Премини към съдържанието

Филтри за търсене

Показани резултати за тагове 'РЕШЕН'.

  • Търсене по таг

    Въведете тагове разделени със запетая
  • Търсене по автор

Търсене в


Форуми

  • Софтуер
    • Нови Програми
    • Търсене на Програми
    • Програми - Проблеми и Дискусии
    • Драйвери - Търсене, Проблеми, Линкове
    • Операционни системи
    • Сигурност и антивирусна защита
    • Игри
  • Хардуер
    • Общи хардуерни въпроси
    • Преносими компютри
    • Дънни платки
    • Запаметяващи устройства и памети
    • Монитори, Аудио и Видеокарти
    • Периферия
    • Овърклок и PC модинг
    • Нови конфигурации и части, въпроси, препоръки и мнения
  • Мобилни телефони, GSM, Мобилни приложения, Комуникации
    • Мобилни телефони - Въпроси, Проблеми, Софтуер
    • Съвети при избор на телефон
    • Мобилни Приложения (Apps)
    • Мобилни оператори, Мрежи, Промоции, Абонаменти, Услуги
    • Други теми относно мобилни телефони
  • Уеб дизайн, Графичен дизайн, Програмиране
    • Програмиране
    • Графичен Дизайн и Визуални изкуства
    • CMS, Форумни и Торент системи
    • Хостинг, Домейни, Уеб сървъри
    • SEO, Уеб оптимизация и стандарти
  • Битова Техника
    • Аудиотехника
    • Телевизори, Видео и Фото техника, Видео наблюдение
    • Климатици - проблеми, съвети, въпроси
    • Бойлери, Печки, Отопление
    • Друга битова техника
  • Интернет, Локални Мрежи и GPS Навигации
    • Интернет, WiFi, xDSL и Локална Мрежа
    • Биткойн и Криптовалути
    • Онлайн бизнес, AdSense, Affilate програми
    • Рутери, Модеми, Суичове
    • Facebook - проблеми, въпроси, вируси
    • Skype, VoIP - Интернет телефония
    • GPS, Навигационни системи - Въпроси, Карти, Проблеми
  • Изкуство
    • Музика
    • Кино и Телевизия
    • Поезия и Лично творчество
    • Изкуство - Изящно, Приложно и Сценично
    • Фотография и Фотографска техника
    • Литература, Книги (e-books, video trainings, tutorials & etc.)
  • Други
    • Статии и ревюта
    • Образование и обща култура
    • Религия, Мистика, Езотерика
    • История
    • Философия
    • Психология и Психотерапия
    • Новини от България и Света
    • Българите по света
    • Политика
    • Право и Юридически консултации
    • Здраве и Mедицина
    • Банки, Застраховане, Финанси, Кредити
    • Тийн Зона (Teen Zone)
    • Купувам / Продавам
    • Всичко останало
  • Хоби, Развлечение и Свободно време
  • За kaldata.com
  • Теми
  • Photoshop майнаци Теми
  • python3 data types
  • какви са ви любимите игри?? Темиигри за вас
  • супрески игри и рекорди Темиигри за вас

Блогове

Няма резултати

Няма резултати

Категории

  • Компютри
    • Компютърни конфигурации
    • Компютърни компоненти
    • Периферни устройства
    • Дънни платки
    • Мултимедия
    • Компютърни игри и софтуер
    • Администриране и интернет услуги
    • Компютърни аксесоари
    • Лаптопи и таблети
    • Видеокарти
    • Монитори
    • Процесори
    • Хард дискове и Памети
    • Други
  • Електроника
    • Телефони, GSM апарати
    • Аудио
    • Битова електроника
    • GPS и навигационни системи
    • Фотоапарати и обективи
    • TV и Видео
    • Други
  • Имоти
    • Гарсониери
    • Къщи и вили
    • Търговски площи
    • Гаражи
    • Апартаменти
    • Терени
    • Офиси
    • Други имоти в продажба
  • Авто-мото
    • Автомобили
    • Велосипеди
    • Лодки
    • Резервни части
    • Авто аксесоари
    • Мотоциклети
    • Скутери и ATV
    • Камиони и Автобуси
    • Авто сервизи и Rent-a-Car
    • Други
  • Работа
    • Работа в страната
    • Работа в чужбина
    • Стажове
    • Работа от вкъщи
    • Непълно работно време
  • Услуги
  • Строителство
  • Туризъм
  • Курсове и обучение
  • Домашни любимци
  • Други
  • супрески игри и рекорди Обяви
  • супрески игри и рекорди Обяви

Категории

  • Домашни любимци и Животни
  • Игри
  • Инциденти и Екстремни
  • Коли и превозни средства
  • Музика
    • Българска музика
    • Джаз
    • Електронна
    • Метъл и Рок
    • Народна и Фолклор
    • Поп и Диско
    • Поп-фолк
    • Рап и хип-хоп
    • Ритъм енд блус и соул
    • Друга
  • Новини и политика
  • Реклами
  • Смях и Развлечение
  • Спорт
  • Технологии, Компютри, Хардуер
  • ТВ Предавания и Шоу Програми
  • Хора и блогове
  • Филми и анимация
  • Други
  • Old School Hip-Hop and Electroo 80" Видео клипчета

Календари

  • Събития
  • Изложения
  • Семинари
  • Парти
  • Празници в България

Групи продукти

  • Банер Реклами

Търсене в...

Търси резултати които съдържат...


Дата

  • Начало

    Край


Последно обновяване

  • Начало

    Край


Филтриране по брой...

