Премини към съдържанието

Филтри за търсене

Показани резултати за тагове 'приключен'.

  • Търсене по таг

    Въведете тагове разделени със запетая
  • Търсене по автор

Търсене в


Форуми

  • Софтуер
    • Нови Програми
    • Търсене на Програми
    • Програми - Проблеми и Дискусии
    • Драйвери - Търсене, Проблеми, Линкове
    • Операционни системи
    • Сигурност и антивирусна защита
    • Игри
  • Хардуер
    • Общи хардуерни въпроси
    • Преносими компютри
    • Дънни платки
    • Запаметяващи устройства и памети
    • Монитори, Аудио и Видеокарти
    • Периферия
    • Овърклок и PC модинг
    • Нови конфигурации и части, въпроси, препоръки и мнения
  • Мобилни телефони, GSM, Мобилни приложения, Комуникации
    • Мобилни телефони - Въпроси, Проблеми, Софтуер
    • Съвети при избор на телефон
    • Мобилни Приложения (Apps)
    • Мобилни оператори, Мрежи, Промоции, Абонаменти, Услуги
    • Други теми относно мобилни телефони
  • Уеб дизайн, Графичен дизайн, Програмиране
    • Програмиране
    • Графичен Дизайн и Визуални изкуства
    • CMS, Форумни и Торент системи
    • Хостинг, Домейни, Уеб сървъри
    • SEO, Уеб оптимизация и стандарти
  • Битова Техника
    • Аудиотехника
    • Телевизори, Видео и Фото техника, Видео наблюдение
    • Климатици - проблеми, съвети, въпроси
    • Бойлери, Печки, Отопление
    • Друга битова техника
  • Интернет, Локални Мрежи и GPS Навигации
    • Интернет, WiFi, xDSL и Локална Мрежа
    • Биткойн и Криптовалути
    • Онлайн бизнес, AdSense, Affilate програми
    • Рутери, Модеми, Суичове
    • Facebook - проблеми, въпроси, вируси
    • Skype, VoIP - Интернет телефония
    • GPS, Навигационни системи - Въпроси, Карти, Проблеми
  • Изкуство
    • Музика
    • Кино и Телевизия
    • Поезия и Лично творчество
    • Изкуство - Изящно, Приложно и Сценично
    • Фотография и Фотографска техника
    • Литература, Книги (e-books, video trainings, tutorials & etc.)
  • Други
    • Статии и ревюта
    • Образование и обща култура
    • Религия, Мистика, Езотерика
    • История
    • Философия
    • Психология и Психотерапия
    • Новини от България и Света
    • Българите по света
    • Политика
    • Право и Юридически консултации
    • Здраве и Mедицина
    • Банки, Застраховане, Финанси, Кредити
    • Тийн Зона (Teen Zone)
    • Купувам / Продавам
    • Всичко останало
  • Хоби, Развлечение и Свободно време
  • За kaldata.com
  • Теми
  • Photoshop майнаци Теми
  • python3 data types
  • какви са ви любимите игри?? Темиигри за вас
  • супрески игри и рекорди Темиигри за вас

Блогове

Няма резултати

Няма резултати

Категории

  • Компютри
    • Компютърни конфигурации
    • Компютърни компоненти
    • Периферни устройства
    • Дънни платки
    • Мултимедия
    • Компютърни игри и софтуер
    • Администриране и интернет услуги
    • Компютърни аксесоари
    • Лаптопи и таблети
    • Видеокарти
    • Монитори
    • Процесори
    • Хард дискове и Памети
    • Други
  • Електроника
    • Телефони, GSM апарати
    • Аудио
    • Битова електроника
    • GPS и навигационни системи
    • Фотоапарати и обективи
    • TV и Видео
    • Други
  • Имоти
    • Гарсониери
    • Къщи и вили
    • Търговски площи
    • Гаражи
    • Апартаменти
    • Терени
    • Офиси
    • Други имоти в продажба
  • Авто-мото
    • Автомобили
    • Велосипеди
    • Лодки
    • Резервни части
    • Авто аксесоари
    • Мотоциклети
    • Скутери и ATV
    • Камиони и Автобуси
    • Авто сервизи и Rent-a-Car
    • Други
  • Работа
    • Работа в страната
    • Работа в чужбина
    • Стажове
    • Работа от вкъщи
    • Непълно работно време
  • Услуги
  • Строителство
  • Туризъм
  • Курсове и обучение
  • Домашни любимци
  • Други
  • супрески игри и рекорди Обяви
  • супрески игри и рекорди Обяви

Категории

  • Домашни любимци и Животни
  • Игри
  • Инциденти и Екстремни
  • Коли и превозни средства
  • Музика
    • Българска музика
    • Джаз
    • Електронна
    • Метъл и Рок
    • Народна и Фолклор
    • Поп и Диско
    • Поп-фолк
    • Рап и хип-хоп
    • Ритъм енд блус и соул
    • Друга
  • Новини и политика
  • Реклами
  • Смях и Развлечение
  • Спорт
  • Технологии, Компютри, Хардуер
  • ТВ Предавания и Шоу Програми
  • Хора и блогове
  • Филми и анимация
  • Други
  • Old School Hip-Hop and Electroo 80" Видео клипчета

Календари

  • Събития
  • Изложения
  • Семинари
  • Парти
  • Празници в България

Групи продукти

  • Банер Реклами

Търсене в...

Търси резултати които съдържат...


Дата

  • Начало

    Край


Последно обновяване

  • Начало

    Край


Филтриране по брой...

