Премини към съдържанието

pocketrocket

Потребител
  • Публикации

    718
  • Регистрация

  • Последно онлайн

Харесвания

7 Неутрална репутация

8 Последователи

Всичко за pocketrocket

  • Титла
    Master control operator
  • Рожден ден 14.10.1982

Информация

  • Пол
    Мъж
  • Град
    София

Контакти

  • Twitter
    bate_Venci_e_pi4
  • ICQ
    102093359

Последни посетители

14009 прегледа на профила
  1. Здравейте. От скоро като starting page ми излиза "start page by ixquick". Това вирус ли е?
  2. pocketrocket

    Може ли помощ с delta-homes.com вирус

    Струва ми се, че проблема е решен. Вече не ми се стартира delta-homes за начална страница
  3. pocketrocket

    Може ли помощ с delta-homes.com вирус

    Adwcleaner log file # AdwCleaner v4.106 - Report created 29/12/2014 at 22:54:16 # Updated 21/12/2014 by Xplode # Database : 2014-12-28.1 [Live] # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : John - JOHN-PC # Running from : C:\Users\John\Downloads\adwcleaner_4.106.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\globalUpdate Folder Deleted : C:\Users\John\AppData\Local\globalUpdate Folder Deleted : C:\Users\John\AppData\Local\CrashRpt Folder Deleted : C:\Users\Public\Documents\Goobzo Folder Deleted : C:\Users\Public\Documents\ShopperPro Folder Deleted : C:\Users\Public\Documents\YTAHelper ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Shortcut Disinfected : C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Shortcut Disinfected : C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Shortcut Disinfected : C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Shortcut Disinfected : C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Key Deleted : HKCU\Software\Mozilla\Extends Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\Goobzo Key Deleted : HKCU\Software\SupHpUISoft Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKLM\SOFTWARE\delta-homesSoftware Key Deleted : HKLM\SOFTWARE\GlobalUpdate Key Deleted : HKLM\SOFTWARE\Goobzo Key Deleted : HKLM\SOFTWARE\hdcode Key Deleted : HKLM\SOFTWARE\istartsurfSoftware Key Deleted : HKLM\SOFTWARE\SupTab Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect Key Deleted : HKLM\SOFTWARE\supWPM Key Deleted : HKLM\SOFTWARE\V9 Key Deleted : HKLM\SOFTWARE\winzipersvc Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-homes.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.istartsurf.com ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Mozilla Firefox v34.0 (x86 en-US) [19pfvmce.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "147f7818c6840b10937a46f0622a6cc1"); [19pfvmce.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false); [19pfvmce.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); -\\ Google Chrome v [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [4026 octets] - [29/12/2014 22:51:11] AdwCleaner[s0].txt - [4781 octets] - [29/12/2014 22:54:16] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4841 octets] ########## JRT log file ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 7 Professional x64 Ran by John on Mon 12/29/2014 at 22:57:16.24 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\19pfvmce.default\minidumps [142 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 12/29/2014 at 22:59:06.07 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malawarebytes log Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/29/2014 Scan Time: 11:06:34 PM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.29.07 Rootkit Database: v2014.12.29.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: John Scan Type: Threat Scan Result: Completed Objects Scanned: 318888 Time Elapsed: 9 min, 31 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.iWebar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\iWebar, Quarantined, [a6f67eeafc80c3738a349d00d92a16ea], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Само да допълня, че след скенирането и apply actions не ми се наложи да рестартирам HitmanPro log HitmanPro 3.7.9.232 www.hitmanpro.com Computer name . . . . : JOHN-PC Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : John-PC\John UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2014-12-29 23:23:06 Scan mode . . . . . . : Normal Scan duration . . . . : 2m 37s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 44 Objects scanned . . . : 1,046,569 Files scanned . . . . : 15,854 Remnants scanned . . : 194,253 files / 836,462 keys Suspicious files ____________________________________________________________ C:\Users\John\Desktop\FRST-OlderVersion\FRST64.exe Size . . . . . . . : 2,122,752 bytes Age . . . . . . . : 2.1 days (2014-12-27 21:09:00) Entropy . . . . . : 7.5 SHA-256 . . . . . : 9333A1396B8C066807415A0CEC5B8487DF4191EFF45DBA18A2F2A5A4C8313A9F Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Users\John\Desktop\FRST64.exe Size . . . . . . . : 2,123,264 bytes Age . . . . . . . : 1.1 days (2014-12-28 21:23:55) Entropy . . . . . : 7.5 SHA-256 . . . . . : 8CF775131B705B240CA7817194B39F077788FA37405B0449719875FBAA05BB68 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster 0.0s C:\Users\John\Desktop\FRST64.exe 0.0s C:\Users\John\Desktop\FRST64.exe 0.0s C:\Users\John\Desktop\FRST64.exe 3.6s C:\Users\John\Desktop\FRST-OlderVersion\ 3.6s C:\Users\John\Desktop\FRST-OlderVersion\ 15.3s C:\FRST\Logs\ct 15.3s C:\FRST\Logs\ct 15.3s C:\Users\John\Desktop\Fixlog.txt 15.7s C:\FRST\Quarantine\C\ 15.7s C:\FRST\Quarantine\C\ 15.7s C:\FRST\Quarantine\C\ 15.7s C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\ 15.7s C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\browser\ 15.7s C:\FRST\Quarantine\C\Program Files (x86)\ 15.7s C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\browser\searchplugins\ 15.7s C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\browser\searchplugins\ 15.7s C:\FRST\Quarantine\C\Users\ 15.7s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\ 15.7s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\ 15.7s C:\FRST\Quarantine\C\Users\John\AppData\ 15.7s C:\FRST\Quarantine\C\Users\John\ 15.7s C:\FRST\Quarantine\C\Users\John\ 15.7s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\ 15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\ 15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\ 15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\ 15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\ 15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\ 15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\Extensions\ 15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\ 16.0s C:\FRST\Quarantine\C\ProgramData\ 16.0s C:\FRST\Quarantine\C\ProgramData\ 16.0s C:\FRST\Quarantine\C\ProgramData\ 16.1s C:\FRST\Quarantine\C\Windows\System32\Tasks\ 16.1s C:\FRST\Quarantine\C\Windows\ 16.1s C:\FRST\Quarantine\C\Windows\System32\ 16.