Регистрация

  • Начало

    Край


Група


Skype


Facebook


Google+


Twitter


ICQ


Yahoo


Интернет сайт


Град


Интереси

Открити 104 резултата

  1. Здравейте, преди няколко дена инасталирах някаква програма и от тогава не мога да се отърва от рекламите в браузара. Не се появяват във всички сайтове. Инсталирах Adblock Plus, но не дава никакъв ефект. Нямам диск за ОС Моля за помощ. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2015 Ran by JUSTEX (administrator) on JUSTEX-PC on 15-04-2015 00:11:58 Running from C:\Users\JUSTEX\Desktop Loaded Profiles: JUSTEX (Available profiles: JUSTEX) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Български (България) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (XTab system) C:\Program Files\XTab\ProtectService.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (SearchProtect) C:\Program Files\XTab\CmdShell.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (XTab system) C:\Program Files\XTab\HPNotify.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe () C:\Program Files\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater.exe () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5\Plugin.exe () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5\Plugin.exe () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3\Plugin.exe () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\8\Plugin.exe () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3\Plugin.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2015-02-08] (AVAST Software) HKU\S-1-5-21-495552896-612489989-919538977-1000\...\Winlogon: [shell] C:\Windows\explorer.exe [2616320 2013-05-05] (Microsoft Corporation) <==== ATTENTION ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1421508311&from=smt&uid=126614527_135106_E093B155 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1421508311&from=smt&uid=126614527_135106_E093B155&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1421508311&from=smt&uid=126614527_135106_E093B155 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1421508311&from=smt&uid=126614527_135106_E093B155&q={searchTerms} HKU\S-1-5-21-495552896-612489989-919538977-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1421508311&from=smt&uid=126614527_135106_E093B155 HKU\S-1-5-21-495552896-612489989-919538977-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-495552896-612489989-919538977-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1421508311&from=smt&uid=126614527_135106_E093B155 URLSearchHook: HKLM - Newwara Toolbar - {04b84c46-5abb-476b-a7d7-40435d9ae611} - C:\Program Files\Newwara\prxtbNeww.dll (Conduit Ltd.) URLSearchHook: HKU\S-1-5-21-495552896-612489989-919538977-1000 - Newwara Toolbar - {04b84c46-5abb-476b-a7d7-40435d9ae611} - C:\Program Files\Newwara\prxtbNeww.dll (Conduit Ltd.) SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1421508311&from=smt&uid=126614527_135106_E093B155&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1421508311&from=smt&uid=126614527_135106_E093B155&q={searchTerms} SearchScopes: HKU\S-1-5-21-495552896-612489989-919538977-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=126614527_135106_E093B155&ts=1421508382&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-495552896-612489989-919538977-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=126614527_135106_E093B155&ts=1421508382&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-495552896-612489989-919538977-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=126614527_135106_E093B155&ts=1421508382&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-495552896-612489989-919538977-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=126614527_135106_E093B155&ts=1421508382&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-495552896-612489989-919538977-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=smt&utm_campaign=install_ie&utm_content=ds&from=smt&uid=126614527_135106_E093B155&ts=1421508382&type=default&q={searchTerms} BHO: Newwara Toolbar -> {04b84c46-5abb-476b-a7d7-40435d9ae611} -> C:\Program Files\Newwara\prxtbNeww.dll [2011-05-09] (Conduit Ltd.) BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll [2015-01-16] (Thinknice Co. Limited) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-08] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Express Find -> {d39539bb-f65e-4088-a9d1-6e5f01a42a3e} -> C:\Program Files\Express Find\Extensions\d39539bb-f65e-4088-a9d1-6e5f01a42a3e.dll [2015-04-09] () Toolbar: HKLM - Newwara Toolbar - {04b84c46-5abb-476b-a7d7-40435d9ae611} - C:\Program Files\Newwara\prxtbNeww.dll [2011-05-09] (Conduit Ltd.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2B4D1825-B4A4-4229-AD3F-B50E6A73C3D9}: [NameServer] 10.35.6.1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1421508311&from=smt&uid=126614527_135106_E093B155 FireFox: ======== FF ProfilePath: C:\Users\JUSTEX\AppData\Roaming\Mozilla\Firefox\Profiles\bvc6rkwq.default-1428587428535 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] () FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2014-03-23] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml [2015-04-03] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml [2015-04-03] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml [2015-04-03] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-04-03] FF Extension: Express Find - C:\Users\JUSTEX\AppData\Roaming\Mozilla\Firefox\Profiles\bvc6rkwq.default-1428587428535\Extensions\{60f6a36b-a5ed-4420-a594-7d4d4ec6ca07}.xpi [2015-04-09] FF Extension: Adblock Plus - C:\Users\JUSTEX\AppData\Roaming\Mozilla\Firefox\Profiles\bvc6rkwq.default-1428587428535\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-10] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\JUSTEX\AppData\Roaming\Mozilla\Firefox\Profiles\nn6phdth.default\extensions\[email protected] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\JUSTEX\AppData\Roaming\Mozilla\Firefox\Profiles\nn6phdth.default\extensions\[email protected] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-08] Chrome: ======= CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1421508311&from=smt&uid=126614527_135106_E093B155 CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1421508311&from=smt&uid=126614527_135106_E093B155" CHR DefaultSearchKeyword: Default -> mystartsearch CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avast Online Security) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-22] CHR Extension: (Google Wallet) - C:\Users\JUSTEX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-15] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-08] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-08] (AVAST Software) R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-02-12] (Macrovision Europe Ltd.) [File not signed] R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158896 2015-01-16] (XTab system) R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 Service Mgr ExpressFind; C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.exe [641296 2015-04-15] () R2 Update Mgr ExpressFind; C:\Program Files\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater.exe [560368 2015-04-15] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-17] (SysTool PasSame LIMITED) [File not signed] S2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-02-08] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2015-02-08] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-02-08] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-02-08] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2015-02-08] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2015-02-08] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2015-02-08] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2015-02-08] () S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-27] (HTC, Corporation) [File not signed] R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 00:11 - 2015-04-15 00:12 - 00014622 _____ () C:\Users\JUSTEX\Desktop\FRST.txt 2015-04-15 00:11 - 2015-04-15 00:12 - 00000000 ____D () C:\FRST 2015-04-15 00:10 - 2015-04-15 00:10 - 01136128 _____ (Farbar) C:\Users\JUSTEX\Desktop\FRST.exe 2015-04-13 12:41 - 2015-04-13 12:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-04-13 12:41 - 2015-04-13 12:54 - 00000000 ____D () C:\Users\JUSTEX\Desktop\mbar 2015-04-13 12:41 - 2015-04-13 12:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-13 12:41 - 2015-04-13 12:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-13 12:41 - 2015-04-13 12:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-13 12:38 - 2015-04-13 12:39 - 16502728 _____ (Malwarebytes Corp.) C:\Users\JUSTEX\Downloads\mbar-1.09.1.1004.exe 2015-04-11 19:31 - 2015-04-14 23:59 - 00000448 _____ () C:\Windows\setupact.log 2015-04-11 19:31 - 2015-04-11 19:31 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-10 11:26 - 2015-04-10 11:26 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-04-10 11:26 - 2015-04-10 11:26 - 00001101 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-04-10 11:26 - 2015-04-10 11:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-10 11:23 - 2015-04-10 11:24 - 00243680 _____ () C:\Users\JUSTEX\Downloads\Firefox Setup Stub 37.0.1.exe 2015-04-10 01:08 - 2015-04-10 01:08 - 16735931 _____ () C:\Users\JUSTEX\Downloads\unhackme.zip 2015-04-09 19:29 - 2015-04-09 19:29 - 00880208 _____ (Google Inc.) C:\Users\JUSTEX\Downloads\ChromeSetup.exe 2015-04-09 18:50 - 2015-04-09 18:51 - 80494772 _____ () C:\Users\JUSTEX\Downloads\Audio_Realtek_5.10.0.6010_XPx86_A.zip 2015-04-09 18:50 - 2015-04-09 18:51 - 18282053 _____ () C:\Users\JUSTEX\Downloads\VGA_Intel_6.14.10.4926_XPx86_A.zip 2015-04-09 18:50 - 2015-04-09 18:51 - 03755079 _____ () C:\Users\JUSTEX\Downloads\2 opit.zip 2015-04-09 16:31 - 2015-04-15 00:01 - 00000000 ____D () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d 2015-04-09 16:31 - 2015-04-15 00:01 - 00000000 ____D () C:\Program Files\Common Files\77790361-426c-4fa2-8cf3-5994543d685d 2015-04-09 16:31 - 2015-04-09 16:32 - 00000000 ____D () C:\Program Files\Express Find 2015-04-09 16:30 - 2015-04-09 16:30 - 00000000 ____D () C:\Program Files\EaseUS 2015-04-09 02:13 - 2015-04-10 11:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-08 20:30 - 2015-04-08 20:30 - 00000000 ____D () C:\Users\JUSTEX\Documents\My ISO Files 2015-04-08 20:30 - 2015-04-08 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO 2015-04-08 20:30 - 2015-04-08 20:30 - 00000000 ____D () C:\Program Files\UltraISO 2015-04-08 20:30 - 2015-04-08 20:30 - 00000000 ____D () C:\Program Files\Common Files\EZB Systems 2015-04-08 19:00 - 2015-04-08 19:01 - 00000000 _____ () C:\Users\JUSTEX\diskpart 2015-04-05 16:41 - 2015-04-05 17:41 - 00000000 ____D () C:\Users\JUSTEX\Desktop\papaka 2015-03-28 18:57 - 2015-04-06 17:54 - 00000000 ____D () C:\Users\JUSTEX\Desktop\newreg 2015-03-28 18:08 - 2015-03-28 18:08 - 00000000 ____D () C:\Users\JUSTEX\AppData\Roaming\PlatinumHideIP 2015-03-28 18:08 - 2015-03-28 18:08 - 00000000 ____D () C:\ProgramData\PlatinumHideIP 2015-03-28 17:40 - 2015-03-28 18:02 - 00000000 ____D () C:\Users\JUSTEX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XeroBank ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-15 00:08 - 2014-01-11 19:52 - 01455656 _____ () C:\Windows\WindowsUpdate.log 2015-04-15 00:06 - 2010-11-21 00:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-15 00:00 - 2014-06-14 23:54 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-14 23:59 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-14 20:33 - 2009-07-14 07:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-14 20:33 - 2009-07-14 07:34 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-14 20:30 - 2014-01-12 23:36 - 00000000 ____D () C:\Users\JUSTEX\AppData\Roaming\Skype 2015-04-14 20:26 - 2014-01-22 00:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-14 20:24 - 2014-06-14 23:54 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-09 18:49 - 2014-10-28 23:34 - 00000000 ____D () C:\KMPlayer 2015-04-09 16:42 - 2014-01-13 16:27 - 00000000 ____D () C:\Users\JUSTEX\AppData\Roaming\uTorrent 2015-04-09 16:30 - 2014-05-08 14:33 - 00000000 ____D () C:\Users\JUSTEX\AppData\Roaming\OpenCandy 2015-04-08 19:00 - 2014-01-11 21:47 - 00000000 ____D () C:\Users\JUSTEX 2015-03-22 13:33 - 2015-03-09 17:40 - 00000375 _____ () C:\Users\JUSTEX\Desktop\без отговор.txt 2015-03-21 08:18 - 2009-07-14 07:53 - 00032546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2014-01-28 15:08 - 2014-01-28 15:08 - 0000017 _____ () C:\Users\JUSTEX\AppData\Local\resmon.resmoncfg 2015-01-16 17:43 - 2015-01-16 17:43 - 0000000 _____ () C:\Users\JUSTEX\AppData\Local\{D6A2F518-FD62-4B40-BA41-D6FCF57EE673} ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe [2010-11-21 00:29] - [2010-11-19 23:17] - 0285696 ____A (Microsoft Corporation) C3EB9EA34EBE459F13F3F890F56CE72A C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll [2010-11-21 00:29] - [2010-11-19 23:21] - 0812032 ____A (Microsoft Corporation) CF97D64D7EC169C53C93B0A192218B29 C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-14 10:46 ==================== End Of Log ============================ Addition.txt
  2. от няколко дни Мозилата ми прави номера явно е заразен с нещо( със хром го няма проблема) като зареда сайт направил съм снимки на няколко от тях отдолу ми излиз 3 дразнещи рекламки (при зареждане да речем на фейсбук го няма или Kaldata също ги няма) също от време на врме ме препращат на друга страница също съм я снимал ето съдържанието на файла FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by User (administrator) on USER-PC on 05-04-2015 23:16:31 Running from C:\Users\User\Desktop Loaded Profiles: User (Available profiles: User) Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3934355252-3637834310-3928749112-1000\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1442384 2015-03-26] (BitTorrent Inc.) HKU\S-1-5-21-3934355252-3637834310-3928749112-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.) IFEO\jumpflip: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 217.18.242.74 217.18.242.146 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\b623ije8.default-1428251311566 FF Homepage: hxxp://www.google.bg/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-08] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-08] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3934355252-3637834310-3928749112-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-18] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3934355252-3637834310-3928749112-1000: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2014-07-17] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2014-07-17] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-07-17] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-07-17] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-05] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-01] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21] CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-01] CHR Extension: (kdliiojahgmpdhebagjlmompdkkfckee) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdliiojahgmpdhebagjlmompdkkfckee [2015-04-01] CHR Extension: (winter web) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lalfbopdcggfdchjfgkhgnifhippfnco [2015-04-01] CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-08] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-21] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21] CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-14] (AVG Technologies) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [179752 2009-10-12] (Marvell Semiconductor, Inc.) U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2015-04-05] (Greatis Software) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-05 23:16 - 2015-04-05 23:16 - 00013256 _____ () C:\Users\User\Desktop\FRST.txt 2015-04-05 23:16 - 2015-04-05 23:16 - 00000000 ____D () C:\FRST 2015-04-05 22:09 - 2015-04-05 22:09 - 02095616 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2015-04-05 21:33 - 2015-04-05 21:33 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-04-05 19:10 - 2015-04-05 19:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-05 19:10 - 2015-04-05 19:10 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-05 19:10 - 2015-04-05 19:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-05 19:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-05 19:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-05 19:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-05 18:53 - 2015-04-05 19:01 - 00000000 ____D () C:\ProgramData\RegRun 2015-04-05 18:52 - 2015-04-05 19:01 - 00000000 ____D () C:\Users\User\Documents\RegRun2 2015-04-05 18:52 - 2015-04-05 19:01 - 00000000 ____D () C:\Users\Public\Documents\regruninfo 2015-04-05 18:52 - 2015-04-05 18:52 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys 2015-04-05 18:52 - 2015-04-05 18:52 - 00003320 _____ () C:\Windows\System32\Tasks\UnHackMe Task Scheduler 2015-04-05 18:52 - 2015-04-05 18:52 - 00001011 _____ () C:\Users\User\Desktop\UnHackMe.lnk 2015-04-05 18:52 - 2015-04-05 18:52 - 00000002 RSHOT () C:\Windows\winstart.bat 2015-04-05 18:52 - 2015-04-05 18:52 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT 2015-04-05 18:52 - 2015-04-05 18:52 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT 2015-04-05 18:52 - 2015-04-05 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe 2015-04-05 18:52 - 2015-04-05 18:52 - 00000000 ____D () C:\Program Files (x86)\UnHackMe 2015-04-05 18:52 - 2015-03-04 16:08 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys 2015-04-05 18:43 - 2015-04-05 18:43 - 00799113 _____ () C:\Users\User\Desktop\bookmarks-2015-04-05.json 2015-04-05 10:21 - 2015-04-05 10:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-04-05 10:21 - 2015-04-05 10:21 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-04-05 10:21 - 2015-04-05 10:21 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-04-05 10:21 - 2015-04-05 10:21 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2015-04-05 10:21 - 2015-04-05 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-04-05 10:21 - 2015-04-05 10:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-04-05 10:21 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2015-04-05 08:54 - 2015-04-05 08:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-04 21:41 - 2015-04-05 19:28 - 00000000 ____D () C:\Users\User\Desktop\Стари данни Firefox 2015-04-02 14:31 - 2015-04-02 14:31 - 00000000 ____D () C:\Users\User\Tracing 2015-04-02 10:59 - 2015-04-02 10:59 - 00753184 _____ () C:\Users\User\Downloads\Adware-Removal-Tool-v3.9.1.exe 2015-04-02 10:54 - 2015-04-02 10:54 - 00002252 _____ () C:\Users\User\Downloads\software_removal_tool.log 2015-04-02 09:34 - 2015-04-05 23:13 - 00000000 ____D () C:\AdwCleaner 2015-04-01 21:39 - 2015-04-04 09:39 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-04-01 20:38 - 2015-04-04 09:41 - 00000000 ____D () C:\Program Files (x86)\winter web 2015-03-31 11:14 - 2015-03-31 11:14 - 00005655 _____ () C:\Users\User\AppData\Roaming\Aq2NwgUI4gSccuOh7R0EhHSoa 2015-03-31 11:14 - 2015-03-31 11:14 - 00004387 _____ () C:\Users\User\AppData\Roaming\dYeLfBmsrFz0iCkSvUk1F 2015-03-29 19:53 - 2015-03-29 19:53 - 00000000 ____D () C:\Users\User\Desktop\29.3.2015 2015-03-20 11:46 - 2015-03-20 11:46 - 00275368 _____ () C:\Windows\Minidump\032015-41917-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-05 23:16 - 2014-07-21 13:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent 2015-04-05 23:15 - 2014-07-23 12:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2015-04-05 23:14 - 2014-07-21 22:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-05 23:14 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-05 23:14 - 2009-07-14 07:51 - 00029344 _____ () C:\Windows\setupact.log 2015-04-05 23:13 - 2014-12-07 02:46 - 01629287 _____ () C:\Windows\WindowsUpdate.log 2015-04-05 23:13 - 2009-07-14 07:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-05 23:13 - 2009-07-14 07:45 - 00015488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-05 23:08 - 2014-07-21 23:07 - 00018196 _____ () C:\Windows\PFRO.log 2015-04-05 23:05 - 2014-08-08 13:29 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool 2015-04-05 23:00 - 2014-08-01 08:52 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4CEDA2E5-FB97-4616-BB76-3DF5D55E882C} 2015-04-05 22:43 - 2015-01-14 10:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-05 22:31 - 2014-07-21 22:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-05 22:21 - 2009-07-14 08:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-05 19:22 - 2014-08-08 10:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-05 19:22 - 2009-07-14 10:13 - 00000000 ____D () C:\Windows\CSC 2015-04-05 17:28 - 2014-08-07 14:14 - 00000000 ____D () C:\ProgramData\MFAData 2015-04-05 10:11 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-04 21:54 - 2014-08-08 13:29 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe 2015-04-03 03:35 - 2014-07-21 22:09 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-02 14:31 - 2014-07-23 12:47 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-04-02 14:31 - 2014-07-23 12:47 - 00000000 ____D () C:\ProgramData\Skype 2015-03-28 23:59 - 2014-08-06 16:24 - 00000321 _____ () C:\Windows\Brownie.ini 2015-03-28 23:12 - 2015-01-14 10:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-03-28 23:12 - 2014-07-23 12:33 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe 2015-03-28 23:11 - 2015-01-14 10:46 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-28 23:11 - 2015-01-14 10:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-20 14:27 - 2014-07-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2015-03-20 11:46 - 2014-08-15 11:30 - 00000000 ____D () C:\Windows\Minidump 2015-03-20 11:46 - 2014-06-16 13:13 - 644314156 _____ () C:\Windows\MEMORY.DMP 2015-03-11 12:54 - 2014-07-21 23:31 - 00000000 ____D () C:\Users\User\AppData\Local\Unity 2015-03-08 21:20 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\registration ==================== Files in the root of some directories ======= 2015-03-31 11:14 - 2015-03-31 11:14 - 0005655 _____ () C:\Users\User\AppData\Roaming\Aq2NwgUI4gSccuOh7R0EhHSoa 2015-03-31 11:14 - 2015-03-31 11:14 - 0004387 _____ () C:\Users\User\AppData\Roaming\dYeLfBmsrFz0iCkSvUk1F 2014-07-26 20:20 - 2014-11-20 11:21 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2014-07-27 23:37 - 2014-07-27 23:37 - 0000000 _____ () C:\Users\User\AppData\Local\{3A4FD82F-CC27-4BBC-ACFF-FF705728FA06} Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-04 00:56 ==================== End Of Log ============================ Addition.txt
  3. Здравейте, от няколко дена имам проблеми когато използвам мозила и хром,изкачат ми някакви прозорци с реклами за игри зелени карти и такива. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by nick (administrator) on NICKCOMP on 11-04-2015 08:17:45 Running from E:\Documents and Settings\nick\Desktop Loaded Profiles: nick (Available profiles: nick) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 7 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) E:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) E:\WINDOWS\system32\ati2evxx.exe (Skype Technologies S.A.) E:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe () E:\Documents and Settings\nick\Desktop\JoyToKey_en\JoyToKey.exe (BitTorrent Inc.) E:\Documents and Settings\nick\Application Data\uTorrent\uTorrent.exe (Comfort Software Group) D:\VIRTUAL KRYBOARD.exe (Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) E:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\AtiExtEvent: E:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-329068152-1336601894-682003330-1003\...\Run: [uTorrent] => E:\Documents and Settings\nick\Application Data\uTorrent\uTorrent.exe [1742928 2015-03-04] (BitTorrent Inc.) HKU\S-1-5-21-329068152-1336601894-682003330-1003\...\Run: [skype] => E:\Program Files\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.) HKU\S-1-5-21-329068152-1336601894-682003330-1003\...\Run: [DAEMON Tools Lite] => E:\Program Files\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-329068152-1336601894-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-329068152-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-329068152-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKU\S-1-5-21-329068152-1336601894-682003330-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-329068152-1336601894-682003330-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-329068152-1336601894-682003330-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-329068152-1336601894-682003330-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-329068152-1336601894-682003330-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - E:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: E:\Documents and Settings\nick\Application Data\Mozilla\Firefox\Profiles\ivvk8y4w.default FF Homepage: hxxp://google.bg/ FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] () FF Plugin: @Google.com/GoogleEarthPlugin -> E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> E:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.40.2 -> E:\WINDOWS\system32\npDeployJava1.dll [2013-09-18] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-08] (Google Inc.) FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-08] (Google Inc.) FF SearchPlugin: E:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml [2014-07-29] FF SearchPlugin: E:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml [2014-07-29] FF SearchPlugin: E:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-07-29] FF SearchPlugin: E:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-07-29] FF Extension: Advanced SystemCare Surfing Protection - E:\Documents and Settings\nick\Application Data\Mozilla\Firefox\Profiles\ivvk8y4w.default\Extensions\[email protected] [2015-04-03] FF Extension: ABV Notifier - E:\Documents and Settings\nick\Application Data\Mozilla\Firefox\Profiles\ivvk8y4w.default\Extensions\[email protected] [2014-08-22] FF Extension: Video DownloadHelper - E:\Documents and Settings\nick\Application Data\Mozilla\Firefox\Profiles\ivvk8y4w.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14] FF Extension: Adblock Plus - E:\Documents and Settings\nick\Application Data\Mozilla\Firefox\Profiles\ivvk8y4w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-12] FF Extension: DownThemAll! - E:\Documents and Settings\nick\Application Data\Mozilla\Firefox\Profiles\ivvk8y4w.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-06-12] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-21] Chrome: ======= CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "hxxp://google.bg/" CHR DefaultSearchKeyword: Default -> bing.com_ CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms} CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97 CHR Profile: E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default CHR Extension: (Google Docs) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-24] CHR Extension: (Google Drive) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-24] CHR Extension: (YouTube) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-24] CHR Extension: (Google Search) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-24] CHR Extension: (dpplabbmogkhghncfbfdeeokoefdjegm) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2015-04-02] CHR Extension: (jlpkojjdgbllmedoapgfodplfhcbnbpn) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2015-04-06] CHR Extension: (Google Wallet) - E:\Documents and Settings\nick\Local Settings\Application Data\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AdvancedSystemCareService8; E:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit) S2 LiveUpdateSvc; E:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [0 2014-03-26] () <==== ATTENTION (zero size file/folder) R2 Skype C2C Service; E:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.) S2 TeamViewer; D:\programs\TeamViewer3\TeamViewer_Host.exe [94208 2008-01-28] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R3 anvsnddrv; E:\WINDOWS\System32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [File not signed] R3 AtiHDAudioService; E:\WINDOWS\System32\drivers\AtihdXP3.sys [96256 2013-07-09] (Advanced Micro Devices) S3 BT; E:\WINDOWS\System32\DRIVERS\btnetdrv.sys [14088 2008-12-07] (IVT Corporation.) S3 Btcsrusb; E:\WINDOWS\System32\Drivers\btcusb.sys [39304 2009-01-03] (IVT Corporation.) R0 BtHidBus; E:\WINDOWS\System32\Drivers\BtHidBus.sys [20744 2009-01-07] (IVT Corporation.) S3 btnetBUs; E:\WINDOWS\System32\Drivers\btnetBus.sys [30088 2008-12-07] () R1 dtsoftbus01; E:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-25] (DT Soft Ltd) S3 HdAudAddService; E:\WINDOWS\System32\drivers\HdAudio.sys [113664 2004-08-12] (Windows ® Server 2003 DDK provider) S3 IvtBtBUs; E:\WINDOWS\System32\Drivers\IvtBtBus.sys [26248 2008-07-02] (IVT Corporation.) S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) S3 MTsensor; E:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 PPJoyBus; E:\WINDOWS\System32\drivers\PPJoyBus.sys [13952 2004-10-24] (Deon van der Westhuysen) [File not signed] S3 RTHDMIAzAudService; E:\WINDOWS\System32\drivers\RtKHDMI.sys [4125352 2011-12-02] (Realtek Semiconductor Corp.) S3 RTLTEAMING; E:\WINDOWS\System32\DRIVERS\RTLTEAMING.SYS [36384 2011-06-15] (Realtek Semiconductor Corporation) S3 RTLVLAN; E:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [17664 2011-06-15] (Realtek Semiconductor Corporation ) S3 RTLVLANMP; E:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [17664 2011-06-15] (Realtek Semiconductor Corporation ) R2 RtNdPt5x; E:\WINDOWS\System32\DRIVERS\RtNdPt5x.sys [22016 2011-06-15] (Realtek Semiconductor Corporation ) R0 SmartDefragDriver; E:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2013-12-24] (IObit) R3 teamviewervpn; E:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2008-01-25] (TeamViewer GmbH) S3 VComm; E:\WINDOWS\System32\DRIVERS\VComm.sys [14856 2008-01-21] (IVT Corporation.) S3 VcommMgr; E:\WINDOWS\System32\Drivers\VcommMgr.sys [31880 2009-01-08] (IVT Corporation.) S3 yukonwxp; E:\WINDOWS\System32\DRIVERS\yk51x86.sys [223104 2004-10-27] (Marvell) S3 AtiDCM; \??\E:\Documents and Settings\nick\Local Settings\Temp\atidcmxx.sys [X] S3 catchme; \??\E:\DOCUME~1\nick\LOCALS~1\Temp\catchme.sys [X] S3 MBAMSwissArmy; \??\E:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-11 08:17 - 2015-04-11 08:17 - 00013759 _____ () E:\Documents and Settings\nick\Desktop\FRST.txt 2015-04-11 06:40 - 2015-04-11 08:17 - 00000000 ____D () E:\FRST 2015-04-11 06:38 - 2015-04-11 06:38 - 01135104 _____ (Farbar) E:\Documents and Settings\nick\Desktop\FRST.exe 2015-04-11 06:23 - 2015-04-11 06:23 - 00000853 _____ () E:\DelFix.txt 2015-04-10 23:12 - 2015-04-10 23:12 - 21540440 _____ (Malwarebytes Corporation ) E:\Documents and Settings\nick\Desktop\mbam-setup-2.1.4.1018.exe 2015-04-10 23:10 - 2015-04-11 08:17 - 00000000 ____D () E:\Documents and Settings\nick\Local Settings\temp 2015-04-10 23:10 - 2015-04-10 23:10 - 00000000 ____D () E:\Documents and Settings\NetworkService\Local Settings\temp 2015-04-10 23:10 - 2015-04-10 23:10 - 00000000 ____D () E:\Documents and Settings\LocalService\Local Settings\temp 2015-04-10 23:10 - 2015-04-10 23:10 - 00000000 ____D () E:\Documents and Settings\Default User\Local Settings\temp 2015-04-10 22:47 - 2015-04-10 23:24 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\ProductData 2015-04-10 22:47 - 2015-04-10 22:47 - 00000000 ____D () E:\Documents and Settings\nick\Application Data\ProductData 2015-04-10 22:40 - 2015-04-10 22:40 - 00000000 ____D () E:\Documents and Settings\Administrator\Local Settings\Temp 2015-04-10 22:40 - 2015-04-10 22:40 - 00000000 ____D () E:\Documents and Settings\Administrator.NICKCOMP\Local Settings\Temp 2015-04-10 22:40 - 2015-04-10 22:28 - 00024064 _____ () E:\WINDOWS\zoek-delete.exe 2015-04-10 21:56 - 2015-04-10 21:56 - 00008192 ____H () E:\WINDOWS\system32\config\SECURITY.tmp.LOG 2015-04-10 21:56 - 2015-04-10 21:56 - 00000000 ____H () E:\WINDOWS\system32\config\system.tmp.LOG 2015-04-10 21:56 - 2015-04-10 21:56 - 00000000 ____H () E:\WINDOWS\system32\config\software.tmp.LOG 2015-04-10 21:56 - 2015-04-10 21:56 - 00000000 ____H () E:\WINDOWS\system32\config\SAM.tmp.LOG 2015-04-10 21:56 - 2015-04-10 21:56 - 00000000 ____H () E:\WINDOWS\system32\config\default.tmp.LOG 2015-04-10 21:50 - 2015-04-11 06:20 - 00000000 ____D () E:\WINDOWS\erdnt 2015-04-10 21:42 - 2015-04-10 21:42 - 00000000 ____D () E:\RegBackup 2015-04-09 12:33 - 2015-04-09 12:33 - 00000000 ____D () E:\Program Files\Mozilla Firefox 2015-04-05 12:25 - 2015-04-05 12:25 - 00000861 _____ () E:\Documents and Settings\nick\Desktop\Пряк път до mbam.exe.lnk 2015-04-05 11:43 - 2015-04-05 11:45 - 00003322 _____ () E:\WINDOWS\setupapi.log 2015-04-05 11:42 - 2015-04-05 11:42 - 00000568 _____ () E:\Documents and Settings\All Users\Desktop\Cat-A-Cat Games.lnk 2015-04-05 11:42 - 2015-04-05 11:42 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\BeamNG 2015-04-03 21:03 - 2015-04-11 06:41 - 00032634 _____ () E:\WINDOWS\SchedLgU.Txt 2015-04-03 10:05 - 2015-04-05 17:26 - 00001858 _____ () E:\Documents and Settings\All Users\Desktop\Advanced SystemCare 8.lnk 2015-04-03 10:05 - 2015-04-03 10:05 - 00000917 _____ () E:\Documents and Settings\All Users\Desktop\IObit Uninstaller.lnk 2015-04-03 10:05 - 2015-04-03 10:05 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8 2015-04-02 19:17 - 2015-04-03 10:17 - 00000004 _____ () E:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7 2015-03-28 20:30 - 2015-03-28 20:30 - 00000062 _____ () E:\Documents and Settings\nick\Desktop\Zamunda.NET.URL 2015-03-23 14:18 - 2015-03-23 14:18 - 00000000 ____D () E:\Program Files\ConvertHelper3 2015-03-23 14:13 - 2015-03-23 14:19 - 00000000 ____D () E:\Documents and Settings\nick\dwhelper 2015-03-17 17:56 - 2015-03-31 11:51 - 00000033 _____ () E:\Documents and Settings\nick\Desktop\Нов Текстов документ (4).txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-11 08:17 - 2013-02-25 10:42 - 00000000 ____D () E:\Documents and Settings\nick\Application Data\uTorrent 2015-04-11 07:48 - 2014-12-12 14:09 - 00000830 _____ () E:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-04-11 07:46 - 2013-06-29 19:14 - 00000886 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-11 07:41 - 2014-02-08 09:36 - 00000998 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job 2015-04-11 06:47 - 2013-02-25 11:15 - 00588124 _____ () E:\WINDOWS\system32\PerfStringBackup.INI 2015-04-11 06:44 - 2013-02-25 10:40 - 00000000 ____D () E:\Documents and Settings\nick\Application Data\Skype 2015-04-11 06:44 - 2013-02-25 09:23 - 02026004 _____ () E:\WINDOWS\WindowsUpdate.log 2015-04-11 06:43 - 2014-02-14 08:31 - 00000276 _____ () E:\WINDOWS\Tasks\SmartDefrag3_Update.job 2015-04-11 06:43 - 2013-06-29 19:14 - 00000882 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-11 06:43 - 2013-02-25 09:31 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT 2015-04-11 06:43 - 2013-02-25 09:22 - 00000000 ____D () E:\WINDOWS\system32\Restore 2015-04-11 06:43 - 2001-08-23 15:00 - 00002206 _____ () E:\WINDOWS\system32\wpa.dbl 2015-04-11 06:41 - 2013-02-25 09:32 - 00000178 ___SH () E:\Documents and Settings\nick\ntuser.ini 2015-04-10 23:09 - 2001-08-23 15:00 - 00000227 _____ () E:\WINDOWS\system.ini 2015-04-10 22:38 - 2013-02-25 14:51 - 00000000 ____D () E:\WINDOWS\system32\GroupPolicy 2015-04-10 22:38 - 2013-02-25 09:32 - 00000000 ____D () E:\Documents and Settings\nick 2015-04-10 21:59 - 2013-02-25 09:31 - 00000000 __SHD () E:\Documents and Settings\LocalService 2015-04-10 21:59 - 2013-02-25 09:30 - 00000000 __SHD () E:\Documents and Settings\NetworkService 2015-04-10 21:56 - 2013-02-25 11:12 - 00262144 _____ () E:\WINDOWS\system32\config\SECURITY.bak 2015-04-10 21:56 - 2013-02-25 11:12 - 00028672 _____ () E:\WINDOWS\system32\config\SAM.bak 2015-04-10 21:56 - 2013-02-25 11:11 - 28049408 _____ () E:\WINDOWS\system32\config\software.bak 2015-04-10 21:56 - 2013-02-25 11:11 - 07340032 _____ () E:\WINDOWS\system32\config\system.bak 2015-04-10 21:56 - 2013-02-25 11:11 - 00348160 _____ () E:\WINDOWS\system32\config\default.bak 2015-04-10 19:35 - 2013-02-25 14:42 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB959426$ 2015-04-10 13:06 - 2013-02-25 14:57 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB971029$ 2015-04-10 08:15 - 2013-02-25 11:11 - 00000444 ____H () E:\WINDOWS\Tasks\User_Feed_Synchronization-{ECDD555E-AB15-4D31-A086-089AD52039AA}.job 2015-04-09 15:08 - 2014-03-24 21:54 - 00000000 ____D () E:\Program Files\Mozilla Maintenance Service 2015-04-09 14:54 - 2013-02-25 10:40 - 00002265 _____ () E:\Documents and Settings\All Users\Desktop\Skype.lnk 2015-04-08 08:41 - 2014-02-08 09:36 - 00000946 _____ () E:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job 2015-04-05 23:00 - 2014-01-16 20:56 - 00000000 ___RD () E:\Documents and Settings\nick\Desktop\IGRI 2015-04-05 17:25 - 2013-02-25 14:41 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB923561$ 2015-04-05 11:45 - 2013-02-25 09:23 - 00000000 ____D () E:\WINDOWS\system32\DirectX 2015-04-03 17:42 - 2014-03-24 11:17 - 00001847 _____ () E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2015-04-03 10:12 - 2013-02-25 13:31 - 00000000 ____D () E:\Documents and Settings\nick\Application Data\DAEMON Tools Lite 2015-04-03 10:11 - 2013-09-16 08:03 - 27881472 _____ () E:\WINDOWS\system32\config\software.iobit 2015-04-03 10:11 - 2013-09-16 08:03 - 00348160 _____ () E:\WINDOWS\system32\config\default.iobit 2015-04-03 10:11 - 2013-09-16 08:03 - 00057344 _____ () E:\WINDOWS\system32\config\SECURITY.iobit 2015-04-03 10:11 - 2013-09-16 08:03 - 00028672 _____ () E:\WINDOWS\system32\config\SAM.iobit 2015-04-03 10:05 - 2013-02-25 12:30 - 00000000 ____D () E:\Program Files\IObit 2015-04-03 10:05 - 2013-02-25 12:16 - 00000000 ____D () E:\Documents and Settings\nick\Application Data\IObit 2015-04-03 09:56 - 2013-02-25 14:54 - 00000000 __HDC () E:\WINDOWS\$NtUninstallKB982132$ 2015-03-30 20:58 - 2013-07-10 11:40 - 00000000 ____D () E:\Documents and Settings\nick\Local Settings\Application Data\Mirillis 2015-03-28 15:21 - 2013-11-15 23:29 - 00000000 ____D () E:\Documents and Settings\nick\Application Data\AnvSoft 2015-03-12 18:47 - 2013-09-15 21:27 - 00000000 ____D () E:\Documents and Settings\nick\Local Settings\Application Data\SKIDROW ==================== Files in the root of some directories ======= 2013-07-14 23:02 - 2015-01-21 07:37 - 0117248 _____ () E:\Documents and Settings\nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) E:\WINDOWS\explorer.exe => File is digitally signed E:\WINDOWS\system32\winlogon.exe => File is digitally signed E:\WINDOWS\system32\svchost.exe => File is digitally signed E:\WINDOWS\system32\services.exe => File is digitally signed E:\WINDOWS\system32\User32.dll => File is digitally signed E:\WINDOWS\system32\userinit.exe => File is digitally signed E:\WINDOWS\system32\rpcss.dll => File is digitally signed E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Addition.txt
  4. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2015 Ran by dss (administrator) on EER-E4C3292B17D on 11-03-2015 00:44:39 Running from C:\Documents and Settings\dss\My Documents\Downloads Loaded Profiles: dss (Available profiles: dss) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (VIA Technologies, Inc.) C:\WINDOWS\system32\KaraokeSer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer3\TeamViewer_Host.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Logitech Inc.) C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) C:\Program Files\Logitech\Video\LogiTray.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (blekko) C:\Documents and Settings\All Users\Application Data\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) D:\install\wcescomm.exe (Microsoft Corporation) D:\install\rapimgr.exe (Logitech Inc.) C:\Program Files\Logitech\Video\FxSvr2.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Softonic) C:\Documents and Settings\dss\Local Settings\Application Data\Softonic\Softonic.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LVCOMSX] => C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-07-20] (Logitech Inc.) HKLM\...\Run: [LogitechVideoRepair] => C:\Program Files\Logitech\Video\ISStart.exe [458752 2005-06-09] (Logitech Inc.) HKLM\...\Run: [LogitechVideoTray] => C:\Program Files\Logitech\Video\LogiTray.exe [217088 2005-06-09] (Logitech Inc.) HKLM\...\Run: [File Bulldog Anti-phishing Domain Advisor] => C:\Documents and Settings\All Users\Application Data\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe [223808 2013-02-11] (blekko) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [GB_UPDATE] => D:\install\Razer Game Booster\AutoUpdate.exe/AUTORUN HKLM\...\Run: [userFaultCheck] => %systemroot%\system32\dumprep 0 -u HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-28] (APN) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-26] (AVAST Software) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [LogitechSoftwareUpdate] => C:\Program Files\Logitech\Video\ManifestEngine.exe [196608 2005-06-09] (Logitech Inc.) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [GameCenter] => C:\Documents and Settings\dss\Application Data\GameCenter\gamecenter.exe [100352 2012-11-17] (http://joyvy.com/) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [H/PC Connection Agent] => D:\install\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [DAEMON Tools Lite] => D:\install\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21645408 2014-07-24] (Skype Technologies S.A.) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [softonicAssistant] => C:\Documents and Settings\dss\Local Settings\Application Data\SoftonicAssistant\SoftonicAssistant.exe [1829832 2014-11-11] () HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [softonic for Windows] => C:\Documents and Settings\dss\Local Settings\Application Data\Softonic\Softonic.exe [4170224 2014-05-26] (Softonic) HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\...\Run: [GoogleChromeAutoLaunch_2D074F53D60AF6DE46C89F49EA3F6A62] => C:\Program Files\Google\Chrome\Application\chrome.exe [809288 2015-02-28] (Google Inc.) HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.) HKLM\...\AppCertDlls: [x64] -> c:\program files\browser tab search by ask\safetynut\x64\safetycrt.dll HKLM\...\AppCertDlls: [x86] -> c:\program files\browser tab search by ask\safetynut\safetycrt.dll ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [s-1-5-21-2000478354-1326574676-1417001333-1003] => localhost:8080 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2000478354-1326574676-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/ URLSearchHook: HKLM - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} URLSearchHook: HKLM - (No Name) - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - No File SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=210&systemid=488&v=a13277-343&apn_uid=1845170684324049&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKU\S-1-5-21-2000478354-1326574676-1417001333-1003 -> {58980B25-A37C-4A16-AD10-F1D8785D5DDF} URL = http://www.buenosearch.com/?babsrc=SP_kms&tt=na&mntrId=0b4e5db6cdc947031b5e6d7088b3d35e&affID=128493&tsp=5302&q={searchTerms}&r=680 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-26] (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\dss\Application Data\Mozilla\Firefox\Profiles\wc0xrvbw.default-1425967882656 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-27] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2010-02-23] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2010-02-23] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-11] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\dss\Application Data\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-11-12] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta461\ff FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-23] Chrome: ======= CHR Profile: C:\Documents and Settings\dss\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\dss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-29] CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\dss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-05] CHR Extension: (Hangouts) - C:\Documents and Settings\dss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-03-10] CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\dss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10] CHR Extension: (Google Wallet) - C:\Documents and Settings\dss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08] CHR HKLM\...\Chrome\Extension: [dpibobdfligkefmphegochbolpmnlnge] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha495\ch\WebexpEnhancedV1alpha495.crx [Not Found] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-23] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-23] CHR HKLM\...\Chrome\Extension: [kondcmgjibmegpklggnhnojajjgflfgg] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta461\ch\VideoPlayerV3beta461.crx [Not Found] CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-28] (APN LLC.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-26] (AVAST Software) R2 KaraokeService; C:\WINDOWS\system32\KaraokeSer.exe [88688 2011-02-17] (VIA Technologies, Inc.) R2 TeamViewer; C:\Program Files\TeamViewer3\TeamViewer_Host.exe [181544 2008-03-12] (TeamViewer GmbH) S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [X] <==== ATTENTION ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AMBFilt; C:\WINDOWS\System32\drivers\AMBFilt.sys [1656960 2009-06-26] (Creative) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-02-26] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [73480 2015-02-26] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-02-26] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-02-26] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-02-26] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-02-26] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-02-26] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-02-26] () R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices) R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-06-02] (AVG Technologies) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-20] (DT Soft Ltd) R3 LVUSBSta; C:\WINDOWS\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.) S3 MonFilt; C:\WINDOWS\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.) R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [13616 2012-06-13] (Marvell Semiconductor Inc.) R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2012-06-13] (Marvell Semiconductor Inc.) [File not signed] R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [13616 2012-06-13] (Marvell Semiconductor Inc.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [211712 2005-01-31] (Logitech Inc.) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2012-12-16] (Duplex Secure Ltd.) R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2795376 2011-02-17] (VIA Technologies, Inc.) U3 a13uhq3o; C:\WINDOWS\system32\Drivers\a13uhq3o.sys [0 ] (Marvell Semiconductor Inc.) <==== ATTENTION (zero size file/folder) S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X] S4 IntelIde; No ImagePath S3 RTHDMIAzAudService; system32\drivers\RtKHDMI.sys [X] S3 WinRing0_1_2_0; \??