Регистрация

  • Начало

    Край


Група


Skype


Facebook


Google+


Twitter


ICQ


Yahoo


Интернет сайт


Град


Интереси

Открити 321 резултата

  1. Здравейте колеги, през последните дни браузърът често ми изписва едно съобщение "Firefox предотврати този сайт да отвори нов изскачащ прозорец" и в Гугъл, в горната част на страницата се появява още едно поле за търсене. Сканирах с Malwarebytes Antimalware, беше намерен HiJack.AutoconfigURL.PrxySvrRst, но проблемът остана. Сканирах и с 360 Total Security, но нищо не беше открито. FRST.txt Addition.txt
  2. По-възможност желая на 90% от вирусите да бъдат изтрити. Както се разбира от заглавието на моменти svhost ИЛИ TrustedInstaller започва да товари процесора на 100%. Имам съмнения и за вируси, които черпят от интернета или натоварват излишно. Благодаря за отделеното време. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016 Ran by ani (administrator) on ANI-PC (17-05-2016 23:18:16) Running from C:\Users\ani\Desktop Loaded Profiles: ani (Available Profiles: ani) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE () C:\Windows\SysWOW64\PnkBstrA.exe (Flux Software LLC) C:\Users\ani\AppData\Local\FluxSoftware\Flux\flux.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe () D:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () D:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.16\deploy\LoLLauncher.exe () D:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.56\deploy\LoLPatcher.exe () D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.199\deploy\LolClient.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\ani\Desktop\FRST64 (1).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\WB: D:\asd\Stardock\MyColors\fast64.dll [X] HKU\S-1-5-21-1657206359-3542005522-2569213189-1000\...\Run: [f.lux] => C:\Users\ani\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-1657206359-3542005522-2569213189-1000\...\Run: [Cracked Steam Service] => "D:\Drugo\Cracked Steam\Cracked Steam.exe" /SERVICE HKU\S-1-5-21-1657206359-3542005522-2569213189-1000\...\MountPoints2: {7477a685-de01-11e5-a1f7-b8ee65d3c690} - F:\Setup.exe HKU\S-1-5-21-1657206359-3542005522-2569213189-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File Startup: C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-05-15] ShortcutTarget: Curse.lnk -> C:\Users\ani\AppData\Roaming\Curse Client\Bin\Curse.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 Tcpip\..\Interfaces\{671297D4-D4B2-43D6-B754-144DC1AD85F1}: [DhcpNameServer] 192.168.10.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-01] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-01] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-02-02] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-02-02] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-03] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-01] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1657206359-3542005522-2569213189-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ani\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-01-17] (Unity Technologies ApS) FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06] Chrome: ======= CHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=0482587BA2500606385375A3F8C59698&v=20160202&ts=AHEpBXMrBHUsA0.. CHR StartupUrls: Default -> "hxxps://www.google.bg/" CHR Profile: C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Презентации) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-28] CHR Extension: (Google Документи) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-28] CHR Extension: (Google Диск) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-28] CHR Extension: (YouTube) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-28] CHR Extension: (Google Търсене) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-28] CHR Extension: (Електронни таблици от Google) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-28] CHR Extension: (Google Документи офлайн) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Посетители за Facebook) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk [2016-04-29] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\ani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-28] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed] S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.) S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.) S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.) S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [66560 2013-11-06] () [File not signed] S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed] S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-03] (Intel Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-03] (Intel Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3884464 2015-11-16] (INCA Internet Co., Ltd.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2016-02-29] () S4 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed] S4 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22872 2014-07-21] (Validity Sensors, Inc.) S4 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49040 2014-07-21] (Synaptics Incorporated) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S4 4game-service; no ImagePath S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [X] S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [X] S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [X] S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [X] S4 WindowBlinds; no ImagePath ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-03] (Avira Operations GmbH & Co. KG) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2016-02-28] (DT Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [554712 2013-11-04] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2974424 2013-08-02] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB) S3 btmaux; system32\DRIVERS\btmaux.sys [X] S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-17 23:15 - 2016-05-17 23:17 - 00044208 _____ C:\Users\ani\Desktop\Addition.txt 2016-05-17 23:14 - 2016-05-17 23:18 - 00014159 _____ C:\Users\ani\Desktop\FRST.txt 2016-05-17 23:13 - 2016-05-17 23:18 - 00000000 ____D C:\FRST 2016-05-17 23:13 - 2016-05-17 23:12 - 02382336 _____ (Farbar) C:\Users\ani\Desktop\FRST64 (1).exe 2016-05-17 23:12 - 2016-05-17 23:12 - 02382336 _____ (Farbar) C:\Users\ani\Downloads\FRST64.exe 2016-05-17 23:12 - 2016-05-17 23:12 - 02382336 _____ (Farbar) C:\Users\ani\Downloads\FRST64 (1).exe 2016-05-17 23:10 - 2016-05-17 23:11 - 00012226 _____ C:\Users\ani\Downloads\fixlist (1).txt 2016-05-17 23:10 - 2016-05-17 23:10 - 00012226 _____ C:\Users\ani\Downloads\fixlist.txt 2016-05-17 22:16 - 2016-05-17 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-05-17 22:15 - 2016-05-17 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cracked Steam 2016-05-17 22:13 - 2016-05-17 22:13 - 12426055 _____ (Anti-Valve Software ) C:\Users\ani\Downloads\csiw_setup_04_nov_2012.exe 2016-05-16 10:51 - 2016-05-16 10:51 - 00000000 ____D C:\Users\ani\AppData\Roaming\Macromedia 2016-05-16 10:50 - 2016-05-16 10:50 - 00000000 ____D C:\Users\ani\AppData\Roaming\LolClient 2016-05-16 10:50 - 2016-05-16 10:50 - 00000000 ____D C:\Users\ani\AppData\Roaming\AdobeAddition.txtAddition.txt 2016-05-16 01:18 - 2016-05-16 01:32 - 00000000 ____D C:\Users\ani\AppData\LocalLow\uTorrent 2016-05-16 01:17 - 2016-05-16 01:32 - 00000000 ____D C:\Users\ani\AppData\Roaming\uTorrent 2016-05-16 01:17 - 2016-05-16 01:17 - 01959424 _____ (BitTorrent Inc.) C:\Users\ani\Downloads\uTorrent-3-4-6-build-42178.exe 2016-05-15 14:01 - 2016-05-15 14:01 - 00000000 ____D C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-05-15 12:50 - 2016-05-15 12:50 - 00000000 ____D C:\Users\ani\Documents\Curse 2016-05-15 12:48 - 2016-05-15 12:48 - 00001010 _____ C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk 2016-05-15 12:45 - 2016-05-15 12:47 - 76549688 _____ (Curse) C:\Users\ani\Downloads\CurseClientSetup.exe 2016-05-15 11:59 - 2016-05-15 13:20 - 00000000 ____D C:\Users\ani\Documents\My Games 2016-05-15 11:58 - 2016-05-15 11:58 - 00000003 _____ C:\Windows\SysWOW64\HRUPPROG.TXT 2016-05-15 11:58 - 2016-05-15 11:58 - 00000003 _____ C:\Windows\SysWOW64\HRUPPROG.EXIT 2016-05-15 11:54 - 2016-05-15 11:58 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2016-05-15 11:53 - 2016-05-15 11:54 - 51461832 _____ (Hi-Rez Studios) C:\Users\ani\Downloads\InstallSmite (1).exe 2016-05-15 11:50 - 2016-05-15 11:50 - 51461832 _____ (Hi-Rez Studios) C:\Users\ani\Downloads\InstallSmite.exe 2016-05-08 10:28 - 2016-05-08 10:28 - 90316297 _____ C:\Users\ani\Downloads\kyoshinn.dem 2016-04-29 16:13 - 2016-04-29 16:13 - 00117153 _____ C:\Users\ani\Downloads\World of Warcraft Wrath of the Lich King 3.3.5 enUS.torrent ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-17 23:00 - 2015-12-28 00:34 - 02311118 _____ C:\Windows\ntbtlog.txt 2016-05-17 09:55 - 2009-07-14 07:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-17 09:55 - 2009-07-14 07:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-17 09:18 - 2009-07-14 08:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-17 09:18 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf 2016-05-17 08:47 - 2014-12-16 20:00 - 00000000 ____D C:\ProgramData\Validity 2016-05-16 01:31 - 2009-07-14 07:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-05-16 01:18 - 2014-12-16 20:46 - 00002627 _____ C:\Users\ani\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2016-05-15 14:08 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF 2016-05-15 13:21 - 2015-02-01 00:55 - 00000000 ____D C:\ProgramData\Hi-Rez Studios 2016-05-15 13:15 - 2014-12-16 22:44 - 00000000 ____D C:\ProgramData\Package Cache 2016-05-15 11:54 - 2014-12-16 19:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-05-07 01:07 - 2015-04-04 12:31 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-05-07 01:07 - 2015-04-04 12:31 - 00000000 ___SD C:\Windows\system32\GWX 2016-05-05 23:27 - 2014-12-18 03:02 - 00000000 ____D C:\Windows\system32\appraiser 2016-05-02 13:06 - 2016-01-22 23:07 - 00000000 ____D C:\ProgramData\BlueStacksSetup 2016-04-22 20:11 - 2009-07-14 07:45 - 00408656 _____ C:\Windows\system32\FNTCACHE.DAT 2016-04-21 15:05 - 2010-11-21 06:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-04-17 09:25 - 2014-12-18 01:52 - 00000000 ____D C:\Windows\system32\MRT 2016-04-17 09:15 - 2014-12-16 18:57 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-12-16 20:14 - 2015-11-14 00:05 - 3711104 _____ () C:\Users\ani\AppData\Local\BTServer.log 2015-06-27 14:51 - 2016-03-06 22:40 - 0007608 _____ () C:\Users\ani\AppData\Local\Resmon.ResmonCfg 2014-12-16 19:59 - 2014-12-16 19:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Files to move or delete: ==================== C:\Users\ani\mycolors_setup_dell_preload_03-16-2011.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-27 17:02 ==================== End of FRST.txt ============================ Addition.txt
  3. Здравейте, накратко, днес пускам компютъра на майка ми и виждам на десктопа надписа, че съм криптиран, ще се радвам да ми помогнете, защото преди 2-3г. на личния си компютър загубих всички файлове и форматирах диска. 20160406_213052a.jpg.crypt- така изглеждат файловете https://translate.google.com а това иска от мен да направя вируса http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ Addition.txt
  4. Здравейте, след сканиране с HitmanPro и рестартиране на машината, както програмата ме посъветва, сега изобщо не мога да стартирам. Стигам до момента, в който трябва да се напише паролата,но след като я въведа и натисна enter не се случва нищо. В долния десен ъгъл, където стои бутонът за изключване на лаптопа, в момента в който се кликне върху иконката, самото меню е празно, та дори изключването се случва посредством копчето. Лаптопът е Acer Aspire V17 Nitro. Другият странен момент е, че изобщо не мога да достигна до Safe Mode. В момента, в който се включи машината, натискам F8 многократно, но за съжаление не получвам никакъв отговор от нея. Пробвах и с други бутони F9,10, същият резултат. Ще съм ви изключително благодарен, ако можете да ми помогнете, тъй като използвам този лаптоп, за да работя и в момента буквално съм с вързани ръце. Дори не мога да старитрам и Farbar Recovery, тъй като нямам никакъв достъп до safe mode или друг начин на стартиране. Както споменах при натискането на F8 не се случва нищо. Използвам Windows 10.
  5. Здравейте. На моя позната лаптопа е пострадал от крипто вирус, но интересното е, че след разширението на файловете няма такова, по което може да се разпознае криптиращия вирус. Файловете изглеждат напълно нормални, но не могат да се отварят. На пръв поглед, като че ли не забелязвам активен вирус в момента, който най-вероятно се е самоизтрил. Имам нужда от помощ, за да преценим дали има шанс да спасим файловете. Положението, като че ли е като в тази тема ( +REcovER+cpkjr+ ), където сте написали, че е най-новата версия на TeslaCrypt но все пак да погледне експерт. Благодаря предварително! Прикачвам нужните файлове. Addition.txt FRST.txt
  6. Когато отворя флашката, ми излиза пряк път към нея. Посочения пряк път не води до никъде. Въпреки, че съм качил нещо на нея и то е заело място, няма никакви файлове. Няма и скрити файлове Addition.txt FRST.txt
  7. Здравейте! Искам да попитам за неособен проблем, но все пак ми е интересно повече Вашето мнение и напътствия. Всеки месец (в края му) правя задължително сканиране с Dr Web Curelt задължително сканиране на целият компютър. Това го практикувам от година и половина и му вярвам, защото ми е помагал понякога и не се е налагало да ви притеснявам за дребни проблеми. От 3 месеца имам HUB клиент на компютъра си (инсталиран). Програмата е "Apex"версия 1.6. Освен това, в архивният си диск имам папка със заглавие "INSTAL SOTWARE" , в която имам изтеглени всички програми инсталирани на компютъра + други, които смятам че са важни за мен , като архив, за да не ги тегля, ако ми се наложи. Така съм си устроил действията, за да не губя излишно време при търсенето на последните. Първият месец, след инсталиране на ""Apex"1.6 и сканиране с Dr Web, получих съобщение, че 2 файла от инсталационният фаил.exe на Apex имат проблем със Advare. Не се притесних, защото се сетих, че Dr Web обезателно ще реагира на такива програми и не съм предприемал премахването и от папката във "INSTAL SOFTWARE". Същият не реагира на инсталацията, която се намира в Program File на диск С. Което и не ми дава повод за притеснение. Все пак премахнах инсталационният фаил от архива Instal Softvare, намиращ се на друг диск и направих ново сканиране с "докторчето" за мое успокоение. Вече нямаше тези два файла, че са "вредоносни". Отново си изтеглих версията на Apex и си я сложих в архива, ако ми потрябва. На вторият месец при сканиране имах абсолютно същото съобщение и посочените два файла за нежелателни. Въобще не се притесних и си оставих инсталационният фаил да ми седи в архива. Днес е 3-я месец на сканиране с Dr Web и накрая получавам абсолютно същото съобщение и молба, да премахна инсталационният фаил на "Apex който отново подчертавам че се намира в папка "INSTAL SOFTWARE" на устройство "Е". Аз не се притеснявам от тази информация на Dr Web и смятам, че с който и антивирусен скенер да сканирам, и той ще ми даде такава информация и молба за премахване. Да ли съм прав, като не премахвам файла, бих желал да ми кажете вие. Аз смятам, че няма никакви наченки на притеснения, защото и по рано съм се сблъсквал с ползването на подобни програми, противоречащи на "закона за авторското право". Постът ми стана дълъг и като че ли ненужен, но все пак, Вие сте специалистите, а не аз. Ще прикача снимка, която е една и съща за тези три месеца на сканиране. Архивния фаил, в който има всичко описано го имам като текстов такъв, но не смятам да Ви го качвам заради прекомерно големият му обем, а и почти съм уверен, че ще ми отговорите така, както и аз си мисля и споделих с Вас! Благодаря на всички отзовали се и приятни почивни дни желая. С уважение: Стефан Ето и снимката:
  8. Здравейте,не съм сигурен,но има някакъв процес,който забранява стартирането на програми (https://www.kaldata.com/forums/topic/248661-антивирусната-програма-не-се-стартира/ ) и някои игри.В Event viewer ми открива грешки.Сканирах с AdwCleaner,SuperAntiSpyware.И в момента с Eset Online Scanner,който засега откри два зловредни кода. FRST.txt Addition.txt
  9. Когато пусна някоя програма и ми излиза еди кое си спря да работи и до там. Сканирах със FRST Addition.txt FRST.txt
  10. Здравейте, Компютъра ми е с Windows 7 х64, самата ОС е свалена от тракер преди години, при преинсталация ползвам един и същи диск. За защита позлвам Comodo Internet Security, за браузване Opera (новата, базирана на Chrome). От известно време зареждането на страниците се забави значително. Това особенно личи при клик на резултат от гугъл търсене. Звънях на доставчика, Мтел, човека, който дойде каза, че е "от антивирусната". Махнах я и сложих Kaspersky Total Security. Зареждането на страниците се ускори, включително и при клик на резултатите от гугъл. Докато се бях с Comodo сложих и TCPView, тогава разбрах, че копютъра се свързва с polamba-bg.org. Това уж се води сайт на полското посолство. На самия сайт има японски йероглифи, които на разбирам. Официялният сайт на посолството на Полша в България е sofia.msz.gov.pl/bg. След като сложих Kaspersky, спрях и всички разширения на Opera. Няколко дни браузвах с екран разделен на две - от едната страна браузъра, от другата TCPView Компютъра отново се свързва спорадично със споменатия адрес, има и изпращане/приемане на трафик от него. Сканирането с Comodo, Kaspersky и Malwarebytes Anti-Malware не установи нищо. Това са логове: FRST.txt Addition.txt p.s. В момента ползвам уиндоуса от имидж на Acronis, направен когато бях с Comodo.
  11. Здравейте. От няколко години машината ми е адски бавна а в последно време стана невъзможно да се работи с нея.. Постояно свети лампичката за зареждане и компа се товари много. Дори след преинсталация пак става бавна след 1 ден. Иначе ако не пускам интернета от кабела няма проблеми в момента в които свържа кабела и пусна интернета системата се дестабилизира.. Направих сканиране с Farbar Recovery Scan Tool http://www105.zippyshare.com/v/RcvLFKov/file.html http://www105.zippyshare.com/v/MBCGVm6w/file.html моля да ме извините ако нещо съм сгрешил!