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid 16.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci 16.3s C:\FRST\Quarantine\C\Windows\Tasks\ 16.3s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.dir 16.3s C:\FRST\Quarantine\C\Windows\SysWOW64\ 16.5s C:\Windows\Prefetch\BITSADMIN.EXE-80E1BDAA.pf 16.5s C:\Windows\Prefetch\BITSADMIN.EXE-80E1BDAA.pf 17.4s C:\Windows\Prefetch\NETSH.EXE-3DD790C5.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf 18.5s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid 18.5s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci 18.7s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.dir 19.2s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx 24.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid 24.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci 25.7s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir 26.1s C:\Windows\Prefetch\SEARCHINDEXER.EXE-77D27BAC.pf 33.0s C:\FRST\Logs\Fixlog_28-12-2014_21-24-28.txt 34.9s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid 34.9s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci 35.0s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.dir C:\Users\John\Downloads\JRT.exe Size . . . . . . . : 1,707,939 bytes Age . . . . . . . : 0.0 days (2014-12-29 22:56:48) Entropy . . . . . : 8.0 SHA-256 . . . . . : 2DD0F84C137A2239E2194101FB1DB9FA38E70EA82B3C0761A2DF366A6C0B8FF4 Running processes : 4004 Fuzzy . . . . . . : 22.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program is running but currently exposes no human-computer interface (GUI). Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. The file is in use by one or more active processes. Forensic Cluster -76.5s C:\Users\John\AppData\Roaming\Raptr\Unknown\config\prefs.xml -73.7s C:\Users\John\AppData\Roaming\Raptr\ltc\[help] Explorer.EXE.log -71.8s C:\Users\John\AppData\Roaming\Raptr\data\raptrguest8r1vrjq4\config\certificates\x509\tls_peers\xmpp-server4.raptr.com -69.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\043B9F6B2419DF60CD1450AAB52E6D048C63BFC1 -69.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\D89139A34C4C7C021FCE3318B0CF62DCBD8EAB33 -67.4s C:\Users\John\AppData\Roaming\Raptr\data\raptrguest8r1vrjq4\config\blist.xml -66.6s C:\Users\John\AppData\Roaming\Raptr\ltc\[help] firefox.exe.log -66.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\B783A864354FA3BCA55141CDA0E50E2D83221684 -65.1s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\ACD530712C7E96D6A47D5C87958345D2B39AF546 -65.1s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\F302E984C8756C0FB75DD8C93533502D0C2CE9CF -64.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\5CEBA5E71C9CAC85BF3D744792E5FF3332AC1E3A -64.5s C:\Users\John\AppData\Roaming\Raptr\data\raptrguest8r1vrjq4\config\xmpp-caps.xml -64.1s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\479D431A6A63732BBF8CFB5179772AA3B62C0020 -64.1s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\343F5CB838BD7F103127772D872180EF42D575C1 -63.7s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\9873AC0174BE2D26774009E3E513B0731996C43C -63.7s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\C8C9AC33B96F82DD017962730F443621E8673163 -63.7s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\289E399E67FD10F4D518B70C33BFA522EE9477E8 -63.7s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\02245BD9B07010DEE09730C11C109E7D26C05748 -63.7s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\AD85FAE24CBFA591FB1FA23903A5FCF846045894 -63.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\27149D7AD793392E343CB588AD53CB59D4BD30D9 -63.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\68AE61A591D80B589033CFA393DEADCE68612BF4 -63.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\06E32A6A3B3873A533784C415B93F2A69AC7ADD7 -63.2s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\9AC4F034983499B161FB935610DEC78E82355394 -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\A86B16344FF29BDDBEB988304DBF9946F5E8BB07 -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\B594CBE0E7AD25F5EF8F7113CF6B423BCF7EFB71 -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\83136BDE10805CDF78E7D0F157741E335D4364B8 -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\6D5CBAE7C55992B134C01611624C9DA39B60937C -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\AE3383DBC1940B7A2C6160CFD6785BBAF9AE2DCC -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\72570E4EF1EC230A310A5090C63D3FDD61643A34 -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\E35DD83838C62650C67C074A48DB6B4EC7A567D9 -58.8s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\29A77CE770FD9E5D3384EB5B1E571A380A3C62C3 -58.8s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\5A83166600E36A2CA392DF02DE727B589B7FAA3F -58.8s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\F45EA45414731AA75790AC61ED3E4E8C602AA447 -58.8s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\2A5A4DB9EAF9D348EB80798BA694A739B07AC3A2 -58.8s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\68CF8247B6F3D94EE9F18E84F8FD3D284A253C18 -58.8s C:\Users\John\AppData\Roaming\Raptr\version_gold.txt -58.5s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\A6F7B9692BDCBC7BBAE3D302158B2332C34EA4E6 -58.3s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\E5ECDCB17F94348A5FE0E0BE47D1155C955784AC -58.3s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\99B6C39E369A56B0E50281860EDD8F996E2845E2 -58.1s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\73625037A4C54D10764C5FAF0CBB44C4DFFE6A2F -58.1s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\15DD693F9E923B046BC25511B92B33E5CD3FCC44 -58.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\61FAB1220BC966F299D54727C8488F6BF49C3C56 -57.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\020167DE0B0F1B469EB87F29CBA5A1603A452DD4 -57.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\22E0ABABA88BA61090C60D37DF8243004E05CE3A -52.6s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\86CA44F0918B28893D2B26C4286DB477BDD24C20 -52.6s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\B2DE0ACAE9E657FA661B2964727E93614D74888B -49.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\C19620050173DDAA65DA9E7CC69B3E80EB765F4E -48.5s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\A3191767E90749DEA70657CD19BD5118B696CDB9 -48.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\6C2431D76E8281FF74CA978EDB5219C918B528E4 -48.