\D:\install\Razer Game Booster\Driver\WinRing0.sys [X] ========================== Drivers MD5 ======================= C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17 C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5 C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557 C:\WINDOWS\System32\drivers\afd.sys F6B7B1ECD7B41736BDB6FF4B092BCB79 C:\WINDOWS\System32\drivers\AMBFilt.sys 57221EF8A056B5FB47CDDA3BA28DD377 C:\WINDOWS\system32\drivers\aswHwid.sys 9D23DE88C3B18BA87CD4587177CA6CEA C:\WINDOWS\system32\drivers\aswMonFlt.sys 98F4C60F5C3E77B4A2CD1F06F7198D49 C:\WINDOWS\system32\drivers\aswRdr.sys 0926775B8C3B32EE99921CCB0F85378E C:\WINDOWS\system32\Drivers\aswRvrt.sys 6544697080421E62E97AAFBD0A8AA391 C:\WINDOWS\system32\drivers\aswSnx.sys E73CBE3420ECFA8FF7D0467E170E335D C:\WINDOWS\system32\drivers\aswSP.sys 1624D5AD126B8AFE2B2E85E5B8364EB6 C:\WINDOWS\system32\drivers\aswTdi.sys 4C0ECF1AFA6992904814C74B99DD36F9 C:\WINDOWS\system32\Drivers\aswVmm.sys 0EFBC2962B156E8AC267F96D4D93EF06 C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys C2B6F2161ABD498D2B453050FFC81812 C:\WINDOWS\System32\drivers\AtihdXP3.sys 924971A182E07463765EF9FA8876F24F C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159 C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68 C:\WINDOWS\system32\drivers\avgtpx86.sys 9D9B2624C7E8365FC699561111A46A99 C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9 C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9 C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32 C:\WINDOWS\System32\DRIVERS\cdrom.sys 4B0A100EAF5C49EF3CCA8C641431EACC C:\WINDOWS\System32\DRIVERS\disk.sys 47B6AAEC570F2C11D8BAD80A064D8ED1 C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41 C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45 C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8 C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys 687AF6BB383885FF6A64071B189A7F3E C:\WINDOWS\system32\Drivers\exFat.sys 4D893323DAE445E34A4C9038B0551BC9 C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E C:\WINDOWS\system32\Drivers\Fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81 C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3 C:\WINDOWS\system32\Drivers\Flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0 C:\WINDOWS\System32\DRIVERS\fltMgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0 C:\WINDOWS\system32\Drivers\Fs_Rec.sys 30D42943A54704EF13E2562911DBFCEA C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 573C7D0A32852B48F3058CFD8026F511 C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1 C:\WINDOWS\System32\Drivers\HTTP.sys 937031C085718C1C04A9C0864625EC6B C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30 C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys 3BB22519A194418D5FEC05D800A19AD0 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182 C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5 C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91 C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89 C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99 C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378 C:\WINDOWS\system32\Drivers\KSecDD.sys C6EBF1D6AD71DF30DB49B8D3287E1368 C:\WINDOWS\System32\DRIVERS\L8042Kbd.sys 79D1DBFEC599EC47244AF7B06AE2A04E C:\WINDOWS\System32\drivers\lvusbsta.sys C5EFBD05A5195402121711A6EBBB271F C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6 C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1 C:\WINDOWS\System32\drivers\MonFilt.sys 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04 C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685 C:\WINDOWS\system32\Drivers\MountMgr.sys 1A1FAA5102466F418494E94FF9B0B091 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 4FEFD389D71126EE581B9F9CB2918BE4 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys FB2FCCC70F7174C7BF64F48E96D3ADF4 C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027 C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1 C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136 C:\WINDOWS\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D C:\WINDOWS\system32\Drivers\Mup.sys F7B1AD991491F02AF6DA70B00B8BF114 C:\WINDOWS\system32\Drivers\mv61xxmm.sys D74224C4D52AC609A89C83791E5A709C C:\WINDOWS\system32\Drivers\mv64xxmm.sys 6090786DAA545A3EC7D34A46A8CD1661 C:\WINDOWS\system32\Drivers\mvxxmm.sys 93A609C515C87F604C09F78E80E03F1D C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D C:\WINDOWS\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 091735A5F20ACB1DC147383A905AE002 C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849 C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0 C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0 C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A C:\WINDOWS\system32\Drivers\Ntfs.sys 4C51D5275AE8A16999EDFE7E647D00DE C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57 C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9 C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6 C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1 C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1 C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0 C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1 C:\WINDOWS\System32\DRIVERS\LV561AV.SYS 5BD2C6D982481D548107C602E7CCFBBC C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99 C:\WINDOWS\System32\DRIVERS\psched.sys D8E11D311785F89F1D70A28B0E879127 C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD C:\WINDOWS\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242 C:\WINDOWS\System32\DRIVERS\rdbss.sys 77050C6615F6EB5402F832B27FD695E0 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 47EA20320E3D6FDC7B7BB22B2B881CA6 C:\WINDOWS\system32\Drivers\RDPWD.sys C7D9BC54354B8C706ABF172D48313F1B C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5 C:\WINDOWS\System32\DRIVERS\rspndr.sys 743D7D59767073A617B1DCC6C546F234 C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys 1323BA3CA4E8D863EB00CD81C0AAF356 C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE C:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7 C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562 C:\WINDOWS\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14 C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F C:\WINDOWS\System32\Drivers\sptd.sys 68103A2B441BBF3908EBB587F0704D6C C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D C:\WINDOWS\System32\DRIVERS\srv.sys 9B390283569EA58D43D2586032B892F5 C:\WINDOWS\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2 C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01 C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290 C:\WINDOWS\System32\DRIVERS\tcpip.sys 51E41F16ACD80B8B39C0AE703A213F09 C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397 C:\WINDOWS\system32\Drivers\TDTCP.sys C0578456F29E5F26285F81B7B71FE57D C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9 C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31 C:\WINDOWS\System32\drivers\usbaudio.sys 65898A183FBF1D1F7759D5CCB364DCD4 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC C:\WINDOWS\System32\DRIVERS\usbehci.sys 52674B5DBEE499342A599C7771ABECAA C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6 C:\WINDOWS\System32\Drivers\usbvideo.sys 813236B1183CFCF289E367BD5DE6E29E C:\WINDOWS\System32\DRIVERS\usb8023x.sys B4D7B7AD8A9F7C063C5CC3E2C1A0724E C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1 C:\WINDOWS\System32\drivers\viahduaa.sys A11C98A43D7239B1D83DB79707483B1B C:\WINDOWS\System32\DRIVERS\vmmouse.sys 2E11190F37F0499CCA53CC1F92C5A3F7 C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025 C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6 C:\WINDOWS\System32\Drivers\wdf01000.sys BBCFEAB7E871CDDAC2D397EE7FA91FDC C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F C:\WINDOWS\System32\DRIVERS\wpdusb.sys CF4DEF1BF66F06964DC0D91844239104 C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8 C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78 C:\WINDOWS\System32\DRIVERS\WudfPf.sys 6FF66513D372D479EF1810223C8D20CE C:\WINDOWS\System32\DRIVERS\wudfrd.sys AC13CB789D93412106B0FB6C7EB2BCB6 C:\WINDOWS\system32\Drivers\a13uhq3o.sys ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== Three Months Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-11 00:42 - 2015-03-11 00:42 - 00026829 _____ () C:\Documents and Settings\dss\Desktop\Addition.txt 2015-03-11 00:41 - 2015-03-11 00:41 - 00043288 _____ () C:\Documents and Settings\dss\Desktop\Shortcut.txt 2015-03-10 23:37 - 2015-03-10 23:37 - 00000000 __SHD () C:\found.000 2015-03-10 23:23 - 2015-03-10 23:23 - 00000336 _____ () C:\Program Files\%B5Torrent%20Pro%203.4.2%20Build%2038913%20Stable.torrent.txt 2015-03-10 23:22 - 2015-03-10 23:22 - 00002164 _____ () C:\Program Files\%B5Torrent%20Pro%203.4.2%20Build%2038758%20Stable.torrent 2015-03-10 23:19 - 2015-03-10 23:21 - 00002606 _____ () C:\Program Files\%B5Torrent%20Pro%203.4.2%20Build%2038913%20Stable.torrent 2015-03-10 11:42 - 2015-03-10 11:42 - 00000000 ____D () C:\Documents and Settings\dss\Start Menu\Programs\Google Chrome 2015-03-10 11:42 - 2015-03-10 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avnex 2015-03-10 11:39 - 2015-03-10 11:43 - 00000000 ____D () C:\Program Files\ AV WebCam Morpher 2015-03-10 08:37 - 2015-03-10 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2015-03-10 08:37 - 2015-03-10 08:37 - 00001811 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2015-03-10 08:11 - 2015-03-10 08:11 - 00000000 ____D () C:\Documents and Settings\dss\Desktop\Old Firefox Data 2015-03-09 16:09 - 2015-03-11 00:09 - 00000262 _____ () C:\WINDOWS\Tasks\PC-Mechanic Maintenance.job 2015-03-09 16:09 - 2015-03-11 00:07 - 00000262 _____ () C:\WINDOWS\Tasks\PC-Mechanic Subscription.job 2015-03-09 16:08 - 2015-03-11 00:08 - 00000256 _____ () C:\WINDOWS\Tasks\PC-Mechanic Startup.job 2015-03-09 16:08 - 2015-03-09 16:08 - 00000818 _____ () C:\Documents and Settings\All Users\Desktop\PC Mechanic.lnk 2015-03-09 16:08 - 2015-03-09 16:08 - 00000000 ____D () C:\Program Files\Uniblue 2015-03-09 16:08 - 2015-03-09 16:08 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Uniblue 2015-03-09 16:08 - 2015-03-09 16:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue 2015-03-09 16:00 - 2015-03-09 16:00 - 00000000 ____D () C:\Documents and Settings\dss\Start Menu\Programs\Sawbuck 2015-03-09 08:48 - 2015-03-10 13:46 - 00055240 _____ () C:\Documents and Settings\dss\Desktop\пустошта.odt 2015-03-09 08:48 - 2015-03-10 13:46 - 00000129 ____H () C:\Documents and Settings\dss\Desktop\.~lock.пустошта.odt# 2015-03-09 08:35 - 2015-03-08 08:35 - 00008439 _____ () C:\Documents and Settings\dss\My Documents\untitled_0odt 2015-03-08 20:20 - 2015-03-08 20:21 - 00000403 _____ () C:\WINDOWS\wmsetup.log 2015-03-06 09:21 - 2015-03-10 07:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-04 12:34 - 2015-03-07 09:40 - 00065172 _____ () C:\Documents and Settings\dss\Desktop\готови ли сте.odt 2015-03-01 18:32 - 2015-03-01 18:32 - 00001216 _____ () C:\Documents and Settings\dss\Desktop\Graboid Video.lnk 2015-03-01 18:31 - 2015-03-01 18:32 - 00000000 ____D () C:\Documents and Settings\dss\Start Menu\Programs\Graboid Video 2015-03-01 18:31 - 2015-03-01 18:31 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Graboid Inc 2015-03-01 08:33 - 2015-03-01 08:33 - 00000182 _____ () C:\drwtsn32.log 2015-02-27 17:24 - 2015-02-27 17:24 - 00012098 _____ () C:\Program Files\WinAVI All-In-One Converter 1.7.0.4734 (2012).torrent 2015-02-27 17:24 - 2015-02-27 17:24 - 00000979 _____ () C:\Documents and Settings\dss\Desktop\WinAVI All-in-One Converter.lnk 2015-02-27 17:24 - 2015-02-27 17:24 - 00000000 ____D () C:\Program Files\WinAVI 2015-02-27 17:24 - 2015-02-27 17:24 - 00000000 ____D () C:\Documents and Settings\dss\Start Menu\Programs\WinAVI All-in-One Converter 2015-02-27 17:24 - 2015-02-27 17:24 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\WinAVI 2015-02-27 17:24 - 2015-02-27 17:24 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\WinAVI 2015-02-27 17:21 - 2015-02-27 17:21 - 00001668 _____ () C:\Program Files\iMedia.Converterv2.0.1 Mac OSX.zip.torrent 2015-02-27 17:20 - 2012-09-08 21:38 - 37532835 _____ () C:\video-converter-ultimate7.exe 2015-02-27 17:19 - 2015-02-27 17:19 - 00011996 _____ () C:\Program Files\ImTOO Video Converter Ultimate.torrent 2015-02-27 17:13 - 2015-02-27 17:13 - 00001734 _____ () C:\Documents and Settings\dss\Desktop\ImTOO HD Video Converter.lnk 2015-02-27 17:13 - 2015-02-27 17:13 - 00000000 ____D () C:\Program Files\ImTOO 2015-02-27 17:13 - 2015-02-27 17:13 - 00000000 ____D () C:\Documents and Settings\dss\Start Menu\Programs\ImTOO 2015-02-27 17:13 - 2015-02-27 17:13 - 00000000 ____D () C:\Documents and Settings\dss\My Documents\ImTOO Software Studio 2015-02-27 17:13 - 2015-02-27 17:13 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\ImTOO Software Studio 2015-02-27 17:12 - 2015-02-27 17:12 - 00001630 _____ () C:\Program Files\ImTOO HD Video Converter v5.1.26.0904.torrent 2015-02-27 16:58 - 2015-02-27 17:19 - 00000000 ____D () C:\Program Files\FreeTime 2015-02-27 16:57 - 2015-02-27 16:57 - 00016958 _____ () C:\Program Files\FFSetup3.3.3.0.exe.torrent 2015-02-27 16:48 - 2015-02-27 16:48 - 00000000 ____D () C:\Documents and Settings\dss\My Documents\Bigasoft Total Video Converter 2015-02-27 16:44 - 2015-02-27 16:44 - 00000926 _____ () C:\Documents and Settings\All Users\Desktop\Bigasoft Total Video Converter.lnk 2015-02-27 16:44 - 2015-02-27 16:44 - 00000000 ____D () C:\Program Files\Bigasoft 2015-02-27 16:44 - 2015-02-27 16:44 - 00000000 ____D () C:\Documents and Settings\dss\Start Menu\Programs\Bigasoft 2015-02-27 16:44 - 2015-02-27 16:44 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Bigasoft Total Video Converter 4 2015-02-27 16:42 - 2015-02-27 16:42 - 00011120 _____ () C:\Program Files\Bigasoft Total Video Converter v4.5.2.5491.torrent 2015-02-27 16:37 - 2015-02-27 16:38 - 00000067 _____ () C:\WINDOWS\Power Video Converter.INI 2015-02-27 16:35 - 2015-02-27 16:35 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\RHEng 2015-02-27 14:40 - 2015-03-11 00:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-27 14:40 - 2015-02-27 14:40 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-02-27 14:40 - 2015-02-27 14:40 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-02-27 11:30 - 2015-02-27 11:30 - 00001767 _____ () C:\Documents and Settings\All Users\Desktop\Google Slides.lnk 2015-02-27 11:30 - 2015-02-27 11:30 - 00001765 _____ () C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk 2015-02-27 11:30 - 2015-02-27 11:30 - 00001755 _____ () C:\Documents and Settings\All Users\Desktop\Google Docs.lnk 2015-02-27 11:30 - 2015-02-27 11:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive 2015-02-26 22:42 - 2015-02-26 22:42 - 00001731 _____ () C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk 2015-02-26 22:42 - 2015-02-26 22:42 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2015-02-26 22:42 - 2015-02-26 22:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software 2015-02-26 22:41 - 2015-02-26 22:42 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-02-26 22:41 - 2015-02-26 22:42 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2015-02-26 22:41 - 2015-02-26 22:42 - 00073480 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2015-02-26 22:41 - 2015-02-26 22:41 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-02-26 22:41 - 2015-02-26 22:41 - 00206248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-02-26 22:41 - 2015-02-26 22:41 - 00057928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2015-02-26 22:41 - 2015-02-26 22:41 - 00055240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2015-02-26 22:41 - 2015-02-26 22:41 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-02-26 22:41 - 2015-02-26 22:41 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-02-26 22:41 - 2015-02-26 22:41 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-02-26 21:55 - 2015-02-26 22:28 - 00000000 ____D () C:\Documents and Settings\dss\Desktop\sw4b4[1] 2015-02-26 21:51 - 2015-02-26 22:28 - 00000000 ____D () C:\Documents and Settings\dss\Desktop\sw4b4 2015-02-26 21:36 - 2015-02-26 22:28 - 00000000 ____D () C:\Program Files\VirtualDub MPEG2 1.6(2).11 2015-02-26 11:34 - 2015-03-04 12:18 - 00068471 _____ () C:\Documents and Settings\dss\Desktop\новото разбиране за любовта.odt 2015-02-25 07:40 - 2015-02-25 07:40 - 00177657 _____ () C:\Documents and Settings\dss\Desktop\тунела на реалността.txt 2015-02-25 00:35 - 2015-02-25 00:35 - 00246409 _____ () C:\Documents and Settings\dss\Desktop\Т1.ass 2015-02-23 10:02 - 2015-02-23 10:06 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Dropbox 2015-02-23 10:01 - 2015-02-23 10:01 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\AVAST Software 2015-02-23 10:00 - 2015-03-11 00:07 - 00000358 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-02-23 09:58 - 2015-02-23 09:58 - 00000000 ____D () C:\Program Files\AVAST Software 2015-02-23 09:58 - 2015-02-23 09:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software 2015-02-23 09:50 - 2015-02-23 09:50 - 00000000 ____D () C:\OETemp 2015-02-16 15:46 - 2015-02-16 15:46 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\fontconfig 2015-02-16 15:41 - 2015-02-16 15:41 - 00000775 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\ASSDraw3.lnk 2015-02-16 15:41 - 2015-02-16 15:41 - 00000746 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Aegisub.lnk 2015-02-16 15:36 - 2015-02-16 15:36 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\SubtitleCreator 2015-02-16 15:35 - 2015-02-26 22:29 - 00000000 ____D () C:\Program Files\SubtitleCreator 2015-02-16 15:35 - 2015-02-16 15:35 - 00000832 _____ () C:\Documents and Settings\dss\Desktop\SubtitleCreator.lnk 2015-02-16 15:20 - 2015-02-26 22:29 - 00000000 ____D () C:\Program Files\URUSoft 2015-02-16 15:20 - 2015-02-16 15:20 - 00001813 _____ () C:\Documents and Settings\dss\Desktop\Subtitle Workshop.lnk 2015-02-15 07:49 - 2015-02-15 07:50 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\Softonic 2015-02-15 07:49 - 2015-02-15 07:49 - 00001047 _____ () C:\Documents and Settings\dss\Desktop\Softonic.lnk 2015-02-15 07:49 - 2015-02-15 07:49 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\fontconfig 2015-02-15 07:48 - 2015-03-11 00:09 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\SoftonicAssistant 2015-02-15 07:48 - 2015-02-25 13:56 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Aegisub 2015-02-15 07:48 - 2015-02-16 15:42 - 00000000 ____D () C:\Program Files\Aegisub 2015-02-15 07:48 - 2015-02-15 08:04 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\Aegisub 2015-02-15 07:47 - 2015-02-15 07:48 - 21680922 _____ (Aegisub Team ) C:\Documents and Settings\dss\Desktop\Aegisub-3.0.2-32.exe 2015-01-22 09:42 - 2015-01-22 09:42 - 00000000 ____D () C:\Program Files\AskPartnerNetwork 2015-01-22 09:40 - 2015-01-22 09:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\APN 2015-01-13 10:42 - 2015-01-13 13:56 - 00062971 _____ () C:\Documents and Settings\dss\Desktop\Untitled 2.odt 2015-01-11 23:32 - 2015-01-12 17:47 - 00000129 ____H () C:\Documents and Settings\dss\Desktop\.~lock.крион.odt# 2015-01-02 09:56 - 2015-01-03 16:25 - 00000129 ____H () C:\Documents and Settings\dss\Desktop\.~lock.14.odt# 2015-01-02 09:55 - 2015-01-02 09:55 - 00061609 _____ () C:\Documents and Settings\dss\My Documents\Untitled 1.odt 2014-12-28 07:43 - 2015-01-01 15:59 - 00000129 ____H () C:\Documents and Settings\dss\Desktop\.~lock.3.4.odt# 2014-12-24 20:53 - 2015-02-28 08:41 - 00000000 ____D () C:\Documents and Settings\dss\Desktop\от флашката ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-11 00:45 - 2010-02-23 15:43 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Temp 2015-03-11 00:44 - 2014-02-11 11:34 - 00000000 ____D () C:\FRST 2015-03-11 00:10 - 2010-02-23 15:50 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Skype 2015-03-11 00:09 - 2010-02-23 15:51 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-11 00:09 - 2010-02-23 15:51 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-11 00:09 - 2010-02-23 15:35 - 01343322 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-11 00:07 - 2014-03-27 22:33 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2015-03-11 00:07 - 2010-02-23 15:41 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-11 00:07 - 2010-02-23 07:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-03-11 00:07 - 2010-02-23 07:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2015-03-11 00:06 - 2010-02-23 15:43 - 00000000 ____D () C:\Documents and Settings\dss 2015-03-11 00:06 - 2010-02-23 15:41 - 00000000 __SHD () C:\Documents and Settings\LocalService 2015-03-11 00:06 - 2010-02-23 15:40 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2015-03-11 00:06 - 2010-02-23 15:33 - 00000000 ____D () C:\WINDOWS\Registration 2015-03-11 00:05 - 2010-02-23 15:41 - 00032526 _____ () C:\WINDOWS\SchedLgU.Txt 2015-03-10 23:58 - 2008-04-14 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2015-03-10 23:44 - 2013-01-02 22:11 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2015-03-10 23:43 - 2012-11-12 06:15 - 00000000 ____D () C:\Documents and Settings\dss\My Documents\sibtitri 2015-03-10 23:31 - 2010-02-23 15:34 - 00000000 ____D () C:\WINDOWS\system32\Restore 2015-03-10 23:30 - 2010-02-23 15:43 - 00000178 ___SH () C:\Documents and Settings\dss\ntuser.ini 2015-03-10 23:16 - 2010-02-23 15:51 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\uTorrent 2015-03-10 21:31 - 2012-11-12 07:37 - 00077824 _____ () C:\Documents and Settings\dss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-10 15:57 - 2012-11-12 06:17 - 00000000 ____D () C:\Documents and Settings\dss\Desktop\subtitri 2015-03-10 15:39 - 2013-01-14 08:49 - 00001811 _____ () C:\Documents and Settings\dss\Desktop\Google Chrome.lnk 2015-03-10 11:11 - 2010-02-23 15:56 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\Google 2015-03-10 09:03 - 2014-02-01 22:56 - 00002501 _____ () C:\Documents and Settings\dss\Desktop\Microsoft Word 2010 (2).lnk 2015-03-10 08:36 - 2010-02-23 15:50 - 00000000 ____D () C:\Program Files\Google 2015-03-10 07:49 - 2010-02-23 16:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-10 00:38 - 2010-02-23 16:01 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-10 00:38 - 2010-02-23 16:01 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk 2015-03-09 16:29 - 2012-11-12 07:08 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt 2015-03-08 21:37 - 2010-02-23 15:35 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM 2015-03-08 15:00 - 2014-03-27 22:33 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2015-03-05 13:33 - 2014-10-14 12:47 - 00077020 _____ () C:\WINDOWS\setupapi.log 2015-02-27 17:06 - 2012-11-12 06:53 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\vlc 2015-02-27 14:41 - 2012-11-12 19:44 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\Adobe 2015-02-27 10:27 - 2012-11-19 09:22 - 00000000 ____D () C:\Documents and Settings\dss\My Documents\Outlook Files 2015-02-27 08:29 - 2014-11-17 10:45 - 00000000 ____D () C:\Documents and Settings\dss\Desktop\Стари данни Firefox 2015-02-23 10:02 - 2010-02-23 15:56 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\Temp 2015-02-23 09:53 - 2014-01-31 17:12 - 00000000 ____D () C:\Program Files\Avira 2015-02-23 09:52 - 2012-11-13 21:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira 2015-02-16 15:43 - 2014-08-12 23:35 - 00338022 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2015-02-16 15:28 - 2012-11-15 07:11 - 00000000 ____D () C:\Documents and Settings\dss\Application Data\Media Player Classic 2015-02-12 23:51 - 2010-02-23 16:00 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2015-02-11 14:40 - 2013-07-30 09:22 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-11 14:34 - 2012-06-13 17:36 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe 2015-02-11 14:33 - 2012-11-12 06:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2015-02-11 14:33 - 2008-04-14 14:00 - 00000603 _____ () C:\WINDOWS\win.ini 2015-02-11 00:26 - 2014-08-23 07:00 - 01062838 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-1326574676-1417001333-1003-0.dat 2015-02-09 15:50 - 2012-11-12 19:25 - 00000000 ____D () C:\Documents and Settings\dss\Local Settings\Application Data\Paint.NET ==================== Files in the root of some directories ======= 2014-03-10 20:30 - 2014-03-10 20:32 - 0000952 _____ () C:\Program Files\%B5Torrent%203.2.0.27708.torrent 2015-03-10 23:22 - 2015-03-10 23:22 - 0002164 _____ () C:\Program Files\%B5Torrent%20Pro%203.4.2%20Build%2038758%20Stable.torrent 2015-03-10 23:19 - 2015-03-10 23:21 - 0002606 _____ () C:\Program Files\%B5Torrent%20Pro%203.4.2%20Build%2038913%20Stable.torrent 2015-03-10 23:23 - 2015-03-10 23:23 - 0000336 _____ () C:\Program Files\%B5Torrent%20Pro%203.4.2%20Build%2038913%20Stable.torrent.txt 2014-08-05 07:04 - 2014-08-05 07:04 - 0001362 _____ () C:\Program Files\Atlantis Word Processor 1.6.5.10 RC4.torrent 2014-06-11 08:37 - 2014-06-11 08:37 - 0002276 _____ () C:\Program Files\Atlantis Word Processor 1.6.6.1 Final.torrent 2014-08-05 07:03 - 2014-08-05 07:03 - 0002274 _____ () C:\Program Files\Atlantis Word Processor 1.6.6.1.Final.torrent 2015-02-27 16:42 - 2015-02-27 16:42 - 0011120 _____ () C:\Program Files\Bigasoft Total Video Converter v4.5.2.5491.torrent 2014-08-06 06:33 - 2014-08-06 06:33 - 0009873 _____ () C:\Program Files\Corel WordPerfect Office X3.torrent 2014-08-06 06:35 - 2014-08-06 06:35 - 0014466 _____ () C:\Program Files\Corel.WordPerfect.Office.X5.v15.0.0.357.incl.keymaker-CORE.torrent 2012-11-12 06:51 - 2012-11-12 06:51 - 0004758 _____ () C:\Program Files\DTLite4461-0327.exe.torrent 2012-11-12 06:15 - 2012-11-12 06:30 - 1276411904 _____ () C:\Program Files\en_office_professional_plus_2010_with_sp1_vl_x86_dvd.iso 2015-02-27 16:57 - 2015-02-27 16:57 - 0016958 _____ () C:\Program Files\FFSetup3.3.3.0.exe.torrent 2014-07-08 05:34 - 2014-07-08 05:34 - 0002620 _____ () C:\Program Files\FlexType XP + kg.torrent 2015-02-27 17:21 - 2015-02-27 17:21 - 0001668 _____ () C:\Program Files\iMedia.Converterv2.0.1 Mac OSX.zip.torrent 2015-02-27 17:12 - 2015-02-27 17:12 - 0001630 _____ () C:\Program Files\ImTOO HD Video Converter v5.1.26.0904.torrent 2015-02-27 17:19 - 2015-02-27 17:19 - 0011996 _____ () C:\Program Files\ImTOO Video Converter Ultimate.torrent 2012-11-12 06:25 - 2012-11-12 06:25 - 0001458 _____ () C:\Program Files\Kantaris_0.6.4_setup.exe.torrent 2014-03-05 19:31 - 2014-06-02 17:26 - 0003752 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml 2014-03-10 09:38 - 2014-03-10 09:38 - 1141328 _____ (BitTorrent Inc.) C:\Program Files\utorrent.exe 2015-02-27 17:24 - 2015-02-27 17:24 - 0012098 _____ () C:\Program Files\WinAVI All-In-One Converter 1.7.0.4734 (2012).torrent 2012-11-12 06:42 - 2012-11-12 06:42 - 0004866 _____ () C:\Program Files\WinZip 12.torrent 2013-01-23 18:46 - 2013-01-23 18:46 - 0001292 _____ () C:\Program Files\WinZip_Pro_Portable_14.0.9029_En.paf.exe.torrent 2014-08-05 07:09 - 2014-08-05 07:09 - 0016475 _____ () C:\Program Files\WordPerfect_16.0.0.388.torrent 2014-06-11 08:33 - 2014-06-11 08:33 - 0002456 _____ () C:\Program Files\WordPress 2.6 Beta 2.torrent 2012-12-09 08:27 - 2012-12-09 08:27 - 0002528 ____N () C:\Documents and Settings\dss\Application Data\$_hpcst$.hpc 2012-11-12 07:37 - 2015-03-10 21:31 - 0077824 _____ () C:\Documents and Settings\dss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-01-13 23:57 - 2013-01-13 23:57 - 0004096 ____H () C:\Documents and Settings\dss\Local Settings\Application Data\keyfile3.drm Some content of TEMP: ==================== C:\Documents and Settings\dss\Local Settings\Temp\1424980754671_subtitle-workshop.exe C:\Documents and Settings\dss\Local Settings\Temp\avgnt.exe C:\Documents and Settings\dss\Local Settings\Temp\bandoffer.exe C:\Documents and Settings\dss\Local Settings\Temp\CloudBackup3990.exe C:\Documents and Settings\dss\Local Settings\Temp\DicterSetup.exe C:\Documents and Settings\dss\Local Settings\Temp\DicterSetup2.exe C:\Documents and Settings\dss\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbm1fco.dll C:\Documents and Settings\dss\Local Settings\Temp\GLF1F8.tmp.dll C:\Documents and Settings\dss\Local Settings\Temp\KMP_3.2.0.0.exe C:\Documents and Settings\dss\Local Settings\Temp\ochelper.exe C:\Documents and Settings\dss\Local Settings\Temp\Quarantine.exe C:\Documents and Settings\dss\Local Settings\Temp\SoftonicAssistant_v0-1-6.exe C:\Documents and Settings\dss\Local Settings\Temp\Softonic_EN_1-5-11_EN-Production_10_CleanRelease.exe C:\Documents and Settings\dss\Local Settings\Temp\subtitle-workshop.exe C:\Documents and Settings\dss\Local Settings\Temp\utt10.tmp.exe C:\Documents and Settings\dss\Local Settings\Temp\utt12.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Addition.txt
  5. Здравейте! Ето ме и мен тук. Става дума за компютър, който ми подариха преди близо две години, така че не знам много за него, но го е ползвало дете, и мисля, че е ок. Система Windows 7 Starter (нетбук Samsung N130), инсталация на... мисля пет години. Използвам го сравнително рядко, когато не съм си вкъщи, за това ме мързи да го преинсталирам, и се надявам, че благодарение на раздела, поне засега няма да ми се наложи. Става дума за невъзможност да деинсталирам ESET Smart Security v.7. Смених ЕСЕТ с Аваст, когато забелязах прекомерно използване на РАМ. Когато погледнах в Speccy, ми показа две антивирусни - Аваст и ESET. Използвах инструмента на ESET за деинсталиране, но не става и не става. Пробвах също така и повторна инсталация на ESET v.7 и деинсталация. Пак не стана. Освен този проблем, може и да има нещо друго, за което не знам, макар и да съм го проверявал с популярни инструменти, и нищо да не откривам. Не разполагам с инсталационен диск на този Уиндоус, който е инсталиран. Не съм използвал външен инструмент за деинсталация. FRST.txt Addition.txt
  6. Здравейте, преди няколко дни запонах да имам проблем с браузърите - при отваряне на някоя страница зависва и почва да мисли прекалено дълго. Не зарежда и само със затваряне на страницата, може да се придължи работата. Това се случва с всички браузъри, основно ползвам Опера, но и с Мозила и Хром е същото. Компютъра е с преинсталиан ОС Windows 7 Ultimate SP1. Предполагам, че има някакъв вирус. Самия компютър работи добре сега, преди това имах проблем с ексела - беше почнал да изписва "qqqqqqqqq" и антивирусната засече нещо и го отстрани. Благодаря предварително! Извинявам се, че пуснах две еднакви теми! Addition.txt FRST.txt
  7. Здравйте, имам проблем с фейсбук страницата,пробвах различни браузъри но не мога да вляза в профила си ,отваря ми го но не виждам нито новини нито съобщенията нито приятели, нищо.Не знам какво да направя,моля за съдействие,благодаря предварително!
  8. Здравейте. Лаптопът работи много бавно, при опит да премахна елементите открити от MSE системата забива и не ми позволява да правя нищо повече. Нямам представа от къде се е заразила системата, лаптопът се ползва от родителите ми. Не разполагам с диск за Windows. Елементите под карантина в MSE са доста, изброявам ги, като някои се повтарят: -BrowserModifier:Win32/CouponRuc; Trojan:Win32/Raydefun.A; Trojan:Win32/Peaac.gen!A!plock; VirTool:Win32/Obfuscator.ANX; BrowserModifier:Win32/Diplugem; Trojan:Win32/Damingvat.A; Trojan:Win32/Colisi.C Ето и лог файла: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-09-2015 Ran by RRR (administrator) on RRR-PC (15-09-2015 12:00:16) Running from C:\Users\RRR\Desktop Loaded Profiles: RRR (Available Profiles: RRR) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe () C:\Users\RRR\AppData\Roaming\ACEStream\engine\ace_engine.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Hewlett-Packard ) C:\ProgramData\HP Mouse Suite Config\hpwjd.exe (Hewlett-Packard ) C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated) HKLM\...\Run: [New Value #1] => “ctfmon”=”CTFMON.EXE” HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-24] (Intel Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation) HKLM-x32\...\Run: [NWEReboot] => [X] HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd) HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [94208 2005-09-08] (Nero AG) HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [AceStream] => C:\Users\RRR\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-25] () HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\...\Run: [Facebook Update] => C:\Users\RRR\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-27] (Facebook Inc.) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-06-02] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HPMonitor.exe.lnk [2013-06-01] ShortcutTarget: HPMonitor.exe.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe (Hewlett-Packard) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpwjd.exe.lnk [2013-06-01] ShortcutTarget: hpwjd.exe.lnk -> C:\ProgramData\HP Mouse Suite Config\hpwjd.exe (Hewlett-Packard ) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpwmsd.exe.lnk [2013-06-01] ShortcutTarget: hpwmsd.exe.lnk -> C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe (Hewlett-Packard ) GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{178F6E31-C398-402E-AC71-7DBF82FAF851}: [NameServer] 199.203.131.145,82.163.143.167 Tcpip\..\Interfaces\{BA4CAD20-CBAD-471F-9F84-E16DB495FA06}: [NameServer] 82.163.143.169,82.163.142.171 Tcpip\..\Interfaces\{BA4CAD20-CBAD-471F-9F84-E16DB495FA06}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE HKU\S-1-5-21-3352682033-4164677752-1323257766-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\RRR\AppData\Roaming\Mozilla\Firefox\Profiles\w3qckbrn.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-01] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-01] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2010-01-21] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-23] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-23] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3352682033-4164677752-1323257766-1000: @acestream.net/acestreamplugin,version=2.1.5.3 -> C:\Users\RRR\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-06-13] (Innovative Digital Technologies) FF Plugin HKU\S-1-5-21-3352682033-4164677752-1323257766-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\RRR\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2014-09-24] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2014-09-24] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-09-24] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-09-24] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> hxxp://www.google.com/ CHR Profile: C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-09-14] CHR Extension: (Google Wallet) - C:\Users\RRR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18] Opera: ======= OPR Extension: (No Name) - C:\Users\RRR\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2015-02-27] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation) R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed] R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-06-02] (Macrovision Europe Ltd.) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-18] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2011-11-15] () R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2013-06-02] (DT Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.) R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [402024 2012-02-22] (Realtek Semiconductor Corporation ) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-16] (Sonix Tech. Co., Ltd.) U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X] S4 InCDFs; system32\drivers\InCDFs.sys [X] S1 InCDPass; system32\drivers\InCDPass.sys [X] S1 InCDRm; system32\drivers\InCDRm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-15 12:00 - 2015-09-15 12:00 - 00016956 _____ C:\Users\RRR\Desktop\FRST.txt 2015-09-15 12:00 - 2015-09-15 12:00 - 00000000 ____D C:\FRST 2015-09-15 11:59 - 2015-09-15 11:53 - 02190848 _____ (Farbar) C:\Users\RRR\Desktop\FRST64.exe 2015-09-14 15:54 - 2015-09-14 15:54 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-14 15:53 - 2015-09-14 15:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2A1F53E5.sys 2015-09-14 15:53 - 2015-09-14 15:48 - 00000358 _____ C:\Users\RRR\Desktop\hg.txt 2015-09-14 13:30 - 2015-09-15 11:57 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-14 13:30 - 2015-09-14 13:30 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-09-14 13:30 - 2015-09-14 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-14 13:30 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-14 13:30 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-14 13:30 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-14 13:18 - 2015-09-14 13:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-09-14 13:18 - 2015-09-14 13:18 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-09-14 12:38 - 2015-09-14 15:55 - 00000000 ____D C:\ProgramData\HitmanPro 2015-09-14 11:51 - 2015-09-14 12:01 - 00000000 ____D C:\AdwCleaner 2015-09-11 12:18 - 2015-08-05 20:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-11 12:18 - 2015-08-05 20:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-09-11 12:18 - 2015-08-05 20:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-11 12:17 - 2015-08-05 20:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-11 12:17 - 2015-07-23 03:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-09-11 12:17 - 2015-07-23 03:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-09-11 12:17 - 2015-07-23 03:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-09-11 12:17 - 2015-07-23 03:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-09-11 12:17 - 2015-07-23 03:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-09-11 12:17 - 2015-07-22 19:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-09-11 12:17 - 2015-07-15 06:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-09-11 12:17 - 2015-07-15 05:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-09-11 12:17 - 2015-07-09 20:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-09-11 12:17 - 2015-07-09 20:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-09-11 12:17 - 2015-07-09 20:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-09-11 12:17 - 2015-07-09 20:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll 2015-09-11 12:16 - 2015-07-23 03:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-09-11 12:16 - 2015-07-23 03:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-09-11 12:16 - 2015-07-23 03:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-09-11 12:16 - 2015-07-23 03:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-09-11 12:16 - 2015-07-23 03:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-09-11 12:16 - 2015-07-23 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-09-11 12:16 - 2015-07-23 03:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-09-11 12:16 - 2015-07-23 03:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-09-11 12:16 - 2015-07-23 03:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-09-11 12:16 - 2015-07-23 03:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-09-11 12:16 - 2015-07-23 03:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-09-11 12:16 - 2015-07-23 03:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-09-11 12:16 - 2015-07-23 02:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-09-11 12:16 - 2015-07-23 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-09-11 12:16 - 2015-07-23 02:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-09-11 12:16 - 2015-07-22 20:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-09-11 12:16 - 2015-07-22 20:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-09-11 12:16 - 2015-07-22 20:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-09-11 12:16 - 2015-07-22 20:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-09-11 12:16 - 2015-07-22 20:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-09-11 12:16 - 2015-07-22 20:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-09-11 12:16 - 2015-07-22 20:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-09-11 12:16 - 2015-07-22 20:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-09-11 12:16 - 2015-07-22 20:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-09-11 12:16 - 2015-07-22 20:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-09-11 12:16 - 2015-07-22 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-09-11 12:16 - 2015-07-22 20:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-09-11 12:16 - 2015-07-22 20:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 20:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 19:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-09-11 12:16 - 2015-07-22 19:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-09-11 12:16 - 2015-07-22 19:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-09-11 12:16 - 2015-07-22 19:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-09-11 12:16 - 2015-07-22 19:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-09-11 12:16 - 2015-07-22 19:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 19:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 19:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-09-11 12:16 - 2015-07-22 19:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-09-11 12:16 - 2015-06-25 13:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-09-11 12:16 - 2015-06-25 13:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-11 12:16 - 2015-06-25 13:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-09-11 12:16 - 2015-06-25 12:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-11 12:15 - 2015-09-02 06:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-11 12:15 - 2015-09-02 06:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-11 12:15 - 2015-09-02 06:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-11 12:15 - 2015-09-02 06:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-11 12:15 - 2015-09-02 05:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-09-11 12:15 - 2015-09-02 05:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-11 12:15 - 2015-09-02 05:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-09-11 12:15 - 2015-09-02 05:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-09-11 12:15 - 2015-09-02 04:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-11 12:15 - 2015-09-02 04:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-11 12:15 - 2015-09-02 04:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-11 12:15 - 2015-08-27 21:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-11 12:15 - 2015-08-27 21:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-11 12:15 - 2015-08-27 21:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-09-11 12:15 - 2015-08-27 21:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-09-11 12:15 - 2015-08-27 20:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-11 12:15 - 2015-08-27 20:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-11 12:15 - 2015-08-27 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-09-11 12:15 - 2015-08-27 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-11 12:15 - 2015-08-26 21:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-11 12:15 - 2015-08-26 21:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-11 12:15 - 2015-08-26 21:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-09-11 12:15 - 2015-08-26 21:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-11 12:15 - 2015-08-26 21:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-09-11 12:15 - 2015-08-26 20:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-11 12:15 - 2015-08-26 20:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-11 12:15 - 2015-08-26 20:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-11 12:15 - 2015-08-26 20:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-09-11 12:15 - 2015-08-26 20:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-09-11 12:15 - 2015-08-04 21:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-09-11 12:15 - 2015-08-04 21:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-09-11 12:15 - 2015-08-04 20:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-11 12:15 - 2015-08-04 20:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-11 12:15 - 2015-08-04 20:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-11 12:15 - 2015-08-04 20:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-11 12:15 - 2015-08-04 20:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-11 12:15 - 2015-08-04 20:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-11 12:15 - 2015-08-04 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-08-19 14:47 - 2015-08-11 04:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-19 14:47 - 2015-08-11 04:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-19 14:47 - 2015-08-11 03:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-08-19 14:47 - 2015-08-11 03:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-15 12:00 - 2013-06-01 10:31 - 01702946 _____ C:\Windows\WindowsUpdate.log 2015-09-15 11:59 - 2012-09-26 10:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini 2015-09-15 11:58 - 2013-06-01 18:07 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-09-15 11:57 - 2013-12-12 14:39 - 00003620 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI 2015-09-15 11:56 - 2013-12-12 14:39 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI 2015-09-15 11:55 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-15 11:55 - 2009-07-14 07:51 - 00149816 _____ C:\Windows\setupact.log 2015-09-15 11:32 - 2009-07-14 07:45 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-15 11:32 - 2009-07-14 07:45 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-14 16:19 - 2015-08-14 22:19 - 00000336 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job 2015-09-14 15:40 - 2013-12-12 14:39 - 00000822 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI 2015-09-14 15:19 - 2014-07-27 14:48 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3352682033-4164677752-1323257766-1000UA.job 2015-09-14 15:19 - 2014-07-27 14:48 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3352682033-4164677752-1323257766-1000Core.job 2015-09-14 15:19 - 2013-06-02 22:32 - 00123918 _____ C:\Windows\PFRO.log 2015-09-14 13:37 - 2015-06-27 11:47 - 00000000 ____D C:\Program Files (x86)\Do Not Disturb 2015-09-14 13:36 - 2015-06-08 17:01 - 00000000 ____D C:\Program Files (x86)\rikaikun 2015-09-14 13:12 - 2014-08-31 13:15 - 00000000 ____D C:\Users\RRR\AppData\Local\Adobe 2015-09-13 02:55 - 2013-08-03 03:00 - 00000000 ____D C:\Windows\system32\MRT 2015-09-13 00:40 - 2009-07-14 07:45 - 02338960 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-13 00:37 - 2009-07-14 10:45 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-13 00:20 - 2013-06-02 22:43 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-08-28 14:05 - 2015-06-01 08:44 - 00000000 ____D C:\Program Files (x86)\Omnifinder 2015-08-28 14:05 - 2015-05-21 11:01 - 00000000 ____D C:\Program Files (x86)\Cookie Killer for Facebook 2015-08-26 18:37 - 2013-06-05 20:27 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-23 18:55 - 2013-07-07 10:37 - 00000000 ____D C:\Users\RRR\Desktop\recepti 2015-08-19 14:04 - 2015-02-26 19:04 - 00003826 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1424966667 2015-08-19 14:04 - 2013-06-02 18:27 - 00000000 ____D C:\Program Files (x86)\Opera ==================== Files in the root of some directories ======= 2015-06-23 08:55 - 2015-08-01 13:57 - 0000020 _____ () C:\Users\RRR\AppData\Roaming\appdataFr2.bin 2015-06-15 14:29 - 2015-07-03 12:47 - 0000024 _____ () C:\Users\RRR\AppData\Roaming\appdataFr25.bin 2015-03-02 21:46 - 2015-04-23 11:35 - 0000020 _____ () C:\Users\RRR\AppData\Roaming\appdataFr3.bin Files to move or delete: ==================== C:\Users\RRR\install_flashplayer15x32au_chra_dy_aaa_aih.exe Some files in TEMP: ==================== C:\Users\RRR\AppData\Local\Temp\07b31aB7338C7.exe C:\Users\RRR\AppData\Local\Temp\130e04c69E226.exe C:\Users\RRR\AppData\Local\Temp\56ACC069e3.exe C:\Users\RRR\AppData\Local\Temp\9569E98A43F0.exe C:\Users\RRR\AppData\Local\Temp\AtpTimerInfo.dll C:\Users\RRR\AppData\Local\Temp\B6D283.exe C:\Users\RRR\AppData\Local\Temp\BitLord_1.01.exe C:\Users\RRR\AppData\Local\Temp\HitmanPro.exe C:\Users\RRR\AppData\Local\Temp\HPSWF.EXE C:\Users\RRR\AppData\Local\Temp\install_reader11_en_chrd_aaa_aih.exe C:\Users\RRR\AppData\Local\Temp\SkypeSetup.exe C:\Users\RRR\AppData\Local\Temp\sqlite3.dll C:\Users\RRR\AppData\Local\Temp\supoptsetup.exe C:\Users\RRR\AppData\Local\Temp\SWHelperQueryW.dll C:\Users\RRR\AppData\Local\Temp\SWHelperWrapper.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-23 20:30 ==================== End of FRST.txt ============================ Addition.txt
  9. Здравейте забелязах че не мога да изтрия Istartsurf , и потърсих решения в мрежата. попаднах на вашия раздел и прикачвам указаните файлове. Addition.txt FRST.txt
  10. Така... отдавна не съм има проблеми с щайгата, но ето че и това дойде... От седмица съм с Win7 64bit и днеска реших да го активирам, обаче попаднах на кофти активатор! Още докато нещата се инсталираха усетих, че нещо не е наред като видях програмите който почнаха да се инсталират сами... и се появяваха по бързо от колкото ги махах. В крайна сметка махнах всички програми, но има няколко процеса който съм убеден, че не са с Win-а и при спиране те се включват сами веднага. Използвам Panda Free и засега не засича нищо, но имам 2-3 програми който стоят в старт менюто и не мога да се отървя от тях и няколкото процеси който се рестартират пак и пак... ПС. Гледам, че има още 1 тема като моята, но в нея пишеше, че стъпките са специално за дадения потребител и може да доведе до повреди в операционната система и не съм ги прилагал. FRST.txt Addition.txt
