ____D () C:\Users\Karim\AppData\Local\Battle.net 2015-03-18 20:41 - 2014-03-08 18:41 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\uTorrent 2015-03-15 21:25 - 2009-07-14 07:13 - 00006166 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-14 15:29 - 2014-04-05 12:20 - 00000000 ____D () C:\Users\Karim\Desktop\Books 2015-03-14 13:34 - 2015-02-01 14:20 - 00000000 ____D () C:\Users\Karim\Desktop\Desktop BS 2015-03-12 17:59 - 2014-05-23 14:36 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\FileZilla 2015-03-12 10:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-11 21:53 - 2014-04-09 15:25 - 00000979 _____ () C:\Users\Karim\Desktop\Dropbox.lnk 2015-03-11 21:53 - 2014-04-09 15:25 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-07 22:54 - 2015-01-03 21:17 - 00000000 ____D () C:\Users\Karim\Downloads\Road.Trip.2000.480p.HDRip.XviD.AC3-AsA 2015-03-07 09:24 - 2014-03-08 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-05 21:53 - 2014-10-10 19:49 - 00000000 ____D () C:\Users\Karim\workspace 2015-03-05 21:52 - 2014-10-10 19:50 - 00000000 ____D () C:\Users\Karim\AppData\Local\Eclipse 2015-03-05 21:44 - 2014-10-10 19:48 - 00000000 ____D () C:\Users\Karim\Desktop\eclipse 2015-03-04 14:12 - 2014-10-14 18:42 - 00000000 ____D () C:\Users\Karim\Downloads\[The Fappening] Videos and Pictures MEGAPACK Part 1-3 (2014) 2015-03-04 13:37 - 2014-04-30 15:56 - 00001753 _____ () C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-03-04 13:34 - 2009-07-14 07:08 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-01 14:34 - 2014-07-25 20:34 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\Syncios 2015-02-27 12:08 - 2014-05-15 17:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-02-25 22:20 - 2014-09-23 21:21 - 00000000 ____D () C:\Users\Karim\Desktop\PuA-related stuff ==================== Files in the root of some directories ======= 2014-05-28 16:11 - 2014-05-28 16:11 - 0057856 _____ () C:\Users\Karim\AppData\Local\N360 2014-05-28 16:11 - 2014-05-28 16:11 - 0058368 _____ () C:\Users\Karim\AppData\Local\NAV 2014-05-28 16:11 - 2014-05-28 16:11 - 0057856 _____ () C:\Users\Karim\AppData\Local\NIS 2014-05-23 14:54 - 2014-05-23 14:54 - 0000600 _____ () C:\Users\Karim\AppData\Local\PUTTY.RND 2015-03-11 20:45 - 2015-03-19 15:33 - 0000237 _____ () C:\Users\Karim\AppData\Local\recently-fix.db 2014-10-22 20:10 - 2014-10-22 20:10 - 0000876 _____ () C:\Users\Karim\AppData\Local\recently-used.xbel 2014-10-17 12:21 - 2015-02-01 14:45 - 0007601 _____ () C:\Users\Karim\AppData\Local\Resmon.ResmonCfg Some content of TEMP: ==================== C:\Users\Karim\AppData\Local\Temp\4FC60DFD-82B2-1E36-3F94-B632EFCB2F10.exe C:\Users\Karim\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe C:\Users\Karim\AppData\Local\Temp\ConnectPC.exe C:\Users\Karim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoyi8al.dll C:\Users\Karim\AppData\Local\Temp\F4B65721-2380-607A-54A9-406638CAF61A.dll C:\Users\Karim\AppData\Local\Temp\F4B65721-2380-607A-54A9-406638CAF61A.exe C:\Users\Karim\AppData\Local\Temp\Gre9185.exe C:\Users\Karim\AppData\Local\Temp\OnlineBackup.exe C:\Users\Karim\AppData\Local\Temp\passwordfinder.exe C:\Users\Karim\AppData\Local\Temp\Quarantine.exe C:\Users\Karim\AppData\Local\Temp\SearchProtectC_Installer.exe C:\Users\Karim\AppData\Local\Temp\SkypeSetup.exe C:\Users\Karim\AppData\Local\Temp\SpOrder.dll C:\Users\Karim\AppData\Local\Temp\sqlite3.dll C:\Users\Karim\AppData\Local\Temp\Steelcut_Installer.exe C:\Users\Karim\AppData\Local\Temp\WebbionT_Installer.exe C:\Users\Karim\AppData\Local\Temp\ZoomWeb_Installer.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 15:59 ==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Karim (administrator) on KARIM-PC on 19-03-2015 16:01:05 Running from C:\Users\Karim\Downloads Loaded Profiles: Karim (Available profiles: Karim) Platform: Windows 7 Professional (X64) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\jnsb9838.tmp () C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009\cnsi47FC.tmp () C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009\insrD848.tmp () C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\nscB3A9.tmp () C:\Program Files (x86)\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009\snsc820C.tmp (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Spotify Ltd) C:\Users\Karim\AppData\Roaming\Spotify\SpotifyWebHelper.exe () C:\Users\Karim\AppData\Local\Viber\Viber.exe () C:\Program Files (x86)\Syncios\SynciosDeviceService.exe (Dropbox, Inc.) C:\Users\Karim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [736768 2014-05-14] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation) HKLM-x32\...