  12. Получавам син екран и ми изписва, че проблемът е с amdkmpfd.sys Ето скан: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016 Ran by Guro (administrator) on ZENDER (20-01-2016 15:04:40) Running from C:\Users\Guro\Downloads Loaded Profiles: Guro (Available Profiles: Guro) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe (Facebook Inc.) C:\Users\Guro\AppData\Local\Facebook\Update\FacebookUpdate.exe () C:\Users\Guro\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (Lenovo) C:\Users\Guro\AppData\Local\Apps\2.0\ZQB4NORG.2X8\5VWNAE70.GBB\lsb...tion_91a10ba61c75c82d_0001.0006_f185aae74f563194\LSB.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2014-02-11] (ELAN Microelectronics Corp.) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation) HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6340312 2014-02-27] (Realtek semiconductor) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [263128 2013-03-05] (CyberLink Corp.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-03-04] (Advanced Micro Devices, Inc.) HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, HKU\S-1-5-21-2124046011-2835852339-3146593849-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-2124046011-2835852339-3146593849-1000\...\Run: [Facebook Update] => C:\Users\Guro\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-11-03] (Facebook Inc.) HKU\S-1-5-21-2124046011-2835852339-3146593849-1000\...\Run: [AceWebException] => C:\Users\Guro\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [22824 2015-02-28] () HKU\S-1-5-21-2124046011-2835852339-3146593849-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [431328 2013-12-20] (AppEx Networks Corporation) HKU\S-1-5-21-2124046011-2835852339-3146593849-1000\...\MountPoints2: {840cadd8-6bfb-11e4-8884-b010411007c2} - G:\Startme.exe HKU\S-1-5-21-2124046011-2835852339-3146593849-1000\...\MountPoints2: {bc18e352-8cf1-11e4-be82-b010411007c2} - H:\HTC_Sync_Manager_PC.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{F21C658A-808B-4B82-87D3-B1987E6586B1}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Guro\AppData\Roaming\Mozilla\Firefox\Profiles\609vmh3t.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2124046011-2835852339-3146593849-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Guro\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) Chrome: ======= CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "hxxp://google.com/" CHR Profile: C:\Users\Guro\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Презентации) - C:\Users\Guro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04] CHR Extension: (Google Документи) - C:\Users\Guro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Диск) - C:\Users\Guro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (CoolROM for Chrome) - C:\Users\Guro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bidfdejcompgpbmbhbnemnbpokefjaoc [2015-12-30] CHR Extension: (YouTube) - C:\Users\Guro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\Guro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05] CHR Extension: (Google Търсене) - C:\Users\Guro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Електронни таблици от Google) - C:\Users\Guro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04] CHR Extension: (Google Документи офлайн) - C:\Users\Guro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\Guro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28] CHR Extension: (Gmail) - C:\Users\Guro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] Opera: ======= OPR Extension: (AS Magic Player) - C:\Users\Guro\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-05-28] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-04] (Advanced Micro Devices, Inc.) [File not signed] R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed] S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com) R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) S2 Cadence License Manager; C:\OrCAD\license_manager\lmgrd.exe [1294336 2006-03-24] (Macrovision Corporation) [File not signed] R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG) R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.) R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed] R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 amdkmcsp; C:\Windows\System32\DRIVERS\amdkmcsp.sys [81096 2014-02-24] (Advanced Micro Devices, Inc. ) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.) R1 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [233672 2014-02-24] (Advanced Micro Devices, Inc. ) R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-10-18] (DT Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-11-14] (Sony Mobile Communications) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163576 2015-06-17] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.) R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.) R3 RtkA2dp; C:\Windows\System32\drivers\RtkA2dp.sys [178904 2013-11-05] (Realtek Semiconductor Corporation) R3 RtkAvrcpCtrlr; C:\Windows\System32\DRIVERS\RtkAvrcpCtrlr.sys [66904 2013-06-21] (Realtek Semiconductor Corporation) R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [559320 2014-01-14] (Realtek Semiconductor Corporation) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [9109720 2014-02-27] (Realtek Semiconductor Corp.) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3402968 2014-04-11] (Realtek Semiconductor Corporation ) S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-20 15:04 - 2016-01-20 15:05 - 00020710 _____ C:\Users\Guro\Downloads\FRST.txt 2016-01-20 15:04 - 2016-01-20 15:04 - 02370560 _____ (Farbar) C:\Users\Guro\Downloads\FRST64.exe 2016-01-20 15:04 - 2016-01-20 15:04 - 00000000 ____D C:\FRST 2016-01-20 15:02 - 2016-01-20 15:02 - 00000000 ____D C:\AdwCleaner 2016-01-20 15:01 - 2016-01-20 15:01 - 01505280 _____ C:\Users\Guro\Downloads\adwcleaner_5.030.exe 2016-01-20 14:59 - 2016-01-20 14:59 - 00000000 ____D C:\Users\Guro\AppData\Local\AMD 2016-01-20 14:58 - 2016-01-20 14:58 - 00000000 ____D C:\ProgramData\ATI 2016-01-20 14:51 - 2016-01-20 14:51 - 00276800 _____ C:\Windows\Minidump\012016-25630-01.dmp 2016-01-19 12:41 - 2016-01-19 15:50 - 00000000 ____D C:\Users\Guro\Downloads\dw 2016-01-19 12:39 - 2016-01-19 12:40 - 67682709 _____ C:\Users\Guro\Downloads\Selfie_selfshot_Видео_P_БГСЕКС_18_f6f6fbf5a587cb467abea60e1e8657539baac391.mp4 2016-01-19 12:35 - 2016-01-19 12:37 - 141372563 _____ C:\Users\Guro\Downloads\Биляна Йотовска.rar 2016-01-17 00:08 - 2016-01-17 00:08 - 00014904 _____ C:\Users\Guro\Downloads\In.The.Heart.of.the.Sea.2015.WEBRip.x264-DiN.torrent 2016-01-15 21:56 - 2016-01-15 21:56 - 00014819 _____ C:\Users\Guro\Downloads\The..Last.Witch.Hunter.2015.HDRip.XviD.AC3--EVO.torrent 2016-01-15 21:21 - 2015-05-22 10:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys 2016-01-15 15:50 - 2016-01-15 12:51 - 00000000 ____D C:\Users\Guro\Downloads\Мариана Маринова 2016-01-13 16:21 - 2016-01-13 16:22 - 00276800 _____ C:\Windows\Minidump\011316-22729-01.dmp 2016-01-13 09:05 - 2015-12-11 20:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-01-13 09:05 - 2015-12-08 23:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2016-01-13 09:05 - 2015-12-08 23:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2016-01-13 09:05 - 2015-12-08 23:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2016-01-13 09:05 - 2015-12-08 23:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-01-13 09:05 - 2015-12-08 23:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2016-01-13 09:05 - 2015-12-08 23:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2016-01-13 09:05 - 2015-12-08 23:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll 2016-01-13 09:05 - 2015-12-08 23:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-01-13 09:05 - 2015-12-08 23:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2016-01-13 09:05 - 2015-12-08 23:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2016-01-13 09:05 - 2015-12-08 23:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2016-01-13 09:05 - 2015-12-08 23:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL 2016-01-13 09:05 - 2015-12-08 23:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2016-01-13 09:05 - 2015-12-08 23:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-01-13 09:05 - 2015-12-08 23:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll 2016-01-13 09:05 - 2015-12-08 23:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL 2016-01-13 09:05 - 2015-12-08 23:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-01-13 09:05 - 2015-12-08 23:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-01-13 09:05 - 2015-12-08 23:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2016-01-13 09:05 - 2015-12-08 23:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-01-13 09:05 - 2015-12-08 23:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2016-01-13 09:05 - 2015-12-08 23:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2016-01-13 09:05 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2016-01-13 09:05 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2016-01-13 09:05 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-01-13 09:05 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll 2016-01-13 09:05 - 2015-12-08 23:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2016-01-13 09:05 - 2015-12-08 23:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL 2016-01-13 09:05 - 2015-12-08 23:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2016-01-13 09:05 - 2015-12-08 23:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL 2016-01-13 09:05 - 2015-12-08 23:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll 2016-01-13 09:05 - 2015-12-08 23:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll 2016-01-13 09:05 - 2015-12-08 23:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2016-01-13 09:05 - 2015-12-08 23:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2016-01-13 09:05 - 2015-12-08 23:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll 2016-01-13 09:05 - 2015-12-08 23:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2016-01-13 09:05 - 2015-12-08 21:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2016-01-13 09:05 - 2015-12-08 21:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2016-01-13 09:05 - 2015-12-08 21:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll 2016-01-13 09:05 - 2015-12-08 21:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2016-01-13 09:05 - 2015-12-08 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2016-01-13 09:05 - 2015-12-08 21:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2016-01-13 09:05 - 2015-12-08 20:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2016-01-13 09:05 - 2015-12-08 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2016-01-13 09:05 - 2015-12-08 20:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys 2016-01-13 09:05 - 2015-12-08 19:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-01-13 09:05 - 2015-11-17 03:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-01-13 09:05 - 2015-11-17 03:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-01-13 09:05 - 2015-11-17 03:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-01-13 09:05 - 2015-11-17 03:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-01-13 09:05 - 2015-11-17 03:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-01-13 09:05 - 2015-11-17 03:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-01-13 09:05 - 2015-11-16 22:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-01-13 09:05 - 2015-11-14 01:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll 2016-01-13 09:05 - 2015-11-14 01:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll 2016-01-13 09:05 - 2015-11-14 01:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe 2016-01-13 09:05 - 2015-11-14 00:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll 2016-01-13 09:05 - 2015-11-14 00:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll 2016-01-13 09:05 - 2015-11-14 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe 2016-01-13 09:04 - 2015-12-24 01:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-01-13 09:04 - 2015-12-24 00:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-01-13 09:04 - 2015-12-12 20:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-01-13 09:04 - 2015-12-12 20:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-01-13 09:04 - 2015-12-12 20:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-01-13 09:04 - 2015-12-12 20:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-01-13 09:04 - 2015-12-12 20:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-01-13 09:04 - 2015-12-12 20:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-01-13 09:04 - 2015-12-12 20:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-01-13 09:04 - 2015-12-12 20:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-01-13 09:04 - 2015-12-12 20:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-01-13 09:04 - 2015-12-12 20:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-01-13 09:04 - 2015-12-12 20:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-01-13 09:04 - 2015-12-12 20:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-01-13 09:04 - 2015-12-12 20:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-01-13 09:04 - 2015-12-12 20:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-01-13 09:04 - 2015-12-12 20:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-01-13 09:04 - 2015-12-12 20:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-01-13 09:04 - 2015-12-12 20:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-01-13 09:04 - 2015-12-12 20:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-01-13 09:04 - 2015-12-12 19:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-01-13 09:04 - 2015-12-12 19:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-01-13 09:04 - 2015-12-12 19:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-01-13 09:04 - 2015-12-12 19:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-01-13 09:04 - 2015-12-12 19:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-01-13 09:04 - 2015-12-12 19:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-01-13 09:04 - 2015-12-12 19:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-01-13 09:04 - 2015-12-12 19:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-01-13 09:04 - 2015-12-12 19:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-01-13 09:04 - 2015-12-12 19:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-01-13 09:04 - 2015-12-12 19:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-01-13 09:04 - 2015-12-12 19:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-01-13 09:04 - 2015-12-12 19:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-01-13 09:04 - 2015-12-12 19:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-01-13 09:04 - 2015-12-12 19:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-01-13 09:04 - 2015-12-12 19:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-01-13 09:04 - 2015-12-12 19:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-01-13 09:04 - 2015-12-12 19:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-01-13 09:04 - 2015-12-12 19:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-01-13 09:04 - 2015-12-12 19:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-01-13 09:04 - 2015-12-12 19:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-01-13 09:04 - 2015-12-12 19:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-01-13 09:04 - 2015-12-12 19:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-01-13 09:04 - 2015-12-12 19:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-01-13 09:04 - 2015-12-12 19:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-01-13 09:04 - 2015-12-12 19:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-01-13 09:04 - 2015-12-12 19:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-01-13 09:04 - 2015-12-12 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-01-13 09:04 - 2015-12-12 19:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-01-13 09:04 - 2015-12-12 19:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-01-13 09:04 - 2015-12-12 19:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-01-13 09:04 - 2015-12-12 19:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-01-13 09:04 - 2015-12-12 19:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-01-13 09:04 - 2015-12-12 19:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-01-13 09:04 - 2015-12-12 19:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-01-13 09:04 - 2015-12-12 19:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-01-13 09:04 - 2015-12-12 19:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-01-13 09:04 - 2015-12-12 19:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-01-13 09:04 - 2015-12-12 19:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-01-13 09:04 - 2015-12-12 18:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-01-13 09:04 - 2015-12-12 18:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-01-13 09:04 - 2015-12-12 18:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-01-13 09:04 - 2015-12-12 18:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-01-13 09:04 - 2015-12-12 18:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-01-13 09:04 - 2015-12-08 23:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-01-13 09:04 - 2015-12-08 23:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-01-13 09:04 - 2015-12-08 21:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-01-13 09:04 - 2015-12-08 21:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-01-13 09:03 - 2015-12-30 21:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-01-13 09:03 - 2015-12-30 21:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-01-13 09:03 - 2015-12-30 21:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-01-13 09:03 - 2015-12-30 21:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-01-13 09:03 - 2015-12-30 21:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-01-13 09:03 - 2015-12-30 21:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-01-13 09:03 - 2015-12-30 21:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-01-13 09:03 - 2015-12-30 21:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-01-13 09:03 - 2015-12-30 21:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-01-13 09:03 - 2015-12-30 21:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-01-13 09:03 - 2015-12-30 21:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-01-13 09:03 - 2015-12-30 21:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-01-13 09:03 - 2015-12-30 21:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-01-13 09:03 - 2015-12-30 21:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-01-13 09:03 - 2015-12-30 21:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-01-13 09:03 - 2015-12-30 21:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-01-13 09:03 - 2015-12-30 21:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-01-13 09:03 - 2015-12-30 21:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-01-13 09:03 - 2015-12-30 20:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-01-13 09:03 - 2015-12-30 20:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-01-13 09:03 - 2015-12-30 20:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-01-13 09:03 - 2015-12-30 20:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-01-13 09:03 - 2015-12-30 20:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-01-13 09:03 - 2015-12-30 20:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-01-13 09:03 - 2015-12-30 20:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-01-13 09:03 - 2015-12-30 20:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-01-13 09:03 - 2015-12-30 20:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-01-13 09:03 - 2015-12-30 20:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-01-13 09:03 - 2015-12-30 20:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-01-13 09:03 - 2015-12-30 20:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-01-13 09:03 - 2015-12-30 20:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-01-13 09:03 - 2015-12-30 20:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-01-13 09:03 - 2015-12-30 20:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-01-13 09:03 - 2015-12-30 20:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-01-13 09:03 - 2015-12-30 20:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-01-13 09:03 - 2015-12-30 20:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-01-13 09:03 - 2015-12-30 20:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-01-13 09:03 - 2015-12-30 20:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-01-13 09:03 - 2015-12-30 20:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-01-13 09:03 - 2015-12-30 20:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-01-13 09:03 - 2015-12-30 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-01-13 09:03 - 2015-12-30 20:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-01-13 09:03 - 2015-12-30 20:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-01-13 09:03 - 2015-12-30 20:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-01-13 09:03 - 2015-12-30 20:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-01-13 09:03 - 2015-12-30 20:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-01-13 09:03 - 2015-12-30 20:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 20:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 19:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-01-13 09:03 - 2015-12-30 19:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-01-13 09:03 - 2015-12-30 19:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-01-13 09:03 - 2015-12-30 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-01-13 09:03 - 2015-12-30 19:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-01-13 09:03 - 