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\694FCEC0C426F79A2DD7F4AE8E70C47C8F6DF052 -43.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\C91CDDE8BD14572652A2CFC20FB8BE8FB5D068BC -43.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\94CA507DCA4A266C57BDCD0B7BB9137100C303B7 -38.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\71E8571A7C54B7CB32BC75403C0E59B12966E8BD -38.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\9CE9E0766BCD4368137E920F467BA29AE732D2F0 -32.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\1AFC4482962F40CC5663209C13E495793E03FFCB -31.5s C:\Windows\Prefetch\ReadyBoot\Trace1.fx -30.5s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\E667B89115F4717F16C97B99A36CDA348F5BBDC2 -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\16419496E6AFEBFDDFB3FF3184AE08120383F30D -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\F5421BD28877F7D12678F72E3D4ADD5407DA44B7 -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\ED1F414392F43B2A8CF3B788A7D4A5C498BC8FD0 -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\FD32D59187048CEFF23A9F1B6B9E80C3185C1312 -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\08DD57F9112DC7BF152A342CED8BD2D6FC84227C -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\55D1680AD31D0724BE70AD666797BE9B3A32889D -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\C7FDB99F36242790D9D4F414E4D335F4AEB32856 -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\AB223F58720DD860473DF3FCA836DB1179BC1FCA -28.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\064AA66E1C7C13C71529FA06641B63A66307782F -28.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\0854B45E9A493BA8F3A9E0983F4A02A9A396E481 -23.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\4AB25CB553FDD0186C88A6994DC251C0F47F6D2C -17.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\810CEE52531F085B5F8368309A3A2E3C129E1FF0 -12.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\FC73336CE373147E7550788FA5A64EE54CDAC995 -8.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\77BFCBD99FD6E5629E4BD6C9237F00B66E5FF233 -7.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\05F87D96C4D0366DE71D6D2500D7C54B622D66D4 -7.7s C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{9974cc49-14d5-4086-9735-db63d57875ab}\ -7.6s C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{9974cc49-14d5-4086-9735-db63d57875ab}\snapshot.etl -2.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\4B79FC3632E53324FE6E7B0443E1BEFAD86DB960 0.0s C:\Users\John\Downloads\JRT.exe 2.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\A386E9630A68D22C0B1EE10B0C7129C8E1E4AAF2 2.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\2B40495B50859EC01F390ABDAA9137085C1A2E59 7.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\8627FA7F7F2CC6BE0D3B946F5457E2AEE5D83AC5 12.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\F3D2293463C9DBEF63F8C071321C6D6733E84EFB 12.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\8C4302FC366A43632CA14D1571CA2BBD8EC64BB7 17.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\BA30035848BA6FF9F6CC9B85E9D6FCD36AAD8EC8 17.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\3E5A65AFAFF1DE5A11EF931041A148A91EEA6E1A 21.1s C:\Users\John\AppData\Local\Temp\jrt\ 21.3s C:\Users\John\AppData\Local\Temp\jrt\erunt\ 21.3s C:\Users\John\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest 21.3s C:\Users\John\AppData\Local\Temp\jrt\ask.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\chrome.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\delfolders.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\ev_clear.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\firefox.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\get.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\iexplore.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\medfos.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\misc.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\mws.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\prelim.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\runvalues.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\searchlnk.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\surfvox.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\TDL4.bat 21.3s C:\Users\John\AppData\Local\Temp\jrt\clean_shortcut.vbs 21.3s C:\Users\John\AppData\Local\Temp\jrt\erunt\README.TXT 21.3s C:\Users\John\AppData\Local\Temp\jrt\currentmd5.txt 21.3s C:\Users\John\AppData\Local\Temp\jrt\sednewline.txt 21.3s C:\Users\John\AppData\Local\Temp\jrt\appinit64_null.reg 21.3s C:\Users\John\AppData\Local\Temp\jrt\appinit_null.reg 21.3s C:\Users\John\AppData\Local\Temp\jrt\CHR_open_x64.reg 21.3s C:\Users\John\AppData\Local\Temp\jrt\CHR_open_x86.reg 21.3s C:\Users\John\AppData\Local\Temp\jrt\datamngr_del.reg 21.3s C:\Users\John\AppData\Local\Temp\jrt\FF_open_x64.reg 21.4s C:\Users\John\AppData\Local\Temp\jrt\FF_open_x86.reg 21.4s C:\Users\John\AppData\Local\Temp\jrt\IE_open_x64.reg 21.4s C:\Users\John\AppData\Local\Temp\jrt\IE_open_x86.reg 21.4s C:\Users\John\AppData\Local\Temp\jrt\winlogon.reg 21.4s C:\Users\John\AppData\Local\Temp\jrt\badFOLDERS.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\badFOLDERScom.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\badFOLDERSstart.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\badLNK.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\badvalues.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\browsermngr_keys.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\browsermngr_values.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\CHRregkey_x64.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\CHRregkey_x86.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\CHR_extensions.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\defaultscope.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\FFwhtlist.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\IEwhtlst.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\runvalues_x64.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\runvalues_x86.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\serviceseventlog.cfg 21.4s C:\Users\John\AppData\Local\Temp\jrt\askCLSID.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\askregkey_x64.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\askregkey_x86.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\askregvalue_x64.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\askregvalue_x86.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\askservices.