\Run: [mca64Launcher 1.8.9.99] => C:\Users\Karim\Desktop\mca64Launcher 1.8.9.99\mca64Launcher.exe HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd) HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-19] (Valve Corporation) HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\Run: [Spotify Web Helper] => C:\Users\Karim\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-04] (Spotify Ltd) HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\Run: [Viber] => C:\Users\Karim\AppData\Local\Viber\Viber.exe [936656 2014-09-02] () HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\Run: [Spotify] => C:\Users\Karim\AppData\Roaming\Spotify\Spotify.exe [6611512 2015-03-04] (Spotify Ltd) HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\MountPoints2: D - D:\setup.exe HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\...\MountPoints2: {edac0b0c-a778-11e3-b55d-bc5ff4ea1fd6} - D:\Setup.exe Startup: C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Karim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karim\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppppppp HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = ?type=hppppppp HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppppppp HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppppppp HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppppppp HKU\S-1-5-21-2626116539-3406074552-2945403318-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll [2014-10-10] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-10-10] (Oracle Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll [2014-04-29] (Symantec Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll [2014-04-29] (Symantec Corporation) Toolbar: HKU\S-1-5-21-2626116539-3406074552-2945403318-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Winsock: Catalog9 01 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.) Winsock: Catalog9 02 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.) Winsock: Catalog9 03 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.) Winsock: Catalog9 04 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.) Winsock: Catalog9 15 C:\Windows\SysWOW64\BDL.dll [295808] (BD Inc.) Tcpip\Parameters: [DhcpNameServer] 217.9.239.90 192.168.1.254 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Karim\AppData\Roaming\Mozilla\Firefox\Profiles\0h02st8j.default-1426705279436 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll [2014-10-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll [2014-10-10] (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] () FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2626116539-3406074552-2945403318-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-01-16] (Sony Network Entertainment International LLC) FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn [2014-11-18] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF [2014-05-28] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> ?type=hppppppp CHR StartupUrls: Default -> "?type=hppppppp" CHR DefaultSearchKeyword: Default -> mystartsearch CHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=ds&ts=1426772800&from=cmi&uid=ST500DM002-1BD142_W3T186Q9XXXXW3T186Q9&q={searchTerms} CHR Profile: C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (cfkohgkpafhkpdcnfadadcibfboapggi) - C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi [2015-03-15] CHR Extension: (No Name) - C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggenplpeibingacbafpkeijppfncdbe [2015-03-19] CHR Extension: (WatchClient for Twitter Real Time Twitter Update) - C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\febjffjimfjehaekdkniojehjngaeajf [2014-11-28] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Karim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23] CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [Not Found] StartMenuInternet: Google Chrome - Chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-11-12] (EasyAntiCheat Ltd) S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [772608 2014-09-19] (FileZilla Project) [File not signed] R2 hycetuje; C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\jnsb9838.tmp [124416 2015-03-17] () [File not signed] R2 hyjigyby; C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009\cnsi47FC.tmp [95744 2015-03-17] () [File not signed] R2 kezotoby; C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009\insrD848.tmp [103936 2015-03-19] () [File not signed] R2 meseguse; C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009\nscB3A9.tmp [125440 2015-03-18] () [File not signed] R2 Mobiola Wave Service; C:\Program Files (x86)\Common Files\SHAPE Services\Mobiola Wave Service\MobiolaWaveService.exe [125088 2011-04-11] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-29] () R2 silykubo; C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009\snsc820C.tmp [100352 2015-03-17] () [File not signed] S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-03-09] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140611.001\IDSvia64.sys [525016 2014-05-27] (Symantec Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-19] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140611.032\ENG64.SYS [126040 2014-06-09] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140611.032\EX64.SYS [2099288 2014-06-09] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-05-29] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 GPU-Z; \??\C:\Users\Karim\AppData\Local\Temp\GPU-Z.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 16:00 - 2015-03-19 16:00 - 00000000 ____D () C:\Users\Karim\Downloads\FRST-OlderVersion 2015-03-19 15:54 - 2015-03-19 15:54 - 00000000 ____D () C:\Users\Karim\Desktop\Old Firefox Data 2015-03-19 15:47 - 2015-03-19 15:47 - 00050800 _____ () C:\Windows\system32\Drivers\webTinstMKTN.sys 2015-03-19 15:47 - 2015-03-19 15:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf 2015-03-19 15:46 - 2015-03-19 15:48 - 00008656 _____ () C:\Windows\SysWOW64\BasementDusterOff.ini 2015-03-19 15:46 - 2015-03-19 15:48 - 00008656 _____ () C:\Windows\system32\BasementDusterOff.ini 2015-03-19 15:46 - 2015-03-16 17:21 - 00295808 _____ (BD Inc.) C:\Windows\SysWOW64\BDL.dll 2015-03-19 15:45 - 2015-03-19 15:45 - 00000000 ____D () C:\Users\Karim\AppData\Local\03000200-1426779946-0500-0006-000700080009 2015-03-19 15:33 - 2015-03-19 15:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-19 15:33 - 2015-03-19 15:33 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-03-19 15:33 - 2015-03-19 15:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-03-19 15:33 - 2015-03-19 15:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-19 15:33 - 2015-03-19 15:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-03-19 15:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-19 15:33 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-19 15:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-19 15:32 - 2015-03-19 15:45 - 00000000 ____D () C:\Program Files (x86)\6738ddf7-17a9-41e9-a087-c6023826c667 2015-03-19 15:32 - 2015-03-19 15:32 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\03000200-1426771955-0500-0006-000700080009 2015-03-19 15:31 - 2015-03-19 15:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Karim\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-18 21:01 - 2015-03-18 21:01 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\03000200-1426705280-0500-0006-000700080009 2015-03-18 20:04 - 2015-03-19 15:45 - 00000000 ____D () C:\Program Files (x86)\2aa7591c-4c36-4241-959e-365c2f159548 2015-03-18 19:20 - 2015-03-19 15:49 - 00001557 _____ () C:\Users\Public\Desktop\Total War Attila.lnk 2015-03-18 19:20 - 2015-03-19 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War Attila 2015-03-18 18:12 - 2015-03-18 18:47 - 1997101056 ____R () C:\Users\Karim\Downloads\Total War Attila-RePack.iso 2015-03-17 11:42 - 2015-03-19 15:53 - 00000000 ____D () C:\AdwCleaner 2015-03-17 11:42 - 2015-03-17 11:42 - 02171392 _____ () C:\Users\Karim\Downloads\adwcleaner_4.112.exe 2015-03-17 11:38 - 2015-03-19 15:55 - 00000000 ____D () C:\Users\Karim\AppData\Local\03000200-1426592303-0500-0006-000700080009 