2015-12-30 19:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-01-13 09:03 - 2015-12-30 19:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-01-13 09:03 - 2015-12-30 19:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-01-13 09:03 - 2015-12-30 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-01-13 09:03 - 2015-12-30 19:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-01-13 09:03 - 2015-12-30 19:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-01-13 09:03 - 2015-12-30 19:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-01-13 09:03 - 2015-12-30 19:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-01-13 09:03 - 2015-12-30 19:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-01-13 09:03 - 2015-12-30 19:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 19:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-01-13 09:03 - 2015-12-30 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-01-09 21:03 - 2016-01-09 21:03 - 00000000 ____D C:\Users\Guro\Documents\Sony 2016-01-09 21:02 - 2016-01-09 21:02 - 00002026 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2016-01-05 16:54 - 2016-01-05 16:54 - 00029775 _____ C:\Users\Guro\Downloads\Desktop.rar 2016-01-05 15:36 - 2016-01-05 15:36 - 00012803 _____ C:\Users\Guro\Downloads\DigitalPlayground - Kayla Kayden (Got Milk).torrent 2016-01-05 15:26 - 2016-01-05 15:26 - 02469060 _____ C:\Users\Guro\Downloads\HP.rar 2016-01-04 18:46 - 2016-01-04 18:46 - 00000000 ____D C:\Users\Guro\Downloads\protokol 8 2016-01-04 17:36 - 2016-01-04 17:55 - 00000000 ____D C:\Users\Guro\Downloads\protokol 7 2016-01-04 17:35 - 2016-01-04 17:36 - 10701057 _____ C:\Users\Guro\Downloads\protokol-8.rar 2016-01-04 17:35 - 2016-01-04 17:35 - 10954364 _____ C:\Users\Guro\Downloads\protokol-7.rar 2016-01-04 16:58 - 2016-01-04 16:58 - 00020846 _____ C:\Users\Guro\Downloads\JulesJordan - Jewels Jade - Interracial DP, She Loves Her Cocks Well Done.torrent 2016-01-04 16:53 - 2016-01-04 16:53 - 11141731 _____ C:\Users\Guro\Downloads\protokol-6 (1).rar 2016-01-04 16:52 - 2016-01-04 16:53 - 11141731 _____ C:\Users\Guro\Downloads\protokol-6.rar 2016-01-04 16:52 - 2016-01-04 16:52 - 11775934 _____ C:\Users\Guro\Downloads\protokol-5.rar 2016-01-02 23:07 - 2016-01-02 23:07 - 00017549 _____ C:\Users\Guro\Downloads\Snitch.2013.BDRip.XviD.AC3.DUAL-SiSO.torrent 2015-12-30 13:08 - 2015-12-30 13:08 - 00016234 _____ C:\Users\Guro\Downloads\FIFA Soccer 13.torrent 2015-12-30 00:31 - 2015-12-30 00:31 - 00017044 _____ C:\Users\Guro\Downloads\Source.Code.2011.BDRip.XviD.AC3.DUAL-SiSO.torrent 2015-12-29 13:26 - 2015-12-29 13:26 - 00028630 _____ C:\Users\Guro\Downloads\Unknown.2011.DVDRip.XviD.AC3-AsA.torrent 2015-12-22 19:31 - 2015-12-29 12:30 - 00000000 ____D C:\Users\Guro\Desktop\New folder (2) ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-20 15:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows 2016-01-20 15:01 - 2015-07-15 23:36 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-20 15:00 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-20 15:00 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-20 14:54 - 2015-04-09 16:38 - 00000000 ____D C:\Users\Guro\Documents\Youcam 2016-01-20 14:53 - 2015-07-15 23:36 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-20 14:53 - 2014-12-26 13:42 - 00000000 ____D C:\Users\Guro\AppData\Local\HTC MediaHub 2016-01-20 14:52 - 2014-11-21 13:56 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2016-01-20 14:52 - 2014-10-18 18:51 - 38284041 _____ C:\Windows\SysWOW64\rootpa.e2e 2016-01-20 14:51 - 2014-10-18 20:58 - 618019266 _____ C:\Windows\MEMORY.DMP 2016-01-20 14:51 - 2014-10-18 20:58 - 00000000 ____D C:\Windows\Minidump 2016-01-20 14:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-20 14:48 - 2014-10-21 18:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-01-20 13:45 - 2009-07-14 07:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-20 13:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2016-01-19 22:29 - 2015-02-07 22:55 - 00000000 ____D C:\Users\Guro\Documents\FIFA 13 2016-01-19 20:34 - 2014-10-18 20:23 - 00000000 ____D C:\Users\Guro\AppData\Local\Deployment 2016-01-19 20:32 - 2014-10-18 20:37 - 00000000 ____D C:\Users\Guro\AppData\Roaming\BitComet 2016-01-19 16:41 - 2014-10-20 21:16 - 00000000 ____D C:\Users\Guro\AppData\Roaming\vlc 2016-01-18 22:48 - 2015-02-05 21:49 - 00000000 ____D C:\ADCDA2 2016-01-18 14:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2016-01-18 10:51 - 2015-04-14 17:52 - 00000000 ____D C:\Users\Guro\AppData\Roaming\ViberPC 2016-01-15 21:21 - 2009-07-14 07:08 - 00032606 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-01-15 15:16 - 2015-12-11 21:16 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-01-15 15:15 - 2015-12-11 21:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-01-15 15:02 - 2015-04-15 20:37 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-01-14 09:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2016-01-13 23:07 - 2009-07-14 06:45 - 00457216 _____ C:\Windows\system32\FNTCACHE.DAT 2016-01-13 23:05 - 2015-04-15 12:24 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-01-13 23:05 - 2015-04-15 12:24 - 00000000 ____D C:\Windows\system32\appraiser 2016-01-13 23:03 - 2014-10-18 23:21 - 00000000 ____D C:\ProgramData\Microsoft Help 2016-01-13 23:01 - 2014-10-23 23:13 - 00000000 ____D C:\Windows\system32\MRT 2016-01-13 22:56 - 2014-10-18 17:35 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-01-09 21:02 - 2014-11-14 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2016-01-09 21:02 - 2014-10-18 18:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-12-28 23:48 - 2015-07-24 09:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-28 23:48 - 2014-10-21 18:45 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-28 23:48 - 2014-10-21 18:45 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-24 19:24 - 2015-10-10 18:18 - 00000000 ____D C:\Users\Guro\AppData\Roaming\Might & Magic Heroes VI ==================== Files in the root of some directories ======= 2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Guro\AppData\Roaming\CFQA 2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Guro\AppData\Roaming\LGH 2014-03-30 16:46 - 2014-03-30 16:46 - 51718656 ____R () C:\Users\Guro\AppData\Roaming\Microsoft Toolkit.exe 2014-03-30 19:07 - 2014-03-30 19:07 - 1994488 _____ () C:\Users\Guro\AppData\Roaming\MUC.exe 2014-10-18 20:36 - 2016-01-20 14:53 - 6503237 _____ () C:\Users\Guro\AppData\Local\BTServer.log 2015-05-16 14:49 - 2015-05-16 14:50 - 0003582 _____ () C:\Users\Guro\AppData\Local\devcpp.ini 2014-10-30 21:06 - 2014-11-28 13:54 - 0007598 _____ () C:\Users\Guro\AppData\Local\Resmon.ResmonCfg 2014-10-18 18:03 - 2014-10-18 18:03 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Guro\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe C:\Users\Guro\AppData\Local\Temp\DllMonoCtrl.dll C:\Users\Guro\AppData\Local\Temp\drm_dialogs.dll C:\Users\Guro\AppData\Local\Temp\drm_dyndata_7330014.dll C:\Users\Guro\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe C:\Users\Guro\AppData\Local\Temp\KMP_3.9.1.135.exe C:\Users\Guro\AppData\Local\Temp\KMP_3.9.1.138.exe C:\Users\Guro\AppData\Local\Temp\ose00000.exe C:\Users\Guro\AppData\Local\Temp\ose00001.exe C:\Users\Guro\AppData\Local\Temp\ose00002.exe C:\Users\Guro\AppData\Local\Temp\ose00003.exe C:\Users\Guro\AppData\Local\Temp\ose00005.exe C:\Users\Guro\AppData\Local\Temp\ose00007.exe C:\Users\Guro\AppData\Local\Temp\SkypeSetup.exe C:\Users\Guro\AppData\Local\Temp\UNINSTALL.EXE C:\Users\Guro\AppData\Local\Temp\vlc-2.2.1-win32.exe C:\Users\Guro\AppData\Local\Temp\{711584CE-8844-4447-8A09-A15BCC2D19F9}.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-19 10:29 ==================== End of FRST.txt ============================ Addition.txt е прикачен файл Addition.txt Addition.txt
  13. Здравейте. Приложим съм логовете както е описано. На компа имам 3 операционни системи win 7/ 32 и 64/ и Xp. Преди един ден ми си криптираха файловете след зараза с CTB locker. Успях да почистя компа с есет нод он-лайн скенер и spyhunter.Деинсталирах старата антивирусна Panda и инсталирах Аvira. Освен това с kaspersky rescue disk също се опитах най първо да почистя PC но не стана. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02 Ran by petargani (administrator) on PETARGANI-PC on 08-12-2014 21:18:24 Running from C:\Users\petargani\Desktop Loaded Profile: petargani (Available profiles: petargani) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [153816 2013-11-14] (Realtek Semiconductor Corp.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-06] (IDT, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-25] (Synaptics Incorporated) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation) HKLM-x32\...\Run: [safePCRepair AppIntegrator 64-bit] => C:\PROGRA~2\SAFEPC~2\bar\1.bin\AppIntegrator64.exe HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-509082093-3467205270-1909939526-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd) HKU\S-1-5-21-509082093-3467205270-1909939526-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-509082093-3467205270-1909939526-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bg HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = Toolbar: HKLM-x32 - No Name - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\petargani\AppData\Roaming\Mozilla\Firefox\Profiles\yag1aACX.default FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\petargani\AppData\Roaming\Mozilla\Firefox\Profiles\yag1aACX.default\Extensions\[email protected] [2014-12-07] Chrome: ======= CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\petargani\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\petargani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-04] CHR Extension: (Google Docs) - C:\Users\petargani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-04] CHR Extension: (Google Drive) - C:\Users\petargani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-04] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\petargani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-07] CHR Extension: (YouTube) - C:\Users\petargani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-04] CHR Extension: (Google Search) - C:\Users\petargani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-04] CHR Extension: (Google Sheets) - C:\Users\petargani\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-04] CHR Extension: (Google Wallet) - C:\Users\petargani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-04] CHR Extension: (Gmail) - C:\Users\petargani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-04] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1626872 2013-01-31] (IVT Corporation) R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company) R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed] R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-21] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166432 2012-10-21] (Intel Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-11-05] () R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-11-06] (IDT, Inc.) [File not signed] S2 panda_url_filteringService; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36520 2012-09-14] (Advanced Micro Devices, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49632 2012-12-05] (Ralink Corporation) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2014-09-11] (DT Soft Ltd) S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] () S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [290520 2013-08-18] (Realtek Semiconductor Corp.) R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [692832 2012-10-09] (Ralink Technology, Corp.) U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [429272 2013-08-21] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8876248 2013-11-14] (Realtek Semiconductor Corp.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2014-10-02] () [File not signed] U3 awix9yoz; C:\Windows\System32\Drivers\awix9yoz.sys [0 ] (Advanced Micro Devices) U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation) S3 panda_url_filteringd; \??\C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 21:18 - 2014-12-08 21:19 - 00013308 _____ () C:\Users\petargani\Desktop\FRST.txt 2014-12-08 21:18 - 2014-12-08 21:18 - 00000000 ____D () C:\FRST 2014-12-08 21:16 - 2014-12-08 21:16 - 02119680 _____ (Farbar) C:\Users\petargani\Desktop\FRST64.exe 2014-12-08 21:06 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-12-08 21:06 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-12-08 21:06 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-12-08 21:06 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-12-08 21:06 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-12-08 21:06 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-12-08 21:06 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-12-08 21:06 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-12-08 19:49 - 2014-12-08 19:49 - 00490040 _____ (NCH Software) C:\Users\petargani\Desktop\meofreesetup.exe 2014-12-08 19:49 - 2014-12-08 19:49 - 00001088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEO Encryption Software.lnk 2014-12-08 19:49 - 2014-12-08 19:49 - 00001076 _____ () C:\Users\Public\Desktop\MEO Encryption Software.lnk 2014-12-08 19:49 - 2014-12-08 19:49 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software 2014-12-08 19:49 - 2014-12-08 19:49 - 00000000 ____D () C:\ProgramData\NCH Software 2014-12-08 19:49 - 2014-12-08 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities 2014-12-08 19:49 - 2014-12-08 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-12-08 19:49 - 2014-12-08 19:49 - 00000000 ____D () C:\Program Files (x86)\NCH Software 2014-12-08 19:17 - 2014-12-08 19:17 - 00000000 ____D () C:\ProgramData\Doctor Web 2014-12-08 19:06 - 2014-12-08 19:06 - 00000000 ____D () C:\Users\petargani\Doctor Web 2014-12-07 23:56 - 2014-12-07 23:56 - 00620232 _____ (Kaspersky Lab ZAO) C:\Users\petargani\Desktop\xoristdecryptor.exe 2014-12-07 23:21 - 2014-12-07 23:21 - 00000000 ____D () C:\Users\petargani\AppData\Roaming\Avira 2014-12-07 23:16 - 2014-12-07 23:16 - 00000000 ____D () C:\Users\petargani\AppData\Roaming\Mozilla 2014-12-07 23:16 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-12-07 23:16 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-12-07 23:16 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-12-07 23:15 - 2014-12-08 01:03 - 00000000 ____D () C:\Users\petargani\Desktop\Nikiti_2014 2014-12-07 23:14 - 2014-12-07 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-07 23:14 - 2014-12-07 23:16 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-12-07 23:14 - 2014-12-07 23:14 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-12-07 23:04 - 2014-12-08 00:57 - 00000000 ____D () C:\Program Files\Recuva 2014-12-07 23:04 - 2014-12-07 23:04 - 00001618 _____ () C:\Users\Public\Desktop\Recuva.lnk 2014-12-07 23:04 - 2014-12-07 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva 2014-12-07 22:00 - 2014-12-07 23:16 - 00000000 ____D () C:\ProgramData\Avira 2014-12-07 21:40 - 2014-12-07 21:40 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\petargani\Desktop\avira_en_av_5697363724__ws.exe 2014-12-07 20:57 - 2014-12-07 20:58 - 00000000 ____D () C:\AdwCleaner 2014-12-07 20:57 - 2014-12-07 20:57 - 00000055 _____ () C:\AdwCleanerDebug.txt 2014-12-07 20:43 - 2014-12-07 20:43 - 00002292 _____ () C:\Users\petargani\Desktop\SpyHunter.lnk 2014-12-07 20:43 - 2014-12-07 20:43 - 00000000 ____D () C:\Users\petargani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-12-07 19:52 - 2014-12-07 19:52 - 00000105 _____ () C:\prefs.js 2014-12-07 18:52 - 2014-12-07 18:52 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group 2014-12-07 18:51 - 2014-12-07 20:46 - 00000000 ____D () C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP 2014-12-07 18:51 - 2014-12-07 18:51 - 00011348 _____ () C:\Users\petargani\Desktop\SafeMSI.zip 2014-12-07 18:36 - 2014-12-07 18:36 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-07 18:35 - 2014-12-07 21:48 - 00000000 ____D () C:\Users\petargani\Desktop\Patch 2014-12-07 18:35 - 2014-12-07 18:28 - 46175312 ____R () C:\Users\petargani\Desktop\spyhunterS4.exe 2014-12-07 18:18 - 2014-12-07 18:21 - 00010240 ___SH () C:\Users\petargani\Documents\Thumbs.db 2014-12-07 18:03 - 2014-12-07 18:03 - 01754248 _____ () C:\Users\petargani\Downloads\Adaware_Installer.exe 2014-12-07 18:03 - 2014-12-07 18:03 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-12-07 16:58 - 2014-12-07 19:41 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0 2014-12-07 14:53 - 2014-12-07 14:53 - 00003152 _____ () C:\Windows\System32\Tasks\{5D41422A-2F01-4D5E-9FCA-B752A52FD595} 2014-12-07 14:53 - 2014-12-07 14:53 - 00000000 ____D () C:\Users\petargani\Desktop\Kaspersky Rescue2Usb 2014-12-07 14:45 - 2014-12-07 14:45 - 00000440 __RSH () C:\Users\petargani\ntuser.pol 2014-12-07 14:38 - 2014-12-07 14:38 - 00387584 _____ () C:\Users\petargani\Desktop\rescue2usb.exe 2014-12-07 14:37 - 2014-12-07 14:40 - 308926464 _____ () C:\Users\petargani\Desktop\kav_rescue_10.iso 2014-12-06 12:22 - 2014-12-07 19:28 - 00000000 ____D () C:\Users\petargani\AppData\Roaming\PETARGANI-PC 2014-11-16 17:11 - 2011-08-24 10:53 - 00194560 _____ (NSSI) C:\Users\petargani\Downloads\IZBOR.exe 2014-11-16 16:59 - 2014-11-16 17:01 - 00000000 ____D () C:\Users\petargani\Desktop\Interik ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 21:15 - 2014-09-11 22:05 - 01147713 _____ () C:\Windows\WindowsUpdate.log 2014-12-08 21:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\bg-BG 2014-12-08 20:31 - 2014-10-19 14:20 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-08 19:06 - 2014-09-11 22:10 - 00000000 ____D () C:\Users\petargani 2014-12-08 19:04 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-08 19:04 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-08 19:01 - 2009-07-14 07:13 - 00782154 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-08 19:00 - 2013-02-22 12:59 - 00000983 _____ () C:\Windows\SysWOW64\bscs.ini 2014-12-08 18:56 - 2014-10-19 14:20 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-08 18:56 - 2014-09-12 01:26 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2014-12-08 18:56 - 2014-09-12 01:26 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2014-12-08 18:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-08 18:55 - 2009-07-14 06:51 - 00006506 _____ () C:\Windows\setupact.log 2014-12-08 00:35 - 2010-11-21 05:47 - 00146674 _____ () C:\Windows\PFRO.log 2014-12-07 23:14 - 2014-09-12 00:18 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-07 23:03 - 2014-10-21 17:53 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{179DD86F-A325-4443-9938-246106148463} 2014-12-07 21:01 - 2014-09-12 00:28 - 00108840 _____ () C:\Users\petargani\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-07 20:59 - 2014-09-12 01:05 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2014-12-07 20:59 - 2009-07-14 06:45 - 00416024 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-07 20:58 - 2014-10-21 18:05 - 00000000 ____D () C:\Windows\system32\log 2014-12-07 20:43 - 2014-09-27 14:07 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-12-07 19:51 - 2014-09-12 01:05 - 00000000 ____D () C:\Users\petargani\AppData\Roaming\Panda Security 2014-12-07 19:51 - 2014-09-12 01:01 - 00000000 ____D () C:\ProgramData\Panda Security 2014-12-07 14:42 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-12-06 18:10 - 2014-11-05 21:15 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-12-06 17:14 - 2014-09-12 01:21 - 00000000 ____D () C:\Users\petargani\AppData\Roaming\uTorrent 2014-12-06 17:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-06 17:13 - 2014-10-19 14:30 - 00000000 ____D () C:\Users\petargani\Documents\PP2000-22.14 2014-12-06 17:13 - 2014-09-12 00:32 - 00000000 ____D () C:\Users\petargani\AppData\Roaming\Skype 2014-12-06 17:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-12-06 17:12 - 2014-10-22 22:52 - 00000000 ____D () C:\ProgramData\Synaptics 2014-12-06 17:12 - 2014-09-11 23:48 - 00000000 __RHD () C:\MSOCache 2014-12-06 12:30 - 2014-10-04 21:48 - 00167728 _____ () C:\Users\petargani\Downloads\1427_7AL.rar.ftelhdd 2014-12-06 12:28 - 2014-10-01 22:49 - 00000000 ____D () C:\Users\petargani\.VirtualBox 2014-12-06 12:25 - 2014-09-12 00:00 - 00000000 ____D () C:\ProgramData\AMD 2014-12-06 12:25 - 2014-09-11 23:55 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-12-06 00:01 - 2014-10-04 21:48 - 01032832 ____H () C:\Users\petargani\AppData\Local\IconCache.db.ftelhdd 2014-12-04 21:39 - 2014-10-04 21:48 - 00010640 _____ () C:\Users\petargani\Desktop\Dogovor motoped sapruzi.doc.ftelhdd 2014-12-04 21:26 - 2014-10-04 21:48 - 00010384 _____ () C:\Users\petargani\Desktop\Dogovor motoped.doc.ftelhdd 2014-12-03 19:51 - 2014-10-04 21:48 - 00008000 _____ () C:\Users\petargani\Desktop\549_Dogovor_prodajba_mps.doc.ftelhdd 2014-12-02 23:54 - 2014-10-04 21:48 - 00210192 _____ () C:\Users\petargani\Desktop\GaniTatko.docx.ftelhdd 2014-11-28 21:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-26 19:33 - 2014-09-27 14:11 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-24 14:04 - 2010-11-21 05:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-16 16:56 - 2014-10-04 21:48 - 00061184 _____ () C:\Users\petargani\Downloads\IZBOR.zip.ftelhdd 2014-11-16 12:36 - 2014-10-04 21:48 - 00014256 _____ () C:\Users\petargani\Downloads\ReportEGN.xls.ftelhdd 2014-11-14 23:29 - 2014-10-04 21:48 - 977828320 _____ () C:\Users\petargani\Desktop\iGO9.6.7.281004_Nexus7.zip.ftelhdd 2014-11-13 22:26 - 2014-10-19 14:20 - 00003994 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-13 22:26 - 2014-10-19 14:20 - 00003742 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\petargani\AppData\Local\Temp\avgnt.exe C:\Users\petargani\AppData\Local\Temp\ose00000.exe C:\Users\petargani\AppData\Local\Temp\Quarantine.exe C:\Users\petargani\AppData\Local\Temp\SkypeSetup.exe C:\Users\petargani\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 11:28 ==================== End Of Log ============================ Addition.txt