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\badAPPINIT.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\BHO_clsid.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\BHO_name.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\CHOICE.DAT 21.4s C:\Users\John\AppData\Local\Temp\jrt\CUT.DAT 21.4s C:\Users\John\AppData\Local\Temp\jrt\FFbrowsermngr.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\FFextensions.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\FFpluginREG.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\FFplugins.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\FFprefs.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\FFregkey_x64.dat 21.4s C:\Users\John\AppData\Local\Temp\jrt\FFregkey_x86.dat 21.7s C:\Users\John\AppData\Local\Temp\jrt\FFXML.dat 21.7s C:\Users\John\AppData\Local\Temp\jrt\FFXPI.dat 21.7s C:\Users\John\AppData\Local\Temp\jrt\GREP.DAT 21.7s C:\Users\John\AppData\Local\Temp\jrt\IFEO.dat 21.7s C:\Users\John\AppData\Local\Temp\jrt\NIRCMD.DAT 21.7s C:\Users\John\AppData\Local\Temp\jrt\SED.DAT 21.7s C:\Users\John\AppData\Local\Temp\jrt\services.dat 21.7s C:\Users\John\AppData\Local\Temp\jrt\SHORTCUT.DAT 21.7s C:\Users\John\AppData\Local\Temp\jrt\WGET.DAT 21.7s C:\Users\John\AppData\Local\Temp\jrt\erunt\ERDNT.E_E 21.7s C:\Users\John\AppData\Local\Temp\jrt\erunt\ERDNTDOS.LOC 21.7s C:\Users\John\AppData\Local\Temp\jrt\erunt\ERDNTWIN.LOC 21.7s C:\Users\John\AppData\Local\Temp\jrt\erunt\ERUNT.LOC 21.9s C:\Users\John\AppData\Local\Temp\jrt\erunt\ERUNT.EXE 21.9s C:\Users\John\AppData\Local\Temp\jrt\libiconv2.dll 21.9s C:\Users\John\AppData\Local\Temp\jrt\libintl3.dll 21.9s C:\Users\John\AppData\Local\Temp\jrt\pcre3.dll 21.9s C:\Users\John\AppData\Local\Temp\jrt\regex2.dll 21.9s C:\Users\John\AppData\Local\Temp\jrt\temp\null.txt 21.9s C:\Users\John\AppData\Local\Temp\jrt\temp\ 22.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\index 22.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\1438E6CC6202E2E05AFE22DE82277EB8E22107D8 22.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\1E8E6F4382943177B8E9AF52571B846F0C47C47B 22.7s C:\Windows\Prefetch\TASKKILL.EXE-B1536702.pf 23.0s C:\Windows\Prefetch\NIRCMD.DAT-1964F7AF.pf 23.1s C:\Windows\Prefetch\PING.EXE-6B29C0CD.pf 23.6s C:\Users\John\AppData\Local\Temp\jrt\newmd5.txt 23.6s C:\Windows\Prefetch\WGET.DAT-7C63DC99.pf 23.7s C:\Windows\Prefetch\FC.EXE-1E325414.pf 25.8s C:\Windows\ERUNT\ 25.8s C:\Windows\ERUNT\JRT\ 25.8s C:\Windows\ERUNT\JRT\ERDNT.INF 25.9s C:\Windows\ERUNT\JRT\ERDNT.CON 25.9s C:\Windows\ERUNT\JRT\BCD 25.9s C:\Windows\ERUNT\JRT\SOFTWARE 26.9s C:\Windows\ERUNT\JRT\SYSTEM 27.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\3EF9F3D0CEF7141BBE132AADA0B3687F2FBD3EB5 27.2s C:\Windows\ERUNT\JRT\DEFAULT 27.3s C:\Windows\ERUNT\JRT\SECURITY 27.4s C:\Windows\ERUNT\JRT\SAM 27.4s C:\Windows\ERUNT\JRT\Users\ 27.4s C:\Windows\ERUNT\JRT\Users\00000001\ 27.4s C:\Windows\ERUNT\JRT\Users\00000001\NTUSER.DAT 27.6s C:\Windows\ERUNT\JRT\Users\00000002\ 27.6s C:\Windows\ERUNT\JRT\Users\00000002\UsrClass.dat 27.7s C:\Windows\ERUNT\JRT\ERDNT.EXE 27.7s C:\Windows\ERUNT\JRT\ERDNTWIN.LOC 27.7s C:\Windows\ERUNT\JRT\ERDNTDOS.LOC 27.7s C:\Windows\Prefetch\ERUNT.EXE-8E69453B.pf 27.8s C:\Windows\Prefetch\REG.EXE-8826EE4D.pf 27.9s C:\Windows\Prefetch\FINDSTR.EXE-7F3B6129.pf 31.1s C:\Windows\Prefetch\JRT.EXE-2D4345BA.pf 37.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\7E35457F4D382D61AFF6A971307C449DE556B9AF 37.3s C:\Windows\Prefetch\GREP.DAT-4FBAF2FC.pf 48.6s C:\Windows\Prefetch\SC.EXE-4502142D.pf 48.7s C:\Windows\Prefetch\FIND.EXE-CEB858FC.pf 64.4s C:\Windows\Prefetch\REGEDIT.EXE-32FE412B.pf 70.3s C:\Users\John\AppData\Local\Temp\WPDNSE\ Potential Unwanted Programs _________________________________________________ HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro) HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro) HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPDRIVER_1.37.0.486\ (ShopperPro) HKLM\SYSTEM\ControlSet001\services\eventlog\Application\winzipersvc\ (AirZip) HKLM\SYSTEM\ControlSet002\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro) HKLM\SYSTEM\ControlSet002\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro) HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPDRIVER_1.37.0.486\ (ShopperPro) HKLM\SYSTEM\ControlSet002\services\eventlog\Application\winzipersvc\ (AirZip) HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro) HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro) HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPDRIVER_1.37.0.486\ (ShopperPro) HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\winzipersvc\ (AirZip) HKU\.DEFAULT\Software\AppDataLow\Software\Sense\ (SaveSense) HKU\S-1-5-18\Software\AppDataLow\Software\Sense\ (SaveSense) HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (ShopperPro) HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (ShopperPro) Cookies _____________________________________________________________________ C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ad.360yield.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ad.mlnadvertising.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ads.ad4game.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ads.kaldata.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ads.pubmatic.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ads.stickyadstv.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:adtech.de C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:adtechus.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:advertising.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:at.atwola.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:atdmt.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:burstnet.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:casalemedia.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:diff3.smartadserver.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:doubleclick.net C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:fastclick.net C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:media6degrees.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:revsci.net C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ru4.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:smartadserver.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:solutions.tradedoubler.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:tradedoubler.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:www.burstnet.com C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:www.googleadservices.com Дано съм се справил
  4. pocketrocket