2015-03-17 11:38 - 2015-03-17 11:38 - 00000000 ____D () C:\Users\Karim\AppData\Local\03000200-1426592288-0500-0006-000700080009 2015-03-17 11:37 - 2015-03-17 11:37 - 00003146 _____ () C:\Windows\System32\Tasks\{A5325DBB-B3E0-489F-B41B-09D4055DCBB0} 2015-03-17 11:35 - 2015-03-17 11:35 - 00000000 ____D () C:\Users\Karim\AppData\Local\03000200-1426592150-0500-0006-000700080009 2015-03-17 11:34 - 2015-03-18 19:57 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\03000200-1426584882-0500-0006-000700080009 2015-03-15 14:52 - 2015-03-15 14:58 - 124925992 _____ () C:\Users\Karim\Desktop\BFLFIFA11v1.1.exe 2015-03-14 15:58 - 2015-03-14 15:58 - 00000000 ____D () C:\Users\Karim\AppData\Local\calibre-cache 2015-03-14 15:56 - 2015-03-16 20:55 - 00000000 ____D () C:\Users\Karim\Documents\Calibre Library 2015-03-14 15:56 - 2015-03-14 15:58 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\calibre 2015-03-14 15:56 - 2015-03-14 15:56 - 00000930 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2015-03-14 15:56 - 2015-03-14 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2015-03-14 15:56 - 2015-03-14 15:56 - 00000000 ____D () C:\Program Files\Calibre2 2015-03-14 15:51 - 2015-03-14 15:52 - 69660672 _____ () C:\Users\Karim\Downloads\calibre-64bit-2.21.0.msi 2015-03-14 15:40 - 2015-03-14 20:51 - 00000000 ____D () C:\Users\Karim\Desktop\Wheel of Time 2015-03-14 15:38 - 2015-03-14 15:39 - 12953959 ____R () C:\Users\Karim\Downloads\Колелото на Времето.Wheel of Time.COMPLETE PACK.rar 2015-03-14 11:02 - 2015-03-14 11:02 - 00971795 _____ () C:\Users\Karim\Downloads\Fxodor_Dostoevski_-_Bratja_Karamazovi_-306-b.txt.zip 2015-03-14 10:57 - 2015-03-14 10:57 - 00998308 _____ () C:\Users\Karim\Downloads\Dzhordzh_R._R._Martin_-_Igra_na_tronove_-1349-b.epub 2015-03-14 10:56 - 2015-03-14 10:56 - 00668949 _____ () C:\Users\Karim\Downloads\Artyr_Konan_Dojl_-_Sherlok_Holms_-_Tom_3-3740-b.epub 2015-03-14 10:55 - 2015-03-14 10:56 - 00744594 _____ () C:\Users\Karim\Downloads\Artyr_Konan_Dojl_-_Sherlok_Holms_-_Tom_2-4234-b.epub 2015-03-14 10:55 - 2015-03-14 10:55 - 00634811 _____ () C:\Users\Karim\Downloads\Artyr_Konan_Dojl_-_Sherlok_Holms_-_Tom_1-4217-b.epub 2015-03-13 20:25 - 2015-03-19 15:49 - 00001290 _____ () C:\Users\Karim\Desktop\Google Chrome.lnk 2015-03-12 16:57 - 2015-03-12 16:57 - 06208736 _____ (Tim Kosse) C:\Users\Karim\Downloads\FileZilla_3.10.2_win32-setup.exe 2015-03-11 23:27 - 2015-03-11 23:28 - 01376898 _____ () C:\Users\Karim\Downloads\Robyrt_Dzhordan_Brandyn_Sandyrsyn_-_Burja_se_nadiga_-3254-b.epub 2015-03-11 22:23 - 2015-03-11 22:29 - 00000000 ____D () C:\Users\Karim\Downloads\Yu-Gi-Oh! Sezon 1 - Kralstvoto na duelite 2015-03-11 20:45 - 2015-03-19 15:33 - 00000237 _____ () C:\Users\Karim\AppData\Local\recently-fix.db 2015-03-11 20:44 - 2015-03-19 15:45 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\adJRyzE 2015-03-11 20:44 - 2015-03-19 15:45 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\9A89wPC 2015-03-11 20:44 - 2015-03-19 15:45 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\20hv2u9 2015-03-11 20:44 - 2015-03-11 20:44 - 00003282 _____ () C:\Windows\System32\Tasks\eNREyvYnh8uaXcm 2015-03-11 20:44 - 2015-03-11 20:44 - 00003240 _____ () C:\Windows\System32\Tasks\qTAIalyPYxdvCQ5 2015-03-11 20:44 - 2015-03-11 20:44 - 00003238 _____ () C:\Windows\System32\Tasks\iMbgUjgKK6U1bpz 2015-03-11 20:44 - 2015-03-11 20:44 - 00000000 ____D () C:\ProgramData\atjs 2015-03-07 21:56 - 2015-03-07 21:56 - 01288423 _____ () C:\Users\Karim\Downloads\Robert_Jordan_-_KNV_-_11._Nozh_ot_bljanove-2832.epub 2015-03-06 15:07 - 2015-03-06 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-01 21:58 - 2015-03-01 21:58 - 00811088 _____ () C:\Users\Karim\Downloads\Robert_Jordan_-_KNV_-_10._Krystopytishta_po_zdrach-9243.epub 2015-02-28 18:37 - 2015-02-28 18:38 - 00000000 ____D () C:\Users\Karim\Downloads\The.Grand.Budapest.Hotel.2014.BDRip.XviD-REFLUX 2015-02-22 13:47 - 2015-02-22 13:47 - 00000000 ____D () C:\Users\Karim\Downloads\RSD 2015-02-21 12:21 - 2015-02-21 12:21 - 00754700 _____ () C:\Users\Karim\Downloads\Robert_Jordan_-_KNV_-_9._Syrtseto_na_zimata-9035.epub 2015-02-21 09:20 - 2015-02-21 09:20 - 00000000 ____D () C:\Users\Karim\AppData\Local\Steam 2015-02-18 19:38 - 2015-02-18 19:38 - 00000000 ____D () C:\Users\Karim\Downloads\The Wheel of Time-CrackFIX 2015-02-18 19:17 - 2015-02-18 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wheel of Time 2015-02-18 19:16 - 2015-02-18 19:17 - 00000000 ____D () C:\WheelOfTime 2015-02-18 19:00 - 2015-02-18 19:04 - 00000000 ____D () C:\Users\Karim\Downloads\The Wheel of Time ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 16:01 - 2014-05-29 12:06 - 00018950 _____ () C:\Users\Karim\Downloads\FRST.txt 2015-03-19 16:01 - 2014-05-29 12:06 - 00000000 ____D () C:\FRST 2015-03-19 16:00 - 2014-05-29 12:04 - 02095616 _____ (Farbar) C:\Users\Karim\Downloads\FRST64.exe 2015-03-19 15:56 - 2014-03-08 13:50 - 02034730 _____ () C:\Windows\WindowsUpdate.log 2015-03-19 15:54 - 2014-09-21 19:16 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\ViberPC 2015-03-19 15:54 - 2014-04-30 15:56 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\Spotify 2015-03-19 15:54 - 2014-04-30 15:56 - 00000000 ____D () C:\Users\Karim\AppData\Local\Spotify 2015-03-19 15:53 - 2014-04-09 15:25 - 00000000 ___RD () C:\Users\Karim\Dropbox 2015-03-19 15:53 - 2014-04-09 15:24 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\Dropbox 2015-03-19 15:52 - 2014-09-21 19:15 - 00000000 ____D () C:\Users\Karim\AppData\Local\Viber 2015-03-19 15:52 - 2014-04-04 12:03 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-03-19 15:50 - 2015-01-24 10:50 - 00378782 _____ () C:\Windows\PFRO.log 2015-03-19 15:50 - 2015-01-24 10:50 - 00007669 _____ () C:\Windows\setupact.log 2015-03-19 15:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-19 15:49 - 2014-04-23 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-19 15:49 - 2014-03-09 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 2015-03-19 15:49 - 2014-03-08 14:05 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-19 15:49 - 2014-03-08 14:05 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-19 15:49 - 2014-03-08 13:49 - 00001176 _____ () C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-19 15:49 - 2014-03-08 13:49 - 00000989 _____ () C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-03-19 15:47 - 2014-05-29 14:27 - 00000000 ____D () C:\Users\Karim\AppData\Local\CrashDumps 2015-03-19 15:45 - 2014-09-08 10:39 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-03-19 15:45 - 2014-04-18 12:36 - 00000000 ____D () C:\Program Files (x86)\2K Games 2015-03-19 15:30 - 2014-04-23 19:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-18 22:00 - 2014-03-09 14:17 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\Skype 2015-03-18 21:02 - 2014-11-12 15:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-18 20:47 - 2014-05-15 17:19 - 00000000 ____D () C:\Users\Karim\AppData\Local\Battle.net 2015-03-18 20:41 - 2014-03-08 18:41 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\uTorrent 2015-03-15 21:25 - 2009-07-14 07:13 - 00006166 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-14 15:29 - 2014-04-05 12:20 - 00000000 ____D () C:\Users\Karim\Desktop\Books 2015-03-14 13:34 - 2015-02-01 14:20 - 00000000 ____D () C:\Users\Karim\Desktop\Desktop BS 2015-03-12 17:59 - 2014-05-23 14:36 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\FileZilla 2015-03-12 10:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-11 21:53 - 2014-04-09 15:25 - 00000979 _____ () C:\Users\Karim\Desktop\Dropbox.lnk 2015-03-11 21:53 - 2014-04-09 15:25 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-07 22:54 - 2015-01-03 21:17 - 00000000 ____D () C:\Users\Karim\Downloads\Road.Trip.2000.480p.HDRip.XviD.AC3-AsA 2015-03-07 09:24 - 2014-03-08 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-05 21:53 - 2014-10-10 19:49 - 00000000 ____D () C:\Users\Karim\workspace 2015-03-05 21:52 - 2014-10-10 19:50 - 00000000 ____D () C:\Users\Karim\AppData\Local\Eclipse 2015-03-05 21:44 - 2014-10-10 19:48 - 00000000 ____D () C:\Users\Karim\Desktop\eclipse 2015-03-04 14:12 - 2014-10-14 18:42 - 00000000 ____D () C:\Users\Karim\Downloads\[The Fappening] Videos and Pictures MEGAPACK Part 1-3 (2014) 2015-03-04 13:37 - 2014-04-30 15:56 - 00001753 _____ () C:\Users\Karim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-03-04 13:34 - 2009-07-14 07:08 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-01 14:34 - 2014-07-25 20:34 - 00000000 ____D () C:\Users\Karim\AppData\Roaming\Syncios 2015-02-27 12:08 - 2014-05-15 17:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-02-25 22:20 - 2014-09-23 21:21 - 00000000 ____D () C:\Users\Karim\Desktop\PuA-related stuff ==================== Files in the root of some directories ======= 2014-05-28 16:11 - 2014-05-28 16:11 - 0057856 _____ () C:\Users\Karim\AppData\Local\N360 2014-05-28 16:11 - 2014-05-28 16:11 - 0058368 _____ () C:\Users\Karim\AppData\Local\NAV 2014-05-28 16:11 - 2014-05-28 16:11 - 0057856 _____ () C:\Users\Karim\AppData\Local\NIS 2014-05-23 14:54 - 2014-05-23 14:54 - 0000600 _____ () C:\Users\Karim\AppData\Local\PUTTY.RND 2015-03-11 20:45 - 2015-03-19 15:33 - 0000237 _____ () C:\Users\Karim\AppData\Local\recently-fix.db 2014-10-22 20:10 - 2014-10-22 20:10 - 0000876 _____ () C:\Users\Karim\AppData\Local\recently-used.xbel 2014-10-17 12:21 - 2015-02-01 14:45 - 0007601 _____ () C:\Users\Karim\AppData\Local\Resmon.ResmonCfg Some content of TEMP: ==================== C:\Users\Karim\AppData\Local\Temp\4FC60DFD-82B2-1E36-3F94-B632EFCB2F10.exe C:\Users\Karim\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe C:\Users\Karim\AppData\Local\Temp\ConnectPC.exe C:\Users\Karim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoyi8al.dll C:\Users\Karim\AppData\Local\Temp\F4B65721-2380-607A-54A9-406638CAF61A.dll C:\Users\Karim\AppData\Local\Temp\F4B65721-2380-607A-54A9-406638CAF61A.exe C:\Users\Karim\AppData\Local\Temp\Gre9185.exe C:\Users\Karim\AppData\Local\Temp\OnlineBackup.exe C:\Users\Karim\AppData\Local\Temp\passwordfinder.exe C:\Users\Karim\AppData\Local\Temp\Quarantine.exe C:\Users\Karim\AppData\Local\Temp\SearchProtectC_Installer.exe C:\Users\Karim\AppData\Local\Temp\SkypeSetup.exe C:\Users\Karim\AppData\Local\Temp\SpOrder.dll C:\Users\Karim\AppData\Local\Temp\sqlite3.dll C:\Users\Karim\AppData\Local\Temp\Steelcut_Installer.exe C:\Users\Karim\AppData\Local\Temp\WebbionT_Installer.exe C:\Users\Karim\AppData\Local\Temp\ZoomWeb_Installer.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 15:59 ==================== End Of Log ============================ Това е лог-а. добавям и адишън файла,в случай,че не се чете. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02 Ran by Karim at 2014-05-29 13:07:10 Running from C:\Users\Karim\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== "Euro Truck Simulator 2" (HKLM-x32\...\{0460D4FD-B599-4653-8E04-AA589BF97BF1}_is1) (Version: 1.9.3.51345 (1.9.3s) - ) "Thief" (HKLM-x32\...\{7CEA3557-5E36-49EE-9CBF-504EEA99E0DE}_is1) (Version: 1.0.4107.3 (Update 1) - ) µTorrent (HKCU\...\uTorrent) (Version: 3.4.0.30635 - BitTorrent Inc.) A Game of Thrones mod for CK2 version 0.4 (HKLM-x32\...\{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1) (Version: 0.4 - AGOT TEAM) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Fuel (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.06.0000 - AMD) Hidden AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Any Video Converter 5.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Counter-Strike-Source (HKLM-x32\...\{EE560BB6-443D-4D9E-B747-4051A606AC93}_is1) (Version: v.78 - Valve Corporation) CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Crusader Kings II 109 RePack by SxSxL (HKLM-x32\...\Crusader Kings II 1.09._is1) (Version: 1.09. - ) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse) Fraps (HKLM-x32\...\Fraps) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS) HAWKEN (HKLM-x32\...\Steam App 271290) (Version: - Adhesive Games) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Hitman Absolution (HKLM-x32\...\{95030349-3623-4920-89BF-8BEC5EF311C5}_is1) (Version: 1.0433.1 - Square Enix) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Magicka Collection (HKLM-x32\...\Magicka Collection_is1) (Version: - ) Media Go (HKLM-x32\...\{7547239C-FA8A-4FA4-84A6-31EAC0777E1B}) (Version: 2.7.341 - Sony) Media Go Network Downloader (HKLM-x32\...\{73FA7631-3015-4EEC-A002-09488C47A07C}) (Version: 1.5.19.0 - Sony) Media Go Video Playback Engine 2.4.131.12060 (HKLM-x32\...\{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}) (Version: 2.4.131.12060 - Sony) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.2.0.19 - Symantec Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) PerformanceTest v7.0 (64-bit) (HKLM\...