  11. Здравейте , Проблема ми е следния , като вляза в онлайн игра без значение каква е започва да лагва пинга ми стой (примерно) 50 - 50 - 50 200 - 200 - 200 - 50 - 50 - 50 , че до безкрай . Забелязвам ,че вместо обичайната 2.4 mb/s в момента тегля максимум със 1.8 mb/s . Ходих при приятели за да съм уверен , че проблема не е от нета ми . Поздрави , Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-08-2015 02 Ran by Кико (administrator) on КИКО-PC (12-08-2015 22:10:15) Running from C:\Users\Кико\Downloads Loaded Profiles: Кико (Available Profiles: Кико) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe () C:\Users\Кико\AppData\Local\Viber\Viber.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe () C:\Program Files (x86)\T-Mobile\ConnectionManager\Background\ModemListener.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6326448 2012-12-21] (ESET) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-04-09] (NVIDIA Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [T-Mobile ModemListener] => C:\Program Files (x86)\T-Mobile\ConnectionManager\Background\ModemListener.exe [114552 2012-12-05] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2056131698-3958520328-2186146214-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\S-1-5-21-2056131698-3958520328-2186146214-1000\...\Run: [uTorrent] => C:\Users\Кико\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-08-01] (BitTorrent Inc.) HKU\S-1-5-21-2056131698-3958520328-2186146214-1000\...\Run: [Viber] => C:\Users\Кико\AppData\Local\Viber\Viber.exe [72389840 2015-07-15] () HKU\S-1-5-18\...\Run: [20090604] => D:\games\Encore\Hoyle\RegApp\encore_reg.exe /r "D:\games\Encore\Hoyle\RegApp\encore_reg.rpd" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-09] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-04-09] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2056131698-3958520328-2186146214-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/ BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{07AFA42B-6F8B-4398-8B05-B05E75053358}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{8781299D-5F6C-4C3D-8278-09851F1EA46F}: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-08-02] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2056131698-3958520328-2186146214-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Кико\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2056131698-3958520328-2186146214-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Кико\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-24] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2056131698-3958520328-2186146214-1000: pcpitstop.com/PCMaticPlugin -> C:\Users\Кико\AppData\Roaming\PCPitstop\PC Matic Plugin\1.0.0.1\npPCMaticPlugin.1.0.0.1.dll [2013-07-22] (PC Pitstop LLC) FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-09-03] Chrome: ======= CHR Profile: C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-03] CHR Extension: (Google Drive) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-03] CHR Extension: (YouTube) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-03] CHR Extension: (Google Search) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-03] CHR Extension: (Heroes & Generals) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2014-08-23] CHR Extension: (Arcane Legends) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2015-01-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03] CHR Extension: (Gmail) - C:\Users\Кико\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-03] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1333424 2012-12-21] (ESET) S2 HiPatchService; d:\games\Hi-Rez Studios\HiPatchService.exe [8704 2015-07-27] (Hi-Rez Studios) [File not signed] S4 Modem Device Helper; C:\Program Files (x86)\T-Mobile\ConnectionManager\BackgroundService\ServiceManager.exe [51576 2012-12-04] () [File not signed] S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3071632 2014-05-06] (INCA Internet Co., Ltd.) S4 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-26] () S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 A38CCID; C:\Windows\System32\DRIVERS\a38ccid.sys [62592 2014-03-24] (Advanced Card Systems Ltd.) S3 ALCATELUSB; C:\Windows\System32\Drivers\AlcatelUsb.sys [25088 2012-12-04] (Windows ® Codename Longhorn DDK provider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-03] (DT Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-01-10] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET) S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [120832 2012-12-04] (TCT International Mobile Ltd) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-09] (NVIDIA Corporation) S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 npkcrypt; \??\D:\Games\Lineage II\system\npkcrypt.sys [X] S3 npkycryp; \??\D:\Games\Lineage II\system\npkycryp.sys [X] S3 SmbDrv; system32\DRIVERS\Smb_driver.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 X6va020; \??\C:\Windows\SysWOW64\Drivers\X6va020 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-12 22:10 - 2015-08-12 22:10 - 00013335 _____ C:\Users\Кико\Downloads\FRST.txt 2015-08-12 22:10 - 2015-08-12 22:10 - 00000000 ____D C:\FRST 2015-08-12 22:09 - 2015-08-12 22:10 - 02172928 _____ (Farbar) C:\Users\Кико\Downloads\FRST64.exe 2015-08-12 21:57 - 2015-08-12 21:57 - 00000312 _____ C:\Users\Кико\Desktop\Системата ми е инфектирана - Какво да правя сега- - Премахване на зловреден софтуер - HiJackThis логове - kaldata.com - Форуми.url 2015-08-12 21:50 - 2015-08-12 21:51 - 02082630 _____ (J.C. Kessels ) C:\Users\Кико\Downloads\MyDefrag-v4.3.1.exe 2015-08-12 20:46 - 2015-08-12 20:46 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS 2015-08-12 17:41 - 2015-08-12 17:41 - 00019402 _____ C:\Users\Кико\Downloads\Terminator Genisys 2015 READNFO 480p HDRip XviD AC3-NoGroup.torrent 2015-08-12 17:41 - 2015-08-12 17:41 - 00019402 _____ C:\Users\Кико\Downloads\Terminator Genisys 2015 READNFO 480p HDRip XviD AC3-NoGroup (1).torrent 2015-08-12 02:41 - 2015-07-30 16:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-08-12 02:41 - 2015-07-30 16:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-08-11 22:39 - 2015-07-30 21:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-08-11 22:39 - 2015-07-30 20:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-08-11 22:39 - 2015-07-30 20:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-08-11 22:39 - 2015-07-30 20:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-08-11 22:39 - 2015-07-30 20:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-08-11 22:39 - 2015-07-30 20:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-08-11 22:39 - 2015-07-30 20:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-08-11 22:39 - 2015-07-30 19:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-11 22:39 - 2015-07-30 19:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-11 22:39 - 2015-07-30 19:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-08-11 22:39 - 2015-07-28 23:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-08-11 22:39 - 2015-07-28 23:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-08-11 22:39 - 2015-07-28 23:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-08-11 22:39 - 2015-07-28 23:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-08-11 22:39 - 2015-07-28 23:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-08-11 22:39 - 2015-07-28 23:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-08-11 22:39 - 2015-07-28 23:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-08-11 22:39 - 2015-07-28 22:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-08-11 22:39 - 2015-07-15 21:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-11 22:39 - 2015-07-15 21:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-08-11 22:39 - 2015-07-15 21:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-08-11 22:39 - 2015-07-15 21:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-11 22:39 - 2015-07-15 21:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-11 22:39 - 2015-07-15 21:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-08-11 22:39 - 2015-07-15 21:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-08-11 22:39 - 2015-07-15 21:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-08-11 22:39 - 2015-07-15 21:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-08-11 22:39 - 2015-07-15 21:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-08-11 22:39 - 2015-07-15 21:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-08-11 22:39 - 2015-07-15 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-08-11 22:39 - 2015-07-15 21:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-08-11 22:39 - 2015-07-15 21:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-11 22:39 - 2015-07-15 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-08-11 22:39 - 2015-07-15 21:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-08-11 22:39 - 2015-07-15 21:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-08-11 22:39 - 2015-07-15 21:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 21:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-08-11 22:39 - 2015-07-15 20:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-08-11 22:39 - 2015-07-15 20:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-08-11 22:39 - 2015-07-15 20:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-08-11 22:39 - 2015-07-15 20:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-08-11 22:39 - 2015-07-15 20:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-08-11 22:39 - 2015-07-15 20:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-08-11 22:39 - 2015-07-15 20:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-08-11 22:39 - 2015-07-15 20:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-08-11 22:39 - 2015-07-15 20:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-08-11 22:39 - 2015-07-15 20:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-08-11 22:39 - 2015-07-15 20:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-08-11 22:39 - 2015-07-15 20:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-08-11 22:39 - 2015-07-15 20:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-08-11 22:39 - 2015-07-15 20:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-08-11 22:39 - 2015-07-15 20:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-08-11 22:39 - 2015-07-15 20:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-08-11 22:39 - 2015-07-15 20:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-08-11 22:39 - 2015-07-15 20:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-08-11 22:39 - 2015-07-15 20:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-08-11 22:39 - 2015-07-15 20:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-08-11 22:39 - 2015-07-15 20:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-08-11 22:39 - 2015-07-15 20:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 20:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-08-11 22:39 - 2015-07-15 19:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-08-11 22:39 - 2015-07-15 19:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-08-11 22:39 - 2015-07-15 19:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-08-11 22:39 - 2015-07-15 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-08-11 22:39 - 2015-07-15 19:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 19:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 19:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 19:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-08-11 22:39 - 2015-07-15 06:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-11 22:39 - 2015-07-15 06:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-11 22:39 - 2015-07-15 06:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-11 22:39 - 2015-07-15 06:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-08-11 22:39 - 2015-07-15 06:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-08-11 22:39 - 2015-07-15 05:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-08-11 22:39 - 2015-07-15 05:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-08-11 22:39 - 2015-07-15 05:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-08-11 22:39 - 2015-07-15 05:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-08-11 22:39 - 2015-07-10 20:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-11 22:39 - 2015-07-10 20:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2015-08-11 22:39 - 2015-07-10 20:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-08-11 22:39 - 2015-07-10 20:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-08-11 22:39 - 2015-07-10 20:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-08-11 22:39 - 2015-07-10 20:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-08-11 22:39 - 2015-07-09 20:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-11 22:39 - 2015-07-09 20:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-11 22:39 - 2015-07-09 20:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2015-08-11 22:39 - 2015-07-01 23:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-11 22:39 - 2015-07-01 23:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2015-08-11 22:39 - 2015-07-01 23:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2015-08-11 22:39 - 2015-07-01 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 19291648 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-11 22:38 - 2015-07-26 02:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-08-11 22:38 - 2015-07-26 02:17 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-11 22:38 - 2015-07-26 02:17 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-11 22:38 - 2015-07-26 02:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-08-11 22:38 - 2015-07-25 23:24 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-08-11 22:38 - 2015-07-25 23:23 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-08-11 22:38 - 2015-07-25 23:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-08-11 22:38 - 2015-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-08-11 22:38 - 2015-07-25 21:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-11 22:38 - 2015-07-25 21:17 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-08-11 22:38 - 2015-07-25 21:09 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-11 22:38 - 2015-07-25 20:52 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-08-11 22:38 - 2015-07-25 20:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-08-11 22:37 - 2015-07-20 21:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-08-11 22:37 - 2015-07-20 21:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-08-11 22:37 - 2015-07-20 21:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-08-11 22:37 - 2015-07-20 21:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-08-11 22:37 - 2015-07-20 20:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-08-11 22:37 - 2015-07-20 20:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-08-11 22:37 - 2015-07-20 20:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-08-11 22:37 - 2015-07-20 20:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-08-11 22:37 - 2015-07-20 20:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-08-11 22:37 - 2015-07-10 20:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-11 22:37 - 2015-07-10 20:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-08-11 22:37 - 2015-05-09 21:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-08-10 12:31 - 2015-08-10 12:31 - 00000069 _____ C:\Users\Кико\Desktop\-Saphir-I Am Alive- - YouTube.url 2015-08-10 00:27 - 2015-08-12 02:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-10 00:27 - 2015-08-12 02:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-10 00:27 - 2015-08-12 02:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-08-10 00:26 - 2015-08-10 00:27 - 13095136 _____ (Microsoft Corporation) C:\Users\Кико\Downloads\Silverlight_x64.exe 2015-08-10 00:24 - 2015-08-10 00:24 - 00761856 _____ C:\Users\Кико\Downloads\PCMaticPlugin (1).msi 2015-08-10 00:22 - 2015-08-10 00:22 - 00761856 _____ C:\Users\Кико\Downloads\PCMaticPlugin.msi 2015-08-10 00:22 - 2015-08-10 00:22 - 00000000 ____D C:\Users\Кико\AppData\Roaming\PCPitstop 2015-08-09 23:42 - 2015-08-09 23:47 - 00000000 ____D C:\Users\Кико\Desktop\Italo Disco 2015-08-09 20:10 - 2015-08-09 20:10 - 00000000 ____D C:\Users\Кико\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks 2015-08-09 19:27 - 2015-08-09 19:27 - 00015407 _____ C:\Users\Кико\Downloads\Malwarebytes Anti-Malware Premium v2.1.8.1057 Final.torrent 2015-08-09 16:36 - 2015-08-09 16:42 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Кико\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-09 16:34 - 2015-08-09 16:34 - 06693128 _____ (Wargaming.net ) C:\Users\Кико\Downloads\WoT_internet_install_eu.exe 2015-08-09 16:15 - 2015-08-09 16:15 - 01275427 _____ C:\Users\Кико\Downloads\J1mB0_s_Crosshair_Mod_v1.50_-_Curse_Client.zip 2015-08-09 16:10 - 2015-08-09 16:10 - 00012982 _____ C:\Users\Кико\Downloads\The.Stoning.of.Soraya.M.2008.BRRip.x264-WAR.torrent 2015-08-09 16:09 - 2015-08-09 16:09 - 00024603 _____ C:\Users\Кико\Downloads\wtsto.rar 2015-08-09 16:03 - 2015-08-09 16:03 - 00014714 _____ C:\Users\Кико\Downloads\Petite HD Porn 3.torrent 2015-08-09 16:03 - 2015-08-09 16:03 - 00014714 _____ C:\Users\Кико\Downloads\Petite HD Porn 3 (1).torrent 2015-08-07 23:03 - 2015-08-07 23:03 - 00000069 _____ C:\Users\Кико\Desktop\BOBBY O - Obsession (December 2011 NEW RELEASE) - YouTube.url 2015-08-06 11:28 - 2015-08-06 11:28 - 00098432 _____ C:\Users\Кико\Downloads\Battlefield 4 (RePack) (Update 11) [R.G. Games].torrent 2015-08-05 03:11 - 2015-08-05 03:11 - 00000249 _____ C:\Users\Кико\Desktop\Интересни решения - снимки и друго.... - Страница 12.url 2015-08-04 15:55 - 2015-08-11 22:25 - 00003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings 2015-08-04 15:55 - 2015-08-04 15:55 - 00000000 ____D C:\Program Files\Common Files\AV 2015-08-04 00:43 - 2015-08-04 00:43 - 00000069 _____ C:\Users\Кико\Desktop\The Voice UK 2013 - Conor Scott performs 'Starry Eyed' - Blind Auditions 3 - BBC One - YouTube.url 2015-08-04 00:29 - 2015-08-04 00:29 - 00000069 _____ C:\Users\Кико\Desktop\Top Greatest First Singing Auditions - YouTube.url 2015-08-04 00:25 - 2015-08-04 00:25 - 00000069 _____ C:\Users\Кико\Desktop\How To Sing Good - 3 Easy Tips For How To Sing Good - YouTube.url 2015-08-04 00:06 - 2015-08-04 00:06 - 00000069 _____ C:\Users\Кико\Desktop\Wiggle - Vintage 1920s Broadway Jason Derulo - Snoop Dogg Cover - YouTube.url 2015-08-02 13:08 - 2015-08-02 13:08 - 00405360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-08-02 13:08 - 2015-08-02 13:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2015-08-02 10:36 - 2015-08-02 10:36 - 00000813 _____ C:\Users\Public\Desktop\Smite.lnk 2015-08-02 10:36 - 2015-08-02 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2015-08-02 10:36 - 2015-08-02 10:36 - 00000000 ____D C:\ProgramData\Hi-Rez Studios 2015-08-02 10:33 - 2015-08-02 10:34 - 51997064 _____ (Hi-Rez Studios) C:\Users\Кико\Downloads\InstallHiRezGamesEnglish.exe 2015-08-02 02:22 - 2015-08-10 21:04 - 00000000 ____D C:\Users\Кико\Documents\Euro Truck Simulator 2 2015-08-02 02:19 - 2015-08-02 02:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 2015-08-01 22:12 - 2015-08-01 22:12 - 00034146 _____ C:\Users\Кико\Downloads\ComputerDesktopWallpapers.torrent 2015-08-01 22:05 - 2015-08-01 22:05 - 00015919 _____ C:\Users\Кико\Downloads\Euro.Truck.Simulator.2.v1.19.2.1.Incl.27.DLC-RePack.iso.torrent 2015-07-30 00:08 - 2015-07-30 00:08 - 00002156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk 2015-07-30 00:07 - 2015-07-30 00:07 - 00931408 _____ (Google Inc.) C:\Users\Кико\Downloads\GoogleEarthSetup.exe 2015-07-29 02:24 - 2015-07-29 02:24 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo 2015-07-29 02:24 - 2015-07-29 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan 2015-07-29 02:23 - 2015-07-29 02:23 - 02143832 _____ C:\Users\Кико\Downloads\instsf449.exe 2015-07-29 01:49 - 2015-07-29 02:08 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server 2015-07-29 01:48 - 2015-07-29 01:49 - 21370837 _____ C:\Users\Кико\Downloads\RTSSSetup620-[Guru3D.com].rar 2015-07-29 01:46 - 2015-07-29 01:46 - 01199856 _____ ( ) C:\Users\Кико\Downloads\hwmonitor_1.28.exe 2015-07-28 18:11 - 2015-07-28 18:11 - 00000069 _____ C:\Users\Кико\Desktop\90's Megamix - Dance Hits of the 90s - Epic 2 Hour Video Mix! - YouTube.url 2015-07-27 22:00 - 2015-07-27 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Croteam 2015-07-27 13:36 - 2015-07-27 13:36 - 00023495 _____ C:\Users\Кико\Downloads\Serious.Sam.3.BFE.Gold.Edition-PROPHET.torrent 2015-07-27 13:28 - 2015-07-27 13:29 - 67701008 _____ (Viber Media Inc) C:\Users\Кико\Downloads\ViberSetup.exe 2015-07-26 23:23 - 2015-07-26 23:23 - 00000087 _____ C:\Users\Кико\The Hottest Amateur-Selfies You Have Ever Seen!! - Photo #67.url 2015-07-25 23:47 - 2015-07-25 23:47 - 00000069 _____ C:\Users\Кико\Desktop\Teena Marie - Lovergirl - YouTube.url 2015-07-24 21:53 - 2015-08-10 12:50 - 00000184 _____ C:\Users\Кико\Desktop\[email protected] 2015-07-23 09:21 - 2015-07-23 09:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2015-07-23 09:19 - 2015-07-23 09:20 - 30993712 _____ (Riot Games) C:\Users\Кико\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe 2015-07-23 00:42 - 2015-07-23 00:42 - 00000000 ____D C:\Users\Кико\AppData\Local\CEF 2015-07-18 11:58 - 2015-08-12 22:03 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0c137f342174d.job 2015-07-18 11:58 - 2015-08-12 20:44 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0c137f2566f12.job 2015-07-18 11:58 - 2015-07-18 11:58 - 00003994 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0c137f342174d 2015-07-18 11:58 - 2015-07-18 11:58 - 00003742 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0c137f2566f12 2015-07-15 12:19 - 2015-07-15 12:19 - 00000000 ____D C:\Users\Кико\AppData\Roaming\Trove 2015-07-15 10:39 - 2015-06-02 03:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-07-15 10:39 - 2015-06-02 02:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2015-07-15 10:38 - 2015-07-04 21:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-15 10:38 - 2015-07-04 20:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-15 10:38 - 2015-06-17 20:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-15 10:38 - 2015-06-17 20:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-15 10:38 - 2015-04-27 22:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-07-15 10:38 - 2015-04-27 22:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-07-15 10:38 - 2015-04-27 22:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-07-15 10:38 - 2015-04-27 22:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-07-15 10:38 - 2015-04-27 22:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-07-15 10:38 - 2015-04-27 22:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-07-15 10:38 - 2015-04-27 22:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-07-15 10:38 - 2015-04-27 22:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-07-15 10:37 - 2015-06-16 00:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-07-15 10:37 - 2015-06-16 00:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-15 10:37 - 2015-06-16 00:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-15 10:37 - 2015-06-16 00:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-07-15 10:37 - 2015-06-16 00:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-07-15 10:37 - 2015-06-16 00:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-15 10:37 - 2015-06-16 00:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-15 10:37 - 2015-06-16 00:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-15 10:37 - 2015-06-16 00:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-07-15 10:37 - 2015-06-16 00:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-15 10:37 - 2015-06-16 00:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-07-15 10:37 - 2015-06-16 00:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2015-07-15 10:37 - 2015-06-11 20:56 - 01112576 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-07-15 10:37 - 2015-06-11 20:16 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-07-15 10:37 - 2015-06-11 20:15 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2015-07-13 20:53 - 2015-07-13 20:53 - 00040720 _____ C:\Users\Кико\Downloads\Terminator.2.Judgment.Day.1991.WS.DVDRip.XviD.BG.and.ENG.Audio-Atany.torrent 2015-07-13 20:53 - 2015-07-13 20:53 - 00040720 _____ C:\Users\Кико\Downloads\Terminator.2.Judgment.Day.1991.WS.DVDRip.XviD.BG.and.ENG.Audio-Atany (1).torrent 2015-07-13 20:50 - 2015-07-13 20:50 - 06386866 _____ ( ) C:\Users\Кико\Downloads\MKVPlayerSetupD.exe 2015-07-13 20:48 - 2015-07-13 20:48 - 00056165 _____ C:\Users\Кико\Downloads\MKVToolNix 7.5.0 Final + Portable.torrent 2015-07-13 18:20 - 2015-07-13 18:20 - 00015302 _____ C:\Users\Кико\Downloads\Terminator.2.Judgment.Day.1991.BDRip.x265-WAR (1).torrent 2015-07-13 18:19 - 2015-07-13 18:19 - 00025828 _____ C:\Users\Кико\Downloads\Terminator.2.DirCut.1991.720p.HDDVD.DTS.x264_ESiR.(subs.sab.bz).rar 2015-07-13 18:19 - 2015-07-13 18:19 - 00015302 _____ C:\Users\Кико\Downloads\Terminator.2.Judgment.Day.1991.BDRip.x265-WAR.torrent ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-12 22:06 - 2015-01-20 00:52 - 00000000 ____D C:\Program Files (x86)\Steam 2015-08-12 22:04 - 2014-10-20 05:53 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec11141dff92.job 2015-08-12 22:03 - 2014-11-13 09:59 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfff0f4ff0b4c9.job 2015-08-12 21:58 - 2014-06-18 00:41 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8a74e7f78ebf.job 2015-08-12 21:28 - 2015-07-09 19:22 - 00000000 ____D C:\Users\Кико\AppData\Roaming\uTorrent 2015-08-12 21:21 - 2014-01-28 19:16 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2056131698-3958520328-2186146214-1000UA.job 2015-08-12 21:06 - 2009-07-14 07:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-12 21:06 - 2009-07-14 07:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-12 20:46 - 2013-09-03 00:56 - 01112495 _____ C:\Windows\WindowsUpdate.log 2015-08-12 20:45 - 2014-05-15 22:29 - 00000000 ____D C:\Users\Кико\AppData\Roaming\ViberPC 2015-08-12 20:44 - 2015-05-18 22:58 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d091a4feaf1b16.job 2015-08-12 20:44 - 2013-09-03 02:05 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-12 20:43 - 2015-06-23 14:23 - 00007112 _____ C:\Windows\setupact.log 2015-08-12 20:43 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-12 13:04 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache 2015-08-12 11:00 - 2009-07-14 07:45 - 00431352 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-12 10:58 - 2014-12-11 15:14 - 00000000 ____D C:\Windows\system32\appraiser 2015-08-12 10:58 - 2014-05-07 02:31 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-08-12 02:35 - 2013-09-15 02:42 - 00000000 ____D C:\Windows\system32\MRT 2015-08-12 02:32 - 2013-09-15 02:42 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-08-10 18:21 - 2014-01-28 19:16 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2056131698-3958520328-2186146214-1000Core.job 2015-08-10 12:24 - 2015-01-26 17:25 - 00000000 ____D C:\Users\Кико\Desktop\Funny 2015-08-10 10:41 - 2015-03-06 00:41 - 00010124 _____ C:\Windows\PFRO.log 2015-08-09 16:01 - 2013-09-03 00:58 - 00000000 ____D C:\Users\Кико 2015-08-02 21:29 - 2014-06-17 10:10 - 00000000 ____D C:\Users\Кико\AppData\Roaming\SpinTires 2015-08-02 20:18 - 2013-09-03 03:14 - 00000000 ____D C:\Users\Кико\Desktop\Games 2015-08-02 13:55 - 2013-10-13 10:12 - 00000000 ____D C:\Users\Кико\Documents\My Games 2015-08-02 12:38 - 2015-05-26 02:33 - 00037790 _____ C:\Windows\DirectX.log 2015-08-02 10:36 - 2013-09-03 01:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-08-02 01:48 - 2014-09-20 01:27 - 00000000 ____D C:\Users\Кико\AppData\Local\Warframe 2015-07-31 17:14 - 2013-09-03 11:19 - 00000000 ____D C:\Users\Кико\AppData\Roaming\Skype 2015-07-30 20:54 - 2013-12-15 00:27 - 00000000 ____D C:\Users\Кико\Documents\VirtualDJ 2015-07-29 01:50 - 2013-09-03 11:38 - 00000000 ____D C:\Windows\SysWOW64\directx 2015-07-27 13:39 - 2015-05-24 21:59 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-07-27 13:38 - 2013-09-03 11:19 - 00000000 ____D C:\ProgramData\Skype 2015-07-27 13:31 - 2014-10-30 01:32 - 00000961 _____ C:\Users\Кико\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk 2015-07-27 13:31 - 2014-10-30 01:31 - 00000000 ____D C:\Users\Кико\AppData\Local\Viber 2015-07-24 21:40 - 2015-04-19 20:39 - 00000000 ____D C:\Users\Кико\Desktop\Dokumenti 2015-07-18 11:58 - 2015-05-18 22:58 - 00003742 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d091a4feaf1b16 2015-07-18 11:58 - 2014-11-13 09:59 - 00003994 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfff0f4ff0b4c9 2015-07-18 11:45 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-07-15 11:16 - 2009-07-14 08:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2013-12-23 01:15 - 2015-04-04 04:08 - 0007603 _____ () C:\Users\Кико\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\Кико\AppData\Local\Temp\855773e187c67c0dab3ae888acfa66a9.dll C:\Users\Кико\AppData\Local\Temp\d4f5d244a0909d75573750c06e9db24d.dll C:\Users\Кико\AppData\Local\Temp\sfamcc00001.dll C:\Users\Кико\AppData\Local\Temp\sfextra.dll C:\Users\Кико\AppData\Local\Temp\SkypeSetup.exe C:\Users\Кико\AppData\Local\Temp\unrar.dll C:\Users\Кико\AppData\Local\Temp\_isDD83.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-12 00:31 ==================== End of log ============================ Addition.txt
  12. Пълен скан с MBAM под safe mode не намери нищо. *edit - оказа се че проблемът е бил в Windows Update клиента, инсталирането на ъпдейт KB3050265 от сайта на Майкрософт го оправи. Моля, заключете/изтрийте темата.
  13. Привет. След дълги перипетии,описани в предишните ми теми компютърът ми проработи след ъпдейт на БИОС.Проблемите бяха започнали след неуспешен опит за инсталация на програма свалена от торент, което ме кара да се съмнявам и за наличен вирус.Също имам и подозрения за autorun (или както там се казва) вирус прихванат от флашка.Ето логовете: Addition.txt
  14. Здравейте!Лаптопа ми е нов на 2-3месеца ,но работи изключително бавно,имам предвид в Chrome като пиша и текста се появява след 1-2секунди примерно,като цяло не използвам почти никакви програми,ето логовете Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015 Ran by Dell (administrator) on DELL-PC on 14-07-2015 10:44:17 Running from C:\Users\Dell\Desktop Loaded Profiles: Dell (Available Profiles: Dell) Platform: Windows 8.1 Connected (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSysSvc64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (AIMP DevTeam) C:\Program Files (x86)\AIMP3\AIMP3.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe () C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Users\Dell\AppData\Local\Viber\Viber.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Dell) C:\Program Files\Dell\Dell Data Services\DDSSvc.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5776712 2013-11-26] (Dell Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573720 2014-05-06] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-04-10] (Waves Audio Ltd.) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.) HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] () HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\Run: [uTorrent] => C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-12] (BitTorrent Inc.) HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\Run: [Viber] => C:\Users\Dell\AppData\Local\Viber\Viber.exe [80035536 2015-06-10] () HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.) HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\MountPoints2: {698d1252-ebdc-11e4-8270-f470c499c1b5} - "E:\autorun.exe" HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\MountPoints2: {a68dd632-dd41-11e4-825b-d54ccb47a18c} - "E:\AutoRun.exe" HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\MountPoints2: {a68dd6a5-dd41-11e4-825b-d54ccb47a18c} - "E:\AutoRun.exe" HKU\S-1-5-21-1353754189-2006675028-370256372-1001\...\MountPoints2: {a68dd84d-dd41-11e4-825b-d54ccb47a18c} - "G:\AutoRun.exe" HKU\S-1-5-21-1353754189-2006675028-370256372-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1353754189-2006675028-370256372-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-1353754189-2006675028-370256372-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1353754189-2006675028-370256372-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-1353754189-2006675028-370256372-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6472DF88-8DA3-4641-AA53-F9BE056B1A8A}: [NameServer] 212.39.90.42 212.39.90.43 Tcpip\..\Interfaces\{9520A722-C3EB-424C-86F1-A74A2F638176}: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oh4ckppu.default FF DefaultSearchEngine: Google Default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-09] (Google Inc.) FF Plugin HKU\S-1-5-21-1353754189-2006675028-370256372-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-05-02] (Ubisoft) FF SearchPlugin: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oh4ckppu.default\searchplugins\google-default.xml [2015-04-07] FF SearchPlugin: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oh4ckppu.default\searchplugins\youtube.xml [2015-04-07] FF Extension: Thumbnail Zoom Plus - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oh4ckppu.default\Extensions\[email protected] [2015-04-07] FF Extension: Adblock Plus - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\oh4ckppu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-07] Chrome: ======= CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-07] CHR Extension: (Google Docs) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-07] CHR Extension: (Google Drive) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-07] CHR Extension: (YouTube) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-07] CHR Extension: (Google Search) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-07] CHR Extension: (Photo Zoom for Facebook) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-07-09] CHR Extension: (Google Sheets) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-07] CHR Extension: (Stylish) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-04-07] CHR Extension: (AdBlock) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-07] CHR Extension: (Google Wallet) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-07] CHR Extension: (Hover Zoom) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-07-09] CHR Extension: (Gmail) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [45936 2014-11-13] (Dell) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [92528 2015-05-05] (Dell) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.) R2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-18] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-18] (Intel Corporation) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-28] () R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-22] (Intel Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887232 2013-12-24] (Intel® Corporation) R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-11] (Dell Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS) S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.) S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [651856 2013-10-26] () R2 WavesSysSvc; C:\Program Files\Realtek\Audio\HDA\WavesSysSvc64.exe [497664 2014-04-07] (Waves Audio Ltd.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) S2 HiPatchService; D:\Games\HiPatchService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-11] (Qualcomm Atheros Communications, Inc.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) R3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-18] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-18] (Intel Corporation) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-04-26] (DT Soft Ltd) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed] S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed] S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed] S3 hwusb_cdcacm; C:\Windows\system32\DRIVERS\ew_cdcacm.sys [121728 2013-10-23] (Huawei Technologies Co., Ltd.) S3 hwusb_wwanecm; C:\Windows\system32\DRIVERS\ew_wwanecm.sys [376448 2013-11-01] (Huawei Technologies Co., Ltd.) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-20] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-14 10:44 - 2015-07-14 10:45 - 00018282 _____ C:\Users\Dell\Desktop\FRST.txt 2015-07-14 10:44 - 2015-07-14 10:44 - 00000000 ____D C:\FRST 2015-07-14 10:43 - 2015-07-14 10:43 - 02133504 _____ (Farbar) C:\Users\Dell\Desktop\FRST64.exe 2015-07-14 10:42 - 2015-07-14 10:42 - 01636864 _____ (Farbar) C:\Users\Dell\Desktop\a.exe 2015-07-11 17:59 - 2015-07-11 17:59 - 00001062 _____ C:\Users\Dell\Desktop\GuitarPro - Shortcut.lnk 2015-07-09 09:57 - 2015-07-09 09:57 - 00002285 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-09 09:57 - 2015-07-09 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-09 09:54 - 2015-07-14 09:59 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-09 09:54 - 2015-07-14 09:59 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-09 09:54 - 2015-07-09 09:54 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-09 09:54 - 2015-07-09 09:54 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-09 09:52 - 2015-07-09 09:52 - 00931408 _____ (Google Inc.) C:\Users\Dell\Downloads\ChromeSetup.exe 2015-07-07 20:58 - 2015-07-09 21:16 - 00000000 ____D C:\Users\Dell\AppData\Roaming\TS3Client 2015-07-07 20:58 - 2015-07-07 20:58 - 00001184 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2015-07-07 20:58 - 2015-07-07 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-07-07 20:57 - 2015-07-07 20:58 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client 2015-07-07 20:55 - 2015-07-07 20:57 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\Dell\Downloads\TeamSpeak3-Client-win32-3.0.16.exe 2015-07-06 11:19 - 2015-07-06 11:19 - 00001775 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-07-06 11:19 - 2015-07-06 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-07-06 11:16 - 2015-07-06 11:19 - 00000000 ____D C:\Program Files\iTunes 2015-07-06 11:16 - 2015-07-06 11:16 - 00000000 ____D C:\Program Files\iPod 2015-07-06 11:16 - 2015-07-06 11:16 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-06-25 17:37 - 2015-07-07 16:26 - 00000000 ____D C:\Users\Dell\Desktop\uroci 2015-06-23 15:51 - 2015-06-23 15:51 - 00004024 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask 2015-06-23 15:51 - 2015-06-23 15:51 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2015-06-23 15:51 - 2015-06-23 15:51 - 00003214 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest 2015-06-23 15:51 - 2015-06-23 15:51 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows 2015-06-23 15:51 - 2015-06-23 15:51 - 00000000 ____D C:\Program Files\Dell Support Center 2015-06-14 08:54 - 2015-06-14 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-14 10:38 - 2015-04-08 13:45 - 00000000 ____D C:\Users\Dell\AppData\Roaming\AIMP3 2015-07-14 10:27 - 2015-04-07 19:14 - 02066256 _____ C:\Windows\WindowsUpdate.log 2015-07-14 10:09 - 2014-11-29 09:36 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2015-07-14 10:08 - 2015-06-03 16:46 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Skype 2015-07-14 10:07 - 2015-04-07 17:46 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1353754189-2006675028-370256372-1001 2015-07-14 10:05 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness 2015-07-14 10:00 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\sru 2015-07-14 09:59 - 2015-04-08 16:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-14 09:21 - 2015-04-07 17:46 - 00000000 ____D C:\ProgramData\softthinks 2015-07-14 09:08 - 2015-04-07 17:45 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{767366E0-BF56-478F-865B-741B5A69AB60} 2015-07-14 09:06 - 2015-04-30 12:34 - 00000400 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job 2015-07-14 09:06 - 2015-04-26 18:07 - 00000000 ____D C:\Users\Dell\AppData\Roaming\ViberPC 2015-07-14 09:05 - 2015-04-07 21:06 - 00000000 ___DO C:\Users\Dell\OneDrive 2015-07-14 09:03 - 2014-03-18 12:44 - 01085486 _____ C:\Windows\PFRO.log 2015-07-14 09:03 - 2013-08-22 17:46 - 00039309 _____ C:\Windows\setupact.log 2015-07-14 09:03 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-12 22:28 - 2015-04-08 16:47 - 00000000 ____D C:\Users\Dell\AppData\Local\Battle.net 2015-07-11 21:01 - 2015-04-09 21:36 - 00115200 ___SH C:\Users\Dell\Desktop\Thumbs.db 2015-07-09 12:00 - 2015-04-08 16:41 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-09 10:22 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp 2015-07-09 09:57 - 2015-04-07 19:31 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-07 00:24 - 2015-04-19 21:21 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-07 00:24 - 2015-04-19 21:21 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-06 17:44 - 2015-04-07 17:48 - 00000000 ____D C:\Users\Dell\AppData\Roaming\uTorrent 2015-07-06 17:00 - 2015-04-14 12:57 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Apple Computer 2015-07-06 11:16 - 2015-04-14 12:54 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-07-06 11:15 - 2015-04-14 12:56 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-07-05 13:08 - 2015-04-12 22:24 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-07-05 08:52 - 2015-04-07 22:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-03 15:19 - 2015-04-07 22:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-06-27 08:47 - 2015-04-07 19:30 - 00000000 ____D C:\Users\Dell\AppData\Local\Deployment 2015-06-25 17:38 - 2015-04-08 16:25 - 00000000 ____D C:\Users\Dell\AppData\Local\Adobe 2015-06-23 15:51 - 2014-11-29 09:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2015-06-23 15:50 - 2014-11-29 09:34 - 00000000 ____D C:\ProgramData\PCDr 2015-06-22 09:15 - 2015-04-11 11:13 - 00000000 ____D C:\ProgramData\SupportAssistAgent 2015-06-20 08:51 - 2015-04-10 00:19 - 00000000 ____D C:\Windows\system32\MRT 2015-06-20 08:44 - 2015-04-10 00:19 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-17 17:52 - 2014-11-29 09:31 - 00000000 ____D C:\Program Files\Dell 2015-06-16 08:38 - 2015-05-31 10:35 - 00001044 _____ C:\Users\Dell\Desktop\Viber.lnk 2015-06-16 08:38 - 2015-04-26 18:07 - 00001052 _____ C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk 2015-06-16 08:38 - 2015-04-26 18:07 - 00000000 ____D C:\Users\Dell\AppData\Local\Viber 2015-06-14 08:54 - 2015-04-08 11:48 - 00000000 ____D C:\Program Files (x86)\AIMP3 ==================== Files in the root of some directories ======= 2015-06-03 10:36 - 2015-06-03 10:36 - 0007602 _____ () C:\Users\Dell\AppData\Local\Resmon.ResmonCfg 2014-11-29 09:22 - 2014-11-29 09:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Dell\AppData\Local\Temp\ExPromo.exe C:\Users\Dell\AppData\Local\Temp\Gw2.exe C:\Users\Dell\AppData\Local\Temp\SRLDetectionLibrary2044722593050632910.dll C:\Users\Dell\AppData\Local\Temp\SRLDetectionLibrary6629298945584287019.dll C:\Users\Dell\AppData\Local\Temp\ubiF2DC.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-08 09:46 ==================== End of log ============================ж Addition.txt
  15. От известно време когато съм във фейсбук и слушам музика от ютуб фейсбук лагва....пускам да гледам Кръстника и усещам как на места звука насича,а картината на едно място е бавна ,на друго забързва много....Кашперския намери 1 троянец,malwarebytes anti malware и тя намери 2-3.Та изтри ги,рестнах-пак същото,филма си лагва.Всички драйвъри са обновени,в игрите проблеми нямам.Та се съмнявам за вирус ,затова в този раздел пуснах темата.
  16. Здравейте имам нужда от помощ. Сина ми днес си е играл с компютъра и нямам идея какво е правил но в момента в който отворя мозилата и започват да изкачат хиляди прозорци най-вече прословутия Redirect от 6 часа се мъча да го премахна изчетох какви ли не страници и начини и нищо не помага едвам успях да влезна тук като последна надежда давам и инфо с кой програми се опитах да изчистя системата : AdwCleaner 4.107 Portable/CCleaner Professional v5.07.5261 Final/Malwarebytes Anti-Malware Premium v2.1.8.1057 Final/Tdsskiller kaspersky /Advance system protector (http://powerbundle.systweak.com/asp/) давам и линк за всеки случай да е ясно коя е точно програмата) и последната беше Junkware Removal Tool имам и лог файл от всичките упражнения няма никакъв ефект и Windosw defender ми е изключен и не ми позволява да го пусна / за повече от 10години за първи път не мога да се справя надявам се да има някакво решение Благодаря , С Уважение Димитър Любенов ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.5.1 (07.16.2015:1) OS: Windows 7 Ultimate x86 Ran by Panterata on ЇҐв 17.07.2015 Ј. at 18:11:53,98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\Windows\System32\tasks\Advanced System~Protector Successfully deleted: [Task] C:\Windows\System32\tasks\Advanced System~Protector_startup Successfully deleted: [Task] C:\Windows\System32\tasks\RMSmartUpdate Successfully deleted: [Task] C:\Windows\System32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013 ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension ~~~ Files Successfully deleted: [File] C:\Users\Public\Desktop\tuneup 1-click maintenance.lnk Successfully deleted: [File] C:\Users\Public\Desktop\tuneup utilities 2014.lnk ~~~ Folders Successfully deleted: [Folder] C:\Program Files\reviversoft Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tuneup utilities 2014 Successfully deleted: [Folder] C:\ProgramData\reviversoft Successfully deleted: [Folder] C:\ProgramData\systweak Successfully deleted: [Folder] C:\Users\Panterata\Appdata\Local\rambler Successfully deleted: [Folder] C:\Users\Panterata\AppData\Roaming\getrighttogo Successfully deleted: [Folder] C:\Users\Panterata\AppData\Roaming\rambler Successfully deleted: [Folder] C:\Users\Panterata\AppData\Roaming\reviversoft Successfully deleted: [Folder] C:\Users\Panterata\AppData\Roaming\systweak Successfully deleted: [Folder] C:\Windows\System32\ai_recyclebin ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted the following from C:\Users\Panterata\AppData\Roaming\mozilla\firefox\profiles\tk98loy6.default\prefs.js user_pref(CT3329621.FF19Solved, true); user_pref(CT3329621.UserID, UN31881496884479167); user_pref(CT3329621.dum, 2); user_pref(CT3329621.fullUserID, UN31881496884479167.IN.20140727045202); user_pref(CT3329621.installDate, 27/07/2014 04:52:04); user_pref(CT3329621.installSessionId, 890d8e88-d7d4-44df-9065-cf350e58c77e); user_pref(CT3329621.installSp, FALSE); user_pref(CT3329621.installerVersion, 1.11.0.11); user_pref(CT3329621.searchRevert, false); user_pref(CT3329621.searchUninstallUserMode, 4); user_pref(CT3329621.searchUserMode, 4); user_pref(CT3329621.toolbarInstallDate, 27-07-2014 04:52:02); user_pref(CT3329621.versionFromInstaller, 10.33.0.5); user_pref(CT3329621.xpeMode, 1); user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine); user_pref(browser.search.searchengine.ptid, obw); user_pref(browser.search.searchengine.uid, HitachiXHDS721616PLA380_PVG904ZFTXXHAVTXXHAVX); user_pref(extensions.Sz7506M9HmoMNptG.scode, (function(){try{if(window.self.location.href.indexOf(\rjw4rHY8qdUHqHa8qjs4rdn7qHk\)>-1){return;}}catch(e){}try{var d=[[\tria user_pref(extensions.fBOJuZJ3G2eIMB8k.scode, (function(){try{if(window.self.location.href.indexOf(\rjw4rHY8qdUHqHa8qjs4rdn7qHk\)>-1){return;}}catch(e){}try{var d=[[\tria Emptied folder: C:\Users\Panterata\AppData\Roaming\mozilla\firefox\profiles\tk98loy6.default\minidumps [3 files] ~~~ Chrome [C:\Users\Panterata\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Panterata\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Panterata\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Panterata\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on ЇҐв 17.07.2015 Ј. at 18:15:54,68 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  17. Работи бавно както в интернет така и когато търса нещо в компютъра.Има доста процеси в таск менажера но не знам кои да махна.Компютъра е служебен и ми казаха че има мониторинг но не знаят точно какъв и да внимавам да не го изтрия. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015 Ran by Administrator (administrator) on GLBG1543PC02 on 10-06-2015 09:01:43 Running from D:\Users\Administrator\Desktop Loaded Profiles: Administrator & (Available Profiles: Librarian & Visitor & Administrator) Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (OCS Inventory NG) C:\Program Files\OCS Inventory Agent\OcsService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [startCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-05-31] (Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-21] (Avast Software s.r.o.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) Winlogon\Notify\avldr: avldr.dll [X] Winlogon\Notify\ScCertProp: wlnotify.dll [X] HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.) HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Librarian\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-31] (Google Inc.) HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Librarian\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-24] (Facebook Inc.) HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Yahoo! Search] => C:\Users\Librarian\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe [533352 2014-10-31] (Pay By Ads LTD) HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Visitor\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-12-08] (Google Inc.) HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Yahoo! Search] => C:\Users\Visitor\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.25.0\dsrlte.exe [644352 2015-04-06] (Pay By Ads LTD) HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e1cfbb30-26f5-11e1-8429-806e6f6e6963} - F:\setup.exe HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-299244719-1399796724-3294634451-500\...\MountPoints2: {4f5b41b8-3f6a-11e2-a03f-3cd92b637c04} - G:\Autoplay.exe -auto HKU\S-1-5-21-299244719-1399796724-3294634451-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4f5b41b8-3f6a-11e2-a03f-3cd92b637c04} - G:\Autoplay.exe -auto HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.) IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\bpsvc.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\browsersafeguard.exe: [Debugger] tasklist.exe IFEO\dprotectsvc.exe: [Debugger] tasklist.exe IFEO\jumpflip: [Debugger] tasklist.exe IFEO\protectedsearch.exe: [Debugger] tasklist.exe IFEO\searchinstaller.exe: [Debugger] tasklist.exe IFEO\searchprotection.exe: [Debugger] tasklist.exe IFEO\searchprotector.exe: [Debugger] tasklist.exe IFEO\searchsettings.exe: [Debugger] tasklist.exe IFEO\searchsettings64.exe: [Debugger] tasklist.exe IFEO\snapdo.exe: [Debugger] tasklist.exe IFEO\stinst32.exe: [Debugger] tasklist.exe IFEO\stinst64.exe: [Debugger] tasklist.exe IFEO\umbrella.exe: [Debugger] tasklist.exe IFEO\utiljumpflip.exe: [Debugger] tasklist.exe IFEO\volaro: [Debugger] tasklist.exe IFEO\vonteera: [Debugger] tasklist.exe IFEO\websteroids.exe: [Debugger] tasklist.exe IFEO\websteroidsservice.exe: [Debugger] tasklist.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-06-09] () Startup: C:\Users\Librarian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012-04-17] ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Administrator\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-21] (Avast Software s.r.o.) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-299244719-1399796724-3294634451-1006\User: Group Policy Restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-299244719-1399796724-3294634451-1005\User: Group Policy Restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/p/?LinkId=255141 HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://rts.dsrlte.com?affID=na HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://rts.dsrlte.com?affID=na HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-299244719-1399796724-3294634451-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://rts.dsrlte.com?affID=na HKU\S-1-5-21-299244719-1399796724-3294634451-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://rts.dsrlte.com?affID=na HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://rts.dsrlte.com?affID=na HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://rts.dsrlte.com?affID=na URLSearchHook: HKLM - Default Value = {FE69C007-C452-4d3e-86D2-1730DF8BC871} URLSearchHook: HKLM - (No Name) - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - No File SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=129&systemid=473&v=n13452-488&apn_uid=3353606502134112&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKLM -> {7182CC3C-E589-4389-7306-16715D3A4C42} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=944&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=0222813120954441&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutA0C0DzytB0ByCtAyB0CtDyE0D0BtC0CtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1760736312 SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DDFDC732-AAD1-47A8-8776-3550658B2875} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=738 SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=9C433CD92B637C04&affID=121565&tsp=5008 SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=129&systemid=473&v=n13452-488&apn_uid=3353606502134112&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {7182CC3C-E589-4389-7306-16715D3A4C42} URL = http://search.babylon.com/?q={searchTerms}&AF=110393&babsrc=SP_ss&mntrId=9c43db1c0000000000003cd92b637c04 SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=944&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=0222813120954441&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {BA967819-B32C-4ED8-B04E-05D2A406477C} URL = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {BBE9CA6B-DF88-4665-BCF3-DB5D8B6DF0D6} URL = http://search.conduit.com/Results.aspx?ctid=CT3310393&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP6CFCCE7A-1268-4F59-949C-754A9EE916F8&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> {ECDD8EEE-1125-4213-A34F-F1E0BD72846F} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=980 SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=9C433CD92B637C04&affID=121565&tsp=5008 SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=129&systemid=473&v=n13452-488&apn_uid=3353606502134112&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7182CC3C-E589-4389-7306-16715D3A4C42} URL = http://search.babylon.com/?q={searchTerms}&AF=110393&babsrc=SP_ss&mntrId=9c43db1c0000000000003cd92b637c04 SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=944&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=0222813120954441&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {BA967819-B32C-4ED8-B04E-05D2A406477C} URL = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {BBE9CA6B-DF88-4665-BCF3-DB5D8B6DF0D6} URL = http://search.conduit.com/Results.aspx?ctid=CT3310393&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP6CFCCE7A-1268-4F59-949C-754A9EE916F8&q={searchTerms} SearchScopes: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ECDD8EEE-1125-4213-A34F-F1E0BD72846F} URL = http://rts.dsrlte.com/?affID=na&q={searchTerms}&r=980 BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-21] (Avast Software s.r.o.) BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKLM - No Name - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - No File Toolbar: HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-299244719-1399796724-3294634451-500 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: AutorunsDisabled\skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default FF NewTab: FF DefaultSearchEngine: Bing FF SearchEngineOrder.1: Ask.com FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Keyword.URL: FF Homepage: hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-us|hxxp://rts.dsrlte.com?affID=na FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-21] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL No File FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL No File FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-09-12] (globalUpdate) FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-09-12] (globalUpdate) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Librarian\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-31] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Librarian\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll [2014-10-31] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: facebook.com/fbDesktopPlugin -> C:\Users\Librarian\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Visitor\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-06] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Visitor\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-06] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-500: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-500: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.) FF Plugin HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Administrator\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.) FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\user.js [2013-09-17] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-01-12] (BitComet) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\Ask.xml [2014-10-02] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\bingp.xml [2015-04-03] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\browsemngr.xml [2012-11-13] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\conduit-search.xml [2013-09-26] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\dsrlte.xml [2015-01-22] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\Funmoods.xml [2012-11-16] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\mixidj.xml [2013-09-17] FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\searchplugins\Search_Results.xml [2012-11-12] FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml [2014-10-02] FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml [2014-10-02] FF Extension: Default Tab - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\[email protected] [2013-09-17] FF Extension: Funmoods.com - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\[email protected] [2012-11-16] FF Extension: new game - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\[email protected] [2015-04-02] FF Extension: Casual Games - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\[email protected] [2015-05-28] FF Extension: Ask New Tabs - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\{9A7DF664-82DC-020F-C190-9A665AF83389} [2014-04-09] FF Extension: SimilarSites - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\{E71B541F-5E72-5555-A47C-E47863195841} [2013-04-11] FF Extension: Flash Video Downloader - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\[email protected] [2012-09-25] FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\[email protected] [2014-02-26] FF Extension: Feedback - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\[email protected] [2012-12-04] FF Extension: Download YouTube Videos as MP4 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2012-09-25] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-10] FF Extension: No Name - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2bbrihkd.default\extensions\[email protected] [not found] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\services-sync.js [2010-01-01] FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox-branding.js [2010-01-01] FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox-l10n.js [2010-01-01] FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox.js [2013-08-12] FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2007-04-03] <==== ATTENTION Chrome: ======= CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-08] CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-08] CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-25] CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-25] CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-25] CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-06-08] CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-08] CHR Extension: (Bookmark Manager) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24] CHR Extension: (Avast Online Security) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-08] CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-25] CHR HKLM\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx [Not Found] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-21] CHR HKLM\...\Chrome\Extension: [hidjnkeodmholilgafgdlgmgggbhnigl] - C:\Users\Administrator\AppData\Roaming\SimilarSites\similarsites.crx [Not Found] CHR HKLM\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Users\Administrator\AppData\Local\I Want This\Chrome\I Want This.crx [Not Found] CHR HKU\S-1-5-21-299244719-1399796724-3294634451-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-299244719-1399796724-3294634451-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx Opera: ======= OPR Extension: (No Name) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\lnpddjhhjmmcnjbjdbopmniafbpfppkb [2015-05-28] OPR Extension: (lucky leap) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\olkpfcgompgkeceodpodleppkhdjoeom [2015-04-20] OPR Extension: (No Name) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\onbakjbemhciecaakohbeichgilnhhne [2015-04-21] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AgentService; C:\Program Files\LibraryClient\globalLibx32\service.exe [46592 2012-02-20] () [File not signed] R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-21] (Avast Software s.r.o.) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-21] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-21] (Avast Software) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) R2 OCS Inventory Service; C:\Program Files\OCS Inventory Agent\OcsService.exe [38912 2013-04-08] (OCS Inventory NG) [File not signed] S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S2 bProtector; C:\ProgramData\bProtector\bProtect.exe [X] S4 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION S4 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION S2 Util lucky leap; "C:\Program Files\lucky leap\bin\utilluckyleap.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.01; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [39424 2011-06-24] (Advanced Micro Devices) [File not signed] R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-21] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-05-21] (Avast Software s.r.o.) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-21] (Avast Software s.r.o.) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271248 2015-05-21] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-21] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-21] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-21] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-21] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-21] () S3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [131064 2014-05-14] (HID Global Corporation) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-10-28] (Samsung Electronics Co., Ltd.) [File not signed] S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] (Broadcom Corporation) [File not signed] R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) R1 MpKsl436a8c4f; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{81093FBA-0347-46D4-A016-D06A4B3C8376}\MpKsl436a8c4f.sys [39464 2015-06-09] (Microsoft Corporation) R1 MpKsl9f5dc433; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{81093FBA-0347-46D4-A016-D06A4B3C8376}\MpKsl9f5dc433.sys [39464 2015-06-10] (Microsoft Corporation) R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-10-27] (Samsung Electronics) [File not signed] R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-21] (Avast Software) R1 {3b232d24-d5de-4194-b4d7-d53b41a09748}w; C:\Windows\System32\drivers\{3b232d24-d5de-4194-b4d7-d53b41a09748}w.sys [52416 2014-09-10] (StdLib) R1 {6ed88207-da38-4867-b856-ed5820836aa5}w; C:\Windows\System32\drivers\{6ed88207-da38-4867-b856-ed5820836aa5}w.sys [43152 2014-11-27] (StdLib) R1 {d7e589a9-c9af-419b-8b29-f43cc9595584}w; C:\Windows\System32\drivers\{d7e589a9-c9af-419b-8b29-f43cc9595584}w.sys [43152 2014-11-30] (StdLib) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 yoqododh; \??\C:\Windows\system32\drivers\yoqododh.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-10 09:04 - 2015-06-10 09:04 - 00000000 ____D C:\Program Files\Microsoft Office 2015-06-10 08:56 - 2015-06-10 09:02 - 00000000 ____D C:\FRST 2015-06-09 09:04 - 2015-05-24 12:40 - 00593048 ____N (Sysinternals - www.sysinternals.com) C:\autorunsc.exe 2015-06-09 09:04 - 2015-05-24 12:39 - 00680600 ____N (Sysinternals - www.sysinternals.com) C:\Autoruns.exe 2015-06-09 09:04 - 2014-06-28 16:47 - 00002028 ____N C:\Eula.txt 2015-06-09 08:34 - 2015-06-09 08:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\{9B08D2F6-41FE-40B1-8E2D-67A5F54D5468} 2015-06-08 11:46 - 2015-06-08 11:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\VSRevoGroup 2015-06-08 11:43 - 2015-06-08 11:43 - 00000000 ____D C:\Program Files\VS Revo Group 2015-06-08 10:09 - 2015-06-10 08:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-08 10:09 - 2015-06-08 10:09 - 00001026 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-08 10:09 - 2015-06-08 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-08 10:08 - 2015-06-08 10:09 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-08 10:08 - 2015-06-08 10:08 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-06-08 10:08 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-08 10:08 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-08 10:08 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-08 08:46 - 2015-06-08 08:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\{55898BB4-84DB-4972-A6D3-1C422794C945} 2015-06-05 13:14 - 2015-05-22 21:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-05 13:14 - 2015-05-22 21:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-05 13:14 - 2015-05-22 21:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-05 13:14 - 2015-05-22 21:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-05 13:14 - 2015-05-22 21:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-05 13:14 - 2015-05-22 21:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-05 13:14 - 2015-05-22 20:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-05 13:14 - 2015-05-21 16:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-05 13:01 - 2015-06-05 13:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\{B049210D-E73B-4D44-970C-05480D1A0D2B} 2015-06-02 10:06 - 2015-06-04 10:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{2E0E6D98-968E-4C86-8268-82718DF5A82A} 2015-05-29 09:12 - 2015-05-29 09:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\{6CA558CC-73B4-4398-95F9-E50444B2C26F} 2015-05-28 13:26 - 2015-06-09 13:58 - 00000448 _____ C:\Windows\Tasks\casual_games_helper_service.job 2015-05-28 13:26 - 2015-05-28 13:26 - 00000000 ____D C:\Program Files\Casual Games 2015-05-28 10:46 - 2015-05-28 10:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\{BD0DDE8F-FFF3-4EC5-83CF-F95D466E12EF} 2015-05-27 12:16 - 2015-05-27 12:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\{C3E4B2B2-DF21-425B-A86D-13700E573D2E} 2015-05-26 12:50 - 2015-05-26 12:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\{A5570127-7FF7-45DB-88E2-DD178A14086B} 2015-05-25 12:51 - 2015-06-09 13:58 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-500UA.job 2015-05-25 12:51 - 2015-06-09 13:58 - 00000988 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-500Core.job 2015-05-25 11:49 - 2015-05-25 11:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\{8B24C122-E5A7-4B6C-8C5E-8B75D03CF937} 2015-05-22 09:27 - 2015-05-22 09:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\{E68D8378-FC2E-4AE7-8193-639A705BDA72} 2015-05-21 13:02 - 2015-05-21 13:03 - 00000000 ____D C:\Windows\system32\vbox 2015-05-21 12:53 - 2015-05-21 12:52 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-05-21 12:53 - 2015-05-21 12:52 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys 2015-05-21 12:52 - 2015-05-21 12:52 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-05-21 12:51 - 2015-05-21 12:51 - 00271248 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys 2015-05-21 11:18 - 2015-05-21 11:20 - 00000000 ____D C:\Users\Administrator\AppData\Local\{A159BB46-20C8-4923-BFD7-1B9B3B92EB9E} 2015-05-20 13:15 - 2015-05-20 13:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\{D1FB0108-07FA-437F-9A97-A09534B49E55} 2015-05-19 09:43 - 2015-05-19 09:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\{0F2D45D9-FF5C-46B5-B01F-4ABD68CD81C6} 2015-05-18 10:17 - 2015-05-18 10:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\{6B81EFE9-D98C-4433-9719-07394B3803EE} 2015-05-15 10:45 - 2015-05-15 10:45 - 00000000 ____D C:\Users\Administrator\AppData\Local\{5E21014A-BBCB-4F87-A403-C2A4E99D190D} 2015-05-13 12:25 - 2015-05-01 16:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 10:29 - 2015-02-18 10:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-13 10:29 - 2015-01-29 06:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-13 10:28 - 2015-05-05 04:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 10:28 - 2015-04-27 22:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-05-13 10:28 - 2015-04-27 22:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-13 10:28 - 2015-04-27 22:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-13 10:28 - 2015-04-27 22:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-13 10:28 - 2015-04-27 22:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-13 10:28 - 2015-04-27 22:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-13 10:28 - 2015-04-27 22:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-13 10:28 - 2015-04-27 22:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-13 10:28 - 2015-04-27 22:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-13 10:28 - 2015-04-27 22:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-13 10:28 - 2015-04-27 22:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-13 10:28 - 2015-04-27 22:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-13 10:28 - 2015-04-27 22:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-13 10:28 - 2015-04-27 22:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-13 10:28 - 2015-04-27 22:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-13 10:28 - 2015-04-27 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-13 10:28 - 2015-04-27 21:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-13 10:28 - 2015-04-27 21:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-13 10:28 - 2015-04-27 21:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-13 10:28 - 2015-04-20 05:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 10:28 - 2015-04-20 05:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 10:28 - 2015-04-20 05:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 10:28 - 2015-04-18 05:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 10:27 - 2015-04-22 04:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 10:27 - 2015-04-21 19:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 10:27 - 2015-04-21 19:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 10:27 - 2015-04-21 19:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 10:27 - 2015-04-21 19:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 10:27 - 2015-04-21 19:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 10:27 - 2015-04-21 19:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 10:27 - 2015-04-21 19:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 10:27 - 2015-04-21 19:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 10:27 - 2015-04-21 19:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 10:27 - 2015-04-21 19:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 10:27 - 2015-04-21 19:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 10:27 - 2015-04-21 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 10:27 - 2015-04-21 18:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 10:27 - 2015-04-21 18:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 10:27 - 2015-04-21 18:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 10:27 - 2015-04-21 18:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 10:27 - 2015-04-21 18:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 10:27 - 2015-04-21 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 10:27 - 2015-04-21 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 10:27 - 2015-04-21 18:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 10:27 - 2015-04-21 18:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 10:27 - 2015-04-21 18:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 10:27 - 2015-04-21 18:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 10:27 - 2015-04-21 18:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 10:27 - 2015-04-21 18:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 10:27 - 2015-04-21 18:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 10:27 - 2015-04-21 18:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 10:27 - 2015-04-21 18:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 10:27 - 2015-04-21 18:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 10:27 - 2015-04-21 17:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 10:27 - 2015-04-21 17:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 10:27 - 2015-04-13 06:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 10:24 - 2015-04-08 06:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 10:24 - 2015-04-08 06:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 10:24 - 2015-03-04 07:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-13 10:24 - 2015-03-04 07:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-13 10:24 - 2015-03-04 07:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-13 10:24 - 2015-03-04 07:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-13 09:39 - 2015-05-13 09:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\{D8D53B24-10D1-46A4-A214-E7C7BD2096B8} 2015-05-11 08:49 - 2015-05-11 08:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\{FD17A642-E643-4744-9064-EC6601204F7A} ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-10 09:05 - 2010-10-24 22:53 - 01257428 _____ C:\Windows\WindowsUpdate.log 2015-06-10 09:05 - 2010-10-24 20:05 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-06-10 08:48 - 2009-07-14 07:34 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-10 08:48 - 2009-07-14 07:34 - 00020832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-10 08:34 - 2012-06-25 14:19 - 06455142 _____ C:\XrxUsd.log 2015-06-10 08:34 - 2010-10-25 14:50 - 00000000 ____D C:\Users\Administrator 2015-06-10 08:33 - 2014-09-12 13:21 - 00003464 _____ C:\Windows\Tasks\f8aac747-34de-4f0b-948e-395f20e6f50d-7.job 2015-06-10 08:33 - 2014-09-12 13:21 - 00003464 _____ C:\Windows\Tasks\f8aac747-34de-4f0b-948e-395f20e6f50d-6.job 2015-06-10 08:33 - 2014-09-12 13:20 - 00004490 _____ C:\Windows\Tasks\f8aac747-34de-4f0b-948e-395f20e6f50d-11.job 2015-06-10 08:33 - 2013-07-02 08:32 - 00027062 _____ C:\Windows\setupact.log 2015-06-10 08:33 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-09 16:43 - 2010-10-31 18:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2015-06-09 13:58 - 2015-04-02 13:48 - 00001304 _____ C:\Windows\Tasks\new_game_notification_service.job 2015-06-09 13:58 - 2015-04-02 13:48 - 00000666 _____ C:\Windows\Tasks\new_game_updating_service.job 2015-06-09 13:58 - 2014-09-12 13:21 - 00000900 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-06-09 13:58 - 2014-09-12 13:21 - 00000896 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-06-09 13:58 - 2013-03-04 10:31 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-09 13:58 - 2013-03-04 10:31 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-09 13:58 - 2012-04-17 12:11 - 00001098 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA.job 2015-06-09 13:58 - 2012-04-17 12:11 - 00001076 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core.job 2015-06-09 13:58 - 2011-04-04 16:21 - 00001024 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005UA.job 2015-06-09 13:58 - 2011-04-04 16:21 - 00000972 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1005Core.job 2015-06-09 13:58 - 2010-10-31 14:28 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1006UA.job 2015-06-09 13:58 - 2010-10-31 14:28 - 00000964 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299244719-1399796724-3294634451-1006Core.job 2015-06-08 16:52 - 2012-07-04 12:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\I Want This 2015-06-08 16:48 - 2015-04-02 13:48 - 00000000 ____D C:\Program Files\new game 2015-06-08 16:10 - 2015-04-03 08:28 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 2015-06-08 16:10 - 2011-03-25 20:30 - 00109280 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-08 16:09 - 2013-03-04 10:31 - 00000000 ____D C:\Program Files\Google 2015-06-08 16:09 - 2010-10-24 19:25 - 00331874 _____ C:\Windows\PFRO.log 2015-06-08 16:08 - 2010-10-31 14:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2015-06-08 16:05 - 2013-09-05 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-06-08 16:05 - 2013-09-05 11:49 - 00000000 ____D C:\Program Files\Canon 2015-06-08 16:03 - 2013-01-03 11:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\calibre 2015-06-08 16:03 - 2013-01-03 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2015-06-08 15:57 - 2009-07-14 07:33 - 03763560 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-08 15:54 - 2012-09-11 14:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\BitComet 2015-06-08 15:54 - 2012-09-11 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit) 2015-06-08 15:35 - 2012-06-13 13:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Opera 2015-06-08 15:35 - 2012-06-13 13:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\Opera 2015-06-08 15:34 - 2014-12-11 15:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PhotoScape 2015-06-08 15:32 - 2013-09-17 15:03 - 00000000 ____D C:\ProgramData\SimilarSites 2015-06-08 15:32 - 2012-11-16 17:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SimilarSites 2015-06-08 15:30 - 2013-06-21 10:16 - 00000000 ____D C:\Program Files\TeamViewer 2015-06-08 15:30 - 2012-11-22 12:50 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TeamViewer 2015-06-08 15:29 - 2012-11-12 15:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\BearShare 2015-06-08 15:27 - 2010-10-30 13:58 - 00000000 ____D C:\Program Files\Windows Live 2015-06-08 15:22 - 2013-09-13 09:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\WebPlayer 2015-06-08 15:21 - 2012-04-26 10:02 - 140266064 _____ C:\xxbgtask.log 2015-06-08 15:12 - 2015-02-02 17:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Unity 2015-06-08 08:46 - 2009-07-14 05:04 - 00000710 _____ C:\Windows\win.ini 2015-06-08 08:42 - 2014-12-11 13:38 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-08 08:42 - 2014-05-10 08:49 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-05-29 13:42 - 2010-10-24 19:26 - 00980294 _____ C:\Windows\system32\perfh01F.dat 2015-05-29 13:42 - 2010-10-24 19:26 - 00455792 _____ C:\Windows\system32\perfc01F.dat 2015-05-29 13:42 - 2010-10-24 18:25 - 00006444 _____ C:\Windows\system32\PerfStringBackup.INI 2015-05-29 09:16 - 2010-10-24 18:32 - 00000000 ____D C:\ProgramData\Skype 2015-05-26 12:52 - 2013-09-25 13:32 - 00000000 ___RD C:\Program Files\Skype 2015-05-21 12:52 - 2014-09-24 13:10 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-05-21 12:52 - 2014-09-24 13:10 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys 2015-05-21 12:52 - 2013-03-04 09:35 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys 2015-05-21 12:52 - 2013-03-04 09:35 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2015-05-21 12:52 - 2013-01-10 13:55 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-05-21 12:52 - 2013-01-10 13:55 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-05-21 12:52 - 2013-01-10 13:55 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-05-21 12:52 - 2013-01-10 13:55 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-05-15 16:55 - 2009-07-14 10:20 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-15 12:10 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\rescache 2015-05-15 11:18 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-05-15 10:36 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\tr-TR 2015-05-15 10:36 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2015-05-15 10:34 - 2010-10-24 18:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-13 12:24 - 2010-10-24 20:22 - 00000039 _____ C:\Windows\vbaddin.ini 2015-05-13 12:23 - 2015-03-04 10:02 - 00002101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Center Endpoint Protection.lnk 2015-05-13 12:23 - 2011-03-25 23:13 - 00001945 _____ C:\Windows\epplauncher.mif 2015-05-13 12:22 - 2013-09-25 13:32 - 00000000 ____D C:\Program Files\Microsoft Security Client 2015-05-13 12:04 - 2013-08-14 18:06 - 00000000 ____D C:\Windows\system32\MRT 2015-05-13 12:04 - 2010-10-24 18:39 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-13 11:58 - 2010-10-24 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight ==================== Files in the root of some directories ======= 2014-09-12 13:18 - 2014-09-12 13:18 - 6010880 _____ () C:\Program Files\GUT7668.tmp 2013-01-19 10:44 - 2013-01-19 10:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll 2015-03-31 11:14 - 2015-03-31 11:14 - 0005655 _____ () C:\Users\Administrator\AppData\Roaming\0W9ojlSERHVQh9fP4uW0uqGX 2015-03-31 11:14 - 2015-03-31 11:14 - 0005655 _____ () C:\Users\Administrator\AppData\Roaming\0W9ojlSERHVQh9fP4uW0uqGX3 2015-03-31 11:14 - 2015-03-31 11:14 - 0004387 _____ () C:\Users\Administrator\AppData\Roaming\KfOwsG9x 2013-09-23 12:52 - 2015-02-17 13:54 - 0000135 _____ () C:\Users\Administrator\AppData\Roaming\WB.CFG 2010-10-29 19:41 - 2014-09-12 13:09 - 0008082 _____ () C:\Users\Administrator\AppData\Roaming\XeroxFaxOptions.xml 2015-03-31 11:14 - 2015-03-31 11:14 - 0004387 _____ () C:\Users\Administrator\AppData\Roaming\xwMEhk3tTuYDvHMsB1V2T 2012-11-16 17:43 - 2012-11-16 17:42 - 0290500 _____ () C:\Users\Administrator\AppData\Local\funmoods-speeddial_sf.crx 2012-11-16 17:43 - 2012-11-16 17:42 - 0031465 _____ () C:\Users\Administrator\AppData\Local\funmoods.crx 2010-10-26 17:33 - 2010-10-26 17:33 - 0000017 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg 2014-04-15 11:35 - 2014-04-15 11:35 - 0005113 _____ () C:\ProgramData\mtbjfghn.xbe Some files in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\DeltaTB.exe C:\Users\Administrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuuimyg.dll C:\Users\Administrator\AppData\Local\Temp\SkypeSetup.exe C:\Users\Administrator\AppData\Local\Temp\WSSetup.exe C:\Users\Visitor\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe C:\Users\Visitor\AppData\Local\Temp\SkypeSetup.exe C:\Users\Visitor\AppData\Local\Temp\tmpCB3A.exe C:\Users\Visitor\AppData\Local\Temp\_D6.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-09 12:15 ==================== End of log ============================ Addition.txt
  18. Писах за проблема с това че постоянно ми излизат реклами докато сърфирам в интернет и ме посъветваха да си изтегля една програма на име "Farbar Recovery ScaN TOOL" i като сканирам с нея да копирам съдържанието на единия файл тук а другия да го прикрепя така и правя. Ran by georgi (administrator) on GEORGI on 15-01-2015 15:44:49 Running from D:\Download Loaded Profiles: georgi (Available profiles: georgi) Platform: Windows 8.1 N (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (XTab system) C:\Program Files (x86)\XTab\ProtectService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Buca Apps) C:\Program Files (x86)\Super Radio\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-6.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe (XTab system) C:\Program Files (x86)\XTab\HPNotify.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (BitTorrent Inc.) C:\Users\georgi\AppData\Roaming\uTorrent\uTorrent.exe (Safebridge GmbH) C:\Users\georgi\AppData\Local\Apps\2.0\LORV2KO8.YTG\1WYA2691.LHD\sfb...tion_07c596ec85ac2238_0001.0006_60d5a9d76d81363d\Sfb.Client.App.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2015-01-12] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2015-01-12] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro) HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3848238859-4023326001-2967766439-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} HKU\S-1-5-21-3848238859-4023326001-2967766439-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 HKU\S-1-5-21-3848238859-4023326001-2967766439-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-3848238859-4023326001-2967766439-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&q={searchTerms} SearchScopes: HKU\S-1-5-21-3848238859-4023326001-2967766439-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&ts=1421125840&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3848238859-4023326001-2967766439-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&ts=1421125840&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3848238859-4023326001-2967766439-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&ts=1421125840&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3848238859-4023326001-2967766439-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&ts=1421125840&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3848238859-4023326001-2967766439-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://istart.webssearches.com/web/?utm_source=b&utm_medium=kmp&utm_campaign=install_ie&utm_content=ds&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681&ts=1421125840&type=default&q={searchTerms} BHO: Super Radio -> {11111111-1111-1111-1111-110611791177} -> C:\Program Files (x86)\Super Radio\Super Radio-bho64.dll (Buca Apps) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Super Radio -> {11111111-1111-1111-1111-110611791177} -> C:\Program Files (x86)\Super Radio\Super Radio-bho.dll (Buca Apps) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 CHR StartupUrls: Default -> "https://www.google.com/" CHR DefaultSearchKeyword: Default -> webssearches CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Презентации) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-12] CHR Extension: (Google Документи) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-12] CHR Extension: (Google Диск) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-12] CHR Extension: (YouTube) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-12] CHR Extension: (Adblock Plus) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-15] CHR Extension: (Google Търсене) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-12] CHR Extension: (Електронни таблици от Google) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12] CHR Extension: (Google Wallet) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-12] CHR Extension: (Gmail) - C:\Users\georgi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-12] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://istart.webssearches.com/?type=sc&ts=1421125776&from=kmp&uid=ST1000LM024XHN-M101MBB_S30YJ9CF630681 ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-09-04] (Broadcom Corporation.) S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-12] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-12] (globalUpdate) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation) R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2015-01-07] (XTab system) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] () R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 15:44 - 2015-01-15 15:44 - 00000000 ____D () C:\FRST 2015-01-15 15:04 - 2015-01-15 15:33 - 00070656 ___SH () C:\Users\georgi\Desktop\Thumbs.db 2015-01-14 19:56 - 2015-01-14 19:56 - 00000358 _____ () C:\Users\georgi\Desktop\Safebridge - Client (1.5).appref-ms 2015-01-14 19:56 - 2015-01-14 19:56 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Safebridge GmbH 2015-01-14 19:55 - 2015-01-14 19:56 - 00000000 ____D () C:\Users\georgi\AppData\Local\Deployment 2015-01-14 19:55 - 2015-01-14 19:55 - 00000000 ____D () C:\Users\georgi\AppData\Local\Apps\2.0 2015-01-14 19:41 - 2015-01-14 19:41 - 00002990 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements 2015-01-14 19:41 - 2015-01-14 19:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2015-01-14 19:41 - 2015-01-14 19:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2015-01-14 19:41 - 2015-01-14 19:41 - 00000000 ____D () C:\Program Files\Synaptics 2015-01-14 19:41 - 2013-08-14 15:01 - 00722160 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll 2015-01-14 19:41 - 2013-08-14 15:01 - 00527600 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys 2015-01-14 19:41 - 2013-08-14 15:01 - 00421616 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo19.dll 2015-01-14 19:41 - 2013-08-14 15:01 - 00400112 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll 2015-01-14 19:41 - 2013-08-14 15:01 - 00251632 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll 2015-01-14 19:41 - 2013-08-14 15:01 - 00169712 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCom.dll 2015-01-14 19:40 - 2015-01-14 19:41 - 00001356 _____ () C:\Windows\Synaptics.log 2015-01-14 19:40 - 2013-08-14 15:01 - 00034544 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys 2015-01-14 19:33 - 2015-01-14 19:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2015-01-14 19:32 - 2014-12-31 03:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-14 19:29 - 2015-01-14 19:29 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2015-01-14 19:29 - 2015-01-14 19:29 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2015-01-14 19:23 - 2015-01-14 19:26 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 19:23 - 2014-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 19:22 - 2015-01-14 19:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET 2015-01-13 21:52 - 2014-10-30 14:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-01-13 21:52 - 2014-10-30 14:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-01-13 21:52 - 2014-02-10 18:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2015-01-13 21:52 - 2014-02-10 18:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2015-01-13 21:52 - 2014-01-06 23:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe 2015-01-13 21:52 - 2014-01-06 21:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe 2015-01-13 21:52 - 2013-12-08 18:57 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-01-13 21:52 - 2013-12-08 17:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-01-13 21:52 - 2013-11-08 22:34 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe 2015-01-13 21:52 - 2013-11-08 22:34 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll 2015-01-13 21:52 - 2013-11-08 21:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll 2015-01-13 21:52 - 2013-10-15 00:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2015-01-13 21:52 - 2013-10-15 00:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2015-01-13 21:28 - 2015-01-13 21:28 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\bg-BG 2015-01-13 21:28 - 2015-01-13 21:28 - 00000000 ____D () C:\Windows\system32\Drivers\bg-BG 2015-01-13 21:28 - 2015-01-13 21:28 - 00000000 ____D () C:\Windows\system32\bg 2015-01-13 21:28 - 2015-01-13 21:28 - 00000000 ____D () C:\Windows\bg-BG 2015-01-13 20:40 - 2015-01-13 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-01-13 20:40 - 2015-01-13 20:40 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2015-01-13 20:19 - 2015-01-13 20:19 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\WinRAR 2015-01-12 21:28 - 2015-01-12 21:28 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2015-01-12 21:28 - 2015-01-12 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2015-01-12 21:28 - 2015-01-12 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-01-12 21:27 - 2015-01-12 21:27 - 00000000 ____D () C:\Windows\PCHEALTH 2015-01-12 21:27 - 2015-01-12 21:27 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework 2015-01-12 21:27 - 2015-01-12 21:27 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-01-12 21:26 - 2015-01-12 21:26 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2015-01-12 21:26 - 2015-01-12 21:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8 2015-01-12 21:26 - 2015-01-12 21:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2015-01-12 21:25 - 2015-01-14 19:45 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-01-12 21:25 - 2015-01-12 21:27 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-01-12 21:25 - 2015-01-12 21:25 - 00000000 __RHD () C:\MSOCache 2015-01-12 21:25 - 2015-01-12 21:25 - 00000000 ____D () C:\Users\georgi\AppData\Local\Microsoft Help 2015-01-12 21:25 - 2015-01-12 21:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-01-12 21:17 - 2015-01-12 21:17 - 00007532 _____ () C:\Users\georgi\Downloads\Microsoft Office Professional Plus 2010 with Service Pack 1 VL EN x64.torrent 2015-01-12 21:11 - 2015-01-13 21:46 - 00000000 ____D () C:\The KMPlayer 2015-01-12 21:11 - 2015-01-12 21:11 - 00000642 _____ () C:\Users\georgi\Desktop\KMPlayer.lnk 2015-01-12 21:11 - 2015-01-12 21:11 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer 2015-01-12 21:10 - 2015-01-12 21:10 - 00000000 ____D () C:\ProgramData\IHProtectUpDate 2015-01-12 21:10 - 2015-01-12 21:10 - 00000000 ____D () C:\Program Files (x86)\XTab 2015-01-12 21:08 - 2015-01-12 21:08 - 35867784 _____ (PandoraTV) C:\Users\georgi\Downloads\3.9.1.132_20150106114303.exe 2015-01-12 21:08 - 2015-01-12 21:08 - 32830712 _____ (PandoraTV) C:\Users\georgi\Downloads\3.9.0.126_20140723022507.exe 2015-01-12 21:03 - 2015-01-12 21:03 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-01-12 20:53 - 2015-01-12 20:54 - 00001301 ____H () C:\Windows\EPMBatch.ept 2015-01-12 20:44 - 2015-01-15 14:44 - 00003106 _____ () C:\Windows\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-1.job 2015-01-12 20:44 - 2015-01-15 14:44 - 00002442 _____ () C:\Windows\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-5_user.job 2015-01-12 20:44 - 2015-01-15 14:44 - 00002442 _____ () C:\Windows\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-5.job 2015-01-12 20:44 - 2015-01-15 14:44 - 00002106 _____ () C:\Windows\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-2.job 2015-01-12 20:44 - 2015-01-12 20:44 - 00006110 _____ () C:\Windows\System32\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-1 2015-01-12 20:44 - 2015-01-12 20:44 - 00005446 _____ () C:\Windows\System32\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-5 2015-01-12 20:44 - 2015-01-12 20:44 - 00005110 _____ () C:\Windows\System32\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-2 2015-01-12 20:43 - 2015-01-15 15:43 - 00005514 _____ () C:\Windows\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-6.job 2015-01-12 20:43 - 2015-01-15 14:48 - 00000942 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2015-01-12 20:43 - 2015-01-15 14:43 - 00005178 _____ () C:\Windows\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-7.job 2015-01-12 20:43 - 2015-01-14 20:48 - 00000938 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-01-12 20:43 - 2015-01-12 20:44 - 00000000 ____D () C:\Program Files (x86)\Super Radio 2015-01-12 20:43 - 2015-01-12 20:43 - 00008518 _____ () C:\Windows\System32\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-6 2015-01-12 20:43 - 2015-01-12 20:43 - 00008182 _____ () C:\Windows\System32\Tasks\dc0f8d26-f3e8-43e4-bd4a-68ffeca68922-7 2015-01-12 20:43 - 2015-01-12 20:43 - 00003914 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA 2015-01-12 20:43 - 2015-01-12 20:43 - 00003678 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore 2015-01-12 20:43 - 2015-01-12 20:43 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\TuneUp Software 2015-01-12 20:43 - 2015-01-12 20:43 - 00000000 ____D () C:\Users\georgi\AppData\Local\TuneUp Software 2015-01-12 20:43 - 2015-01-12 20:43 - 00000000 ____D () C:\Users\georgi\AppData\Local\globalUpdate 2015-01-12 20:43 - 2015-01-12 20:43 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2015-01-12 20:43 - 2015-01-12 20:43 - 00000000 ____D () C:\Program Files (x86)\16e500f2-b385-4bcf-9ae1-8edce20f16c8 2015-01-12 20:42 - 2015-01-12 20:43 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-01-12 20:42 - 2015-01-12 20:42 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-01-12 20:41 - 2015-01-12 20:41 - 00001408 _____ () C:\Users\Public\Desktop\EaseUS Partition Master 10.2.lnk 2015-01-12 20:41 - 2015-01-12 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.2 2015-01-12 20:41 - 2015-01-12 20:41 - 00000000 ____D () C:\Program Files (x86)\EaseUS 2015-01-12 20:41 - 2014-11-18 14:46 - 03384928 _____ () C:\Windows\system32\BootMan.exe 2015-01-12 20:41 - 2014-11-18 14:46 - 02502240 _____ () C:\Windows\SysWOW64\BootMan.exe 2015-01-12 20:41 - 2014-11-18 14:46 - 00021088 _____ () C:\Windows\SysWOW64\EuEpmGdi.dll 2015-01-12 20:41 - 2014-11-18 14:46 - 00017504 _____ () C:\Windows\system32\EuEpmGdi.dll 2015-01-12 20:41 - 2014-11-18 14:39 - 00018528 _____ () C:\Windows\system32\epmntdrv.sys 2015-01-12 20:41 - 2014-11-18 14:39 - 00014944 _____ () C:\Windows\SysWOW64\epmntdrv.sys 2015-01-12 20:41 - 2014-11-18 14:39 - 00010848 _____ () C:\Windows\system32\EuGdiDrv.sys 2015-01-12 20:41 - 2014-11-18 14:39 - 00010208 _____ () C:\Windows\SysWOW64\EuGdiDrv.sys 2015-01-12 20:41 - 2014-11-18 14:38 - 00101984 _____ () C:\Windows\system32\setupempdrvx64.exe 2015-01-12 20:41 - 2014-11-18 14:38 - 00088160 _____ () C:\Windows\SysWOW64\setupempdrv03.exe 2015-01-12 20:39 - 2015-01-13 20:40 - 00001947 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2015-01-12 20:39 - 2015-01-13 20:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2015-01-12 20:39 - 2015-01-12 20:39 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-12 20:39 - 2015-01-12 20:39 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-01-12 20:39 - 2015-01-12 20:39 - 00000000 ____D () C:\ProgramData\McAfee 2015-01-12 20:39 - 2015-01-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-01-12 20:38 - 2015-01-14 14:52 - 00000000 ____D () C:\Users\georgi\AppData\Local\Adobe 2015-01-12 20:38 - 2015-01-12 21:01 - 00000000 ____D () C:\ProgramData\Adobe 2015-01-12 20:35 - 2015-01-12 20:35 - 01937984 _____ () C:\Users\georgi\Downloads\winrar-x64-521b1 (1).exe 2015-01-12 20:35 - 2015-01-12 20:35 - 00001009 _____ () C:\Users\georgi\Desktop\WinRAR.lnk 2015-01-12 20:35 - 2015-01-12 20:35 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-12 20:35 - 2015-01-12 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-12 20:35 - 2015-01-12 20:35 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-12 20:34 - 2015-01-12 20:34 - 01937984 _____ () C:\Users\georgi\Downloads\winrar-x64-521b1.exe 2015-01-12 20:24 - 2015-01-12 20:40 - 30603720 _____ (EaseUS ) C:\Users\georgi\Downloads\epm.exe 2015-01-12 20:20 - 2015-01-12 21:09 - 00002487 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-12 20:20 - 2015-01-12 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-12 20:19 - 2015-01-15 15:24 - 00001012 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-12 20:19 - 2015-01-14 20:24 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-12 20:19 - 2015-01-12 20:20 - 00000000 ____D () C:\Users\georgi\AppData\Local\Google 2015-01-12 20:19 - 2015-01-12 20:20 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-12 20:19 - 2015-01-12 20:19 - 00003984 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-01-12 20:19 - 2015-01-12 20:19 - 00003748 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-01-12 20:12 - 2015-01-14 19:41 - 00013746 _____ () C:\Windows\DPINST.LOG 2015-01-12 20:12 - 2015-01-12 20:12 - 00002106 _____ () C:\Users\Public\Desktop\OneKey Recovery.lnk 2015-01-12 20:12 - 2015-01-12 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo 2015-01-12 20:12 - 2015-01-12 20:12 - 00000000 ____D () C:\ProgramData\Energy Manager 2015-01-12 20:12 - 2015-01-12 20:12 - 00000000 ____D () C:\ProgramData\Downloaded Installations 2015-01-12 20:12 - 2015-01-12 20:12 - 00000000 ____D () C:\Program Files\DIFX 2015-01-12 20:11 - 2015-01-12 20:12 - 00000000 ____D () C:\ProgramData\OneKey Recovery 2015-01-12 20:11 - 2015-01-12 20:11 - 00000000 ____D () C:\ProgramData\Temp 2015-01-12 20:11 - 2012-06-13 17:10 - 00102376 _____ ("CyberLink) C:\Windows\system32\Drivers\wsvd.sys 2015-01-12 20:09 - 2015-01-12 20:09 - 00836954 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-12 20:09 - 2015-01-12 20:09 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Intel Corporation 2015-01-12 20:09 - 2013-07-03 11:25 - 00074344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelPcc.sys 2015-01-12 20:08 - 2015-01-12 20:08 - 00000000 ____D () C:\Users\georgi\Intel 2015-01-12 20:07 - 2015-01-12 20:09 - 00000000 ____D () C:\ProgramData\Intel 2015-01-12 20:07 - 2013-09-04 07:53 - 00016344 ____R (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll 2015-01-12 20:06 - 2015-01-12 20:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2015-01-12 20:06 - 2013-09-04 07:53 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll 2015-01-12 20:06 - 2013-09-04 07:53 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys 2015-01-12 20:05 - 2015-01-12 20:05 - 00000000 ____D () C:\Program Files (x86)\USB Camera 2015-01-12 20:04 - 2015-01-12 20:04 - 00000000 ____D () C:\Users\georgi\Documents\Bluetooth Exchange Folder 2015-01-12 20:04 - 2015-01-12 20:04 - 00000000 ____D () C:\Users\georgi\AppData\Local\Broadcom 2015-01-12 20:04 - 2015-01-12 20:04 - 00000000 ____D () C:\Program Files (x86)\Vimicro 2015-01-12 20:04 - 2013-08-30 11:10 - 01065472 _____ (Vimicro Corporation) C:\Windows\system32\Drivers\vm331avs.sys 2015-01-12 20:04 - 2013-08-30 10:49 - 00001677 _____ () C:\Windows\vm331Rmv.ini 2015-01-12 20:04 - 2013-08-30 10:49 - 00001677 _____ () C:\Windows\SysWOW64\vm331Rmv.ini 2015-01-12 20:04 - 2013-05-21 16:53 - 00663552 _____ () C:\Windows\SysWOW64\vmprp331.ax 2015-01-12 20:04 - 2013-05-21 16:52 - 01072640 _____ () C:\Windows\system32\331prx64.ax 2015-01-12 20:04 - 2013-04-15 16:24 - 00358912 _____ (Vimicro Corporation) C:\Windows\system32\VmCoinst.dll 2015-01-12 20:04 - 2010-07-01 08:38 - 00000356 _____ () C:\Windows\system\vm331avs.rsf 2015-01-12 20:03 - 2013-07-12 07:41 - 00228568 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys 2015-01-12 20:03 - 2013-07-12 07:41 - 00186584 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys 2015-01-12 20:03 - 2013-07-12 07:41 - 00038616 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys 2015-01-12 20:03 - 2012-07-27 10:18 - 00040248 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys 2015-01-12 20:02 - 2015-01-12 20:11 - 00000000 ____D () C:\Program Files\Lenovo 2015-01-12 20:01 - 2015-01-12 20:12 - 00000000 ____D () C:\Program Files (x86)\Lenovo 2015-01-12 20:01 - 2015-01-12 20:01 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\InstallShield 2015-01-12 20:01 - 2013-08-07 13:37 - 07474864 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL63a.SYS 2015-01-12 20:01 - 2013-08-07 12:17 - 04011520 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll 2015-01-12 20:01 - 2013-08-07 12:16 - 03777024 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll 2015-01-12 20:00 - 2015-01-12 20:00 - 00000000 ____H () C:\ProgramData\DP45977C.lfl 2015-01-12 20:00 - 2015-01-12 20:00 - 00000000 ____D () C:\ProgramData\AmUStor 2015-01-12 20:00 - 2015-01-12 20:00 - 00000000 ____D () C:\Program Files\Dolby Digital Plus 2015-01-12 20:00 - 2015-01-12 20:00 - 00000000 ____D () C:\Program Files (x86)\AmIcoSingLun 2015-01-12 19:59 - 2013-08-11 22:54 - 06101504 _____ (IDT, Inc.) C:\Windows\system32\stlang64.dll 2015-01-12 19:59 - 2013-08-11 22:54 - 01897984 _____ (IDT, Inc.) C:\Windows\system32\IDTNC64.cpl 2015-01-12 19:59 - 2013-08-11 22:54 - 00338944 _____ (IDT, Inc.) C:\Windows\system32\stacsv64.exe 2015-01-12 19:59 - 2013-08-11 22:54 - 00088576 _____ (IDT, Inc.) C:\Windows\system32\IDTPMA64.exe 2015-01-12 19:58 - 2013-08-11 22:54 - 02213376 _____ (IDT, Inc.) C:\Windows\system32\stapo64.dll 2015-01-12 19:58 - 2013-08-11 22:54 - 00697856 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll 2015-01-12 19:58 - 2013-08-11 22:54 - 00551936 _____ (IDT, Inc.) C:\Windows\system32\Drivers\stwrt64.sys 2015-01-12 19:58 - 2013-08-11 22:54 - 00499200 _____ (IDT, Inc.) C:\Windows\system32\stcplx64.dll 2015-01-12 19:58 - 2013-08-11 22:54 - 00256000 _____ (IDT, Inc.) C:\Windows\system32\st646490.dll 2015-01-12 19:58 - 2013-08-05 18:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll 2015-01-12 19:58 - 2013-08-05 13:56 - 06219096 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll 2015-01-12 19:58 - 2013-08-05 13:56 - 01908568 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll 2015-01-12 19:58 - 2013-08-05 13:56 - 00312152 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll 2015-01-12 19:58 - 2013-08-05 13:56 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll 2015-01-12 19:57 - 2015-01-12 20:00 - 00000000 ____D () C:\Program Files\IDT 2015-01-12 19:57 - 2015-01-12 19:57 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e 2015-01-12 19:57 - 2013-08-05 11:50 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2015-01-12 19:57 - 2013-07-18 13:55 - 00130248 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C63x64.sys 2015-01-12 19:54 - 2015-01-12 20:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-12 19:53 - 2015-01-12 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PartitionMagic 8.0 2015-01-12 19:49 - 2015-01-12 19:49 - 00000000 ____D () C:\Users\georgi\AppData\Local\Intel_Corporation 2015-01-12 19:46 - 2015-01-15 15:24 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Skype 2015-01-12 19:46 - 2015-01-12 19:46 - 00002713 _____ () C:\Users\Public\Desktop\Skype.lnk 2015-01-12 19:46 - 2015-01-12 19:46 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-12 19:46 - 2015-01-12 19:46 - 00000000 ____D () C:\Users\georgi\AppData\Local\Skype 2015-01-12 19:46 - 2015-01-12 19:46 - 00000000 ____D () C:\ProgramData\Skype 2015-01-12 19:46 - 2015-01-12 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-12 19:45 - 2015-01-12 19:45 - 00001367 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk 2015-01-12 19:44 - 2015-01-12 20:43 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2015-01-12 19:44 - 2015-01-12 19:45 - 00000000 ____D () C:\Users\georgi\AppData\Local\NVIDIA 2015-01-12 19:44 - 2015-01-12 19:44 - 00000000 ____D () C:\Users\georgi\AppData\Local\NVIDIA Corporation 2015-01-12 19:44 - 2015-01-12 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-01-12 19:44 - 2014-07-25 06:01 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-01-12 19:44 - 2014-07-25 06:01 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-01-12 19:44 - 2014-07-25 06:01 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-01-12 19:44 - 2014-07-25 06:01 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-01-12 19:44 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2015-01-12 19:44 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2015-01-12 19:44 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2015-01-12 19:44 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2015-01-12 19:44 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2015-01-12 19:44 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2015-01-12 19:43 - 2015-01-12 19:44 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2015-01-12 19:42 - 2015-01-12 20:41 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\OpenCandy 2015-01-12 19:42 - 2015-01-12 19:42 - 00000896 _____ () C:\Users\georgi\Desktop\µTorrent.lnk 2015-01-12 19:42 - 2015-01-12 19:42 - 00000876 _____ () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-01-12 19:42 - 2015-01-12 19:42 - 00000000 ____D () C:\ProgramData\APN 2015-01-12 19:42 - 2014-07-02 12:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 14498552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-01-12 19:42 - 2014-07-02 12:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 02814656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-01-12 19:42 - 2014-07-02 12:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-01-12 19:42 - 2014-03-31 08:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2015-01-12 19:42 - 2014-03-31 08:42 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2015-01-12 19:42 - 2014-03-31 08:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2015-01-12 19:41 - 2015-01-15 15:45 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\uTorrent 2015-01-12 19:41 - 2015-01-12 19:41 - 00000000 ____D () C:\NVIDIA 2015-01-12 19:38 - 2015-01-12 19:38 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Macromedia 2015-01-12 19:33 - 2015-01-12 20:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-01-12 19:33 - 2015-01-12 20:09 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-01-12 19:33 - 2015-01-12 19:33 - 00000732 _____ () C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk 2015-01-12 19:32 - 2015-01-12 20:09 - 00000000 ____D () C:\Program Files\Intel 2015-01-12 19:32 - 2013-10-05 14:32 - 07587824 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 02474856 _____ (Intel Corporation) C:\Windows\system32\SETCE2D.tmp 2015-01-12 19:32 - 2013-10-05 14:32 - 00844784 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00771056 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00769520 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00754672 _____ (Intel Corporation) C:\Windows\system32\GfxUIHotKeyMenu.