    Може ли помощ с delta-homes.com вирус

    При стартиране на firefox отново зарежда delta-homes.com Ето лога Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014 Ran by John at 2014-12-28 21:24:10 Run:1 Running from C:\Users\John\Desktop Loaded Profile: John (Available profiles: John) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...R1007D1B007D1BX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...R1007D1B007D1BX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...R1007D1B007D1BX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...R1007D1B007D1BX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms} HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms} HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...R1007D1B007D1BX HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...R1007D1B007D1BX HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsur...R1007D1B007D1BX SearchScopes: HKU\S-1-5-21-1942577815-974979230-2030574014-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-...q={searchTerms} SearchScopes: HKU\S-1-5-21-1942577815-974979230-2030574014-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-...q={searchTerms} BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX FF SelectedSearchEngine: delta-homes FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml FF Extension: Security Protection - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\Extensions\detgdp@gmail.com [2014-12-23] FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\extensions\detgdp@gmail.com FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.delta-hom...R1007D1B007D1BX R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-21] (Cherished Technololgy LIMITED) [File not signed] C:\ProgramData\IePluginServices R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [472064 2014-12-22] (Fuyu LIMITED) [File not signed] C:\ProgramData\WindowsMangerProtect R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [470704 2014-12-17] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION C:\Program Files (x86)\WinZipper 2014-12-23 10:42 - 2014-12-27 18:02 - 00000000 ____D () C:\Program Files (x86)\WinZipper 2014-12-23 10:42 - 2014-12-23 10:42 - 00000000 ____D () C:\Users\John\AppData\Roaming\WinZipper 2014-12-23 10:42 - 2014-12-23 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper Task: {03604545-B4D5-4B45-91CA-D8FF9EC27AEB} - System32\Tasks\cphcqbkuw => Rundll32.exe "C:\Windows\SysWOW64\duserc.dll",ncfgbhsmo Task: {0B2B39DD-C48B-4178-B965-9FDD87E7F9E3} - System32\Tasks\{44D6EA9B-0231-44B7-AF7E-8825800902E2} => pcalua.exe -a C:\Users\John\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=smt Task: C:\Windows\Tasks\cphcqbkuw.job => C:\Windows\SysWOW64\duserc.dll C:\Windows\SysWOW64\duserc.dll C:\Users\John\AppData\Roaming\istartsurf C:\Windows\Tasks\cphcqbkuw.job AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 cmd: bitsadmin /reset /allusers cmd: netsh winsock reset catalog cmd: ipconfig /flushdns emptytemp: end ***************** Processes closed successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKU\S-1-5-21-1942577815-974979230-2030574014-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-1942577815-974979230-2030574014-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully. HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully. HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} => Key not found. Firefox newtab deleted successfully. Firefox SelectedSearchEngine deleted successfully. Firefox homepage deleted successfully. C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml => Moved successfully. C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\Extensions\detgdp@gmail.com => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\detgdp@gmail.com => value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully. IePluginServices => Service deleted successfully. C:\ProgramData\IePluginServices => Moved successfully. WindowsMangerProtect => Service deleted successfully. C:\ProgramData\WindowsMangerProtect => Moved successfully. winzipersvc => Service not found. C:\Program Files (x86)\WinZipper => Moved successfully. "C:\Program Files (x86)\WinZipper" => File/Directory not found. C:\Users\John\AppData\Roaming\WinZipper => Moved successfully. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{03604545-B4D5-4B45-91CA-D8FF9EC27AEB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03604545-B4D5-4B45-91CA-D8FF9EC27AEB}" => Key deleted successfully. C:\Windows\System32\Tasks\cphcqbkuw => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cphcqbkuw" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B2B39DD-C48B-4178-B965-9FDD87E7F9E3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B2B39DD-C48B-4178-B965-9FDD87E7F9E3}" => Key deleted successfully. C:\Windows\System32\Tasks\{44D6EA9B-0231-44B7-AF7E-8825800902E2} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{44D6EA9B-0231-44B7-AF7E-8825800902E2}" => Key deleted successfully. C:\Windows\Tasks\cphcqbkuw.job => Moved successfully. C:\Windows\SysWOW64\duserc.dll => Moved successfully. "C:\Users\John\AppData\Roaming\istartsurf" => File/Directory not found. "C:\Windows\Tasks\cphcqbkuw.job" => File/Directory not found. C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully. ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.5.7601 ] BITS administration utility. © Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => Removed 742.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 21:24:19 ====
  5. pocketrocket