\PerformanceTest 7_is1) (Version: 7.0 - Passmark Software) Python 3.4.1 (64-bit) (HKLM\...\{d54842cb-f761-30ba-881f-1ff821dc44df}) (Version: 3.4.1150 - Python Software Foundation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.17 - Firaxis Games) Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games) Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Sony PC Companion 2.10.206 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony) Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB) StarCraft II: Heart of the Swarm (c) Blizzard Entertainment version 1 (HKLM-x32\...\U3RhckNyYWZ0IElJOiBIZWFydCBvZiB0aGUgU3dhcm0gKGMp~BFC02D25_is1) (Version: 1 - ) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) The Amazing Spider-Man 2 (HKLM-x32\...\VGhlQW1hemluZ1NwaWRlck1hbjI=_is1) (Version: 1 - ) Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH) Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft) War of the Roses (HKLM-x32\...\Steam App 42160) (Version: - Fatshark) Watch Dogs (HKLM-x32\...\Watch Dogs 1.0.0) (Version: 1.0.0 - Ubisoft) Watch Dogs (x32 Version: 1.0.0 - Ubisoft) Hidden WhoCrashed 5.00 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Restore Points ========================= 20-05-2014 16:15:54 Scheduled Checkpoint 21-05-2014 21:35:46 Sony PC Companion 21-05-2014 21:38:31 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 25-05-2014 07:45:22 Installed Watch Dogs 28-05-2014 13:22:26 Installed Python 3.4.1 (64-bit) 28-05-2014 14:01:03 avast! antivirus system restore point ==================== Hosts content: ========================== 2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1AC1E36B-A6D0-47E1-8E74-9E422CEB1D8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.) Task: {5DA6DCAA-E5AE-4FEE-B594-7E06FFF2CC02} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.) Task: {8DC675FF-A8AD-4B63-8E33-FD06F2101E91} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Karim => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2014-01-30] (H.D.S. Hungary) Task: {C5543877-DB71-471E-B8D4-67F67F130046} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\SymErr.exe [2012-10-19] (Symantec Corporation) Task: {D1812A07-43B2-47A0-B6C0-CFF3C122A41E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\WSCStub.exe [2012-10-19] (Symantec Corporation) Task: {DC4F5504-72CA-443C-A819-A55FCBF97639} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\SymErr.exe [2012-10-19] (Symantec Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-28 23:31 - 2013-03-28 23:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-09-23 14:53 - 2012-09-23 14:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-09-23 14:53 - 2012-09-23 14:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2010-01-02 17:42 - 2010-01-02 17:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-05-22 00:35 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe 2013-03-28 23:30 - 2013-03-28 23:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2014-04-30 16:56 - 2014-05-16 14:03 - 00598072 _____ () C:\Users\Karim\AppData\Roaming\Spotify\Data\SpotifyHelper.exe 2014-03-28 12:35 - 2014-03-28 12:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2014-04-30 16:56 - 2014-05-16 14:03 - 36966968 _____ () C:\Users\Karim\AppData\Roaming\Spotify\Data\libcef.dll 2014-05-22 00:35 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll 2014-05-22 00:35 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll 2014-05-10 14:33 - 2014-05-10 14:33 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-05-29 12:38 - 2014-05-29 12:38 - 00043008 _____ () c:\users\karim\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpikpanx.dll 2013-08-23 22:01 - 2013-08-23 22:01 - 25100288 _____ () C:\Users\Karim\AppData\Roaming\Dropbox\bin\libcef.dll 2014-05-28 17:12 - 2012-05-30 17:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.2.0.19\wincfi39.dll 2014-03-08 15:51 - 2014-03-08 15:51 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll 2014-04-30 16:56 - 2014-05-16 14:03 - 00886840 _____ () C:\Users\Karim\AppData\Roaming\Spotify\Data\libglesv2.dll 2014-04-30 16:56 - 2014-05-16 14:03 - 00108600 _____ () C:\Users\Karim\AppData\Roaming\Spotify\Data\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: Universal Serial Bus (USB) Controller Description: Universal Serial Bus (USB) Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: AODDriver4.2.0 Description: AODDriver4.2.0 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AODDriver4.2.0 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (05/28/2014 08:20:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (05/28/2014 08:20:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (05/28/2014 02:35:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (05/28/2014 02:35:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (05/27/2014 08:29:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (05/27/2014 08:29:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (05/27/2014 02:05:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (05/27/2014 02:05:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (05/26/2014 05:09:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (05/26/2014 05:09:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. System errors: ============= Error: (05/29/2014 00:37:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.2.0 service failed to start due to the following error: %%2 Error: (05/29/2014 00:37:08 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000001e (0xffffffffc0000005, 0xfffff8000308b08d, 0x0000000000000000, 0xffffffffffffffff)C:\Windows\MEMORY.DMP052914-32417-01 Error: (05/29/2014 00:37:04 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:37:24 PM on ‎5/‎28/‎2014 was unexpected. Error: (05/28/2014 08:14:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.2.0 service failed to start due to the following error: %%2 Error: (05/28/2014 08:14:20 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:47:49 PM on ‎5/‎28/‎2014 was unexpected. Error: (05/28/2014 02:31:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (05/28/2014 02:31:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (05/28/2014 02:29:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Computer Backup (MyPC Backup) service failed to start due to the following error: %%1053 Error: (05/28/2014 02:29:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect. Error: (05/28/2014 02:29:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AODDriver4.2.0 service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (05/28/2014 08:20:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/28/2014 08:20:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (05/28/2014 02:35:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/28/2014 02:35:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (05/27/2014 08:29:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/27/2014 08:29:48 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (05/27/2014 02:05:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/27/2014 02:05:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (05/26/2014 05:09:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/26/2014 05:09:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 ==================== Memory info =========================== Percentage of memory in use: 52% Total physical RAM: 4079.23 MB Available physical RAM: 1953.23 MB Total Pagefile: 8156.62 MB Available Pagefile: 5580.4 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:61.85 GB) NTFS Drive d: (WatchDogs) (CDROM) (Total:13.54 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A5F86475) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Мерси предварително! Прикачил съм грешният адишън файл,този е правилният!. Addition.txt Addition.txt
  11. Игра на Тронове и като цяло поредицата "Песен от Огън и Лед" Много трудно ще излезне от главата ми някога.
  12. От никем съм доволен за сега. Доставката се извършва чрез избрана от вас куриерска фирма,платежът може да е наложен и доставката се заплаща. Конфигурацията се достава в сглобен вид само ако предварително го заявите(безплатно) И Core i5 е по-добрият процесор.
  13. След като си поръчах от никем кутия(фд 3300) и охладител(212 ево,който нямаха вече) ми препоръчаха Т4 Хайпър. Разтърсих се в интернет и не видях много ревюта,за това се допитвам до вас: Струва ли си охладителят и колко голяма разлика в температурата ще видя от Стоковият?
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.