  14. Здравейте от няколко дни имам няколко процеса без име ,не използват диск или интернет само рам . От както те се появиха започнаха да ми излизат реклами директно ми отваря опера браузърът с някоко таба с реклами. Свързах се с майкрософт но те казаха да си изтрия всичко от компютъра и да инсталирам windows наново ...това е невъзможно. Когато дам дясното копче и отиди на детайли всеки от процесите води към 1 svchost.exe Един от 3те процеса е винаги suspended ...незнам дали е съвпадение но компютъра ми забиваше точно преди да цъкна download на adw cleaner и по време на сканирането успях да мина през сканирате и почистването като постоянно прекратявах процесите ,но това не помогна все още са в компютъра ми и моля за помощ. От майкрософт ме караха и да правя offline scan със windows defender ,но тази програма я нямам за нищо ,както и всяка друга антивирусна затова не използвам. Не разполагам с диск или флашка както и не желая да преинсталирам защото не искам да презаписвам толкова голямо количество на SSD .... благодаря за разбирането. edit : операционна система windows 10 x64 bit pro Не успях да изтегля FRST.exe ....опера спира да отговаря а компютъра ми започва да работи супер бавно и е нужен пълен рестарт за подобрение Edit успях да го подкарам ,извинявам се че е много редактирано ,ноо знаете ... Addition.txt FRST.txt
  15. Здравейте, От преди малко съм се регистриралатук и не съм запозната с работата на сайта, а също и съм новак при използване на компютъра. Не знам какво е и как да попълня прозореца за "тагове". Сигурно ще съм неточна и недостатъчно добре представям проблема , затова търся и помощ при Вас. Благодаря предварително за помоща. От известно време компа ми е много, необичайно бавен при отваряне на прозорци , забелязях и процесите в start task manager, че са 86. Пуснах по Ваша препоръка програмата FRST.exe и ще прибавя текстовите файлове . http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ Опитах с copy/paste да хвана съдържанието на файла от Notepad, но докарах този http адрес. Затова ги прикачам, дано е станало правилно. Addition.txt FRST.txt
  16. Здравейте, след като MBAM намери 4 бацила Virus.Sality във празни папки, а Kaspersky, казва, че папките са празни, започвам да се чудя, аджеба, какво става. Прикачвам логовете. Благодаря предварително. Addition.txt FRST.txt Това са резултатите от Kaspersky и MBAM:
  17. Здравейте, не знам дали темата е в правилния раздел, просто съм нова в сайта, съжалявам ако нещо не е както трябва.. Преди малко получих известие от антивирусната ми система, че е блокиран вирус на име 64win malware-gen.. Който е преместен в "затвора за вируси" Какво трябва да предприема, това опасен вирус ли е... Не разбирам от компютри, и не знам как да постъпя, пък ме е страх и за информацията на лаптопа ми. Моля ви дайте ми съвет какво да направя или не трябва да предприемам действия.. Страх ме е да няма и други вируси, защото отдолу на снимката не се вижда добре, но пише че "може да се спотайват и още други заплахи ". Ще приложа и снимка на съобщението от антивирусната система.. Благодаря Ви предварително.. Пс:съжалявам за лошото качество на снимката, но трябваше да намалявам размерите й, защото иначе не можех да я кача..
  18. Здравейте, случи се по времето, когато свалих въпросната програма от клип в youtube DisplayFusion. Не знам дали мога да дам линк, но ако напишете DisplayFusion free в youtube първото, което излиза с 40к гледания и 200 лайка 2:58 минути. Първо не съм сигурен дали е от там, но проблема започна някъде след като направих всичко описано в клипа, както и часта в която влизам в windows firewall и давам някви отметки. Накратко, компа ми е бавен, в task maneger-а % на всеки компонент дигат нагоре, усеща се HDD-то най-вече. Най-основния проблем е, че не мога да играя игри, отразява се на фпс-то като за части от минутата, 10-20 секунди има огромен спад около 90% по-малко. Използвам google chrome в момента и докато пиша имам лаг, пиша и след 1 секунда ми показва текста, бавен е бози в ФБ и зарежда по-бавно. Инсталирах adwcleaner , нещо което по принцип правя, но не помогна. Изчистих всички кешове и настройки на хрома и нищо. Не съм инсталирал нищо друго освен горе споменатата програма, няма от какво да е, в не сигурни сайтове не влизам. В Counter-strike GO, след пускане в конзолата ми изписва неща, които попринцип не би трябвало да ги пише: "Failed to load gamerulescvars.txt, game rules cvars might not be reported to management tools. Parent cvar in client.dll not allowed (weapon_max_before_cleanup) Parent cvar in client.dll not allowed (weapon_auto_cleanup_time) Parent cvar in client.dll not allowed (snd_max_pitch_shift_inaccuracy) Parent cvar in client.dll not allowed (steam_controller_haptics) Parent cvar in client.dll not allowed (mp_endmatch_votenextleveltime) Parent cvar in client.dll not allowed (mp_verbose_changelevel_spew) Parent cvar in client.dll not allowed (cl_remove_old_ugc_downloads) Particles: Missing 'particles/money_fx.pcf' maxplayers set to 64 Error: Localization key value exceeds MAX_LOCALIZED_CHARS. Problem key: SFUI_HowToPlay_TacticsContents Error: Localization key value exceeds MAX_LOCALIZED_CHARS. Problem key: SFUI_HowToPlay_TacticsContents Steam config directory: D:\steam\steamapps\common\Counter-Strike Global Offensive\platform\config Particles: Missing 'particles/money_fx.pcf' --- Missing Vgui material vgui/store/store_item_bg --- Missing Vgui material vgui/store/store_item_bg_highlight --- Missing Vgui material vgui/store/store_item_sel_bg --- Missing Vgui material vgui/store/store_item_pickup_bg --- Missing Vgui material vgui/store/store_preview_bg --- Missing Vgui material vgui/store/store_bottom_bar_button_bg --- Missing Vgui material vgui/store/store_bottom_bar_button_highlight_bg --- Missing Vgui material vgui/store/store_default_dialog --- Missing Vgui material vgui/store/store_backpack_bg --- Missing Vgui material vgui/store/store_backpack_bg_highlight --- Missing Vgui material vgui/store/store_backpack_bg_highlight --- Missing Vgui material vgui/store/store_discount_corner --- Missing Vgui material vgui/store/store_preview_bg --- Missing Vgui material vgui/store/store_tooltip_bg --- Missing Vgui material vgui/store/store_tab_selected --- Missing Vgui material vgui/store/store_tab_unselected --- Missing Vgui material vgui/btn_econ_blue --- Missing Vgui material vgui/store/button_econ_blue_over --- Missing Vgui material vgui/store/store_backpack_bg --- Missing Vgui material vgui/store/store_backpack_bg_highlight --- Missing Vgui material vgui/store/store_backpack_bg_highlight CGameEventManager::AddListener: event 'coop_mission_end_stats' unknown. Unknown command "cl_thirdperson" Unknown command "tr_best_course_time" Unknown command "tr_completed_training" Unknown command "weapon_accuracy_logging" Failed to init 'maps/soundcache/_master_bulgarian.cache' Unknown command "cl_teamid_min" Unknown command "cl_teamid_max" Unknown command "cl_teamid_overhead" Can't use cheat cvar cl_teamid_overhead_maxdist in multiplayer, unless the server has sv_cheats set to 1. Loaded default network config file. Loaded revision 118 OK Loaded cached network config file. Data contains revision 118, not newer than current revision 118; ignoring. Starting ping measurement Unknown command "cl_thirdperson" Unknown command "tr_best_course_time" Unknown command "tr_completed_training" Unknown command "weapon_accuracy_logging" Got network config from CDN. Data contains revision 118, not newer than current revision 118; ignoring. Telling Steam it is safe to update the app Failed to read the default inventory image file (materials/icons/inventory_icon_quest.vtf) Failed to read the default inventory image file (materials/icons/inventory_icon_campaign.vtf) Failed to read the default inventory image file (materials/icons/inventory_icon_campaign.vtf) Ping measurement completed" Това се повтаря след преинсталация на играта, вертификация и изчистване на кеша. ФПС-то пада пада на тази игра до 20, при положение средно 200-300
  19. Когато опитам да потърся нещо в search bar-a отгоре на Google Chrome, браузърът ме пренасочва към yahoo. Често даже отваря рекламни сайтове от нищото. Премахнах всички разширения, направих google основната ми търсеща машина, нулирах настройките, но това не помогна. Никъде в програмите в контролния панел няма нищо, което би могло да причинява тези проблеми. Опитах да използвам Malwarebytes и други програми за почистване на компютъра, но те не откриха нищо. Добавих yahoo към блокираните сайтове, но това също нямаше резултат. Като прибавим към проблема с пренасочването, браузърът ми видимо забива. Какво повече мога да направя?
  20. Цяла папка в компютъра е засегната, вътре имам някои важни файлове. Всичките са с разширение .odin. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-08-2017 Ran by 11 (administrator) on 11-PC (18-08-2017 10:47:52) Running from C:\Users\11\Desktop Loaded Profiles: 11 (Available Profiles: 11) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Български (България) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe (CANON INC.) C:\Windows\System32\CNAB3RPK.EXE (Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Viber Media S.Ã r.l.) C:\Users\11\AppData\Local\Viber\Viber.exe (Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\Run: [uTorrent] => C:\Users\11\AppData\Roaming\uTorrent\uTorrent.exe [2150336 2017-08-02] (BitTorrent Inc.) HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3880640 2017-07-03] (Disc Soft Ltd) HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\Run: [Viber] => C:\Users\11\AppData\Local\Viber\Viber.exe [30867536 2017-08-03] (Viber Media S.Ã r.l.) HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1421224 2017-08-04] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\MountPoints2: H - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\MountPoints2: {888878a9-7777-11e7-b2b3-6470021bcfea} - G:\HiSuiteDownLoader.exe HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\MountPoints2: {d48670a0-7cd5-11e7-aebf-6470021bcfea} - F:\setup.exe HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\...\MountPoints2: {ee9fdf7e-7b67-11e7-ad89-6470021bcfea} - F:\HiSuiteDownLoader.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP3000 Status Window.lnk [2017-08-15] ShortcutTarget: Canon LBP3000 Status Window.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\CNAB3LAK.EXE (CANON INC.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SPDriverInstall.lnk [2017-08-16] ShortcutTarget: SPDriverInstall.lnk -> C:\Program Files\MediaTek\SP Driver\SPDriverInstall (No File) GroupPolicy: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 212.39.90.42 8.8.8.8 Tcpip\..\Interfaces\{71902526-8799-4AA6-847E-117D3D8A13E1}: [DhcpNameServer] 212.39.90.42 8.8.8.8 Internet Explorer: ================== HKU\S-1-5-21-1762113390-2743852867-4213644173-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp FireFox: ======== FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-02] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-02] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\11\AppData\Local\Google\Chrome\User Data\Default [2017-08-18] CHR Extension: (Google Презентации) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-02] CHR Extension: (Google Документи) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-02] CHR Extension: (Google Диск) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-02] CHR Extension: (YouTube) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-02] CHR Extension: (Adobe Acrobat) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-07] CHR Extension: (Електронни таблици от Google) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-02] CHR Extension: (Google Документи офлайн) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-02] CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-02] CHR Extension: (Gmail) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-02] CHR Extension: (Chrome Media Router) - C:\Users\11\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-02] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-08-07] (Intel Corporation) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2324672 2017-07-03] (Disc Soft Ltd) R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [1102352 2017-08-04] (Garmin Ltd. or its subsidiaries) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1763584 2013-06-29] (Atheros Communications, Inc.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2017-08-09] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2017-08-09] (Disc Soft Ltd) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-18 10:47 - 2017-08-18 10:47 - 000008299 _____ C:\Users\11\Desktop\FRST.txt 2017-08-18 10:47 - 2017-08-18 10:47 - 000000000 ____D C:\FRST 2017-08-18 10:46 - 2017-08-18 10:46 - 001792512 _____ (Farbar) C:\Users\11\Desktop\FRST.exe 2017-08-18 10:36 - 2017-08-18 10:47 - 000000000 ____D C:\Program Files\Reimage 2017-08-18 10:36 - 2017-08-18 10:46 - 000000140 _____ C:\Windows\Reimage.ini 2017-08-18 10:36 - 2017-08-18 10:36 - 000604928 _____ (Reimage) C:\Users\11\Downloads\ReimageRepair.exe 2017-08-17 17:00 - 2017-08-17 17:00 - 000014731 _____ C:\Users\11\Downloads\HealthStatus.html 2017-08-17 16:50 - 2017-08-17 16:50 - 000062464 _____ C:\Users\11\Downloads\deklaracia_7_zdravnoosig_vnoski (1).xls 2017-08-17 16:44 - 2017-08-17 16:44 - 000062464 _____ C:\Users\11\Downloads\deklaracia_7_zdravnoosig_vnoski.xls 2017-08-17 16:37 - 2017-08-17 16:37 - 000092160 _____ C:\Users\11\Downloads\Deklaracia_1_20177 (1).xls 2017-08-17 16:37 - 2017-08-17 16:37 - 000033134 _____ C:\Users\11\Downloads\Deklaracia_7_2017.xlsx 2017-08-17 16:36 - 2017-08-17 16:36 - 000092160 _____ C:\Users\11\Downloads\Deklaracia_1_20177.xls 2017-08-16 14:37 - 2017-08-16 14:37 - 003732163 _____ C:\Users\11\Desktop\robot.rar 2017-08-16 14:05 - 2017-08-16 14:33 - 000000000 ____D C:\Users\11\Desktop\robot 2017-08-16 14:01 - 2017-08-16 14:06 - 057118257 _____ C:\Users\11\Downloads\MTK Usb Driver v1.0.8.zip 2017-08-16 13:50 - 2017-08-16 14:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SP Driver 2017-08-16 13:50 - 2017-08-16 13:50 - 000000000 ____D C:\Users\11\.android 2017-08-16 13:50 - 2017-08-16 13:50 - 000000000 ____D C:\Program Files\MediaTek 2017-08-16 13:49 - 2017-08-16 13:49 - 000000000 ____D C:\Users\11\Desktop\MTK_USB_All_1.0.1 2017-08-16 13:48 - 2017-08-16 13:49 - 057116528 _____ C:\Users\11\Downloads\MTK_USB_All_v1.0.1.zip 2017-08-16 13:20 - 2017-08-16 13:20 - 000012359 _____ C:\Users\11\Downloads\Mature nl Sabrina Jade - Hardcore (04.08.2017) rq.mp4.torrent 2017-08-16 13:07 - 2017-08-16 13:07 - 000016211 _____ C:\Users\11\Downloads\[pornolab.net].t1887011.torrent 2017-08-16 12:39 - 2017-08-16 12:39 - 000013351 _____ C:\Users\11\Downloads\[pornolab.net].t1887010.torrent 2017-08-15 16:32 - 2017-08-15 16:32 - 000223558 _____ C:\Users\11\Desktop\machine8.bmp 2017-08-15 16:27 - 2017-08-15 16:27 - 000000000 ____D C:\ProgramData\GRETECH 2017-08-15 16:26 - 2017-08-15 16:26 - 000002033 _____ C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk 2017-08-15 16:26 - 2017-08-15 16:26 - 000001133 _____ C:\Users\Public\Desktop\GOM Player.lnk 2017-08-15 16:26 - 2017-08-15 16:26 - 000000000 ____D C:\Users\11\AppData\Roaming\GRETECH 2017-08-15 16:26 - 2017-08-15 16:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM 2017-08-15 16:26 - 2017-08-15 16:26 - 000000000 ____D C:\Program Files\GRETECH 2017-08-15 16:26 - 2017-08-15 16:26 - 000000000 _____ C:\end 2017-08-15 16:25 - 2017-08-15 16:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Printer Uninstaller 2017-08-15 16:25 - 2017-08-15 16:25 - 000000000 ____D C:\Program Files\Canon 2017-08-15 16:25 - 2012-12-28 06:01 - 000075136 _____ C:\Users\11\Downloads\Windows 8_Notice.pdf 2017-08-15 16:25 - 2012-10-27 18:00 - 000192512 _____ (CANON INC.) C:\Windows\system32\CNAB3EMU.DLL 2017-08-15 16:25 - 2012-10-27 18:00 - 000163840 _____ (CANON INC.) C:\Windows\system32\CNAB3SMK.DLL 2017-08-15 16:25 - 2012-10-27 18:00 - 000113856 _____ (CANON INC.) C:\Windows\system32\CNAB3RPK.EXE 2017-08-15 16:25 - 2012-10-27 18:00 - 000106496 _____ (CANON INC.) C:\Windows\system32\CNAB3LMK.DLL 2017-08-15 16:25 - 2012-10-27 18:00 - 000057344 _____ (CANON INC.) C:\Windows\system32\CNAB3PTU.DLL 2017-08-15 16:24 - 2017-08-15 16:24 - 027679768 _____ (GOM & Company) C:\Users\11\Downloads\GOMPLAYERGLOBALSETUP_CHROME.EXE 2017-08-15 16:24 - 2017-08-15 16:24 - 000000000 ____D C:\Users\11\Downloads\LBP3000_R150_V330_W32_uk_EN_1 2017-08-15 16:23 - 2017-08-15 16:24 - 009616960 _____ C:\Users\11\Downloads\LBP3000_R150_V330_W32_uk_EN_1.exe 2017-08-14 15:51 - 2017-08-14 15:51 - 000048690 _____ C:\Users\11\Downloads\Primo_BG_Speedcam.zip 2017-08-14 14:48 - 2017-08-14 14:54 - 000000000 ____D C:\Users\11\Desktop\igo8 -4 2017-08-14 14:26 - 2011-12-06 10:55 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\system32\CSVer.dll 2017-08-14 12:37 - 2017-08-14 13:20 - 251892247 _____ C:\Users\11\Downloads\Intel_Chipset_XPVistaWin7_V9301019.zip 2017-08-14 12:37 - 2017-08-14 12:37 - 003119651 _____ C:\Users\11\Downloads\P8H61-M-ASUS-4801.zip 2017-08-14 12:35 - 2017-08-14 12:35 - 000000941 _____ C:\Users\Public\Desktop\AIDA64 Engineer Edition.lnk 2017-08-14 12:35 - 2017-08-14 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIDA64 Engineer Edition 2017-08-14 12:34 - 2017-08-14 12:35 - 000000000 ____D C:\Program Files\AIDA64 2017-08-14 11:49 - 2017-08-14 11:49 - 000000000 ____D C:\Users\11\Documents\Garmin 2017-08-14 11:36 - 2017-08-14 11:37 - 069999448 _____ (Microsoft Corporation) C:\Users\11\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe 2017-08-14 11:36 - 2017-04-28 01:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2017-08-14 11:30 - 2017-08-14 14:05 - 000000000 ____D C:\ProgramData\Garmin 2017-08-14 11:30 - 2017-08-14 11:43 - 000000000 ____D C:\Users\11\AppData\Local\Garmin_Ltd._or_its_subsid 2017-08-14 11:30 - 2017-08-14 11:30 - 000001860 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2017-08-14 11:30 - 2017-08-14 11:30 - 000000000 ____D C:\Users\11\AppData\Roaming\Garmin 2017-08-14 11:30 - 2017-08-14 11:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2017-08-14 11:30 - 2017-08-14 11:30 - 000000000 ____D C:\Program Files\Garmin 2017-08-14 11:30 - 2017-08-14 11:30 - 000000000 ____D C:\Program Files\DIFX 2017-08-14 11:29 - 2017-08-14 11:29 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-10 14:18 - 2017-08-10 14:18 - 000000981 _____ C:\Users\Public\Desktop\Fotosizer.lnk 2017-08-10 14:18 - 2017-08-10 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotosizer 2017-08-10 14:18 - 2017-08-10 14:18 - 000000000 ____D C:\Program Files\Fotosizer 2017-08-10 14:11 - 2017-08-10 14:17 - 000000000 ____D C:\Users\11\Desktop\Карина 2017-08-10 14:07 - 2017-08-10 14:07 - 000001067 _____ C:\Users\Public\Desktop\FastStone Image Viewer.lnk 2017-08-10 14:07 - 2017-08-10 14:07 - 000000000 ____D C:\Users\11\AppData\Roaming\FastStone 2017-08-10 14:07 - 2017-08-10 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer 2017-08-10 14:07 - 2017-08-10 14:07 - 000000000 ____D C:\Program Files\FastStone Image Viewer 2017-08-10 14:02 - 2017-08-18 08:48 - 000000000 ____D C:\Users\11\AppData\Roaming\ViberPC 2017-08-10 14:02 - 2017-08-11 12:17 - 000000000 ____D C:\Users\11\Documents\ViberDownloads 2017-08-10 14:02 - 2017-08-10 14:02 - 000000903 _____ C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\Viber.lnk 2017-08-10 14:02 - 2017-08-10 14:02 - 000000901 _____ C:\Users\11\Desktop\Viber.lnk 2017-08-10 14:02 - 2017-08-10 14:02 - 000000000 ____D C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber 2017-08-10 14:02 - 2017-08-10 14:02 - 000000000 ____D C:\Users\11\AppData\Local\Viber Media S.