    Може ли помощ с delta-homes.com вирус

    Трети опит И разбира се, весела Коледа Addition.txt
  6. Проблема е когато стартирам firefox starting page ми излиза delta-homes.com. Не знам дали има сериозни последстви, но е много досадно. Това е лог файла Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014 Ran by John (administrator) on JOHN-PC on 27-12-2014 21:09:34 Running from C:\Users\John\Desktop Loaded Profile: John (Available profiles: John) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe (Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc) HKU\S-1-5-21-1942577815-974979230-2030574014-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1942577815-974979230-2030574014-1000\...\MountPoints2: {d8058ca7-28a3-11e4-bb6f-50e54934c8c1} - F:\setup.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1408602902&from=smt&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1408602902&from=smt&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1408602902&from=smt&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1408602902&from=smt&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms} HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms} HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1408602902&from=smt&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX SearchScopes: HKU\S-1-5-21-1942577815-974979230-2030574014-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms} SearchScopes: HKU\S-1-5-21-1942577815-974979230-2030574014-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms} BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 46.40.72.17 46.40.72.18 FireFox: ======== FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX FF SelectedSearchEngine: delta-homes FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml FF Extension: Security Protection - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\Extensions\detgdp@gmail.com [2014-12-23] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-04] FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\extensions\detgdp@gmail.com FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.delta-homes.com/?type=sc&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX Chrome: ======= CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-15] CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-15] CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-15] CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-15] CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15] CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-21] (Cherished Technololgy LIMITED) [File not signed] R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [472064 2014-12-22] (Fuyu LIMITED) [File not signed] R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [470704 2014-12-17] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-21] (Disc Soft Ltd) S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 21:09 - 2014-12-27 21:09 - 02122752 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe 2014-12-27 21:09 - 2014-12-27 21:09 - 00012167 _____ () C:\Users\John\Desktop\FRST.txt 2014-12-27 21:09 - 2014-12-27 21:09 - 00000000 ____D () C:\FRST 2014-12-27 21:04 - 2014-12-27 21:04 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\John\Downloads\SpyHunter-installer.exe 2014-12-27 21:01 - 2014-12-27 21:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-27 21:01 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-23 10:42 - 2014-12-27 18:02 - 00000000 ____D () C:\Program Files (x86)\WinZipper 2014-12-23 10:42 - 2014-12-23 10:42 - 00000000 ____D () C:\Users\John\AppData\Roaming\WinZipper 2014-12-23 10:42 - 2014-12-23 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper 2014-12-22 21:59 - 2014-12-22 21:59 - 00013744 _____ () C:\Users\John\Downloads\A.Merry.Friggin.Christmas.2014.DVDRip.x264.AC3-iFT.torrent 2014-12-22 21:58 - 2014-12-22 21:58 - 00014443 _____ () C:\Users\John\Downloads\A.Merry.Friggin.Christmas.2014.HDRip.XViD-juggs[ETRG].torrent 2014-12-22 21:50 - 2014-12-22 21:51 - 00015024 _____ () C:\Users\John\Downloads\Mama.2013.BDRip.x264.AAC-WAR.torrent 2014-12-18 08:21 - 2014-12-13 07:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 08:21 - 2014-12-13 05:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-15 22:08 - 2014-12-15 22:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2014-12-11 18:17 - 2014-12-11 18:17 - 00015675 _____ () C:\Users\John\Downloads\Romantik.Komedi.2.2013.DVDRip.x264.DUAL-REFLUX.torrent 2014-12-11 09:14 - 2014-12-11 09:14 - 00000000 ____D () C:\Users\John\AppData\Roaming\library_dir 2014-12-11 09:14 - 2014-12-11 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved 2014-12-11 09:13 - 2014-12-27 20:20 - 00000000 ____D () C:\Users\John\AppData\Roaming\Raptr 2014-12-11 09:13 - 2014-12-11 09:14 - 00000000 ____D () C:\Program Files (x86)\Raptr 2014-12-11 09:13 - 2014-12-11 09:13 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201412110913363070.log 2014-12-11 09:13 - 2014-12-11 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-12-11 09:13 - 2014-12-11 09:13 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2014-12-11 09:12 - 2014-12-11 09:12 - 00000000 ____D () C:\ProgramData\ATI 2014-12-11 09:12 - 2014-12-11 09:12 - 00000000 ____D () C:\Program Files (x86)\AMD 2014-12-11 09:03 - 2014-12-11 09:03 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-11 01:28 - 2014-10-18 04:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-11 01:28 - 2014-10-18 03:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 09:40 - 2014-12-04 04:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 09:40 - 2014-12-04 04:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 09:40 - 2014-12-04 04:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 09:40 - 2014-12-04 04:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 09:40 - 2014-12-04 04:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 09:40 - 2014-12-04 04:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 09:40 - 2014-12-04 04:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 09:40 - 2014-12-02 01:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-10 09:40 - 2014-11-27 03:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 09:40 - 2014-11-27 03:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 09:40 - 2014-11-22 05:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 09:40 - 2014-11-22 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 09:40 - 2014-11-22 05:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 09:40 - 2014-11-22 04:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 09:40 - 2014-11-22 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 09:40 - 2014-11-22 04:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 09:40 - 2014-11-22 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 09:40 - 2014-11-22 04:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 09:40 - 2014-11-22 