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00396272 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00393712 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00391152 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00279024 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe 2015-01-12 19:32 - 2013-10-05 14:32 - 00153072 _____ (Intel Corporation) C:\Windows\system32\difx64.exe 2015-01-12 19:32 - 2013-10-02 01:25 - 00180224 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3316.dll 2015-01-12 19:32 - 2013-10-02 01:20 - 00002940 _____ () C:\Windows\system32\iglhxs64.vp 2015-01-12 19:32 - 2013-10-02 01:17 - 07850496 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll 2015-01-12 19:32 - 2013-10-02 01:17 - 00412160 _____ () C:\Windows\system32\igdmd64.dll 2015-01-12 19:32 - 2013-10-02 01:16 - 12130304 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll 2015-01-12 19:32 - 2013-10-02 01:16 - 09081856 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll 2015-01-12 19:32 - 2013-10-02 01:16 - 04185600 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys 2015-01-12 19:32 - 2013-10-02 01:16 - 00526848 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00524800 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00524800 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00524288 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00524288 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00523776 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00523776 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc 2015-01-12 19:32 - 2013-10-02 01:16 - 00220672 _____ () C:\Windows\system32\igdde64.dll 2015-01-12 19:32 - 2013-10-02 01:16 - 00160256 _____ () C:\Windows\system32\igdail64.dll 2015-01-12 19:32 - 2013-10-02 01:16 - 00066560 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 04067328 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 02384896 _____ () C:\Windows\system32\GfxRes.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00623616 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00548864 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00527360 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00526848 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00526848 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00526336 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00525824 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00525312 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00524800 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00523776 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00522240 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00521728 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00517120 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00516096 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00513536 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00513024 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00371200 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc 2015-01-12 19:32 - 2013-10-02 01:15 - 00345600 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00279040 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl 2015-01-12 19:32 - 2013-10-02 01:15 - 00265030 _____ () C:\Windows\system32\Gfxres.th-TH.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00251250 _____ () C:\Windows\system32\Gfxres.el-GR.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00243712 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00233293 _____ () C:\Windows\system32\Gfxres.ru-RU.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00223744 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00199323 _____ () C:\Windows\system32\Gfxres.ar-SA.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00196855 _____ () C:\Windows\system32\Gfxres.ja-JP.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00194048 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00190937 _____ () C:\Windows\system32\Gfxres.he-IL.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00179235 _____ () C:\Windows\system32\Gfxres.ko-KR.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00179170 _____ () C:\Windows\system32\Gfxres.it-IT.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00176818 _____ () C:\Windows\system32\Gfxres.es-ES.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00176555 _____ () C:\Windows\system32\Gfxres.fr-FR.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00176526 _____ () C:\Windows\system32\Gfxres.de-DE.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00175165 _____ () C:\Windows\system32\Gfxres.ro-RO.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00174165 _____ () C:\Windows\system32\Gfxres.hu-HU.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00173876 _____ () C:\Windows\system32\Gfxres.tr-TR.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00173626 _____ () C:\Windows\system32\Gfxres.pl-PL.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00173401 _____ () C:\Windows\system32\Gfxres.nl-NL.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00172630 _____ () C:\Windows\system32\Gfxres.pt-BR.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00171980 _____ () C:\Windows\system32\Gfxres.fi-FI.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00171631 _____ () C:\Windows\system32\Gfxres.sk-SK.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00171464 _____ () C:\Windows\system32\Gfxres.sv-SE.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00171207 _____ () C:\Windows\system32\Gfxres.pt-PT.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00170928 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00170073 _____ () C:\Windows\system32\Gfxres.hr-HR.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00166591 _____ () C:\Windows\system32\Gfxres.sl-SI.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00165303 _____ () C:\Windows\system32\Gfxres.nb-NO.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00164653 _____ () C:\Windows\system32\Gfxres.da-DK.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00159945 _____ () C:\Windows\system32\Gfxres.en-US.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00153231 _____ () C:\Windows\system32\Gfxres.zh-TW.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00151479 _____ () C:\Windows\system32\Gfxres.zh-CN.resources 2015-01-12 19:32 - 2013-10-02 01:15 - 00029184 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll 2015-01-12 19:32 - 2013-10-02 01:15 - 00012288 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 25986048 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 11417600 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 06225408 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 03292672 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00492032 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00343040 _____ () C:\Windows\SysWOW64\igdmd32.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00329216 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00304640 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00180736 _____ () C:\Windows\SysWOW64\igdde32.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00142848 _____ () C:\Windows\SysWOW64\igdail32.dll 2015-01-12 19:32 - 2013-10-02 01:07 - 00025088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll 2015-01-12 19:32 - 2013-10-02 01:01 - 20946944 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll 2015-01-12 19:32 - 2013-10-02 01:01 - 02974208 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll 2015-01-12 19:32 - 2013-10-02 01:01 - 00290816 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll 2015-01-12 19:32 - 2013-10-02 01:01 - 00253440 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 04010144 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAAC64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 01423520 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSecureSourceFilter64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00750752 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiWinNextAgent64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00632480 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiAudioFilter64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00598688 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMux64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00344736 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiSilenceFilter64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00209056 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUtils64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00176288 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiDDEAgent64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00121504 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCUMD64.dll 2015-01-12 19:32 - 2013-10-02 00:54 - 00094368 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiLogServer64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 02064896 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 01814016 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 01127424 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 01123328 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00214528 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00179712 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00158720 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00149504 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00133120 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00128000 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00064000 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll 2015-01-12 19:32 - 2013-09-30 22:12 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll 2015-01-12 19:31 - 2015-01-15 15:23 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3848238859-4023326001-2967766439-1001 2015-01-12 19:30 - 2015-01-12 20:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-12 19:30 - 2015-01-12 19:45 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-01-12 19:30 - 2015-01-12 19:44 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-01-12 19:30 - 2014-10-03 17:37 - 00082432 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-01-12 19:30 - 2014-10-03 17:37 - 00074240 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 06783776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 03522392 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 02559960 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 01084704 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 00935368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-01-12 19:30 - 2014-07-02 10:55 - 00618440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 00386520 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2015-01-12 19:30 - 2014-07-02 10:55 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-01-12 19:30 - 2014-07-02 02:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin 2015-01-12 19:29 - 2013-10-02 01:25 - 00449528 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys 2015-01-12 19:28 - 2015-01-15 15:30 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CB8B9234-3F65-4E42-BF87-1578FF027AF2} 2015-01-12 19:28 - 2015-01-12 19:28 - 00000424 _____ () C:\Users\georgi\Desktop\This PC - Shortcut.lnk 2015-01-12 19:28 - 2015-01-12 19:28 - 00000000 ____D () C:\Intel 2015-01-12 19:26 - 2015-01-15 15:34 - 00000000 ___RD () C:\Users\georgi\SkyDrive 2015-01-12 19:24 - 2015-01-14 14:52 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Adobe 2015-01-12 19:24 - 2015-01-12 21:09 - 00001668 _____ () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-12 19:24 - 2015-01-12 19:25 - 00000000 ____D () C:\Users\georgi\AppData\Local\Packages 2015-01-12 19:24 - 2015-01-12 19:24 - 00003300 _____ () C:\Windows\System32\Tasks\KMS Server Daily Activate 2015-01-12 19:24 - 2015-01-12 19:24 - 00003114 _____ () C:\Windows\System32\Tasks\KMS Server OnLogon Activate 2015-01-12 19:24 - 2015-01-12 19:24 - 00000000 ____D () C:\Users\georgi\AppData\Local\VirtualStore 2015-01-12 19:24 - 2013-08-22 04:40 - 00040664 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys 2015-01-12 19:23 - 2015-01-14 14:24 - 00000000 ____D () C:\Users\georgi 2015-01-12 19:23 - 2015-01-12 19:23 - 00000020 ___SH () C:\Users\georgi\ntuser.ini 2015-01-12 19:23 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-12 19:23 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-12 19:23 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-12 19:23 - 2013-08-22 07:36 - 00000000 ____D () C:\Users\georgi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-12 19:22 - 2015-01-14 14:31 - 00820548 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-12 19:19 - 2015-01-15 15:27 - 01814039 _____ () C:\Windows\WindowsUpdate.log 2015-01-12 19:15 - 2013-08-21 21:17 - 02407936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2015-01-12 19:12 - 2015-01-13 21:43 - 00005274 _____ () C:\Windows\PFRO.log 2015-01-12 19:12 - 2015-01-12 19:24 - 00000000 ____D () C:\Windows\Panther 2015-01-12 18:57 - 2015-01-12 18:57 - 00000000 ____D () C:\Windows.old ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 15:24 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-01-15 15:16 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-01-15 15:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru 2015-01-14 19:45 - 2013-08-22 05:25 - 00000167 _____ () C:\Windows\win.ini 2015-01-14 19:41 - 2013-08-22 06:45 - 00009889 _____ () C:\Windows\setupact.log 2015-01-14 19:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG 2015-01-14 19:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\bg-BG 2015-01-14 19:27 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2015-01-14 19:27 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\System 2015-01-14 19:25 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-01-14 14:24 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-13 21:43 - 2013-08-22 06:44 - 00473392 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-01-13 21:43 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-01-13 21:28 - 2013-08-22 11:12 - 00000000 ____D () C:\Program Files\Windows Journal 2015-01-13 21:28 - 2013-08-22 11:10 - 00000000 ____D () C:\Windows\SysWOW64\WCN 2015-01-13 21:28 - 2013-08-22 11:10 - 00000000 ____D () C:\Windows\SysWOW64\slmgr 2015-01-13 21:28 - 2013-08-22 11:10 - 00000000 ____D () C:\Windows\system32\WCN 2015-01-13 21:28 - 2013-08-22 11:10 - 00000000 ____D () C:\Windows\system32\slmgr 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\WinStore 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\migwiz 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Help 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\FileManager 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2015-01-13 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-01-13 21:28 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe 2015-01-13 21:28 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\system32\Sysprep 2015-01-13 21:28 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\system32\oobe 2015-01-13 21:28 - 2013-08-22 05:36 - 00000000 ____D () C:\Windows\servicing 2015-01-12 21:28 - 2013-08-22 11:12 - 00000000 ____D () C:\Windows\ShellNew 2015-01-12 21:28 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-01-12 20:12 - 2013-02-17 10:48 - 00035600 _____ (Lenovo Corporation) C:\Windows\system32\Drivers\AcpiVpc.sys 2015-01-12 20:12 - 2012-02-21 05:48 - 02356592 _____ (Microsoft Corporation) C:\Windows\system32\WudfUpdate_01011.dll 2015-01-12 20:05 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\System 2015-01-12 19:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\restore 2015-01-12 19:24 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\Camera 2015-01-12 19:24 - 2013-08-22 06:44 - 00000000 ____D () C:\Windows\Setup 2015-01-12 19:19 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache 2015-01-12 19:14 - 2013-08-22 07:37 - 00001720 _____ () C:\Windows\DtcInstall.log 2015-01-12 19:14 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\Recovery 2015-01-12 19:12 - 2013-08-22 07:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template Some content of TEMP: ==================== C:\Users\georgi\AppData\Local\Temp\DseShExt-x64.dll C:\Users\georgi\AppData\Local\Temp\DseShExt-x86.dll C:\Users\georgi\AppData\Local\Temp\ose00000.exe C:\Users\georgi\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\georgi\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\georgi\AppData\Local\Temp\TUUUninstallHelper.exe C:\Users\georgi\AppData\Local\Temp\utt966F.tmp.exe C:\Users\georgi\AppData\Local\Temp\_is279A.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-12 19:12 ==================== End Of Log ============================ Addition.txt
  19. Здравейте екип , разчитам за пореден път на вашата помощ и благодаря предварително. Успешна седмица . can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015 Ran by Owner (administrator) on HP on 17-02-2015 10:37:46 Running from C:\Users\Owner\Downloads Loaded Profiles: Owner (Available profiles: Owner) Platform: Windows 8.1 (X64) OS Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-23] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-23] (Realtek Semiconductor) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-05-06] (Synaptics Incorporated) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [506680 2014-06-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-04] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/HPNOT14/2 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2 HKU\S-1-5-21-3538106061-230410779-1912370229-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3538106061-230410779-1912370229-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT14/2 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {848EB48E-7968-469A-AEF9-8B377AABB154} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3538106061-230410779-1912370229-1001 -> {848EB48E-7968-469A-AEF9-8B377AABB154} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fszA2Ez2.default FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll () FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Extension: Avira Browser Safety - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fszA2Ez2.default\Extensions\[email protected] [2015-02-14] FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-10-07] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-01] CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-01] CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-01] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01] CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-01] CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-01] CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-01] CHR Extension: (Avira Browser Safety) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-15] CHR Extension: (instant translate) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke [2015-02-14] CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-01] CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-01] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-04] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-06-03] (Hewlett-Packard Company) [File not signed] R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [475960 2014-06-19] (Hewlett-Packard Development Company, L.P.) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.) S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed] R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-06-23] (Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-05-06] (Synaptics Incorporated) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-02-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2014-01-23] (Intel Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-04-30] (Realtek Semiconductor Corp.) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3463896 2014-06-21] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-05-06] (Synaptics Incorporated) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-17 10:37 - 2015-02-17 10:38 - 00020432 _____ () C:\Users\Owner\Downloads\FRST.txt 2015-02-17 10:37 - 2015-02-17 10:37 - 02085888 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe 2015-02-17 10:37 - 2015-02-17 10:37 - 00000000 ____D () C:\FRST 2015-02-17 10:29 - 2015-02-17 10:29 - 02085888 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe 2015-02-15 09:34 - 2015-01-23 04:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-15 09:34 - 2015-01-23 03:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-14 19:50 - 2015-02-14 19:50 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Avira 2015-02-14 18:37 - 2015-02-14 18:33 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-02-14 18:32 - 2015-02-14 18:32 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla 2015-02-14 18:29 - 2015-02-04 17:51 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-02-14 18:29 - 2015-02-04 17:51 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-02-14 18:29 - 2015-02-04 17:51 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-02-14 18:27 - 2015-02-14 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-02-14 18:27 - 2015-02-14 18:29 - 00000000 ____D () C:\ProgramData\Avira 2015-02-14 18:27 - 2015-02-14 18:29 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-02-14 18:27 - 2015-02-14 18:27 - 00001156 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-02-14 18:25 - 2015-02-14 18:25 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\Owner\Downloads\avira_en_av___ws.exe 2015-02-14 18:23 - 2015-02-14 18:23 - 05006864 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online (4).exe 2015-02-14 18:19 - 2015-02-14 18:19 - 05006864 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online (3).exe 2015-02-14 18:19 - 2015-02-14 18:19 - 05006864 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online (2).exe 2015-02-14 18:17 - 2015-02-14 18:17 - 05006864 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online (1).exe 2015-02-14 18:06 - 2015-02-14 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-02-14 18:06 - 2015-02-14 18:06 - 00000000 ____D () C:\Program Files\7-Zip 2015-02-14 14:55 - 2015-02-14 14:55 - 00040114 _____ () C:\Users\Owner\Desktop\angus-thongs-and-perfect-snogging-bul-3783080.zip 2015-02-14 14:54 - 2015-02-14 19:15 - 00000000 ____D () C:\Program Files (x86)\compfix 2015-02-14 14:54 - 2015-02-14 14:54 - 00000000 ____D () C:\Program Files (x86)\instant translate 2015-02-14 14:53 - 2015-02-14 19:15 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker 2015-02-14 14:53 - 2015-02-14 19:15 - 00000000 ____D () C:\Program Files (x86)\UniDeals 2015-02-14 14:52 - 2015-02-14 14:52 - 00000000 ____D () C:\ProgramData\bbdnjccbcnagppfgkomohbhaeclmgice 2015-02-14 14:52 - 2015-02-14 14:52 - 00000000 ____D () C:\ProgramData\14042159720979507801 2015-02-14 14:52 - 2015-02-14 14:52 - 00000000 ____D () C:\Program Files (x86)\UUniDeaals 2015-02-14 14:51 - 2015-02-14 19:15 - 00000000 ____D () C:\ProgramData\{7697ee53-4488-0a7e-7697-7ee53448b94d} 2015-02-14 12:23 - 2015-02-17 09:59 - 00000000 ____D () C:\Users\Owner\OneDrive 2015-02-12 13:50 - 2015-02-12 13:50 - 01750032 _____ () C:\Users\Owner\Downloads\iLividSetup-r1799-n-bc.exe 2015-02-11 17:27 - 2015-02-03 23:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 17:27 - 2015-02-03 23:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 17:27 - 2015-02-03 23:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 17:27 - 2015-02-02 23:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 17:27 - 2015-02-02 23:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 17:27 - 2015-02-02 23:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 17:27 - 2015-01-19 18:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-02-11 17:27 - 2014-12-19 08:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 17:27 - 2014-12-19 08:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 17:27 - 2014-12-08 23:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml 2015-02-11 10:09 - 2015-01-15 22:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 10:09 - 2015-01-15 22:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 10:09 - 2015-01-14 04:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-02-11 10:09 - 2015-01-14 03:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-02-11 10:09 - 2015-01-13 22:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 10:09 - 2015-01-13 22:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 10:09 - 2015-01-12 03:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 10:09 - 2015-01-12 02:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 10:09 - 2015-01-12 02:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 10:09 - 2015-01-12 01:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 10:09 - 2015-01-12 01:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 10:09 - 2015-01-10 09:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 10:09 - 2015-01-10 09:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-02-11 10:09 - 2015-01-10 08:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-02-11 10:09 - 2015-01-10 07:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 10:09 - 2015-01-10 06:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 10:09 - 2014-12-09 03:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 10:09 - 2014-12-09 01:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 10:09 - 2014-10-29 02:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 10:09 - 2014-10-29 02:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 10:09 - 2014-10-29 02:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 10:09 - 2014-10-29 02:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 10:09 - 2014-10-29 02:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-02-11 10:09 - 2014-10-29 02:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-02-11 10:09 - 2014-10-29 01:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-02-11 10:09 - 2014-10-29 01:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 10:09 - 2014-10-29 01:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-02-11 10:09 - 2014-10-29 01:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-02-11 10:09 - 2014-10-29 01:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-02-11 10:09 - 2014-10-29 01:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-02-11 10:09 - 2014-10-29 01:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-02-11 10:08 - 2015-01-12 02:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 10:08 - 2015-01-12 02:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 10:08 - 2015-01-12 02:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-11 10:08 - 2015-01-12 02:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 10:08 - 2015-01-12 02:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 10:08 - 2015-01-12 02:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 10:08 - 2015-01-12 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 10:08 - 2015-01-12 02:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 10:08 - 2015-01-12 01:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-02-11 10:08 - 2015-01-12 01:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-02-11 10:08 - 2015-01-12 01:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-02-11 10:08 - 2015-01-12 01:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 10:08 - 2015-01-12 01:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 10:08 - 2015-01-12 01:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 10:08 - 2015-01-12 01:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 10:08 - 2015-01-12 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 10:08 - 2015-01-12 01:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-02-11 10:08 - 2015-01-12 01:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-02-11 10:08 - 2015-01-12 01:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-02-11 10:08 - 2015-01-12 01:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 10:08 - 2015-01-12 01:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-02-11 10:08 - 2015-01-12 01:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 10:08 - 2015-01-12 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 10:08 - 2015-01-12 01:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 10:08 - 2015-01-12 01:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 10:08 - 2015-01-12 01:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 10:08 - 2015-01-12 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 10:08 - 2015-01-12 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 10:08 - 2015-01-12 00:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 10:08 - 2015-01-10 08:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-04 09:18 - 2015-02-04 09:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-04 09:16 - 2015-02-04 09:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox 2015-02-04 09:09 - 2015-02-17 09:55 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-02-04 09:09 - 2015-02-04 09:09 - 05006864 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe 2015-02-02 20:11 - 2015-02-02 20:11 - 01319672 _____ () C:\Users\Owner\Downloads\Installation.exe 2015-01-29 17:24 - 2015-01-29 17:24 - 06510559 _____ () C:\Users\Owner\Downloads\video-2014-03-20-19-58-44.mp4 2015-01-22 23:19 - 2015-01-22 23:19 - 00000208 _____ () C:\Users\Owner\Downloads\1356166448604.unknown ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-17 10:24 - 2014-12-16 15:26 - 01692517 _____ () C:\Windows\WindowsUpdate.log 2015-02-17 10:08 - 2014-12-16 15:33 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3538106061-230410779-1912370229-1001 2015-02-17 10:03 - 2014-10-07 12:15 - 00001867 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk 2015-02-17 10:03 - 2014-07-15 04:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection 2015-02-17 10:02 - 2014-12-16 15:30 - 00000000 ____D () C:\Users\Owner\Documents\Youcam 2015-02-17 10:00 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-17 09:58 - 2015-01-01 12:35 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-17 09:56 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-02-17 09:55 - 2014-03-18 09:44 - 00448148 _____ () C:\Windows\PFRO.log 2015-02-17 09:55 - 2013-08-22 14:46 - 00028088 _____ () C:\Windows\setupact.log 2015-02-17 09:55 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-17 09:54 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-02-17 09:45 - 2015-01-01 12:35 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-17 09:39 - 2014-12-26 21:45 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B28C8FF7-4482-4B77-861C-0F9C8DA8A7BB} 2015-02-15 18:30 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-15 09:52 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-14 18:26 - 2014-07-15 05:07 - 00000000 ____D () C:\ProgramData\Package Cache 2015-02-14 12:23 - 2014-12-16 15:27 - 00000000 ____D () C:\Users\Owner 2015-02-14 11:07 - 2015-01-17 09:43 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job 2015-02-14 11:07 - 2013-08-22 14:44 - 00491048 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-14 11:04 - 2015-01-03 21:30 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-14 11:04 - 2015-01-03 21:30 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-14 11:03 - 2015-01-03 21:24 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-14 10:57 - 2015-01-03 21:23 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-14 09:41 - 2015-01-17 09:43 - 00003152 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner 2015-02-14 09:40 - 2014-12-31 16:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-02-08 10:51 - 2015-01-03 11:56 - 00000000 ____D () C:\Users\Owner\Desktop\ONE DIRECTION SILVER COLOURED BRACELET AND LOVE HEART BRAIDED LEATHER WRISTBAND eBay_files 2015-02-07 23:04 - 2014-03-18 09:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-07 10:02 - 2014-12-31 16:59 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2015-02-06 09:47 - 2015-01-01 12:35 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-05 17:40 - 2015-01-01 12:35 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-05 17:40 - 2015-01-01 12:35 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-03 19:31 - 2015-01-17 19:06 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-03 19:31 - 2015-01-17 19:06 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-03 19:16 - 2015-01-17 10:50 - 00000000 ____D () C:\Users\Owner\Desktop\Viktoriya, HW 2015-01-21 21:17 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache Some content of TEMP: ==================== C:\Users\Owner\AppData\Local\Temp\avgnt.exe C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpijgz2x.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-08 12:04 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015 Ran by Owner at 2015-02-17 10:39:53 Running from C:\Users\Owner\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.624 - Avira) Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.) Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.) Cyberlink PhotoDirector (Version: 5.0.1.5406 - CyberLink Corp.) Hidden CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3024 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.1.3024 - CyberLink Corp.) Hidden CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.) DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Dropbox (HKU\S-1-5-21-3538106061-230410779-1912370229-1001\...\Dropbox) (Version: 3.2.3 - Dropbox, Inc.) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.) Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Documentation (HKLM-x32\...\{0002EA70-EEC3-4AFE-9F88-2D90FE66BCF6}) (Version: 1.1.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{E20B0C89-ACCF-4EBB-909D-2E5BD4A9C024}) (Version: 1.1.11 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden instant translate (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation) Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation) Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) ModuleRise (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ef5c25b2}) (Version: - ModuleRise) <==== ATTENTION Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.32.508.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.33 - REALTEK Semiconductor Corp.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.9 - Synaptics Incorporated) Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden UniDeals (HKLM-x32\...\{11F6D5AB-263F-388E-74DE-E3DECD390E3F}) (Version: - ) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3538106061-230410779-1912370229-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3538106061-230410779-1912370229-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3538106061-230410779-1912370229-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3538106061-230410779-1912370229-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3538106061-230410779-1912370229-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3538106061-230410779-1912370229-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3538106061-230410779-1912370229-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3538106061-230410779-1912370229-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3538106061-230410779-1912370229-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3538106061-230410779-1912370229-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 28-01-2015 18:58:37 Windows Update 04-02-2015 09:10:22 avast! antivirus system restore point 11-02-2015 10:39:44 Windows Update 14-02-2015 10:55:47 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2EA57D45-9568-4BCD-95D7-B4673F03638F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.) Task: {44DDA8D3-F395-4729-9557-282D7DC339DA} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {47505DB4-D776-4C89-AC75-F24120B1AD4B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {5D9BAAB5-48F7-467D-8CF6-1E0200F2CE11} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company) Task: {85C1FE69-DA9A-4327-B041-3CC1715D7EB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard) Task: {9D23C20E-5C2F-4845-BF0A-50F7AFC46BAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard) Task: {B154FB2B-6FC4-4DFA-AB91-E911625C1977} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-14] (Microsoft Corporation) Task: {BC2E5F8E-BF0B-4C14-8E7E-131AFCFFE22F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-01] (Google Inc.) Task: {BC920011-DE2C-4DCE-883A-70195595D9DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company) Task: {D118A3D6-5ADC-4170-815C-2B56A22276D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {EEABBCE6-B822-4FCE-83EF-D531CA8D8C82} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2014-03-28 12:31 - 2014-03-28 12:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2014-03-28 12:27 - 2014-03-28 12:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2014-03-28 12:27 - 2014-03-28 12:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2014-03-28 12:27 - 2014-03-28 12:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2014-03-28 12:48 - 2014-03-28 12:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2014-03-28 12:48 - 2014-03-28 12:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2014-10-07 12:23 - 2014-04-14 17:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2014-03-28 12:36 - 2014-03-28 12:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2015-02-06 09:47 - 2015-02-04 09:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll 2015-02-06 09:47 - 2015-02-04 09:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll 2015-02-06 09:47 - 2015-02-04 09:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll 2015-02-06 09:47 - 2015-02-04 09:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Owner\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3538106061-230410779-1912370229-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg DNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-3538106061-230410779-1912370229-500 - Administrator - Disabled) Guest (S-1-5-21-3538106061-230410779-1912370229-501 - Limited - Disabled) Owner (S-1-5-21-3538106061-230410779-1912370229-1001 - Administrator - Enabled) => C:\Users\Owner ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/17/2015 09:35:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: delegate_execute.exe, version: 40.0.2214.111, time stamp: 0x54d1c63a Faulting module name: delegate_execute.exe, version: 40.0.2214.111, time stamp: 0x54d1c63a Exception code: 0xc0000005 Fault offset: 0x0002bea1 Faulting process ID: 0xde4 Faulting application start time: 0xdelegate_execute.exe0 Faulting application path: delegate_execute.exe1 Faulting module path: delegate_execute.exe2 Report ID: delegate_execute.exe3 Faulting package full name: delegate_execute.exe4 Faulting package-relative application ID: delegate_execute.exe5 Error: (02/16/2015 07:24:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4093 Error: (02/16/2015 07:24:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4093 Error: (02/16/2015 07:24:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/16/2015 07:19:01 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program HPCD.exe version 2.2.21.115 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 16d0 Start Time: 01d04a1d607799eb Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_2.2.21.115_x64__v10z8vjag6ke6\HPCD.exe Report Id: a7f532ef-b610-11e4-8264-3863bb836e48 Faulting package full name: AD2F1837.HPFileViewer_2.2.21.115_x64__v10z8vjag6ke6 Faulting package-relative application ID: App Error: (02/16/2015 07:18:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: HP) Description: App AD2F1837.HPFileViewer_2.2.21.115_x64__v10z8vjag6ke6+App did not launch within its allotted time. Error: (02/16/2015 05:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1781 Error: (02/16/2015 05:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1781 Error: (02/16/2015 05:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/16/2015 04:56:03 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program HPCD.exe version 2.2.21.115 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1cc Start Time: 01d04a0966414aa9 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_2.2.21.115_x64__v10z8vjag6ke6\HPCD.exe Report Id: adb09574-b5fc-11e4-8264-3863bb836e48 Faulting package full name: AD2F1837.HPFileViewer_2.2.21.115_x64__v10z8vjag6ke6 Faulting package-relative application ID: App System errors: ============= Error: (02/17/2015 10:00:31 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: {209500FC-6B45-4693-8871-6296C4843751} Error: (02/16/2015 04:56:00 PM) (Source: DCOM) (EventID: 10016) (User: HP) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}HPOwnerS-1-5-21-3538106061-230410779-1912370229-1001LocalHost (Using LRPC)Microsoft.BingWeather_3.0.4.298_x64__8wekyb3d8bbweS-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330 Error: (02/14/2015 07:15:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The compfix service terminated unexpectedly. It has done this 1 time(s). Error: (02/14/2015 06:04:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252. Error: (02/14/2015 06:04:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 252. Error: (02/14/2015 02:20:55 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (02/14/2015 11:03:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3020338). Error: (02/14/2015 11:03:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3019868). Error: (02/13/2015 07:48:27 PM) (Source: DCOM) (EventID: 10010) (User: HP) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/13/2015 07:47:57 PM) (Source: DCOM) (EventID: 10010) (User: HP) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Microsoft Office Sessions: ========================= Error: (02/17/2015 09:35:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: delegate_execute.exe40.0.2214.11154d1c63adelegate_execute.exe40.0.2214.11154d1c63ac00000050002bea1de401d04a94f7eb8b84C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\delegate_execute.exe3f835ed0-b688-11e4-8264-3863bb836e48 Error: (02/16/2015 07:24:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4093 Error: (02/16/2015 07:24:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4093 Error: (02/16/2015 07:24:07 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/16/2015 07:19:01 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: HPCD.exe2.2.21.11516d001d04a1d607799eb4294967295C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_2.2.21.115_x64__v10z8vjag6ke6\HPCD.exea7f532ef-b610-11e4-8264-3863bb836e48AD2F1837.HPFileViewer_2.2.21.115_x64__v10z8vjag6ke6App Error: (02/16/2015 07:18:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: HP) Description: AD2F1837.HPFileViewer_2.2.21.115_x64__v10z8vjag6ke6+App Error: (02/16/2015 05:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1781 Error: (02/16/2015 05:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1781 Error: (02/16/2015 05:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/16/2015 04:56:03 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: HPCD.exe2.2.21.1151cc01d04a0966414aa94294967295C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_2.2.21.115_x64__v10z8vjag6ke6\HPCD.exeadb09574-b5fc-11e4-8264-3863bb836e48AD2F1837.HPFileViewer_2.2.21.115_x64__v10z8vjag6ke6App ==================== Memory info =========================== Processor: Intel® Pentium® CPU N3540 @ 2.16GHz Percentage of memory in use: 33% Total physical RAM: 8080.27 MB Available physical RAM: 5378.59 MB Total Pagefile: 9360.27 MB Available Pagefile: 6234.91 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:909.8 GB) (Free:858.15 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:20.69 GB) (Free:2.31 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 7CA980D5) Partition: GPT Partition Type. ==================== End Of Log ============================