à r.l 2017-08-10 14:01 - 2017-08-10 14:02 - 000000000 ____D C:\Users\11\AppData\Local\Viber 2017-08-10 14:01 - 2017-08-10 14:01 - 000000000 ____D C:\Users\11\AppData\Local\Package Cache 2017-08-09 13:48 - 2017-08-09 13:48 - 000002217 _____ C:\Users\11\Desktop\Counter-Strike 1.6 CSS Edition.lnk 2017-08-09 13:47 - 2017-08-09 13:47 - 000000000 ____D C:\Program Files\Valve 2017-08-09 12:13 - 2017-08-09 13:38 - 000000472 __RSH C:\ProgramData\ntuser.pol 2017-08-09 12:13 - 2017-08-09 12:13 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images 2017-08-09 12:13 - 2017-08-09 12:13 - 000000000 ____D C:\Users\11\AppData\Local\Disc_Soft_Ltd 2017-08-09 11:56 - 2017-08-09 11:56 - 000040504 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys 2017-08-09 11:55 - 2017-08-09 12:13 - 000000000 ____D C:\Users\11\AppData\Roaming\DAEMON Tools Lite 2017-08-09 11:55 - 2017-08-09 12:13 - 000000000 ____D C:\Program Files\DAEMON Tools Lite 2017-08-09 11:55 - 2017-08-09 11:55 - 000026168 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2017-08-09 11:55 - 2017-08-09 11:55 - 000001930 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk 2017-08-09 11:55 - 2017-08-09 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2017-08-09 11:55 - 2017-08-09 11:55 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite 2017-08-07 14:55 - 2017-08-07 14:55 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2017-08-07 14:55 - 2017-08-07 14:55 - 000000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2017-08-07 14:40 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2017-08-07 14:40 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2017-08-07 13:38 - 2017-08-07 13:38 - 000000000 ____D C:\tts 2017-08-07 09:20 - 2017-08-07 09:20 - 000000000 ____D C:\Users\11\AppData\Roaming\Adobe 2017-08-07 09:20 - 2017-08-07 09:20 - 000000000 ____D C:\Users\11\AppData\LocalLow\Adobe 2017-08-07 09:20 - 2017-08-07 09:20 - 000000000 ____D C:\Users\11\AppData\Local\CEF 2017-08-07 09:16 - 2017-08-14 11:37 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-07 09:16 - 2017-08-07 09:16 - 000002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2017-08-07 09:16 - 2017-08-07 09:16 - 000000000 ____D C:\Program Files\Common Files\Adobe 2017-08-07 09:16 - 2017-08-07 09:16 - 000000000 ____D C:\Program Files\Adobe 2017-08-07 09:15 - 2017-08-07 15:12 - 000000000 ____D C:\ProgramData\Adobe 2017-08-07 09:14 - 2017-08-07 09:20 - 000000000 ____D C:\Users\11\AppData\Local\Adobe 2017-08-07 09:01 - 2017-08-07 09:01 - 000000000 ____D C:\Windows\PCHEALTH 2017-08-07 09:01 - 2017-08-07 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2017-08-07 09:01 - 2017-08-07 09:01 - 000000000 ____D C:\Program Files\Microsoft Works 2017-08-07 09:01 - 2017-08-07 09:01 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 2017-08-07 09:01 - 2017-08-07 09:01 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2017-08-07 08:59 - 2017-08-07 09:01 - 000000000 ____D C:\Program Files\Microsoft Office 2017-08-07 08:59 - 2017-08-07 08:59 - 000000000 __RHD C:\MSOCache 2017-08-07 08:59 - 2017-08-07 08:59 - 000000000 ____D C:\Users\11\AppData\Local\Microsoft Help 2017-08-02 16:46 - 2017-08-02 16:46 - 000000000 ____D C:\Users\11\AppData\Roaming\WinRAR 2017-08-02 16:46 - 2017-08-02 16:46 - 000000000 ____D C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-08-02 16:46 - 2017-08-02 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-08-02 16:46 - 2017-08-02 16:46 - 000000000 ____D C:\Program Files\WinRAR 2017-08-02 16:33 - 2017-08-18 08:47 - 000000340 _____ C:\Windows\Tasks\DriverToolkit Autorun.job 2017-08-02 15:57 - 2017-08-02 15:57 - 000000000 ____D C:\Users\11\Documents\Virtual Machines 2017-08-02 15:47 - 2017-08-07 08:53 - 000000000 ____D C:\Users\11\AppData\Roaming\VMware 2017-08-02 15:47 - 2017-08-02 16:41 - 000000000 ____D C:\Users\11\AppData\Local\VMware 2017-08-02 15:45 - 2017-08-02 15:45 - 000001024 _____ C:\Windows\system32\%TMP% 2017-08-02 15:44 - 2017-08-07 08:54 - 000000000 ____D C:\ProgramData\VMware 2017-08-02 15:31 - 2017-08-02 15:31 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2017-08-02 15:19 - 2017-08-02 15:19 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk 2017-08-02 15:18 - 2017-08-02 15:19 - 000000000 ____D C:\Windows\WindowsMobile 2017-08-02 15:05 - 2017-08-02 14:10 - 000000000 ____D C:\Windows\Panther 2017-08-02 14:57 - 2017-08-02 14:58 - 000000000 ____D C:\ProgramData\DriverGenius 2017-08-02 14:57 - 2017-08-02 14:57 - 000000000 ___SD C:\Users\11\AppData\LocalLow\Temp 2017-08-02 14:56 - 2017-08-02 14:57 - 000000000 ____D C:\DriverGenius-Downloads 2017-08-02 14:52 - 2017-08-18 09:05 - 000000000 ____D C:\Users\11\AppData\Roaming\uTorrent 2017-08-02 14:52 - 2017-08-02 14:52 - 000000810 _____ C:\Users\11\Desktop\µTorrent.lnk 2017-08-02 14:52 - 2017-08-02 14:52 - 000000790 _____ C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2017-08-02 14:48 - 2017-08-02 16:48 - 000000000 ____D C:\Program Files\DriverToolkit 2017-08-02 14:48 - 2017-08-02 14:48 - 000000000 ____D C:\Users\11\AppData\Local\DriverToolkit 2017-08-02 14:46 - 2017-08-18 08:51 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-02 14:46 - 2017-08-18 08:51 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-08-02 14:45 - 2017-08-07 14:38 - 000084896 _____ C:\Users\11\AppData\Local\GDIPFONTCACHEV1.DAT 2017-08-02 14:45 - 2017-08-02 14:56 - 000000000 ____D C:\Users\11\AppData\Local\Google 2017-08-02 14:45 - 2017-08-02 14:45 - 000000000 ____D C:\Users\11\AppData\Local\Deployment 2017-08-02 14:45 - 2017-08-02 14:45 - 000000000 ____D C:\Users\11\AppData\Local\Apps\2.0 2017-08-02 14:45 - 2017-08-02 14:45 - 000000000 ____D C:\Program Files\Google 2017-08-02 14:42 - 2017-08-02 14:42 - 000015384 _____ C:\Windows\system32\results.xml 2017-08-02 14:30 - 2017-08-14 14:26 - 000000000 ____D C:\Program Files\Intel 2017-08-02 14:30 - 2017-08-02 14:30 - 000000000 ____D C:\ProgramData\Intel 2017-08-02 14:30 - 2017-08-02 14:30 - 000000000 ____D C:\Program Files\Common Files\Intel 2017-08-02 14:30 - 2012-08-03 09:34 - 000056320 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL 2017-08-02 14:29 - 2017-08-02 14:29 - 000001769 _____ C:\Windows\Language_trs.ini 2017-08-02 14:29 - 2017-08-02 14:29 - 000000000 ____D C:\Intel 2017-08-02 14:21 - 2017-08-02 14:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2017-08-02 14:11 - 2017-08-02 14:11 - 000001401 _____ C:\Users\11\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-08-02 14:10 - 2017-08-16 13:50 - 000000000 ____D C:\Users\11 2017-08-02 14:10 - 2017-08-09 13:49 - 000000000 ____D C:\Users\11\AppData\Local\VirtualStore 2017-08-02 14:10 - 2017-08-02 14:10 - 000000020 ___SH C:\Users\11\ntuser.ini 2017-08-02 14:10 - 2011-04-12 04:36 - 000000000 ____D C:\Users\11\AppData\Roaming\Media Center Programs 2017-08-02 14:08 - 2017-08-02 14:08 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2017-08-02 14:08 - 2017-08-02 14:08 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-18 09:50 - 2009-07-14 07:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-08-18 09:50 - 2009-07-14 07:34 - 000016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-08-18 08:52 - 2010-11-21 00:01 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI 2017-08-18 08:52 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf 2017-08-18 08:47 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-09 12:13 - 2009-07-14 05:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2017-08-07 15:00 - 2009-07-14 07:33 - 000343200 _____ C:\Windows\system32\FNTCACHE.DAT 2017-08-07 09:01 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2017-08-07 09:00 - 2011-04-12 04:37 - 000000000 ____D C:\Windows\ShellNew 2017-08-02 15:04 - 2009-07-14 07:52 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2017-08-02 14:10 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache 2017-08-02 14:08 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-08-02 14:07 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\sysprep 2017-08-02 14:06 - 2011-04-12 04:37 - 000000000 ____D C:\Windows\CSC Some files in TEMP: ==================== 2017-06-20 04:59 - 2017-06-20 04:59 - 000164424 _____ (Microsoft Corporation) C:\Users\11\AppData\Local\Temp\atl110.dll 2017-08-09 11:53 - 2017-08-09 11:54 - 026624872 _____ (Disc Soft Ltd) C:\Users\11\AppData\Local\Temp\DTLite1060-0275_split.exe 2017-08-09 11:56 - 2017-08-09 11:56 - 001005568 _____ (Microsoft Corporation) C:\Users\11\AppData\Local\Temp\dt_D25F.tmp.exe 2017-06-20 04:59 - 2017-06-20 04:59 - 000069632 _____ () C:\Users\11\AppData\Local\Temp\HwInfo.dll 2017-06-20 04:59 - 2017-06-20 04:59 - 000900096 _____ () C:\Users\11\AppData\Local\Temp\NSISPromotionEx.dll 2017-08-18 10:36 - 2017-08-18 10:36 - 012171856 _____ (Reimage) C:\Users\11\AppData\Local\Temp\ReimagePackage.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-11 09:35 ==================== End of FRST.txt ============================ Addition.txt
  21. Имам проблеми със SSD-то, възможно ли е да направим една проверчица, за да знам дали има нещо нередно от към софтуерна гледна точка? Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-06-2017 Ran by Kris (administrator) on KRIS-PC (12-06-2017 18:28:59) Running from C:\Users\Kris\Desktop Loaded Profiles: Kris (Available Profiles: Kris) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_caf762663b02849b\igfxCUIService.exe () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe (Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (eVenture Limited) C:\Program Files (x86)\hide.me VPN\hidemesvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe (Opera Software) C:\Program Files\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files\Opera\45.0.2552.888\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files\Opera\45.0.2552.888\opera.exe (Opera Software) C:\Program Files\Opera\45.0.2552.888\opera.exe (Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (v5^dev) C:\Users\Kris\Desktop\DOB LOVE\DOB_Gui.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-28] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2017-04-29] (Realtek Semiconductor) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2017-04-30] (Pixart Imaging Inc) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated) HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1487896 2017-02-08] (Highresolution Enterprises) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKU\S-1-5-21-1594962750-1340225539-4068360994-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google) HKU\S-1-5-21-1594962750-1340225539-4068360994-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1594962750-1340225539-4068360994-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.) HKU\S-1-5-21-1594962750-1340225539-4068360994-1001\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 activation.cloud.techsmith.com Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{0924ac9e-ff20-4961-81a5-36bd36df3c24}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-1594962750-1340225539-4068360994-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-15] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-15] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: ei5xjl3l.default FF ProfilePath: C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\ei5xjl3l.default [2017-06-11] FF Extension: (Follow-on Search Telemetry) - C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\ei5xjl3l.default\features\{51347a27-d55a-4c17-8eab-ea099dfa077b}\[email protected] [2017-06-11] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-28] () FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-15] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-15] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-28] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [2012-04-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default [2017-06-09] CHR Extension: (Google Slides) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-02] CHR Extension: (Google Docs) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-02] CHR Extension: (Google Drive) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-02] CHR Extension: (YouTube) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-02] CHR Extension: (Google Sheets) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-02] CHR Extension: (Google Docs Offline) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-02] CHR Extension: (Gmail) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-02] CHR Extension: (Chrome Media Router) - C:\Users\Kris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-19] CHR HKU\S-1-5-21-1594962750-1340225539-4068360994-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx Opera: ======= StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-09] () R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-25] () [File not signed] S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_caf762663b02849b\IntelCpHeciSvc.exe [284144 2016-10-27] (Intel Corporation) S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_caf762663b02849b\IntelCpHDCPSvc.exe [462832 2016-10-27] (Intel Corporation) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed] R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [139472 2017-05-18] (eVenture Limited) R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_caf762663b02849b\igfxCUIService.exe [324592 2016-10-27] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-10-14] (Intel(R) Corporation) R3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [25312 2016-11-02] (Intel Corporation) S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [34528 2016-11-02] (Intel Corporation) S3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-10-15] (Intel Corporation) R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-18] (Intel(R) Corporation) R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-18] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-11-09] (Intel Corporation) R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2385832 2017-04-30] (Maxthon) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-20] (Microsoft Corporation) R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation) S2 CG6Service; "C:\Program Files\CyberGhost 6\CyberGhost.Service.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-05-09] () S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com) R3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [27128 2017-04-30] (ELECOM) R3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [26104 2017-04-30] (ELECOM) S3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_caf762663b02849b\igdkmd64.sys [11033568 2016-10-27] (Intel Corporation) R1 MpKsl0e06ac36; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27739550-BE80-4E84-ABC2-F5F4D03FFBFC}\MpKsl0e06ac36.sys [44928 2017-06-12] (Microsoft Corporation) R1 MpKsl3efd60c8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52AE8A9F-3B46-4E19-A2E4-DDF1A661CA5A}\MpKsl3efd60c8.sys [44928 2017-06-11] (Microsoft Corporation) R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-14] (Intel Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-02] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation) S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2017-04-30] () S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 hmatap; \SystemRoot\System32\drivers\hmatap.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-12 18:28 - 2017-06-12 18:29 - 00020309 _____ C:\Users\Kris\Desktop\FRST.txt 2017-06-12 18:28 - 2017-06-12 18:28 - 02438656 _____ (Farbar) C:\Users\Kris\Desktop\FRST64.exe 2017-06-12 18:28 - 2017-06-12 18:28 - 00000000 ____D C:\FRST 2017-06-12 15:26 - 2017-06-12 15:26 - 00069632 _____ C:\Users\Kris\Documents\Problem.evtx 2017-06-11 22:45 - 2017-06-11 22:56 - 01048205 _____ C:\Users\Kris\Desktop\Test.exe 2017-06-11 13:21 - 2017-06-11 13:21 - 00036510 _____ C:\Users\Kris\Downloads\Кит комплект сензор мелачка – 20000230 _ Milov.html 2017-06-11 13:21 - 2017-06-11 13:21 - 00028597 _____ C:\Users\Kris\Downloads\КОМБИНА БАР ЕООД __ Сензор ХОЛ за обороти хоризонт. мелачка Saeco2.html 2017-06-11 13:21 - 2017-06-11 13:21 - 00000000 ____D C:\Users\Kris\Downloads\КОМБИНА БАР ЕООД __ Сензор ХОЛ за обороти хоризонт. мелачка Saeco2_files 2017-06-11 13:21 - 2017-06-11 13:21 - 00000000 ____D C:\Users\Kris\Downloads\Кит комплект сензор мелачка – 20000230 _ Milov_files 2017-06-11 13:20 - 2017-06-11 13:20 - 00028580 _____ C:\Users\Kris\Downloads\КОМБИНА БАР ЕООД __ Сензор ХОЛ за обороти хоризонт. мелачка Saeco.html 2017-06-11 13:20 - 2017-06-11 13:20 - 00000000 ____D C:\Users\Kris\Downloads\КОМБИНА БАР ЕООД __ Сензор ХОЛ за обороти хоризонт. мелачка Saeco_files 2017-06-05 22:43 - 2017-06-11 22:56 - 00000000 ____D C:\Users\Kris\AppData\Roaming\CodeBlocks 2017-06-05 22:42 - 2017-06-05 22:43 - 00000000 ____D C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks 2017-06-05 22:42 - 2017-06-05 22:43 - 00000000 ____D C:\Program Files (x86)\CodeBlocks 2017-06-05 22:42 - 2017-06-05 22:42 - 00001164 _____ C:\Users\Kris\Documents\CodeBlocks.lnk 2017-06-05 22:42 - 2017-06-05 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks 2017-06-01 14:43 - 2017-06-01 14:43 - 00000000 ____D C:\Users\Kris\Documents\FeedbackHub 2017-05-28 22:52 - 2017-06-07 22:38 - 00000000 ____D C:\Users\Kris\Desktop\DOB LOVE 2017-05-28 16:49 - 2017-05-28 16:49 - 00000000 ____D C:\Program Files (x86)\hide.me VPN 2017-05-28 16:48 - 2017-05-28 22:21 - 00000000 ____D C:\Users\Kris\AppData\Roaming\Hide.me 2017-05-28 16:48 - 2017-05-28 16:49 - 00001098 _____ C:\Users\Kris\Documents\hide.me VPN.lnk 2017-05-28 16:48 - 2017-05-28 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hide.me VPN 2017-05-28 16:47 - 2017-05-28 16:47 - 06289296 _____ (eVenture Limited ) C:\Users\Kris\Downloads\Hide.me-Setup-1.2.13.exe 2017-05-28 12:35 - 2017-05-28 12:35 - 00002075 _____ C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberGhost 6.lnk 2017-05-28 12:34 - 2017-05-28 16:07 - 00000000 ____D C:\Program Files\CyberGhost 6 2017-05-28 12:34 - 2017-05-28 12:35 - 00000000 ____D C:\Users\Kris\AppData\Local\CyberGhost 2017-05-28 12:34 - 2017-05-28 12:34 - 00000000 ____D C:\Program Files\TAP-Windows 2017-05-28 12:10 - 2017-05-28 12:10 - 00000000 ____D C:\Users\Kris\Documents\My Cheat Tables 2017-05-26 15:28 - 2017-05-27 16:05 - 00000000 ____D C:\Users\Kris\Documents\VirtualDJ 2017-05-26 15:28 - 2017-05-26 15:28 - 00001038 _____ C:\Users\Kris\Documents\VirtualDJ PRO Full.lnk 2017-05-26 15:28 - 2017-05-26 15:28 - 00000000 ____D C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ 2017-05-26 15:28 - 2017-05-26 15:28 - 00000000 ____D C:\Program Files (x86)\VirtualDJ 2017-05-25 23:27 - 2017-05-25 23:27 - 00002007 _____ C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turn Monitor Off.lnk 2017-05-25 23:21 - 2017-05-25 23:27 - 00001783 _____ C:\Users\Kris\Documents\Turn Monitor Off.lnk 2017-05-25 23:20 - 2017-05-25 23:20 - 00000000 ____D C:\temp 2017-05-25 23:20 - 2016-05-23 09:44 - 00116736 _____ (NirSoft) C:\WINDOWS\nircmd.exe 2017-05-25 03:42 - 2017-05-25 03:42 - 00001256 _____ C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk 2017-05-25 03:42 - 2017-05-25 03:42 - 00000000 ____D C:\Users\Kris\AppData\Local\UNP 2017-05-25 03:32 - 2017-05-25 03:33 - 00000000 ____D C:\Program Files\UNP 2017-05-25 03:32 - 2017-05-25 03:32 - 00000000 ____D C:\WINDOWS\system32\UNP 2017-05-20 22:57 - 2017-05-20 22:57 - 00000000 ____D C:\Users\Kris\AppData\Local\Macromedia 2017-05-20 22:50 - 2017-06-11 22:11 - 00000000 ____D C:\Users\Kris\AppData\LocalLow\Mozilla 2017-05-20 22:50 - 2017-05-20 22:55 - 00000000 ____D C:\Users\Kris\AppData\Local\Mozilla 2017-05-20 22:50 - 2017-05-20 22:50 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-05-20 22:50 - 2017-05-20 22:50 - 00001220 _____ C:\Users\Kris\Documents\Mozilla Firefox.lnk 2017-05-20 22:50 - 2017-05-20 22:50 - 00000000 ____D C:\Users\Kris\AppData\Roaming\Mozilla 2017-05-20 22:50 - 2017-05-20 22:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-05-20 22:50 - 2017-05-20 22:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-05-20 20:26 - 2017-05-20 20:26 - 00000000 ____D C:\Users\Kris\AppData\LocalLow\Temp 2017-05-17 17:39 - 2017-05-17 17:39 - 00000000 ____D C:\Users\Kris\Documents\AutomaticSolution Software 2017-05-17 17:12 - 2017-05-17 17:12 - 00000000 ____D C:\Users\Kris\Documents\Lightshot 2017-05-16 16:40 - 2017-05-16 16:40 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-16 16:40 - 2017-05-16 16:40 - 00001489 _____ C:\Users\Kris\Documents\GeForce Experience.lnk 2017-05-16 16:39 - 2017-05-03 23:21 - 00175736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2017-05-16 16:39 - 2017-05-03 23:21 - 00143480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2017-05-15 22:32 - 2017-05-15 22:32 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2017-05-15 22:32 - 2017-05-15 22:32 - 00000000 ____D C:\Users\Kris\AppData\Roaming\Sun 2017-05-15 22:32 - 2017-05-15 22:32 - 00000000 ____D C:\Users\Kris\AppData\LocalLow\Sun 2017-05-15 22:32 - 2017-05-15 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-05-15 22:31 - 2017-05-15 22:31 - 00000000 ____D C:\Program Files\Java 2017-05-15 22:27 - 2017-05-15 22:36 - 00000000 ____D C:\Users\Kris\AppData\Roaming\.minecraft 2017-05-15 22:27 - 2017-05-15 22:28 - 00000000 ____D C:\Program Files (x86)\Minecraft 2017-05-15 22:27 - 2017-05-15 22:27 - 00001030 _____ C:\Users\Kris\Documents\Minecraft.lnk 2017-05-15 22:27 - 2017-05-15 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2017-05-15 10:26 - 2017-06-11 22:53 - 00000000 ____D C:\Users\Kris\Documents\Visual Studio 2012 2017-05-15 10:25 - 2017-05-15 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK 2017-05-15 10:25 - 2017-05-15 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK 2017-05-15 10:25 - 2017-05-15 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-05-15 10:25 - 2017-05-15 10:25 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2017-05-15 10:25 - 2017-05-15 10:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2017-05-15 10:25 - 2017-05-15 10:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-05-15 10:24 - 2017-05-15 10:24 - 00002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk 2017-05-15 10:24 - 2017-05-15 10:24 - 00000000 ____D C:\ProgramData\Windows App Certification Kit 2017-05-15 10:24 - 2017-05-15 10:24 - 00000000 ____D C:\ProgramData\PreEmptive Solutions 2017-05-15 10:24 - 2017-05-15 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2017-05-15 10:24 - 2017-05-15 10:24 - 00000000 ____D C:\Program Files\IIS Express 2017-05-15 10:24 - 2017-05-15 10:24 - 00000000 ____D C:\Program Files\Application Verifier 2017-05-15 10:24 - 2017-05-15 10:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools 2017-05-15 10:24 - 2017-05-15 10:24 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET 2017-05-15 10:24 - 2017-05-15 10:24 - 00000000 ____D C:\Program Files (x86)\IIS Express 2017-05-15 10:24 - 2017-05-15 10:24 - 00000000 ____D C:\Program Files (x86)\Application Verifier 2017-05-15 10:23 - 2017-05-15 10:23 - 00000000 ____D C:\WINDOWS\SysWOW64\1033 2017-05-15 10:23 - 2017-05-15 10:23 - 00000000 ____D C:\Program Files (x86)\Windows Kits 2017-05-15 10:23 - 2017-05-15 10:23 - 00000000 ____D C:\Program Files (x86)\NuGet 2017-05-15 10:23 - 2017-05-15 10:23 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services 2017-05-15 10:23 - 2017-05-15 10:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer 2017-05-15 10:23 - 2017-05-15 10:23 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop 2017-05-15 10:22 - 2017-05-15 10:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0 2017-05-15 10:22 - 2017-05-15 10:25 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2017-05-15 10:22 - 2017-05-15 10:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2017-05-15 10:22 - 2017-05-15 10:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs 2017-05-15 10:22 - 2017-05-15 10:23 - 00000000 ____D C:\WINDOWS\system32\1033 2017-05-15 10:22 - 2017-05-15 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 2017-05-15 10:22 - 2017-05-15 10:22 - 00000000 ____D C:\WINDOWS\symbols 2017-05-15 10:22 - 2017-05-15 10:22 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 11.0 2017-05-14 22:40 - 2017-06-04 18:44 - 00000000 ____D C:\Users\Kris\AppData\Local\CrashDumps 2017-05-14 22:14 - 2017-06-09 17:11 - 00000000 ____D C:\Users\Kris\AppData\LocalLow\uTorrent 2017-05-14 21:26 - 2017-05-28 13:18 - 00000000 ____D C:\Users\Kris\Documents\Audition ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-12 18:23 - 2017-04-30 08:22 - 00000000 ____D C:\Users\Kris\AppData\Roaming\Skype 2017-06-12 18:17 - 2017-04-30 21:10 - 00000000 ____D C:\Users\Kris\AppData\Roaming\TS3Client 2017-06-12 14:34 - 2017-04-30 10:47 - 00000000 ____D C:\ProgramData\NVIDIA 2017-06-12 14:31 - 2017-04-30 11:13 - 00000000 ___RD C:\Users\Kris\Google Drive 2017-06-12 07:19 - 2016-11-20 21:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-06-12 04:51 - 2016-11-20 21:51 - 01157310 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-06-12 04:45 - 2016-11-20 21:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-06-12 04:44 - 2017-04-30 10:48 - 00000000 ____D C:\Users\Kris 2017-06-11 21:06 - 2017-04-30 14:34 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-06-11 21:06 - 2017-04-30 07:53 - 00000000 ____D C:\ProgramData\Skype 2017-06-11 21:00 - 2017-04-30 08:47 - 00000000 ____D C:\Users\Kris\AppData\Roaming\AIMP 2017-06-11 13:30 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2017-06-09 23:22 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-06-09 23:22 - 2016-07-16 14:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-06-09 23:16 - 2017-04-30 11:14 - 00000000 ____D C:\Users\Kris\AppData\Roaming\uTorrent 2017-06-09 23:16 - 2016-07-16 09:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI 2017-06-09 21:15 - 2017-05-01 00:05 - 00000000 ____D C:\Users\Kris\AppData\Local\PokerStars.BG 2017-06-09 20:46 - 2017-05-03 21:30 - 00000000 ____D C:\Users\Kris\AppData\Roaming\vlc 2017-06-09 17:01 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-06-08 15:28 - 2016-07-16 14:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-06 16:35 - 2017-05-03 15:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2017-06-05 15:23 - 2017-05-03 15:19 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-06-01 16:40 - 2017-04-30 15:53 - 00000132 _____ C:\Users\Kris\AppData\Roaming\Adobe PNG Format CS6 Prefs 2017-05-31 16:12 - 2017-04-30 07:57 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-05-31 15:24 - 2017-05-02 21:49 - 00003942 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1493750990 2017-05-31 15:24 - 2017-05-02 21:49 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2017-05-31 15:24 - 2017-05-02 21:49 - 00000000 ____D C:\Program Files\Opera 2017-05-28 16:45 - 2017-04-30 08:20 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies 2017-05-28 16:07 - 2016-11-20 21:40 - 04899032 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-05-28 12:35 - 2017-04-30 07:04 - 00000000 ____D C:\Users\Kris\AppData\Local\VirtualStore 2017-05-28 12:34 - 2017-04-30 08:18 - 00000000 ____D C:\Program Files (x86)\HMA! Pro VPN 2017-05-28 12:34 - 2016-07-16 14:45 - 00000000 ____D C:\WINDOWS\INF 2017-05-28 01:04 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-05-28 01:03 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-05-27 12:16 - 2017-04-29 23:06 - 00000000 ____D C:\Users\Kris\AppData\Local\MicrosoftEdge 2017-05-23 20:19 - 2017-04-30 07:56 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-05-23 20:18 - 2017-04-30 07:56 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-05-20 22:57 - 2017-04-30 11:21 - 00000000 ____D C:\Users\Kris\AppData\Local\Adobe 2017-05-17 07:10 - 2017-05-02 21:22 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-16 17:21 - 2017-05-01 00:04 - 00000000 ____D C:\Program Files (x86)\PokerStars.BG 2017-05-16 16:56 - 2017-04-30 14:45 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2017-05-16 16:40 - 2017-04-30 10:50 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-16 16:40 - 2017-04-30 10:50 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-16 16:40 - 2017-04-30 10:50 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-16 16:40 - 2017-04-30 10:50 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-16 16:40 - 2017-04-30 10:50 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-16 16:40 - 2017-04-30 10:50 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-16 16:40 - 2017-04-30 10:50 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-16 16:40 - 2017-04-30 10:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-05-16 16:40 - 2017-04-30 10:47 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-05-16 16:40 - 2017-04-30 10:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-05-15 12:02 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\rescache 2017-05-15 10:25 - 2016-07-16 14:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2017-05-15 10:24 - 2017-04-30 12:48 - 00000000 ____D C:\Program Files\MSBuild 2017-05-15 10:23 - 2017-04-30 12:48 - 00000000 ____D C:\Program Files (x86)\MSBuild 2017-05-15 10:22 - 2017-04-30 07:21 - 00000000 ____D C:\ProgramData\Package Cache 2017-05-15 10:22 - 2016-07-16 14:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-05-13 21:52 - 2017-05-12 15:24 - 00000000 ____D C:\Users\Kris\Documents\Sound recordings ==================== Files in the root of some directories ======= 2017-04-30 15:53 - 2017-06-01 16:40 - 0000132 _____ () C:\Users\Kris\AppData\Roaming\Adobe PNG Format CS6 Prefs 2017-04-30 11:30 - 2017-04-30 11:30 - 0000003 _____ () C:\Users\Kris\AppData\Local\updater.log 2017-04-30 11:30 - 2017-04-30 11:30 - 0000425 _____ () C:\Users\Kris\AppData\Local\UserProducts.xml 2017-04-30 10:47 - 2017-04-30 10:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== 2017-04-30 12:38 - 2017-04-30 12:38 - 49529576 _____ (FinalWire Ltd. ) C:\Users\Kris\AppData\Local\Temp\aida64extreme590.exe 2017-04-30 11:17 - 2017-04-30 11:17 - 93992520 _____ () C:\Users\Kris\AppData\Local\Temp\arduino-1.8.2-windows.exe 2017-05-28 12:34 - 2017-05-28 12:34 - 16086472 _____ (CyberGhost S.R.L. ) C:\Users\Kris\AppData\Local\Temp\CG_6.0.526951.exe 2017-05-02 21:22 - 2017-05-02 21:22 - 1130328 _____ (Google Inc.) C:\Users\Kris\AppData\Local\Temp\ChromeSetup.exe 2017-06-05 22:42 - 2017-06-05 22:42 - 83783938 _____ (The Code::Blocks Team) C:\Users\Kris\AppData\Local\Temp\codeblocks-16.01mingw-setup.exe 2017-04-30 12:13 - 2017-04-30 12:13 - 1704136 _____ ( ) C:\Users\Kris\AppData\Local\Temp\cpu-z_1.79-en.exe 2017-04-30 14:36 - 2017-04-30 14:36 - 0292184 _____ (Microsoft Corporation) C:\Users\Kris\AppData\Local\Temp\dxwebsetup.exe 2017-05-20 22:50 - 2017-05-20 22:50 - 0246232 _____ (Mozilla) C:\Users\Kris\AppData\Local\Temp\Firefox Setup Stub 53.0.3.exe 2017-06-12 18:28 - 2017-06-12 18:28 - 2438656 _____ (Farbar) C:\Users\Kris\AppData\Local\Temp\FRST64.exe 2017-04-30 11:11 - 2017-04-30 11:11 - 1130328 _____ (Google Inc.) C:\Users\Kris\AppData\Local\Temp\googledrivesync.exe 2017-05-19 16:35 - 2017-05-19 16:35 - 0867241 _____ () C:\Users\Kris\AppData\Local\Temp\GSAutoClicker-Setup(1).exe 2017-05-17 17:39 - 2017-05-17 17:39 - 0867241 _____ () C:\Users\Kris\AppData\Local\Temp\GSAutoClicker-Setup.exe 2017-05-28 16:49 - 2017-05-28 16:49 - 6289296 _____ (eVenture Limited ) C:\Users\Kris\AppData\Local\Temp\Hide.me-Setup-1.2.13.exe 2017-05-28 12:33 - 2017-05-28 12:33 - 7567088 _____ (Privax Ltd) C:\Users\Kris\AppData\Local\Temp\HMA-Pro-VPN-3.4.6.1-install(1).exe 2017-05-28 12:32 - 2017-05-28 12:32 - 7567088 _____ (Privax Ltd) C:\Users\Kris\AppData\Local\Temp\HMA-Pro-VPN-3.4.6.1-install.exe 2017-05-15 22:32 - 2017-05-15 22:32 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kris\AppData\Local\Temp\jansi-64-git-Spigot-c6871e2-0cd0397-2161919650563422529.dll 2017-05-15 22:36 - 2017-05-15 22:36 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Kris\AppData\Local\Temp\jansi-64-git-Spigot-c6871e2-0cd0397-6343540281877952254.dll 2017-05-15 22:31 - 2017-05-15 22:31 - 65659968 _____ (Oracle Corporation) C:\Users\Kris\AppData\Local\Temp\jre-8u131-windows-x64.exe 2017-05-08 18:57 - 2017-05-08 18:57 - 32529256 _____ (Riot Games) C:\Users\Kris\AppData\Local\Temp\LeagueofLegends_EUNE_Installer_2016_11_10.exe 2017-04-30 11:19 - 2017-04-30 11:19 - 2982992 _____ () C:\Users\Kris\AppData\Local\Temp\npp.7.3.3.Installer.exe 2017-04-30 07:44 - 2017-04-20 03:18 - 0754352 _____ (NVIDIA Corporation) C:\Users\Kris\AppData\Local\Temp\nvSCPAPI.dll 2017-04-30 07:44 - 2017-04-20 03:18 - 0867968 _____ (NVIDIA Corporation) C:\Users\Kris\AppData\Local\Temp\nvSCPAPI64.dll 2017-05-07 18:20 - 2017-04-20 03:18 - 0367736 _____ (NVIDIA Corporation) C:\Users\Kris\AppData\Local\Temp\nvStInst.exe 2017-05-02 21:49 - 2017-05-02 21:49 - 1186096 _____ (Opera Software) C:\Users\Kris\AppData\Local\Temp\OperaSetup.exe 2017-05-01 00:03 - 2017-05-01 00:04 - 108547352 _____ (Rational Intellectual Holdings Ltd.) C:\Users\Kris\AppData\Local\Temp\PokerStarsInstallBG(1).exe 2017-04-30 22:24 - 2017-04-30 22:24 - 108547360 _____ (Rational Intellectual Holdings Ltd.) C:\Users\Kris\AppData\Local\Temp\PokerStarsInstallBG.exe 2017-05-28 12:37 - 2017-05-28 12:37 - 30901272 _____ (OpenVPN Technologies) C:\Users\Kris\AppData\Local\Temp\privatetunnel-win-2.8.exe 2017-04-30 11:30 - 2017-04-30 11:30 - 2732544 _____ (Skillbrains ) C:\Users\Kris\AppData\Local\Temp\setup-lightshot.exe 2017-04-30 14:33 - 2017-04-30 14:33 - 1631704 _____ (Skype Technologies S.A.) C:\Users\Kris\AppData\Local\Temp\SkypeSetup.exe 2017-05-15 22:32 - 2017-05-15 22:32 - 0515584 _____ () C:\Users\Kris\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll 2017-04-30 21:10 - 2017-04-30 21:10 - 77604984 _____ (TeamSpeak Systems GmbH) C:\Users\Kris\AppData\Local\Temp\TeamSpeak3-Client-win64-3.1.4(1).exe 2017-04-30 16:52 - 2017-04-30 16:52 - 77604984 _____ (TeamSpeak Systems GmbH) C:\Users\Kris\AppData\Local\Temp\TeamSpeak3-Client-win64-3.1.4.exe 2017-05-03 15:19 - 2017-05-03 15:19 - 14725904 _____ (TeamViewer GmbH) C:\Users\Kris\AppData\Local\Temp\TeamViewer_Setup.exe 2017-04-30 11:14 - 2017-04-30 11:14 - 2403520 _____ (BitTorrent Inc.) C:\Users\Kris\AppData\Local\Temp\uTorrent.exe 2017-04-30 14:33 - 2017-04-30 14:33 - 14456872 _____ (Microsoft Corporation) C:\Users\Kris\AppData\Local\Temp\vc_redist.x86.exe 2017-04-30 22:49 - 2017-04-30 22:49 - 3003896 _____ () C:\Users\Kris\AppData\Local\Temp\XMouseButtonControlSetup.2.15.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-05 23:25 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2017 Ran by Kris (12-06-2017 18:29:38) Running from C:\Users\Kris\Desktop Windows 10 Pro Version 1607 (X64) (2017-04-30 07:50:59) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1594962750-1340225539-4068360994-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1594962750-1340225539-4068360994-503 - Limited - Disabled) Guest (S-1-5-21-1594962750-1340225539-4068360994-501 - Limited - Disabled) Kris (S-1-5-21-1594962750-1340225539-4068360994-1001 - Administrator - Enabled) => C:\Users\Kris ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1594962750-1340225539-4068360994-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.) Adobe Audition CC 2015.2 (HKLM-x32\...\AUDT_9_2_1) (Version: 9.2.1 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) AIDA64 Extreme v5.90 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.90 - FinalWire Ltd.) AIMP (HKLM-x32\...\AIMP) (Version: v4.10.1831, 31.08.2016 - AIMP DevTeam) Ansel (Version: 382.05 - NVIDIA Corporation) Hidden Arduino (HKLM-x32\...\Arduino) (Version: 1.8.2 - Arduino LLC) Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation) CodeBlocks (HKU\S-1-5-21-1594962750-1340225539-4068360994-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team) CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) DoNotSpy10 (HKLM-x32\...\{32D066BD-F94C-4948-8FA8-84653EE9617E}_is1) (Version: 2.0 - pXc-coding.com) Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden DTSStudioSoundGuiPluginInstaller (HKLM-x32\...\{83D9B703-6B52-4D06-B316-C51F239C8565}) (Version: 1.00.1900 - DTS, Inc.) Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden hide.me VPN 1.2.13 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.2.13 - eVenture Limited) IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - ) Intel(R) Chipset Device Software (x32 Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation) Intel(R) Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel) Intel(R) Online Connect Software Asset Manager (x32 Version: 3.4.2095 - Intel Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4541 - Intel Corporation) Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games) League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains) LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.4.3000 - Maxthon International Limited) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation) Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation) Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation) Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31125 - Microsoft Corporation) Microsoft Visual Studio Professional 2012 (HKLM-x32\...\{17c2e197-cf26-443b-8beb-53151940df3f}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation) Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Mozilla Firefox 53.0.3 (x86 bg) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 bg)) (Version: 53.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla) MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation) NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation) NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation) NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden Opera Stable 45.0.2552.888 (HKLM-x32\...\Opera 45.0.2552.888) (Version: 45.0.2552.888 - Opera Software) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PokerStars.bg (HKLM-x32\...\PokerStars.bg) (Version: - PokerStars.bg) PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.) RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games) SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4 - TeamSpeak Systems GmbH) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) VirtualDJ PRO Full (HKLM-x32\...