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 09:40 - 2014-11-22 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 09:40 - 2014-11-22 04:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 09:40 - 2014-11-22 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 09:40 - 2014-11-22 04:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 09:40 - 2014-11-22 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 09:40 - 2014-11-22 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 09:40 - 2014-11-22 04:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 09:40 - 2014-11-22 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 09:40 - 2014-11-22 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-10 09:40 - 2014-11-22 04:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 09:40 - 2014-11-22 04:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 09:40 - 2014-11-22 04:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 09:40 - 2014-11-22 04:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 09:40 - 2014-11-22 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-10 09:40 - 2014-11-22 04:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-10 09:40 - 2014-11-22 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 09:40 - 2014-11-22 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 09:40 - 2014-11-22 04:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 09:40 - 2014-11-22 03:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-10 09:40 - 2014-11-22 03:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-10 09:40 - 2014-11-22 03:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-10 09:40 - 2014-11-22 03:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-10 09:40 - 2014-11-22 03:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 09:40 - 2014-11-22 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 09:40 - 2014-11-22 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 09:40 - 2014-11-22 03:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 09:40 - 2014-11-22 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-10 09:40 - 2014-11-22 03:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 09:40 - 2014-11-22 03:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 09:40 - 2014-11-22 03:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-10 09:40 - 2014-11-22 03:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 09:40 - 2014-11-22 03:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 09:40 - 2014-11-22 03:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 09:40 - 2014-11-22 03:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 09:40 - 2014-11-22 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 09:40 - 2014-11-22 03:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 09:40 - 2014-11-22 03:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-10 09:40 - 2014-11-22 03:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 09:40 - 2014-11-22 03:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 09:40 - 2014-11-22 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 09:40 - 2014-11-22 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 09:40 - 2014-11-22 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 09:40 - 2014-11-22 02:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 09:40 - 2014-11-11 05:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 09:40 - 2014-11-11 04:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 09:40 - 2014-11-11 03:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 09:40 - 2014-11-08 05:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 09:40 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-10 09:40 - 2014-10-30 04:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 09:40 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 09:40 - 2014-10-03 04:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 09:40 - 2014-10-03 04:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 09:40 - 2014-10-03 04:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 09:40 - 2014-10-03 04:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 09:40 - 2014-10-03 04:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 09:40 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 09:40 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 09:40 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 09:40 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 09:40 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-04 10:45 - 2014-12-04 10:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-01 19:18 - 2014-12-01 19:18 - 00014871 _____ () C:\Users\John\Downloads\Blind.Dating.2006.BDRip.XviD.AC3.DUAL-REFLUX.torrent 2014-12-01 19:17 - 2014-12-01 19:17 - 00014931 _____ () C:\Users\John\Downloads\The.Invention.of.Lying.2009.BDRip.XviD.AC3.DUAL-REFLUX.torrent ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-27 21:02 - 2014-08-15 07:39 - 01057732 _____ () C:\Windows\WindowsUpdate.log 2014-12-26 08:56 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-26 08:56 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-25 19:48 - 2014-09-08 18:14 - 00000306 _____ () C:\Windows\Tasks\cphcqbkuw.job 2014-12-25 19:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-25 19:48 - 2009-07-14 06:51 - 00169989 _____ () C:\Windows\setupact.log 2014-12-24 12:23 - 2014-08-15 22:59 - 00000000 ____D () C:\Users\John\Desktop\Games 2014-12-23 10:41 - 2014-08-21 08:35 - 00001623 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-23 10:41 - 2014-08-21 08:35 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-12-23 10:41 - 2014-08-15 08:37 - 00001387 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-12-23 10:41 - 2014-08-15 07:40 - 00001641 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-22 22:13 - 2009-07-14 07:13 - 00006182 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-22 22:05 - 2014-08-15 09:21 - 00000000 ____D () C:\Users\John\AppData\Roaming\uTorrent 2014-12-11 11:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-12-11 09:13 - 2014-08-15 23:33 - 00000000 ____D () C:\ProgramData\AMD 2014-12-11 09:12 - 2014-08-15 23:28 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-12-11 09:11 - 2014-08-15 23:32 - 00000000 ____D () C:\Program Files\AMD 2014-12-11 09:11 - 2014-08-15 23:31 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-11 09:09 - 2014-08-15 23:27 - 00000000 ____D () C:\AMD 2014-12-11 09:03 - 2014-08-16 09:18 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-11 09:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-11 09:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-08 08:37 - 2014-08-15 08:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-27 01:07 - 2014-08-15 22:43 - 00000000 ____D () C:\Users\John\AppData\Local\Battle.net ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-25 12:11 ==================== End Of Log ============================ Ето го и другия файл Втори опит
  7. pocketrocket