  20. Здравейте, от няколко дни при всяко стартиране или рестартиране при достигане до десктопа windows-a буквално замръзва за 30-ина секунди и спира да зарежда, иконите стоят бели, програмите не се стартират. Със ссд съм от година и това поведение е крайно необичайно - винаги всичко зарежда моментално, което ме навежда на мисълта че нещо нередно се стартира с windows-a и бави стартъпа? Вторият проблем е че след като накрая все пак зареди всичко в първия момент нямам интернет връзка, след няколко минути чак успява да тръгне връзката. Със кабел съм, рутера си работи нормално - за проба докато на компютъра няма и се мъчи да тръгне от телефона си зареждам страници без проблем. До около 5 минути от пускането на windows отнема за да се махне жълтият триъгълник с удивителна от мрежовата иконка в таскбара и проимам нет. Преинсталирах мрежовия драйвер, по принцип държа относително чиста системата и няколко пъти прегледах за излишни програми и т.н. но за сега не откривам проблема и бих искал да помоля да изключим или потвърдим варианта зловреден софтуер. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04 Ran by cvetan (administrator) on CVETAN-PC on 17-04-2015 10:49:32 Running from C:\Users\cvetan\Desktop Loaded Profiles: cvetan (Available profiles: cvetan) Platform: Windows 8.1 Enterprise (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe (AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0.1\ABService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSACCESS.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor) HKLM\...\Run: [ACPW07EN] => C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1739080 2013-09-25] (ACD Systems) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-1381414213-1874715184-56145310-1001\...\Run: [ASRock A-Tuning] => [X] HKU\S-1-5-21-1381414213-1874715184-56145310-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1381414213-1874715184-56145310-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1381414213-1874715184-56145310-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation) BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-19] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-19] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR Profile: C:\Users\cvetan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\cvetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-05] CHR Extension: (YouTube) - C:\Users\cvetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-05] CHR Extension: (Google Search) - C:\Users\cvetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-05] CHR Extension: (Google+) - C:\Users\cvetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-03-05] CHR Extension: (Session Buddy) - C:\Users\cvetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-03-05] CHR Extension: (Google Calendar) - C:\Users\cvetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-03-05] CHR Extension: (Bookmark Manager) - C:\Users\cvetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16] CHR Extension: (Google Play) - C:\Users\cvetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-03-05] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\cvetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14] CHR Extension: (Google Dictionary (by Google)) - C:\Users\cvetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-03-05] CHR Extension: (Google Wallet) - C:\Users\cvetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05] CHR Extension: (Gmail) - C:\Users\cvetan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed] R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0.1\ABService.exe [29912 2014-06-18] (AOMEI Tech Co., Ltd.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-05-31] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2014-05-31] () S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-05-07] () [File not signed] S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-05-07] () [File not signed] R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-02-06] () [File not signed] S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-05-22] (ASRock Incorporation) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-23] (Disc Soft Ltd) R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] () R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 HWiNFO32; \??\C:\Users\cvetan\AppData\Local\Temp\HWiNFO64A.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-17 10:49 - 2015-04-17 10:49 - 02097664 _____ (Farbar) C:\Users\cvetan\Desktop\FRST64.exe 2015-04-17 10:49 - 2015-04-17 10:49 - 00013566 _____ () C:\Users\cvetan\Desktop\FRST.txt 2015-04-17 10:49 - 2015-04-17 10:49 - 00000000 ____D () C:\FRST 2015-04-15 23:03 - 2015-04-15 23:03 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-15 22:55 - 2015-01-06 06:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys 2015-04-15 22:55 - 2015-01-06 05:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys 2015-04-15 22:55 - 2015-01-06 04:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll 2015-04-15 22:55 - 2015-01-06 04:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll 2015-04-15 22:54 - 2015-04-15 22:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-15 22:51 - 2015-03-24 00:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-15 22:51 - 2015-03-24 00:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-15 22:51 - 2015-03-24 00:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-04-15 22:51 - 2015-03-24 00:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-15 22:51 - 2015-03-24 00:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-04-15 22:51 - 2015-03-23 01:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-15 22:51 - 2015-03-23 01:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-15 22:51 - 2015-03-23 01:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-15 22:51 - 2015-03-23 01:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-15 22:51 - 2015-03-23 01:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-15 22:51 - 2015-03-23 01:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-15 22:51 - 2015-03-23 01:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-15 22:51 - 2015-03-20 07:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll 2015-04-15 22:51 - 2015-03-20 07:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-15 22:51 - 2015-03-20 07:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-15 22:51 - 2015-03-20 06:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-04-15 22:51 - 2015-03-20 05:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-04-15 22:51 - 2015-03-20 05:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-04-15 22:51 - 2015-03-20 05:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-04-15 22:51 - 2015-03-14 11:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-04-15 22:51 - 2015-03-14 11:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-04-15 22:51 - 2015-03-13 07:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-15 22:51 - 2015-03-13 07:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-15 22:51 - 2015-03-13 07:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-15 22:51 - 2015-03-13 06:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-04-15 22:51 - 2015-03-13 06:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-15 22:51 - 2015-03-13 06:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-15 22:51 - 2015-03-13 06:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-15 22:51 - 2015-03-13 06:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-15 22:51 - 2015-03-13 06:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-15 22:51 - 2015-03-13 06:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-04-15 22:51 - 2015-03-13 06:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-04-15 22:51 - 2015-03-13 06:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-15 22:51 - 2015-03-13 06:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-15 22:51 - 2015-03-13 06:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-15 22:51 - 2015-03-13 05:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2015-04-15 22:51 - 2015-03-13 05:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-04-15 22:51 - 2015-03-13 05:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-15 22:51 - 2015-03-13 05:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-15 22:51 - 2015-03-13 05:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-15 22:51 - 2015-03-13 05:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2015-04-15 22:51 - 2015-03-13 05:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-15 22:51 - 2015-03-13 05:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-15 22:51 - 2015-03-13 05:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-15 22:51 - 2015-03-13 05:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-15 22:51 - 2015-03-13 05:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-15 22:51 - 2015-03-13 05:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-15 22:51 - 2015-03-04 13:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2015-04-15 22:51 - 2015-03-04 06:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-15 22:51 - 2015-03-04 05:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-04-15 22:51 - 2015-02-24 11:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-15 22:51 - 2015-02-21 02:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll 2015-04-15 22:51 - 2014-12-03 02:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-15 22:51 - 2014-11-15 22:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-04-15 22:51 - 2014-11-15 09:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-04-15 22:51 - 2014-11-14 09:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2015-04-15 22:51 - 2014-11-14 08:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2015-04-15 22:51 - 2014-11-10 21:06 - 02485056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2015-04-15 22:51 - 2014-11-10 21:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2015-04-15 22:51 - 2014-11-10 21:06 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2015-04-15 22:51 - 2014-11-10 21:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys 2015-04-15 22:51 - 2014-11-10 05:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys 2015-04-15 22:51 - 2014-11-10 04:37 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL 2015-04-15 22:51 - 2014-11-10 04:34 - 01084416 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2015-04-15 22:51 - 2014-11-10 04:26 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2015-04-15 22:51 - 2014-11-10 04:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll 2015-04-15 22:51 - 2014-11-10 04:09 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2015-04-15 22:51 - 2014-11-10 04:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll 2015-04-15 22:51 - 2014-11-10 04:06 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2015-04-15 22:51 - 2014-11-10 03:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll 2015-04-15 22:51 - 2014-11-10 03:57 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2015-04-15 22:51 - 2014-11-08 07:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys 2015-04-15 22:51 - 2014-11-08 06:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys 2015-04-15 22:51 - 2014-11-08 06:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp 2015-04-15 22:51 - 2014-11-08 06:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll 2015-04-15 22:51 - 2014-11-08 06:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll 2015-04-15 22:51 - 2014-11-08 06:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll 2015-04-15 22:51 - 2014-11-08 06:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp 2015-04-15 22:51 - 2014-11-08 06:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll 2015-04-15 22:51 - 2014-11-08 06:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll 2015-04-15 22:51 - 2014-11-08 05:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll 2015-04-15 22:51 - 2014-11-08 05:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll 2015-04-15 22:51 - 2014-11-08 05:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll 2015-04-15 22:51 - 2014-11-08 05:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll 2015-04-15 22:51 - 2014-11-08 04:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll 2015-04-15 22:51 - 2014-11-08 04:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe 2015-04-15 22:51 - 2014-11-07 06:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2015-04-15 22:51 - 2014-11-07 06:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2015-04-15 22:51 - 2014-11-05 05:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL 2015-04-15 22:51 - 2014-11-05 05:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL 2015-04-15 22:51 - 2014-11-05 05:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll 2015-04-15 22:51 - 2014-11-05 04:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2015-04-15 22:51 - 2014-11-05 04:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2015-04-15 22:51 - 2014-11-05 04:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll 2015-04-15 22:51 - 2014-11-05 04:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL 2015-04-15 22:51 - 2014-11-05 04:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL 2015-04-15 22:51 - 2014-11-05 04:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll 2015-04-15 22:51 - 2014-11-05 04:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2015-04-15 22:51 - 2014-11-05 04:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2015-04-15 22:51 - 2014-11-05 04:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll 2015-04-15 22:51 - 2014-11-05 04:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll 2015-04-15 22:51 - 2014-11-05 04:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2015-04-15 22:51 - 2014-11-04 22:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys 2015-04-15 22:51 - 2014-11-04 22:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys 2015-04-15 22:51 - 2014-11-04 22:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys 2015-04-15 22:51 - 2014-11-04 09:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys 2015-04-15 22:51 - 2014-11-04 09:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys 2015-04-15 22:51 - 2014-11-04 09:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys 2015-04-15 22:51 - 2014-11-04 09:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys 2015-04-15 22:51 - 2014-11-04 09:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe 2015-04-15 22:51 - 2014-11-04 08:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2015-04-15 22:51 - 2014-10-31 03:51 - 18823168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2015-04-15 22:51 - 2014-10-31 03:10 - 15158784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2015-04-15 22:51 - 2014-10-29 06:05 - 00551232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys 2015-04-15 22:51 - 2014-10-29 04:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2015-04-15 22:51 - 2014-10-29 04:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll 2015-04-15 22:51 - 2014-10-21 04:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll 2015-04-15 22:51 - 2014-10-21 04:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll 2015-04-15 22:51 - 2014-10-21 03:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll 2015-04-15 22:51 - 2014-10-21 03:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll 2015-04-15 22:51 - 2014-10-21 03:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll 2015-04-15 22:51 - 2014-10-21 03:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe 2015-04-15 22:51 - 2014-10-21 03:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll 2015-04-15 22:51 - 2014-10-17 07:56 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2015-04-15 22:51 - 2014-10-17 07:56 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2015-04-15 22:51 - 2014-10-17 07:56 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys 2015-04-15 22:51 - 2014-10-17 06:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys 2015-04-14 22:47 - 2015-03-14 11:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-14 22:47 - 2015-03-14 04:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-14 22:47 - 2015-03-14 04:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-14 22:47 - 2015-03-14 04:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-14 22:47 - 2015-03-14 04:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-14 22:47 - 2015-03-14 04:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-14 22:47 - 2015-03-14 03:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-14 22:47 - 2015-03-14 03:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-14 22:47 - 2015-03-14 03:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-14 22:47 - 2015-03-14 03:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2015-04-14 22:47 - 2015-03-14 03:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-04-14 22:47 - 2015-03-14 03:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-14 22:47 - 2015-03-14 03:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-14 22:47 - 2015-03-14 03:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-14 22:47 - 2015-03-14 03:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-14 22:47 - 2015-03-14 03:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-14 22:47 - 2015-03-14 02:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-14 22:47 - 2015-03-14 02:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-14 22:47 - 2014-11-17 23:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe 2015-04-14 22:47 - 2014-11-17 23:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe 2015-04-14 22:47 - 2014-11-14 09:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll 2015-04-14 22:47 - 2014-11-14 09:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll 2015-04-14 22:47 - 2014-11-14 09:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll 2015-04-14 22:47 - 2014-11-14 09:39 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll 2015-04-14 13:07 - 2015-04-14 13:08 - 00000000 ___HD () C:\$WINDOWS.~BT 2015-04-14 12:49 - 2015-04-14 12:49 - 00002582 _____ () C:\Users\cvetan\Desktop\Windows 7 USB DVD Download Tool.lnk 2015-04-14 12:49 - 2015-04-14 12:49 - 00000000 ____D () C:\Users\cvetan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool 2015-04-14 12:49 - 2015-04-14 12:49 - 00000000 ____D () C:\Users\cvetan\AppData\Local\Apps\Windows 7 USB DVD Download Tool 2015-04-14 10:23 - 2015-04-14 13:10 - 00001908 _____ () C:\Windows\diagwrn.xml 2015-04-14 10:23 - 2015-04-14 13:10 - 00001908 _____ () C:\Windows\diagerr.xml 2015-04-07 09:05 - 2015-04-17 09:19 - 01202161 _____ () C:\Windows\WindowsUpdate.log 2015-04-07 09:04 - 2015-04-17 09:04 - 00001205 _____ () C:\Windows\setupact.log 2015-04-07 09:04 - 2015-04-14 13:07 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-31 09:12 - 2015-03-31 09:12 - 00000000 ____D () C:\Users\cvetan\Tracing ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-17 10:27 - 2014-03-05 17:50 - 00000000 ____D () C:\Users\cvetan\AppData\Roaming\Skype 2015-04-17 10:24 - 2014-03-05 18:08 - 00001026 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-17 10:00 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\system32\sru 2015-04-17 09:36 - 2014-03-05 17:14 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1381414213-1874715184-56145310-1001 2015-04-17 09:28 - 2014-06-03 14:04 - 00004964 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CVETAN-PC-cvetan CVETAN-PC 2015-04-17 09:09 - 2014-03-05 17:12 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{52234706-1FF9-4A4D-9B9A-B20A80E85730} 2015-04-17 09:08 - 2014-03-05 17:10 - 00000000 ___DO () C:\Users\cvetan\SkyDrive 2015-04-17 09:08 - 2013-09-30 07:14 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-17 09:05 - 2014-03-05 18:08 - 00001022 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-17 09:04 - 2013-08-22 17:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-16 22:57 - 2014-03-05 17:08 - 00000000 ____D () C:\Users\cvetan 2015-04-16 22:57 - 2013-08-22 18:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-04-16 22:57 - 2013-08-22 16:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-04-16 22:23 - 2014-03-05 17:55 - 00000000 ____D () C:\Users\cvetan\AppData\Roaming\uTorrent 2015-04-16 20:18 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-16 20:11 - 2014-03-05 19:48 - 00000000 ____D () C:\Users\cvetan\AppData\Local\Battle.net 2015-04-16 20:00 - 2015-03-11 22:24 - 00003176 _____ () C:\Windows\System32\Tasks\AOMEI Database Backup 2015-03-11, 21-20-46 2015-04-16 20:00 - 2015-03-11 22:24 - 00000530 _____ () C:\Windows\Tasks\AOMEI Database Backup 2015-03-11, 21-20-46.job 2015-04-16 20:00 - 2015-03-11 22:23 - 00000000 ____D () C:\Database Backup 2015-04-16 20:00 - 2014-07-31 13:11 - 00001024 ____H () C:\SYSTAG.BIN 2015-04-16 20:00 - 2014-07-31 13:08 - 00000082 _____ () C:\Windows\SysWOW64\winsevr.dat 2015-04-16 09:06 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\AppCompat 2015-04-15 23:03 - 2015-03-11 22:12 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-15 23:03 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\SysWOW64\setup 2015-04-15 23:03 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\system32\setup 2015-04-15 23:01 - 2014-03-05 17:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-04-15 23:00 - 2014-03-06 23:39 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-15 23:00 - 2014-03-05 17:34 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-15 22:58 - 2014-03-06 23:39 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-15 22:56 - 2013-08-22 16:25 - 00000167 _____ () C:\Windows\win.ini 2015-04-15 12:14 - 2014-03-05 17:09 - 00000000 ____D () C:\Users\cvetan\AppData\Local\Packages 2015-04-14 22:51 - 2014-03-05 17:16 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e 2015-04-14 22:47 - 2013-08-22 18:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2015-04-14 22:46 - 2014-11-12 10:12 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2015-04-14 11:38 - 2014-08-18 14:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-14 02:24 - 2013-08-22 18:38 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-04-14 02:24 - 2013-08-22 18:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-12 14:44 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-04-11 21:39 - 2014-05-22 17:17 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-04-04 21:01 - 2014-03-05 17:26 - 00000000 ____D () C:\Users\cvetan\AppData\Roaming\AIMP3 2015-04-01 10:15 - 2015-01-14 19:57 - 00001270 _____ () C:\Windows\system32\TeamViewer10_Hooks.log 2015-04-01 10:15 - 2015-01-14 19:57 - 00000989 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-04-01 10:15 - 2015-01-14 19:57 - 00000977 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-03-31 09:12 - 2014-10-08 09:12 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-03-31 09:12 - 2014-03-05 17:50 - 00000000 ____D () C:\ProgramData\Skype 2015-03-22 17:06 - 2014-11-15 23:19 - 00000000 ____D () C:\Unified_Android_ToolKit ==================== Files in the root of some directories ======= 2014-10-13 22:14 - 2014-10-14 20:35 - 1065984 _____ () C:\Users\cvetan\AppData\Local\file__0.localstorage 2014-05-27 13:21 - 2014-05-27 13:21 - 0007605 _____ () C:\Users\cvetan\AppData\Local\Resmon.ResmonCfg 2014-03-05 17:24 - 2014-03-05 17:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-17 09:36 ==================== End Of Log ============================ Addition.txt
  21. Здравейте, имам от една година този лаптоп. От един, два месеца забелязвам, че 4гб рам памет му се пълни на 95,96%, но доста често и на 98,99%, преди няколко месеца стоеше на 50-55%, единствената съществена разлика е че смених Avira Free с Avast Free. Създадох тема в подфорума за лаптопи, те ме упътиха към вас, съмнявайки се, че лаптопът е заразен със зловреден софтуер, най-вече заради многото svchost.exe процеси стартирани в task manager. Давам ви и две снимки на Resource Monitor: 1, 2, макар да не е пълна на 98,99%, със същите процеси достига често тези стойности. Имам диск с Windows 7 Home Premium SP1 x64, с който лаптопът е работил една година и работи в момента, не е преинсталирван през този период! Ето и файловете изискани от Вас! : Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by IAnI (administrator) on IANI-PC on 19-03-2015 17:41:51 Running from C:\Users\IAnI\Desktop Loaded Profiles: IAnI (Available profiles: IAnI & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Crystal Rich Ltd) C:\Program Files (x86)\Zentimo\ZentimoService.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\ProgramData\M-Tel NETAGENT\OnlineUpdate\ouc.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe (BitTorrent Inc.) C:\Users\IAnI\AppData\Roaming\uTorrent\uTorrent.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-07] (IDT, Inc.) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation) HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [153816 2013-11-14] (Realtek Semiconductor Corp.) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-08-02] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-10-16] (Hewlett-Packard Company) HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-12-16] (IVT Corporation) HKLM-x32\...\Run: [YouCam Mirage] => "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167488 2013-06-24] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-17] (AVAST Software) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-3565613641-2028821552-3484512356-1000\...\Run: [Power2GoExpress8] => NA HKU\S-1-5-21-3565613641-2028821552-3484512356-1000\...\Run: [uTorrent] => C:\Users\IAnI\AppData\Roaming\uTorrent\uTorrent.exe [1742928 2015-03-04] (BitTorrent Inc.) HKU\S-1-5-21-3565613641-2028821552-3484512356-1000\...\Run: [HW_OPENEYE_OUC_M-Tel NETAGENT] => C:\Program Files (x86)\M-Tel NETAGENT\UpdateDog\ouc.exe [218624 2014-05-03] () HKU\S-1-5-21-3565613641-2028821552-3484512356-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.) HKU\S-1-5-21-3565613641-2028821552-3484512356-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6480664 2014-09-25] (Piriform Ltd) HKU\S-1-5-21-3565613641-2028821552-3484512356-1000\...\MountPoints2: {4b1dcd2f-c708-11e3-aa0f-fc4dd4555589} - F:\AutoRun.exe HKU\S-1-5-21-3565613641-2028821552-3484512356-1000\...\MountPoints2: {4b1dcd3d-c708-11e3-aa0f-fc4dd4555589} - F:\AutoRun.exe HKU\S-1-5-21-3565613641-2028821552-3484512356-1000\...\MountPoints2: {4b1dcd5a-c708-11e3-aa0f-fc4dd4555589} - F:\AutoRun.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3565613641-2028821552-3484512356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage HKU\S-1-5-21-3565613641-2028821552-3484512356-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-02-17] (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-12] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-17] (AVAST Software) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{F4623A69-23D2-43CD-B346-528F8E42BFA8}: [NameServer] 10.250.238.3 10.250.238.4 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-25] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-25] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3565613641-2028821552-3484512356-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\IAnI\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-18] (Unity Technologies ApS) FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-17] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "https://www.google.bg/?gfe_rd=cr&ei=ju0QU97gNe_b8gfJgoHICw","hxxp://google.com/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\IAnI\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\IAnI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-17] CHR Extension: (Google Drive) - C:\Users\IAnI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17] CHR Extension: (YouTube) - C:\Users\IAnI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17] CHR Extension: (Google Search) - C:\Users\IAnI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17] CHR Extension: (Avira Browser Safety) - C:\Users\IAnI\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-17] CHR Extension: (Avast Online Security) - C:\Users\IAnI\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-17] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\IAnI\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Skype Click to Call) - C:\Users\IAnI\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-19] CHR Extension: (Google Wallet) - C:\Users\IAnI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-17] CHR Extension: (Gmail) - C:\Users\IAnI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17] CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-17] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-17] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-17] (AVAST Software) R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1579880 2013-12-16] (IVT Corporation) R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-12-16] (IVT Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2015-02-10] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-11-25] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-11-25] (Intel Corporation) S2 M-Tel NETAGENT. RunOuc; C:\Program Files (x86)\M-Tel NETAGENT\UpdateDog\ouc.exe [218624 2014-05-03] () [File not signed] R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) [File not signed] R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed] R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed] S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed] R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-11-07] (IDT, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZentimoService; C:\Program Files (x86)\Zentimo\ZentimoService.exe [1560888 2013-02-28] (Crystal Rich Ltd) S2 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-17] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-17] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-17] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-17] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-17] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-17] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-17] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-17] () U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation) R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [50272 2013-12-16] (Ralink Corporation) R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-07-30] (Intel Corporation) R3 m76usb; C:\Windows\System32\DRIVERS\m76usb.sys [539336 2013-12-12] (Ralink Technology Corp.) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-11-25] (Intel Corporation) S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [476888 2014-09-23] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8876248 2013-11-14] (Realtek Semiconductor Corp.) S3 avchv; system32\DRIVERS\avchv.sys [X] U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation) S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 17:41 - 2015-03-19 17:42 - 00021602 _____ () C:\Users\IAnI\Desktop\FRST.txt 2015-03-19 17:41 - 2015-03-19 17:42 - 00000000 ____D () C:\FRST 2015-03-19 17:39 - 2015-03-19 17:40 - 02095616 _____ (Farbar) C:\Users\IAnI\Desktop\FRST64.exe 2015-03-18 20:45 - 2015-03-18 20:45 - 00000056 _____ () C:\Windows\setupact.log 2015-03-18 20:45 - 2015-03-18 20:45 - 00000000 _____ () C:\Windows\setuperr.log 2015-03-18 19:48 - 2015-03-18 19:48 - 00057999 _____ () C:\Users\IAnI\Downloads\Pretty Little Liars - 05x24 - I'm a Good Girl, I Am.LOL.English.C.updated.Addic7ed.com.srt 2015-03-18 19:47 - 2015-03-18 19:47 - 00053998 _____ () C:\Users\IAnI\Downloads\The Flash (2014) - 01x15 - Out of Time.LOL.English.C.orig.Addic7ed.com.srt 2015-03-18 19:30 - 2015-03-18 19:34 - 213442255 ____R () C:\Users\IAnI\Downloads\pretty.little.liars.524.hdtv-lol.mp4 2015-03-18 19:30 - 2015-03-18 19:30 - 00016579 _____ () C:\Users\IAnI\Downloads\pretty.little.liars.524.hdtv-lol.mp4.torrent 2015-03-18 19:25 - 2015-03-18 19:27 - 260236055 ____R () C:\Users\IAnI\Downloads\the.flash.2014.115.hdtv-lol.mp4 2015-03-18 19:24 - 2015-03-18 19:25 - 00020134 _____ () C:\Users\IAnI\Downloads\the.flash.2014.115.hdtv-lol.mp4.torrent 2015-03-18 13:39 - 2015-03-18 13:39 - 00000000 ____D () C:\Users\IAnI\Tracing 2015-03-14 20:28 - 2015-03-14 20:28 - 00000000 ____D () C:\Users\IAnI\Downloads\Diary.of.a.Wimpy.Kid.2010.DVDRip.XviD.BGAUDiO-SiSO 2015-03-11 07:59 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 07:59 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 07:59 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 07:59 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 07:59 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 07:59 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 07:59 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 07:59 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 07:59 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 07:59 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 07:59 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 07:59 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 07:59 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 07:59 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 07:59 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 07:59 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 07:59 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 07:59 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 07:59 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 07:59 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 07:59 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 07:59 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 07:59 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 07:59 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 07:59 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 07:59 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 07:59 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 07:59 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 07:59 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 07:59 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 07:59 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 07:59 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 07:59 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 07:59 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 07:59 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 07:59 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 07:59 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 07:59 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 07:59 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 07:59 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 07:59 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 07:59 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 07:59 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 07:58 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 07:58 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 07:58 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 07:58 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 07:58 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 07:58 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 07:58 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 07:58 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 07:58 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 07:58 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 07:58 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 07:58 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 07:58 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 07:58 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 07:58 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 07:58 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 07:58 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 07:58 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 07:58 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 07:58 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 07:58 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 07:58 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 07:58 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 07:58 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 07:58 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 07:58 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 07:58 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 07:58 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 07:58 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 07:58 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 07:58 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 07:58 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 07:58 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 07:58 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 07:58 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 07:58 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 07:58 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 07:58 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 07:58 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 07:58 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 07:58 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 07:58 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 07:58 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 07:58 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 07:58 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 07:58 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 07:58 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 07:58 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 07:58 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 07:58 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 07:58 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 07:58 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 07:58 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 07:58 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 07:58 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 07:58 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 07:58 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 07:58 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 07:58 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 07:58 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 07:58 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 07:58 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 07:58 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 07:58 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 07:58 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 07:58 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 07:58 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 07:58 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 07:58 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 07:58 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 07:58 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 07:58 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 07:58 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 07:58 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 07:58 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 07:58 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 07:58 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 07:58 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 07:58 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 07:58 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 07:58 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 07:58 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 07:58 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 07:58 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 07:58 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 07:58 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 07:58 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 07:58 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 07:58 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 07:58 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 07:58 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 07:58 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 07:58 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 07:58 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 07:58 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 07:58 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 07:58 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 07:56 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 07:56 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-08 17:33 - 2015-03-08 17:52 - 00000000 ____D () C:\Users\IAnI\Downloads\Fifty.Shades.of.Grey.2015.UNCUT.HC.HDRIP.x264.AC3-TiTAN 2015-03-06 21:35 - 2015-03-06 21:45 - 00000000 ____D () C:\Users\IAnI\Downloads\Addicted.2014.UNRATED.WEBRiP.X264.Ac3.CrEwSaDe 2015-03-03 21:52 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-03-03 21:52 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-03-03 21:52 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-03-03 21:52 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-27 22:19 - 2015-02-27 22:20 - 00000000 ____D () C:\Users\IAnI\Downloads\Boyhood 2014 LIMITED BRRip XviD AC3-GiANGi 2015-02-25 15:00 - 2015-01-09 01:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 15:00 - 2015-01-09 01:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-23 19:30 - 2015-02-23 19:39 - 00000000 ____D () C:\Program Files (x86)\Alawar 2015-02-23 19:30 - 2015-02-23 19:30 - 00002159 _____ () C:\Users\Guest\Desktop\Try Other Games.lnk 2015-02-23 19:30 - 2015-02-23 19:30 - 00002136 _____ () C:\Users\Guest\Desktop\Alawar Games.lnk 2015-02-22 21:58 - 2015-02-22 22:01 - 00000000 ____D () C:\Users\IAnI\Downloads\Flying.Home.2014.BRRip.XviD-WAR 2015-02-17 18:50 - 2015-02-17 18:50 - 00000000 ____D () C:\Users\IAnI\AppData\Roaming\AVAST Software 2015-02-17 18:50 - 2015-02-17 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-02-17 18:49 - 2015-03-13 19:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-02-17 18:49 - 2015-02-17 18:50 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-02-17 18:49 - 2015-02-17 18:50 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-02-17 18:49 - 2015-02-17 18:49 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-02-17 18:49 - 2015-02-17 18:49 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-02-17 18:49 - 2015-02-17 18:49 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-02-17 18:49 - 2015-02-17 18:49 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-02-17 18:49 - 2015-02-17 18:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-02-17 18:49 - 2015-02-17 18:49 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-02-17 18:49 - 2015-02-17 18:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-02-17 18:49 - 2015-02-17 18:49 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-02-17 18:46 - 2015-02-17 18:46 - 00000000 ____D () C:\Program Files\AVAST Software 2015-02-17 18:44 - 2015-02-17 18:46 - 00000000 ____D () C:\ProgramData\AVAST Software ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 17:41 - 2014-03-17 20:44 - 00000000 ____D () C:\Users\IAnI\AppData\Roaming\uTorrent 2015-03-19 17:35 - 2014-03-18 19:28 - 00000000 ____D () C:\Users\IAnI\AppData\Roaming\Skype 2015-03-19 17:07 - 2014-03-17 20:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-19 16:51 - 2014-03-17 20:30 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-19 16:14 - 2014-03-13 23:58 - 01508530 _____ () C:\Windows\WindowsUpdate.log 2015-03-19 12:51 - 2014-03-17 20:30 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-18 20:53 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-18 20:53 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-18 20:47 - 2014-03-17 18:39 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2015-03-18 20:47 - 2013-12-16 15:36 - 00001077 _____ () C:\Windows\SysWOW64\bscs.ini 2015-03-18 20:46 - 2014-03-17 18:39 - 00000061 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2015-03-18 20:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-18 19:04 - 2014-03-25 15:44 - 00007648 _____ () C:\Users\IAnI\AppData\Local\Resmon.ResmonCfg 2015-03-18 17:46 - 2014-03-18 12:55 - 00000000 ____D () C:\Users\IAnI\AppData\Roaming\AIMP3 2015-03-18 13:45 - 2014-12-23 13:28 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForIAnI 2015-03-18 13:45 - 2014-12-23 13:28 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForIAnI.job 2015-03-18 13:39 - 2014-03-18 19:28 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-03-18 13:39 - 2014-03-13 23:59 - 00000000 ____D () C:\Users\IAnI 2015-03-18 13:38 - 2014-03-18 19:27 - 00000000 ____D () C:\ProgramData\Skype 2015-03-18 10:24 - 2014-03-27 09:51 - 00000000 ____D () C:\Users\IAnI\AppData\Local\Microsoft Games 2015-03-16 09:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-16 00:00 - 2014-07-20 19:58 - 00000246 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI 2015-03-11 19:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-03-11 18:33 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-11 18:31 - 2009-07-14 06:45 - 00419576 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 18:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-11 18:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 15:14 - 2014-03-18 10:00 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 15:05 - 2014-03-18 10:00 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-04 19:01 - 2009-07-14 07:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-04 08:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2015-02-24 13:47 - 2014-03-17 20:07 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-02-24 09:54 - 2015-01-22 08:27 - 00000000 ____D () C:\Users\IAnI\AppData\Local\Deployment 2015-02-24 09:54 - 2014-10-15 06:07 - 00000000 ____D () C:\Users\IAnI\AppData\Local\Unity 2015-02-24 03:17 - 2010-11-21 05:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-17 18:22 - 2014-09-30 16:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-17 07:44 - 2009-07-14 07:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2014-09-26 14:55 - 2014-09-26 14:55 - 0000037 ___SH () C:\Users\IAnI\AppData\Local\69ff07055291669bb2b218.72821112 2014-03-21 17:01 - 2014-03-21 17:01 - 0000037 ___SH () C:\Users\IAnI\AppData\Local\70149b02515b3bb20dd492.47983420 2014-03-25 15:44 - 2015-03-18 19:04 - 0007648 _____ () C:\Users\IAnI\AppData\Local\Resmon.ResmonCfg 2014-12-07 15:58 - 2014-12-07 15:58 - 0000008 _____ () C:\ProgramData\- Some content of TEMP: ==================== C:\Users\Guest\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 16:44 ==================== End Of Log ============================ Addition.txt