\{4769E972-2E92-49C5-B6F9-465EFD0C4D94}) (Version: 7.0.5 - Atomix Productions) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) WinRAR 5.50 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.1 - win.rar GmbH) X-Mouse Button Control 2.15 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.15 - Highresolution Enterprises) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS.exe Task: C:\WINDOWS\Tasks\update-S-1-5-21-1594962750-1340225539-4068360994-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki Shortcut: C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com ==================== Loaded Modules (Whitelisted) ============== 2017-04-30 08:49 - 2015-05-09 00:26 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe 2017-04-30 08:49 - 2014-04-25 00:29 - 01360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe 2016-10-18 06:00 - 2016-10-18 06:00 - 00107752 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\libglog.dll 2016-10-18 06:00 - 2016-10-18 06:00 - 00412904 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\JsonCpp.dll 2017-04-30 07:35 - 2017-05-03 23:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2016-11-02 03:18 - 2016-11-02 03:18 - 00253664 _____ () C:\Program Files\Intel\Intel(R) Online Connect\CSLibWrapper.dll 2016-07-16 14:42 - 2016-07-16 14:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-05-10 20:54 - 2017-04-28 03:49 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2017-04-30 10:47 - 2017-05-01 23:51 - 00133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-04-30 10:52 - 2017-04-30 10:52 - 00959168 _____ () C:\Users\Kris\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll 2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2017-03-08 05:42 - 2017-03-08 05:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2016-11-20 21:11 - 2016-11-20 21:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-04-30 12:53 - 2017-03-04 09:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-06-08 15:28 - 2017-06-08 15:28 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-06-08 15:28 - 2017-06-08 15:28 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-06-08 15:28 - 2017-06-08 15:28 - 43318784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-06-08 15:28 - 2017-06-08 15:28 - 02427904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\skypert.dll 2017-04-30 12:52 - 2017-03-04 09:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-04-30 12:52 - 2017-03-04 09:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-04-30 12:52 - 2017-03-04 09:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-05-10 20:54 - 2017-04-28 02:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-05-10 20:54 - 2017-04-28 02:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-05-31 15:24 - 2017-05-31 15:24 - 90985048 _____ () C:\Program Files\Opera\45.0.2552.888\opera_browser.dll 2017-05-31 15:24 - 2017-05-31 15:23 - 03949144 _____ () C:\Program Files\Opera\45.0.2552.888\libglesv2.dll 2017-05-31 15:24 - 2017-05-31 15:23 - 00101464 _____ () C:\Program Files\Opera\45.0.2552.888\libegl.dll 2017-04-12 13:46 - 2017-04-12 13:46 - 00176408 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll 2017-03-13 19:37 - 2017-03-13 19:37 - 00020248 _____ () C:\Program Files\TeamSpeak 3 Client\libEGL.DLL 2017-03-13 19:37 - 2017-03-13 19:37 - 01975064 _____ () C:\Program Files\TeamSpeak 3 Client\libGLESv2.dll 2017-04-12 13:46 - 2017-04-12 13:46 - 00107288 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll 2017-04-12 13:46 - 2017-04-12 13:46 - 00128280 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll 2017-04-30 21:10 - 2017-05-04 17:21 - 00152064 _____ () C:\Users\Kris\AppData\Roaming\TS3Client\plugins\gamepad_joystick_win64.dll 2017-04-30 21:10 - 2017-04-30 21:11 - 00345880 _____ () C:\Users\Kris\AppData\Roaming\TS3Client\plugins\clientquery_plugin_win64.dll 2017-06-05 21:19 - 2017-06-05 21:20 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-06-05 21:19 - 2017-06-05 21:20 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-06-05 21:19 - 2017-06-05 21:20 - 00460288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll 2017-06-05 21:19 - 2017-06-05 21:20 - 02275328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2017-06-05 21:19 - 2017-06-05 21:20 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-06-05 21:19 - 2017-06-05 21:20 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll 2017-04-30 07:47 - 2017-04-30 07:48 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-06-05 21:19 - 2017-06-05 21:20 - 00900096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-05-09 16:18 - 2017-05-09 16:18 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll 2017-04-30 07:47 - 2017-04-30 07:48 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.524.10020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2017-05-23 07:14 - 2017-05-23 07:14 - 03918848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe 2017-04-30 08:49 - 2017-06-12 04:45 - 00039208 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll 2017-04-30 08:49 - 2015-05-09 00:26 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll 2016-11-09 05:40 - 2016-11-09 05:40 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-04-30 07:35 - 2017-05-03 23:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-06-12 14:31 - 2017-06-12 14:31 - 00098816 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\win32api.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00110080 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\pywintypes27.dll 2017-06-12 14:31 - 2017-06-12 14:31 - 00364544 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\pythoncom27.dll 2017-06-12 14:31 - 2017-06-12 14:31 - 00320512 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\win32com.shell.shell.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00914432 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\_hashlib.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 01176576 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\wx._core_.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00806400 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\wx._gdi_.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00816128 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\wx._windows_.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 01067008 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\wx._controls_.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00733184 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\wx._misc_.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00682496 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\pysqlite2._sqlite.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00088064 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\_ctypes.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00686080 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\unicodedata.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00119808 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\win32file.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00108544 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\win32security.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00007168 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\hashobjs_ext.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00017920 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\thumbnails_ext.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00088064 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\usb_ext.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00012800 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\common.time34.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00018432 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\win32event.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00167936 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\win32gui.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00046080 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\_socket.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 01303552 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\_ssl.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00128512 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\_elementtree.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00127488 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\pyexpat.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00038912 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\win32inet.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00036864 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\_psutil_windows.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00524248 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\windows._lib_cacheinvalidation.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00011264 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\win32crypt.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00123392 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\wx._wizard.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00077312 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\wx._html2.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00027648 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\_multiprocessing.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00020480 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\_yappi.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00035840 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\win32process.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00078848 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\wx._animate.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00024064 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\win32pipe.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00010240 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\select.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00025600 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\win32pdh.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00017408 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\win32profile.pyd 2017-06-12 14:31 - 2017-06-12 14:31 - 00022528 ____R () C:\Users\Kris\AppData\Local\Temp\_MEI77162\win32ts.pyd 2017-04-26 15:19 - 2017-04-26 15:19 - 02005976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll 2017-04-30 07:32 - 2017-01-06 15:42 - 00312744 _____ () C:\Program Files (x86)\Maxthon\bin\Maxzlib.dll 2017-04-30 07:32 - 2017-01-06 15:42 - 09266600 _____ () C:\Program Files (x86)\Maxthon\Core\Blink\plugins\pdf.dll 2017-04-30 07:32 - 2017-01-06 15:42 - 16393032 _____ () C:\Program Files (x86)\Maxthon\Core\Blink\plugins\pepflashplayer.dll 2017-04-30 07:32 - 2017-01-06 15:42 - 01342776 _____ () C:\Program Files (x86)\Maxthon\Core\Blink\libglesv2.dll 2017-04-30 07:32 - 2017-01-06 15:42 - 00219448 _____ () C:\Program Files (x86)\Maxthon\Core\Blink\libegl.dll 2017-04-30 07:32 - 2017-01-06 15:42 - 02354488 _____ () C:\Program Files (x86)\Maxthon\Core\Blink\ffmpegsumo.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-10 14:04 - 2017-05-31 07:09 - 00000864 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 activation.cloud.techsmith.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1594962750-1340225539-4068360994-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kris\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{369b9964-a947-4865-b3e3-90185b3abe7f}.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5580588F-102F-49B4-99EE-A5748927C880}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{B70C05C2-FA7D-479B-9C21-72642D776143}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{7F2A2A00-F78A-4569-8F09-BE6245548A1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{D6EF5B11-2D82-417C-B454-C5F010F8FC68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{AD86628B-7987-4B43-BE05-4FA3F402377A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{CE0F6530-4EFC-49BA-BB6A-F911D8D67130}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{D01F518A-C98E-495E-921C-CCDDFCF775BC}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{162520EA-96EF-4C0C-B37D-4A0D4A5B5F1C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{5151D8DB-A5D6-402B-AEE7-78B8B00978D7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{6B9AA5F0-2E21-4538-B6F0-B16F2EA5191A}] => (Allow) C:\Users\Kris\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{06EC6EDE-4685-4796-B6AD-8E1E9DCAB9EC}] => (Allow) C:\Users\Kris\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{985F61C0-C636-4C2F-85CD-41DB4D757621}] => (Allow) C:\Users\Kris\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{C028404A-6ED6-4D21-AECC-EFEA12A2CF84}] => (Allow) C:\Users\Kris\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{FB442041-E126-4E41-A6F2-980FA44EC9D7}] => (Allow) C:\Users\Kris\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9D12ACB4-738F-4B4F-B1EC-CE4137E678F3}] => (Allow) C:\Users\Kris\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{793C2E23-DB8A-4003-8825-EEE1C6223612}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [UDP Query User{5D3F42E5-4546-4BFE-BE80-6EFACDA33F47}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe FirewallRules: [{651261B1-54F5-4572-81AC-A8C118AF63C6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{07FFEE86-2217-447A-8E11-89CD17F51C43}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{CBFB03DC-F1A8-4EE0-A3F9-2BAACE2B5F34}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{8C7238B8-AED2-4F9A-AC58-09F35C7B1918}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [UDP Query User{66CA23FB-CC45-4AFC-816F-A2285DEB93A3}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe FirewallRules: [TCP Query User{EA93A6BE-7B4A-4F80-819F-41598B1FEDDD}C:\users\kris\google drive\programs\packetsenderportable\packetsender.exe] => (Block) C:\users\kris\google drive\programs\packetsenderportable\packetsender.exe FirewallRules: [UDP Query User{67E63ECB-EA75-4E0D-9C99-4DCE7218C704}C:\users\kris\google drive\programs\packetsenderportable\packetsender.exe] => (Block) C:\users\kris\google drive\programs\packetsenderportable\packetsender.exe FirewallRules: [{3DF22F68-8B18-4EBD-BCEC-3620BAEC4812}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe FirewallRules: [TCP Query User{9E8CDFEF-468F-4EFD-A78A-E6820834DCD8}C:\programdata\oracle\java\javapath_target_89831312\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_89831312\java.exe FirewallRules: [UDP Query User{8316552B-F293-4D9B-9807-8FA1887B93A4}C:\programdata\oracle\java\javapath_target_89831312\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_89831312\java.exe FirewallRules: [TCP Query User{1F29661C-A893-458D-BE9A-5A9B90C2D9A1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{1BF483B7-22D7-49D8-8047-C6107CBA490A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{902E73BC-F006-443D-8FF2-5B5089329A6D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{59AFD59C-A662-4B49-8149-0A7C3A482D66}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{90067536-C9D2-4BF8-AB82-80781C20B833}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B7FA8940-529D-4AF0-9E90-5E58BF7F9582}] => (Allow) C:\Program Files\Opera\45.0.2552.881\opera.exe FirewallRules: [{0351C083-B1D3-476B-93CC-E00652A0FD93}] => (Allow) C:\Program Files\Opera\45.0.2552.888\opera.exe FirewallRules: [{F911DA7F-B078-4BDC-83EC-11344E6257E1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D6EED670-786C-468A-8F29-D11F1A6FC2E7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{1E5A340D-264E-44FD-8C77-AA8DB924250D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{8C63878F-7E32-4103-AB82-5F6516425FF8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: 690LC Description: 690LC Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/12/2017 07:30:35 AM) (Source: IntelDalJhi) (EventID: 4) (User: ) Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid. Error: (06/12/2017 07:30:35 AM) (Source: IntelDalJhi) (EventID: 4) (User: ) Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid. Error: (06/12/2017 04:53:06 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\redist\1033\vcredist_arm.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/11/2017 12:14:08 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\redist\1033\vcredist_arm.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/10/2017 01:42:22 PM) (Source: IntelDalJhi) (EventID: 4) (User: ) Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid. Error: (06/10/2017 01:42:22 PM) (Source: IntelDalJhi) (EventID: 4) (User: ) Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid. Error: (06/10/2017 03:42:22 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\redist\1033\vcredist_arm.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/09/2017 04:29:43 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\redist\1033\vcredist_arm.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/08/2017 04:06:45 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\redist\1033\vcredist_arm.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (06/07/2017 03:32:10 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\redist\1033\vcredist_arm.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (06/12/2017 02:31:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/12/2017 07:30:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/12/2017 04:46:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/12/2017 04:45:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CG6Service service failed to start due to the following error: The system cannot find the file specified. Error: (06/12/2017 04:45:53 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 4:44:30 AM on ‎6/‎12/‎2017 was unexpected. Error: (06/12/2017 04:44:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The CG6Service service failed to start due to the following error: The system cannot find the file specified. Error: (06/12/2017 04:44:30 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:15:11 AM on ‎6/‎12/‎2017 was unexpected. Error: (06/11/2017 09:05:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/11/2017 09:00:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/11/2017 12:12:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2017-06-10 00:21:17.583 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-02 21:53:50.841 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-06-01 00:17:23.375 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-30 23:57:02.639 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-28 21:47:44.272 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-27 12:16:32.708 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-05-27 12:16:17.836 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-05-27 12:16:17.537 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-05-15 10:13:52.277 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-05-11 07:22:19.364 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz Percentage of memory in use: 46% Total physical RAM: 8131.13 MB Available physical RAM: 4338.98 MB Total Virtual: 9411.13 MB Available Virtual: 4930.54 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:118.69 GB) (Free:69.17 GB) NTFS Drive d: () (Fixed) (Total:931.51 GB) (Free:578.84 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: D5F43134) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F728F054) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  22. Здравейте! От известно време насам имам проблем при браузване в интернет, постоянно изкачат прозорки с реклама на ефбет, а вчера даже нещо като видео от каунтър страйк ((макар и за секунди) Използвам аваст и малуеърбайтс, отделно adon за мозила -Адблок +, При сканиране и от двете не излиза нищо особени като инфекция (само някакъв .длл от една стара игра). П.С. Обикновено съм на компютъра късно вечер и то не всеки ден, така че може би няма да мога да изпълнявам бързо съветите Ви.... Addition.txt
  23. Здравейте, преди ден антивирусната ми програма непрекъснато даваше известия за троянец, който се опитва да се свърже - "Website Blocked Due to Trojan". При сканиране обаче, не се откриваше нищо. При днешното пускане на компютъра забелязах, че работи изключи бавно, непрекъснато забива и т.н. Пробвах да сканирам - антивирусната отказа да стартира. Когато цъкна рестарт всeки път излиза съобщение "Preparing to configure your computer", и отново лаптопът работи видимо затруднено. Нямам диск за операционна система, по-долу съм прикачил файловете от сканирането с Farbar. FRST.txt Addition.txt
×
×
  • Добави ново...