    Има ли разлика между каньон и ждрело ?

    Благодарско, бяхте много полезни
  8. Ами това е. Има ли разлика? Споря с една позната относно Еменското ждрело/каньон. В google намирам да се нарича и с двете имена и това ме навежда на мисълта, че и двете са правилни. Значи ли това, че природното явление на р. Ерма може да се оперели като ждрело и каньон ?
  9. pocketrocket

    На кой мерцедес викат Сом ?

    Лелеее след 6 мъчителни години някой задоволи любопитството ми ! Благодаря Ви !
  10. Здравейте чудя се кои от двете фирми да избера за пакет интернет + цифрова телевизия. Интернета на булсатком ми е непознат като качество, докато Мегалан съм ги ползвал и са супер. Цифровата телевизия пък на мегалан не съм ползвал и не знам дали е качествена, докато тази на булсатком съм я ползвал и е супер. Може ли да се каже кой от двата пакета е по-добър ?
  11. Добре ако просто отида и си купа HDMI кабел няма ли да се реши проблема ?
  12. професоре, мисля, че на снимката ясно се вижда какви входове има телевизора - скарт, компонент и HDMI И моля те не бъди саркастичен, а любезен Ето изглед от зад на телевизора все пак
  13. Здравейте Имам малък проблем със свързването на ТВ и двд система. На стария ми ТВ и старата двд система беше лесно. Един скарт кабел и нещата заспиват. Но тук е малко по различно. На двд системата нямам скарт От приложената картинка се вижда, че метод 1 отпада поради липса на HDMI кабел. Метод 2 - компонент не ми се съвсем ясен ... нямам в комплекта такива кабели, но ми приличат на съвсем обикновенни чинч кабели, три на брой. Ако някой го е свързал така да каже Аз се сетих за един кабел, който от едната страна е скарт, а от другата е компонент (три чинча) ако си купя такъв ще стане ли свързването ?
  14. pocketrocket

    Проблем с настройки на рутер Tp-link TL-WR340G

    благодаря, ще опитам и ще пиша какво е станало
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.