  22. Здравейте, Преди няколко дена стартирах Google Chrome и антивирусната ми откри вирус. Отворих разширенията и видях някакво разширение SaLe Plus, което махнах, но при следващото стартиране на браузара отново ми даде същото. Едно всичко логове и нужни неща от първата тема. Благодаря предварително за помощта. П.С - Тук е файла Addition, защото ми дава неуспешно качване. - http://textuploader.com/xqhl Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Ismail (administrator) on ISMAIL-PC on 01-04-2015 17:22:13 Running from C:\Users\Ismail\Downloads Loaded Profiles: Ismail & UpdatusUser (Available profiles: Ismail & UpdatusUser) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe () C:\ProgramData\{7987c980-7906-534c-7987-7c9807902601}\Bulk Image Downloader 4.83 incl Crack.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-29] (Avast Software s.r.o.) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5123216 2012-06-04] (VIA) HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKU\S-1-5-21-95922796-3075646620-3897074705-1000\...\Run: [AdobeBridge] => [X] Startup: C:\Users\Ismail\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bulk Image Downloader 4.83 incl Crack.lnk ShortcutTarget: Bulk Image Downloader 4.83 incl Crack.lnk -> C:\ProgramData\{7987c980-7906-534c-7987-7c9807902601}\Bulk Image Downloader 4.83 incl Crack.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX&q={searchTerms} HKU\S-1-5-21-95922796-3075646620-3897074705-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX HKU\S-1-5-21-95922796-3075646620-3897074705-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-95922796-3075646620-3897074705-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX&q={searchTerms} SearchScopes: HKU\S-1-5-21-95922796-3075646620-3897074705-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX&q={searchTerms} SearchScopes: HKU\S-1-5-21-95922796-3075646620-3897074705-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX&q={searchTerms} Tcpip\..\Interfaces\{93412708-4C3D-4940-819A-0E7A37D34B97}: [NameServer] 83.228.102.1 FireFox: ======== FF ProfilePath: C:\Users\Ismail\AppData\Roaming\Mozilla\Firefox\Profiles\r486or8c.default FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-05-15] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-05-15] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2015-03-21] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2015-03-21] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2015-03-21] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2015-03-21] FF Extension: ImageHost Grabber - C:\Users\Ismail\AppData\Roaming\Mozilla\Firefox\Profiles\r486or8c.default\Extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8} [2015-03-31] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-29] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1427810867&from=wpc&uid=HitachiXHDS721050CLA360_JP1511FR0KKLSC0KKLSCX CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Ismail\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Ismail\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-29] CHR Extension: (Google Docs) - C:\Users\Ismail\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-29] CHR Extension: (Google Drive) - C:\Users\Ismail\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-29] CHR Extension: (YouTube) - C:\Users\Ismail\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-29] CHR Extension: (Google Search) - C:\Users\Ismail\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-29] CHR Extension: (ABV Notifier) - C:\Users\Ismail\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbekonjicgkldkmopnamgglbfaiojje [2015-03-29] CHR Extension: (Google Sheets) - C:\Users\Ismail\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-29] CHR Extension: (AdBlock) - C:\Users\Ismail\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-29] CHR Extension: (Google Wallet) - C:\Users\Ismail\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-29] CHR Extension: (Gmail) - C:\Users\Ismail\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-29] (Avast Software s.r.o.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-29] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-29] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-29] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-29] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-29] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-03-29] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-29] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-03-29] () S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-01 17:22 - 2015-04-01 17:22 - 00014167 _____ () C:\Users\Ismail\Downloads\FRST.txt 2015-04-01 17:22 - 2015-04-01 17:22 - 00000000 ____D () C:\FRST 2015-04-01 17:21 - 2015-04-01 17:22 - 02095616 _____ (Farbar) C:\Users\Ismail\Downloads\FRST64.exe 2015-04-01 12:08 - 2015-03-29 10:10 - 00000000 ____D () C:\Users\Ismail\Downloads\gaea_161 2015-04-01 12:08 - 2014-08-30 09:59 - 00000428 _____ () C:\Users\Ismail\Downloads\themelock.txt 2015-04-01 12:08 - 2012-07-09 09:26 - 00000174 _____ () C:\Users\Ismail\Downloads\themelock.url 2015-04-01 12:07 - 2015-04-01 12:08 - 24386237 _____ () C:\Users\Ismail\Downloads\gaea_161.rar 2015-03-31 20:05 - 2015-03-31 20:05 - 00000000 ____D () C:\Users\Ismail\Downloads\Percy.Jackson.And.The.Olympians.The.Lightning.Thief.REAL.REPACK.DVDRip.XviD-ARROW 2015-03-31 17:19 - 2015-03-31 17:19 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-31 17:19 - 2015-03-31 17:19 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-31 17:19 - 2015-03-31 17:19 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\Mozilla 2015-03-31 17:19 - 2015-03-31 17:19 - 00000000 ____D () C:\Users\Ismail\AppData\Local\Mozilla 2015-03-31 17:19 - 2015-03-31 17:19 - 00000000 ____D () C:\ProgramData\Mozilla 2015-03-31 17:19 - 2015-03-31 17:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\FastStone 2015-03-31 17:14 - 2015-03-31 17:14 - 00000000 ____D () C:\Users\Ismail\AppData\Local\FastStone 2015-03-31 17:13 - 2015-03-31 17:13 - 00001117 _____ () C:\Users\Public\Desktop\FastStone Photo Resizer.lnk 2015-03-31 17:13 - 2015-03-31 17:13 - 00000000 ____D () C:\Users\Ismail\Documents\Bulk Image Downloader 2015-03-31 17:13 - 2015-03-31 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer 2015-03-31 17:13 - 2015-03-31 17:13 - 00000000 ____D () C:\Program Files (x86)\FastStone Photo Resizer 2015-03-31 17:09 - 2015-03-31 17:09 - 00000000 ____D () C:\ProgramData\183954600003c6a 2015-03-31 17:05 - 2015-04-01 09:50 - 00000000 ____D () C:\ProgramData\{7987c980-7906-534c-7987-7c9807902601} 2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 ____D () C:\ProgramData\jpmggkmkpapmpbcbfphpoakgdafjhcgl 2015-03-31 17:05 - 2015-03-31 17:05 - 00000000 ____D () C:\ProgramData\13231215263972413764 2015-03-31 13:38 - 2015-03-31 13:38 - 00000000 ____D () C:\Users\Ismail\Desktop\Медицина 2015-03-31 13:37 - 2015-03-31 13:37 - 00000644 _____ () C:\Users\Ismail\Desktop\Ismail.lnk 2015-03-30 22:04 - 2015-03-30 22:10 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\BSplayer 2015-03-30 22:04 - 2015-03-30 22:04 - 00001128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player FREE.lnk 2015-03-30 22:04 - 2015-03-30 22:04 - 00001122 _____ () C:\Users\Public\Desktop\BS.Player.lnk 2015-03-30 22:04 - 2015-03-30 22:04 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\BSplayer Pro 2015-03-30 22:04 - 2015-03-30 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player 2015-03-30 22:04 - 2015-03-30 22:04 - 00000000 ____D () C:\Program Files (x86)\Webteh 2015-03-30 21:30 - 2015-03-30 21:30 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-03-30 14:43 - 2015-03-30 14:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2015-03-30 12:14 - 2015-03-30 12:14 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\WinRAR 2015-03-30 12:14 - 2015-03-30 12:14 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-03-30 12:14 - 2015-03-30 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-03-30 12:14 - 2015-03-30 12:14 - 00000000 ____D () C:\Program Files\WinRAR 2015-03-29 21:12 - 2015-03-30 22:02 - 00000000 ____D () C:\KMPlayer 2015-03-29 20:19 - 2015-03-29 20:19 - 00001456 _____ () C:\Users\Ismail\AppData\Local\Adobe Save for Web 13.0 Prefs 2015-03-29 20:19 - 2015-03-29 20:19 - 00000583 _____ () C:\Users\Ismail\Documents\header.html 2015-03-29 20:19 - 2015-03-29 20:19 - 00000000 ____D () C:\Users\Ismail\Documents\images 2015-03-29 19:49 - 2015-03-30 15:56 - 00000132 _____ () C:\Users\Ismail\AppData\Roaming\Adobe PNG Format CS6 Prefs 2015-03-29 19:33 - 2015-03-29 19:33 - 00001723 _____ () C:\Users\Ismail\Desktop\Photoshop.lnk 2015-03-29 19:33 - 2015-03-29 19:33 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\NVIDIA 2015-03-29 19:27 - 2015-03-29 19:27 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2015-03-29 19:26 - 2015-03-29 19:26 - 00001037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk 2015-03-29 19:25 - 2015-03-29 19:29 - 00000000 ____D () C:\Program Files\Adobe 2015-03-29 19:25 - 2015-03-29 19:25 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk 2015-03-29 19:23 - 2015-03-29 19:23 - 00001519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk 2015-03-29 19:23 - 2015-03-29 19:23 - 00001353 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk 2015-03-29 19:18 - 2015-03-29 19:18 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-03-29 19:02 - 2015-03-29 19:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-03-29 19:02 - 2015-03-29 19:02 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-03-29 19:02 - 2015-03-29 19:02 - 00000000 ____D () C:\ProgramData\McAfee 2015-03-29 18:51 - 2015-03-29 19:29 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-03-29 18:47 - 2015-03-29 18:47 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\Macromedia 2015-03-29 18:40 - 2015-03-29 20:18 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\Adobe 2015-03-29 18:40 - 2015-03-29 19:42 - 00000000 ____D () C:\Users\Ismail\AppData\Local\Adobe 2015-03-29 18:40 - 2015-03-29 19:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2015-03-29 18:40 - 2015-03-29 19:23 - 00000000 ____D () C:\ProgramData\Adobe 2015-03-29 18:40 - 2015-03-29 18:40 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2015-03-29 18:40 - 2015-03-29 18:40 - 00000000 ____D () C:\Users\Ismail\AppData\Local\Nik Software 2015-03-29 18:40 - 2015-03-29 18:40 - 00000000 ____D () C:\ProgramData\Nik Software 2015-03-29 18:28 - 2015-03-29 18:28 - 00000000 ____D () C:\Users\Ismail\Tracing 2015-03-29 18:18 - 2015-03-29 18:18 - 00001214 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk 2015-03-29 18:18 - 2015-03-29 18:18 - 00000000 ____D () C:\Program Files (x86)\VIA 2015-03-29 18:18 - 2007-04-11 15:35 - 00414632 ____N (Microsoft Corporation) C:\Windows\difxapi.dll 2015-03-29 18:13 - 2015-03-29 18:16 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\Dropbox 2015-03-29 18:13 - 2015-03-29 18:13 - 00001922 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-03-29 18:13 - 2015-03-29 18:13 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\AVAST Software 2015-03-29 18:13 - 2015-03-29 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-03-29 18:12 - 2015-04-01 17:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-03-29 18:12 - 2015-03-29 18:12 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-03-29 18:12 - 2015-03-29 18:12 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-03-29 18:12 - 2015-03-29 18:12 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-03-29 18:12 - 2015-03-29 18:12 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-03-29 18:12 - 2015-03-29 18:12 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-03-29 18:12 - 2015-03-29 18:12 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-03-29 18:12 - 2015-03-29 18:12 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-03-29 18:12 - 2015-03-29 18:12 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-03-29 18:12 - 2015-03-29 18:12 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-03-29 18:12 - 2015-03-29 18:12 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-03-29 18:09 - 2015-03-29 18:09 - 00000000 ____D () C:\Program Files\AVAST Software 2015-03-29 18:06 - 2015-03-29 18:06 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-03-29 17:57 - 2015-03-29 17:57 - 00000000 ____D () C:\Windows\KJ 2015-03-29 17:57 - 2012-10-07 15:33 - 00001429 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KJ_Starter.lnk 2015-03-29 17:57 - 2012-10-06 01:07 - 00405881 _____ () C:\Windows\KJ.exe 2015-03-29 17:33 - 2015-03-29 17:33 - 00002253 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-29 17:33 - 2015-03-29 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-29 17:32 - 2015-03-30 21:30 - 00000000 ____D () C:\ProgramData\Skype 2015-03-29 17:32 - 2015-03-30 21:29 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\Skype 2015-03-29 17:32 - 2015-03-29 17:32 - 00000000 ____D () C:\Users\Ismail\AppData\Local\Skype 2015-03-29 17:31 - 2015-04-01 17:17 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-29 17:31 - 2015-04-01 15:36 - 00000998 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-29 17:31 - 2015-03-30 15:58 - 00060784 _____ () C:\Users\Ismail\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-29 17:31 - 2015-03-29 17:33 - 00000000 ____D () C:\Users\Ismail\AppData\Local\Google 2015-03-29 17:31 - 2015-03-29 17:33 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-29 17:31 - 2015-03-29 17:31 - 00003994 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-03-29 17:31 - 2015-03-29 17:31 - 00003742 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-03-29 17:31 - 2015-03-29 17:31 - 00000814 _____ () C:\Users\Ismail\Desktop\µTorrent.lnk 2015-03-29 17:31 - 2015-03-29 17:31 - 00000794 _____ () C:\Users\Ismail\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-03-29 17:31 - 2015-03-29 17:31 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\OpenCandy 2015-03-29 17:31 - 2015-03-29 17:31 - 00000000 ____D () C:\Users\Ismail\AppData\Local\Deployment 2015-03-29 17:31 - 2015-03-29 17:31 - 00000000 ____D () C:\Users\Ismail\AppData\Local\Apps\2.0 2015-03-29 17:30 - 2015-04-01 00:40 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\uTorrent 2015-03-29 02:47 - 2015-03-28 16:53 - 00000000 ____D () C:\Windows\Panther 2015-03-28 17:20 - 2015-03-28 17:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2015-03-28 17:00 - 2015-03-28 17:00 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e 2015-03-28 17:00 - 2015-03-28 17:00 - 00000000 ____D () C:\ProgramData\Intel 2015-03-28 17:00 - 2015-03-28 17:00 - 00000000 ____D () C:\Program Files\Intel 2015-03-28 17:00 - 2011-12-16 11:40 - 00015128 _____ () C:\Windows\system32\Drivers\IntelMEFWVer.dll 2015-03-28 16:59 - 2015-03-29 18:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-28 16:59 - 2015-03-28 17:00 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-03-28 16:59 - 2015-03-28 16:59 - 00000000 ____D () C:\Users\Ismail\AppData\Roaming\InstallShield 2015-03-28 16:59 - 2015-03-28 16:59 - 00000000 ____D () C:\Intel 2015-03-28 16:59 - 2011-12-06 16:55 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll 2015-03-28 16:59 - 2011-11-10 02:04 - 00060184 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys 2015-03-28 16:58 - 2015-03-28 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-03-28 16:56 - 2015-04-01 17:17 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-28 16:56 - 2015-03-28 16:56 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini 2015-03-28 16:56 - 2015-03-28 16:56 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-03-28 16:56 - 2015-03-28 16:56 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2015-03-28 16:56 - 2012-05-15 13:48 - 00068928 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-03-28 16:56 - 2012-05-15 13:48 - 00061248 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-03-28 16:56 - 2012-05-15 12:29 - 03149632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-03-28 16:56 - 2012-05-15 12:29 - 02621723 _____ () C:\Windows\system32\nvcoproc.bin 2015-03-28 16:56 - 2012-05-15 12:29 - 02561856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-03-28 16:56 - 2012-05-15 12:29 - 00889664 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-03-28 16:56 - 2012-05-15 12:29 - 00118080 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-03-28 16:56 - 2012-05-15 12:29 - 00063296 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-03-28 16:56 - 2012-05-15 12:28 - 06151488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-03-28 16:56 - 2009-07-14 07:54 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-28 16:56 - 2009-07-14 07:49 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-03-28 16:55 - 2015-03-28 16:56 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-03-28 16:55 - 2012-05-15 13:48 - 25743168 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 25248064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 19607872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 18044224 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 17551680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 15322432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 14298944 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-03-28 16:55 - 2012-05-15 13:48 - 10194752 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 08139072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 08105280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 05982528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 02881856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 02741568 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 02681664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 02524992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 02445120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 02368832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 01738048 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 01468224 _____ (NVIDIA Corporation) C:\Windows\system32\nvgenco64.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 00949056 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 00818496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 00364352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdecodemft.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 00301376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 00246592 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 00202048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-03-28 16:55 - 2012-05-15 13:48 - 00014324 _____ () C:\Windows\system32\nvinfo.pb 2015-03-28 16:55 - 2012-04-18 20:08 - 01451840 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2015-03-28 16:55 - 2012-04-18 20:08 - 00188736 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2015-03-28 16:55 - 2012-04-18 20:08 - 00031040 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2015-03-28 16:54 - 2015-04-01 17:20 - 00063048 _____ () C:\Windows\WindowsUpdate.log 2015-03-28 16:54 - 2015-03-28 16:54 - 00000000 ____D () C:\NVIDIA 2015-03-28 16:53 - 2015-03-29 18:28 - 00000000 ____D () C:\Users\Ismail 2015-03-28 16:53 - 2015-03-28 16:53 - 00001443 _____ () C:\Users\Ismail\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-28 16:53 - 2015-03-28 16:53 - 00001409 _____ () C:\Users\Ismail\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-03-28 16:53 - 2015-03-28 16:53 - 00000020 ___SH () C:\Users\Ismail\ntuser.ini 2015-03-28 16:53 - 2015-03-28 16:53 - 00000000 __SHD () C:\Recovery 2015-03-28 16:53 - 2015-03-28 16:53 - 00000000 ____D () C:\Users\Ismail\AppData\Local\VirtualStore 2015-03-28 16:53 - 2009-07-14 07:54 - 00000000 ___RD () C:\Users\Ismail\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-28 16:53 - 2009-07-14 07:49 - 00000000 ___RD () C:\Users\Ismail\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-03-28 16:51 - 2015-03-28 16:51 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2015-03-28 16:51 - 2015-03-28 16:51 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2015-03-28 16:50 - 2015-03-28 16:50 - 00001355 _____ () C:\Windows\TSSysprep.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-01 17:22 - 2009-07-14 08:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-01 17:17 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-01 17:17 - 2009-07-14 07:51 - 00027074 _____ () C:\Windows\setupact.log 2015-04-01 15:59 - 2009-07-14 07:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-01 15:59 - 2009-07-14 07:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-01 09:50 - 2010-11-21 06:47 - 00008566 _____ () C:\Windows\PFRO.log 2015-03-31 13:30 - 2009-07-14 06:20 - 00000000 __RHD () C:\Users\Public\Libraries 2015-03-31 08:10 - 2009-07-14 08:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-30 19:33 - 2009-07-14 07:45 - 04900832 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-29 18:00 - 2010-11-21 06:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll 2015-03-29 18:00 - 2010-11-21 06:24 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll 2015-03-29 18:00 - 2010-11-21 06:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll 2015-03-29 18:00 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache 2015-03-29 02:47 - 2009-07-14 08:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG 2015-03-29 02:47 - 2009-07-14 08:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template 2015-03-28 20:53 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-28 17:00 - 2009-07-14 08:32 - 00000000 ____D () C:\Windows\system32\restore 2015-03-28 17:00 - 2009-07-14 06:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-03-28 16:56 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\Help 2015-03-28 16:51 - 2009-07-14 08:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-28 16:51 - 2009-07-14 06:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-28 16:50 - 2009-07-14 07:46 - 00002790 _____ () C:\Windows\DtcInstall.log 2015-03-28 16:50 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\sysprep 2015-03-28 16:49 - 2011-04-12 11:28 - 00000000 ____D () C:\Windows\CSC ==================== Files in the root of some directories ======= 2015-03-29 19:49 - 2015-03-30 15:56 - 0000132 _____ () C:\Users\Ismail\AppData\Roaming\Adobe PNG Format CS6 Prefs 2015-03-29 20:19 - 2015-03-29 20:19 - 0001456 _____ () C:\Users\Ismail\AppData\Local\Adobe Save for Web 13.0 Prefs 2015-03-31 17:08 - 2015-03-31 17:10 - 0011778 _____ () C:\Users\Ismail\AppData\Local\Temp-log.txt Some content of TEMP: ==================== C:\Users\Ismail\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmenauk.dll C:\Users\Ismail\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-28 17:59 ==================== End Of Log ============================
  23. Здравейте Имам съмнение за вирус в лаптопа ми. Когато пусна антивирусната ( ЕSET Smart Security 8) след сканиране ми показва грешка при отваряне на почти всички файлове. Например: Сектор за начално стартиране на диск C: - грешка при отваряне и след това много други грешки. Какво означава това? Изтеглих си Fabar Recovery Scan Tool и това са резултатите, които ми показа: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Katerina Rusinova (administrator) on RUSINOVA on 02-04-2015 10:29:41 Running from C:\Users\Katerina Rusinova\Desktop Loaded Profiles: Katerina Rusinova (Available profiles: Katerina Rusinova & .NET v4.5 & .NET v4.5 Classic) Platform: Windows 8.1 Pro (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe () C:\Program Files (x86)\KMPConnect\KMPConnectService.exe () C:\Program Files (x86)\KMPConnect\KMPConnectCore.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Autodesk Inc.) C:\Users\Katerina Rusinova\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET) HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.) HKU\S-1-5-21-3890330393-298522125-1275636425-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\S-1-5-21-3890330393-298522125-1275636425-1001\...\Policies\Explorer: [] ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hp&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=ds&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=ds&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX&q={searchTerms} HKU\S-1-5-21-3890330393-298522125-1275636425-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKU\S-1-5-21-3890330393-298522125-1275636425-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKU\S-1-5-21-3890330393-298522125-1275636425-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hp&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=ds&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=ds&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=ds&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=ds&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX&q={searchTerms} SearchScopes: HKU\S-1-5-21-3890330393-298522125-1275636425-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 89.190.192.247 89.190.192.248 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.key-find.com/?type=sc&ts=1425164115&from=kmp&uid=HGSTXHTS541010A9E680_JD1008CC1SWWJV1SWWJVX FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-09] () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-09] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-09] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation) Chrome: ======= CHR HomePage: Default -> hxxp://google.bg/ CHR StartupUrls: Default -> "https://www.google.bg/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll () CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) CHR Profile: C:\Users\Katerina Rusinova\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Katerina Rusinova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09] CHR Extension: (No Name) - C:\Users\Katerina Rusinova\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09] CHR Extension: (Google Search) - C:\Users\Katerina Rusinova\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28] CHR Extension: (No Name) - C:\Users\Katerina Rusinova\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-09] CHR Extension: (Google Wallet) - C:\Users\Katerina Rusinova\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09] CHR Extension: (Gmail) - C:\Users\Katerina Rusinova\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-03-22] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET) R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-14] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2015-03-09] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation) R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [954048 2014-08-25] (@ByELDI) [File not signed] R2 ServiceKAirModule; C:\Program Files (x86)\KMPConnect\KMPConnectService.exe [389232 2014-05-19] () S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2015-03-09] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-02-03] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419064 2014-02-21] (Motorola Solutions, Inc.) R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2015-02-28] (DT Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-10-10] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET) R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-10-10] (ESET) R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-10-10] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-10-10] (ESET) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [187336 2014-05-14] (Intel Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( ) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2015-03-09] (Microsoft Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3434464 2014-03-13] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2015-02-28] (Duplex Secure Ltd.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-02 10:29 - 2015-04-02 10:30 - 00021299 _____ () C:\Users\Katerina Rusinova\Desktop\FRST.txt 2015-04-02 10:29 - 2015-04-02 10:29 - 00000000 ____D () C:\FRST 2015-04-02 10:27 - 2015-04-02 10:27 - 02095616 _____ (Farbar) C:\Users\Katerina Rusinova\Desktop\FRST64.exe 2015-03-27 17:31 - 2015-03-27 17:31 - 00000000 ____D () C:\Program Files (x86)\MSECache 2015-03-25 16:30 - 2015-03-11 05:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 16:30 - 2015-03-11 01:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-03-25 16:30 - 2015-03-11 01:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 16:30 - 2015-03-11 01:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 16:30 - 2015-03-11 01:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 16:30 - 2015-03-11 01:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 16:30 - 2015-03-11 01:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-23 11:09 - 2015-03-23 11:09 - 00000213 ____H () C:\Users\Katerina Rusinova\Documents\Drawing1.dwl2 2015-03-23 11:09 - 2015-03-23 11:09 - 00000063 ____H () C:\Users\Katerina Rusinova\Documents\Drawing1.dwl 2015-03-22 23:59 - 2015-03-22 23:59 - 00000000 ____D () C:\Program Files\Windows Identity Foundation 2015-03-22 23:21 - 2015-03-22 23:21 - 00000000 ____D () C:\Users\Katerina Rusinova\Documents\SafeNet Sentinel 2015-03-22 23:02 - 2015-03-22 23:02 - 00000000 ____D () C:\ProgramData\SafeNet Sentinel 2015-03-22 22:54 - 2015-03-22 22:54 - 00000000 ____D () C:\ProgramData\{500BA157-CDD0-4D11-B127-68D49BAD7D18} 2015-03-22 11:18 - 2015-03-22 11:18 - 00000000 ____D () C:\Program Files\TAP-Windows 2015-03-17 21:04 - 2015-03-17 21:04 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack 2015-03-17 20:51 - 2015-04-01 22:50 - 00000000 ____D () C:\Program Files (x86)\KMPConnect 2015-03-17 20:51 - 2015-03-17 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMP Connect 2015-03-17 17:47 - 2015-03-17 17:47 - 00002091 _____ () C:\Users\Public\Desktop\SAP2000 14.lnk 2015-03-17 17:33 - 2015-03-17 17:33 - 00002091 _____ () C:\Users\Public\Desktop\SAP2000 15.lnk 2015-03-15 21:14 - 2015-03-26 02:27 - 00000867 _____ () C:\Users\Katerina Rusinova\Documents\plot.log 2015-03-12 21:10 - 2015-03-12 21:10 - 00000000 ____D () C:\Users\Katerina Rusinova\Tracing 2015-03-12 10:48 - 2015-03-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any PDF to DWG Converter 2015-03-12 10:48 - 2015-03-12 10:48 - 00000000 ____D () C:\Program Files (x86)\Any PDF to DWG Converter 2015-03-11 16:21 - 2015-02-21 04:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 16:21 - 2015-02-21 03:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 16:21 - 2015-02-21 03:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 16:21 - 2015-02-21 03:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-03-11 16:21 - 2015-02-21 03:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 16:21 - 2015-02-21 02:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 16:21 - 2015-02-21 02:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 16:21 - 2015-02-20 05:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 16:21 - 2015-02-20 05:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 16:21 - 2015-02-20 05:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 16:21 - 2015-02-20 05:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-03-11 16:21 - 2015-02-20 05:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 16:21 - 2015-02-20 05:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 16:21 - 2015-02-20 05:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 16:21 - 2015-02-20 05:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-03-11 16:21 - 2015-02-20 05:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 16:21 - 2015-02-20 05:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 16:21 - 2015-02-20 05:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 16:21 - 2015-02-20 04:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-03-11 16:21 - 2015-02-20 04:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-03-11 16:21 - 2015-02-20 04:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-03-11 16:21 - 2015-02-20 04:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 16:21 - 2015-02-20 04:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 16:21 - 2015-02-20 04:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 16:21 - 2015-02-20 04:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 16:21 - 2015-02-20 04:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 16:21 - 2015-02-20 04:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-03-11 16:21 - 2015-02-20 04:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-03-11 16:21 - 2015-02-20 04:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 16:21 - 2015-02-20 04:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-03-11 16:21 - 2015-02-20 04:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 16:21 - 2015-02-20 04:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 16:21 - 2015-02-20 04:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 16:21 - 2015-02-20 04:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 16:21 - 2015-02-20 04:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 16:21 - 2015-02-20 03:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 16:21 - 2015-02-20 03:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 16:14 - 2015-02-04 02:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2015-03-11 16:14 - 2015-02-04 02:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys 2015-03-11 16:14 - 2015-02-04 02:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2015-03-11 16:14 - 2015-02-03 02:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll 2015-03-11 16:14 - 2015-02-03 02:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll 2015-03-11 16:14 - 2015-01-27 06:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe 2015-03-11 16:14 - 2015-01-24 04:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe 2015-03-11 16:13 - 2015-03-06 05:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 16:13 - 2015-03-06 05:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 16:13 - 2015-02-26 02:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 16:13 - 2015-02-20 06:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 16:13 - 2015-02-20 05:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 16:13 - 2015-02-20 05:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 16:13 - 2015-02-20 05:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 16:13 - 2015-02-12 20:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 16:13 - 2015-02-12 20:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 16:13 - 2015-02-08 02:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2015-03-11 16:13 - 2015-02-08 02:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2015-03-11 16:13 - 2015-02-07 02:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml 2015-03-11 16:13 - 2015-02-06 04:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-03-11 16:13 - 2015-02-06 04:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-03-11 16:13 - 2015-02-05 23:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-03-11 16:13 - 2015-02-03 03:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2015-03-11 16:13 - 2015-02-03 03:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2015-03-11 16:13 - 2015-01-31 02:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-03-11 16:13 - 2015-01-31 02:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2015-03-11 16:13 - 2015-01-31 02:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 16:13 - 2015-01-30 06:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys 2015-03-11 16:13 - 2015-01-30 06:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys 2015-03-11 16:13 - 2015-01-30 05:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2015-03-11 16:13 - 2015-01-30 05:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2015-03-11 16:13 - 2015-01-30 05:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll 2015-03-11 16:13 - 2015-01-30 04:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll 2015-03-11 16:13 - 2015-01-30 04:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll 2015-03-11 16:13 - 2015-01-30 04:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll 2015-03-11 16:13 - 2015-01-30 04:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll 2015-03-11 16:13 - 2015-01-30 04:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll 2015-03-11 16:13 - 2015-01-30 04:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll 2015-03-11 16:13 - 2015-01-30 04:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll 2015-03-11 16:13 - 2015-01-30 04:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll 2015-03-11 16:13 - 2015-01-30 04:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll 2015-03-11 16:13 - 2015-01-30 04:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll 2015-03-11 16:13 - 2015-01-29 21:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 16:13 - 2015-01-29 21:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 16:13 - 2015-01-29 04:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll 2015-03-11 16:13 - 2015-01-29 04:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll 2015-03-11 16:13 - 2015-01-29 04:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-11 16:13 - 2015-01-29 04:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-03-11 16:13 - 2015-01-29 04:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2015-03-11 16:13 - 2015-01-29 04:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-11 16:13 - 2015-01-29 03:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-03-11 16:13 - 2015-01-29 03:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-03-11 16:13 - 2015-01-29 03:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2015-03-11 16:13 - 2015-01-29 03:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-03-11 16:13 - 2015-01-28 18:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 16:13 - 2015-01-28 18:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-03-11 16:13 - 2015-01-28 18:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-03-11 16:13 - 2015-01-28 05:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll 2015-03-11 16:13 - 2015-01-28 04:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll 2015-03-11 16:13 - 2015-01-28 04:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 16:13 - 2015-01-28 04:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 16:13 - 2015-01-28 02:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2015-03-11 16:13 - 2015-01-28 02:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2015-03-11 16:13 - 2015-01-27 07:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-11 16:13 - 2015-01-27 05:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-11 16:13 - 2015-01-23 10:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2015-03-11 16:13 - 2015-01-23 08:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2015-03-11 16:13 - 2015-01-21 08:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 16:13 - 2015-01-21 08:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 16:13 - 2014-12-11 08:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe 2015-03-11 16:02 - 2015-03-11 16:02 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2015-03-11 16:02 - 2015-03-11 16:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2015-03-10 11:07 - 2014-06-10 01:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2015-03-10 11:07 - 2014-06-10 01:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2015-03-10 10:59 - 2015-03-10 10:59 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-03-09 21:35 - 2015-03-09 21:36 - 00030569 _____ () C:\Windows\iis.log 2015-03-09 21:35 - 2015-03-09 21:35 - 00967984 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-03-09 21:35 - 2015-03-09 21:35 - 00000020 ___SH () C:\Users\.NET v4.5\ntuser.ini 2015-03-09 21:35 - 2015-03-09 21:35 - 00000020 ___SH () C:\Users\.NET v4.5 Classic\ntuser.ini 2015-03-09 21:35 - 2015-03-09 21:35 - 00000000 ____D () C:\Users\.NET v4.5 Classic 2015-03-09 21:35 - 2015-03-09 21:35 - 00000000 ____D () C:\Users\.NET v4.5 2015-03-09 21:35 - 2015-02-28 02:22 - 00000000 ___RD () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-09 21:35 - 2015-02-28 02:22 - 00000000 ___RD () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-09 21:35 - 2014-11-21 18:14 - 00000000 ___RD () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-09 21:35 - 2014-11-21 18:14 - 00000000 ___RD () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-03-09 21:35 - 2014-11-21 18:14 - 00000000 ___RD () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-09 21:35 - 2014-11-21 18:14 - 00000000 ___RD () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-03-09 21:35 - 2014-11-21 10:48 - 00000369 _____ () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-03-09 21:35 - 2014-11-21 10:48 - 00000369 _____ () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-03-09 21:35 - 2014-11-21 10:48 - 00000369 _____ () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-03-09 21:35 - 2014-11-21 10:48 - 00000369 _____ () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-03-09 21:35 - 2013-08-22 18:36 - 00000000 ____D () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-03-09 21:35 - 2013-08-22 18:36 - 00000000 ____D () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-03-09 21:34 - 2015-03-09 21:34 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices 2015-03-09 21:34 - 2015-03-09 21:34 - 00000000 ____D () C:\Windows\system32\msmq 2015-03-09 21:34 - 2015-03-09 21:34 - 00000000 ____D () C:\Windows\system32\BestPractices 2015-03-09 21:34 - 2015-03-09 21:34 - 00000000 ____D () C:\Program Files\Reference Assemblies 2015-03-09 21:34 - 2015-03-09 21:34 - 00000000 ____D () C:\Program Files\MSBuild 2015-03-09 21:34 - 2015-03-09 21:34 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2015-03-09 21:34 - 2015-03-09 21:34 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-03-09 21:34 - 2015-03-09 21:34 - 00000000 ____D () C:\inetpub 2015-03-09 21:32 - 2013-08-03 07:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2015-03-09 21:32 - 2013-08-03 07:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-03-09 21:31 - 2013-08-03 07:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2015-03-09 21:31 - 2013-08-03 07:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-03-09 21:29 - 2015-03-22 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Computers and Structures 2015-03-09 21:16 - 2015-03-09 21:19 - 00000000 ____D () C:\ProgramData\Adobe 2015-03-09 21:16 - 2015-03-09 21:16 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-03-09 21:16 - 2015-03-09 21:16 - 00002039 _____ () C:\Users\Katerina Rusinova\Desktop\Adobe Reader XI.lnk 2015-03-09 21:16 - 2015-03-09 21:16 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-03-09 21:11 - 2015-03-22 12:02 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-09 21:11 - 2015-03-09 21:11 - 00003774 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d05a94757c5a5e 2015-03-09 21:11 - 2015-03-09 21:11 - 00003774 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-03-09 21:11 - 2015-03-09 21:11 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d05a94757c5a5e.job 2015-03-09 21:11 - 2015-03-09 21:11 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-09 21:11 - 2015-03-09 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-09 20:46 - 2015-03-09 20:46 - 00003944 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890330393-298522125-1275636425-1001UA1d05a918a401e 2015-03-09 20:46 - 2015-03-09 20:46 - 00003944 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3890330393-298522125-1275636425-1001UA 2015-03-03 20:02 - 2015-03-18 01:30 - 00000000 ____D () C:\Филми 2015-03-03 18:15 - 2015-03-03 18:15 - 00000000 ____D () C:\ProgramData\{207FAED3-2F00-4C0F-885E-7FBC794434CB} 2015-03-03 16:56 - 2015-03-03 16:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2015-03-03 00:01 - 2015-04-02 01:25 - 00000000 ____D () C:\Users\Katerina Rusinova\AppData\Local\Computers and Structures ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-02 10:25 - 2015-02-28 17:33 - 00000000 ____D () C:\Users\Katerina Rusinova\AppData\Local\Packages 2015-04-02 10:10 - 2014-11-21 10:38 - 00992692 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-02 10:00 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\system32\sru 2015-04-02 09:47 - 2015-02-28 17:31 - 02085475 _____ () C:\Windows\WindowsUpdate.log 2015-04-02 09:37 - 2015-02-28 12:00 - 00003974 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{59801C68-73A0-424E-92E7-3AF52CAA411E} 2015-04-02 09:34 - 2015-03-01 01:47 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS 2015-04-01 22:53 - 2014-11-21 11:14 - 00000348 _____ () C:\Windows\SysWOW64\r4oqmea.tgz 2015-04-01 22:53 - 2014-11-21 11:14 - 00000334 _____ () C:\Windows\SysWOW64\r4oqmea.dll 2015-04-01 22:53 - 2014-11-21 11:14 - 00000114 _____ () C:\Windows\SysWOW64\prsgrc.tgz 2015-04-01 22:53 - 2014-11-21 11:14 - 00000100 _____ () C:\Windows\SysWOW64\prsgrc.dll 2015-04-01 22:53 - 2014-11-21 11:14 - 00000086 _____ () C:\Windows\SysWOW64\ssprs.tgz 2015-04-01 22:49 - 2013-08-22 17:46 - 00027348 _____ () C:\Windows\setupact.log 2015-04-01 22:49 - 2013-08-22 17:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-30 02:05 - 2015-03-01 01:51 - 00000000 ____D () C:\Users\Katerina Rusinova\AppData\Roaming\Skype 2015-03-27 17:31 - 2015-03-02 20:34 - 00000000 ____D () C:\Programme instalation 2015-03-25 16:45 - 2013-08-22 18:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-03-25 16:44 - 2015-02-28 02:22 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-25 16:44 - 2014-11-21 18:14 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-25 16:13 - 2013-08-22 16:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-03-24 12:41 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\rescache 2015-03-23 19:23 - 2015-02-28 17:38 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3890330393-298522125-1275636425-1001 2015-03-23 18:43 - 2015-03-02 23:48 - 00000000 ____D () C:\Program Files (x86)\Computers and Structures 2015-03-23 00:11 - 2015-02-28 02:07 - 00000000 ____D () C:\Users\Katerina Rusinova\AppData\Roaming\uTorrent 2015-03-22 11:17 - 2015-02-28 17:42 - 00000000 ____D () C:\Program Files\KMSpico 2015-03-19 21:16 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-18 01:27 - 2015-03-01 01:55 - 00000000 ____D () C:\KMPlayer 2015-03-18 01:25 - 2013-08-22 17:44 - 00568776 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-18 00:22 - 2015-02-28 03:08 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-18 00:21 - 2015-03-02 22:02 - 00000000 ____D () C:\Users\Katerina Rusinova\Documents\Autodesk Application Manager 2015-03-17 20:51 - 2015-03-01 01:55 - 00000614 _____ () C:\Users\Katerina Rusinova\Desktop\KMPlayer.lnk 2015-03-17 17:34 - 2015-03-02 21:52 - 00118581 _____ () C:\Windows\DirectX.log 2015-03-15 20:38 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-03-12 21:10 - 2015-02-28 17:32 - 00000000 ____D () C:\Users\Katerina Rusinova 2015-03-12 21:09 - 2015-03-01 01:51 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-03-12 21:09 - 2015-03-01 01:51 - 00000000 ____D () C:\ProgramData\Skype 2015-03-12 10:41 - 2014-11-21 10:29 - 00008516 _____ () C:\Windows\PFRO.log 2015-03-11 17:46 - 2013-08-22 18:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-11 17:46 - 2013-08-22 18:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-11 17:46 - 2013-08-22 18:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-11 17:46 - 2013-08-22 18:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-11 17:46 - 2013-08-22 18:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-11 17:45 - 2013-08-22 18:36 - 00000000 ___RD () C:\Windows\ToastData 2015-03-11 17:45 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\WinStore 2015-03-11 17:45 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-03-11 16:46 - 2015-02-28 20:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-03-11 16:46 - 2015-02-28 20:25 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-11 16:37 - 2015-02-28 02:12 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 16:37 - 2013-08-22 16:25 - 00000167 _____ () C:\Windows\win.ini 2015-03-11 16:34 - 2015-02-28 02:12 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-10 21:42 - 2015-02-28 12:02 - 00000000 ____D () C:\Users\Katerina Rusinova\AppData\Local\Google 2015-03-09 22:42 - 2015-03-02 23:04 - 00000000 ____D () C:\Users\Katerina Rusinova\.smplayer 2015-03-09 21:34 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv 2015-03-09 21:34 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\system32\inetsrv 2015-03-09 21:34 - 2013-08-22 07:16 - 00095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa.tlb 2015-03-09 21:34 - 2013-08-22 07:16 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa30.tlb 2015-03-09 21:34 - 2013-08-22 07:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa20.tlb 2015-03-09 21:34 - 2013-08-22 07:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa10.tlb 2015-03-09 21:34 - 2013-08-22 06:54 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqcertui.dll 2015-03-09 21:34 - 2013-08-22 06:05 - 00606720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqsnap.dll 2015-03-09 21:33 - 2014-11-21 11:14 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\mqsec.dll 2015-03-09 21:33 - 2014-11-21 11:14 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\mqad.dll 2015-03-09 21:33 - 2014-11-21 11:14 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqsec.dll 2015-03-09 21:33 - 2014-11-21 11:14 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqad.dll 2015-03-09 21:33 - 2014-11-21 11:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll 2015-03-09 21:33 - 2014-11-21 11:14 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\mqcmiplugin.dll 2015-03-09 21:33 - 2014-11-21 11:14 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\mqmigplugin.dll 2015-03-09 21:33 - 2014-11-21 11:14 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqmigplugin.dll 2015-03-09 21:33 - 2014-11-21 11:14 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqcmiplugin.dll 2015-03-09 21:33 - 2014-11-21 11:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll 2015-03-09 21:33 - 2014-11-21 11:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll 2015-03-09 21:33 - 2014-11-21 11:14 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe 2015-03-09 21:33 - 2014-11-21 11:14 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll 2015-03-09 21:33 - 2014-11-21 11:14 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll 2015-03-09 21:33 - 2013-08-22 14:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\mqoa.tlb 2015-03-09 21:33 - 2013-08-22 14:44 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\mqoa30.tlb 2015-03-09 21:33 - 2013-08-22 14:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\mqoa20.tlb 2015-03-09 21:33 - 2013-08-22 14:44 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\mqoa10.tlb 2015-03-09 21:33 - 2013-08-22 14:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mqac.sys 2015-03-09 21:33 - 2013-08-22 14:35 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\mqutil.dll 2015-03-09 21:33 - 2013-08-22 14:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\mqsvc.exe 2015-03-09 21:33 - 2013-08-22 14:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\mqbkup.exe 2015-03-09 21:33 - 2013-08-22 14:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\mqcertui.dll 2015-03-09 21:33 - 2013-08-22 13:53 - 00302080 _____ (Microsoft Corporation) C:\Windows\system32\mqoa.dll 2015-03-09 21:33 - 2013-08-22 13:23 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\mqrt.dll 2015-03-09 21:33 - 2013-08-22 13:19 - 00788992 _____ (Microsoft Corporation) C:\Windows\system32\mqsnap.dll 2015-03-09 21:33 - 2013-08-22 13:10 - 01408512 _____ (Microsoft Corporation) C:\Windows\system32\mqqm.dll 2015-03-09 21:33 - 2013-08-22 12:50 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\mqlogmgr.dll 2015-03-09 21:33 - 2013-08-22 09:59 - 00009096 _____ () C:\Windows\system32\msmqtrc.mof 2015-03-09 21:33 - 2013-08-22 07:06 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqutil.dll 2015-03-09 21:33 - 2013-08-22 06:31 - 00253440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa.dll 2015-03-09 21:33 - 2013-08-22 06:08 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqrt.dll 2015-03-09 21:33 - 2013-08-22 02:55 - 00009096 _____ () C:\Windows\SysWOW64\msmqtrc.mof 2015-03-09 21:18 - 2015-02-28 17:33 - 00000000 ____D () C:\Users\Katerina Rusinova\AppData\Roaming\Adobe 2015-03-09 21:18 - 2015-02-28 02:05 - 00000000 ____D () C:\Users\Katerina Rusinova\AppData\Local\Adobe 2015-03-09 21:11 - 2015-02-28 12:02 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-05 00:24 - 2014-11-21 18:20 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-05 00:24 - 2014-11-21 18:20 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-03 17:35 - 2015-02-28 17:33 - 00000000 ____D () C:\Users\Katerina Rusinova\AppData\Local\VirtualStore ==================== Files in the root of some directories ======= 2015-02-28 02:55 - 2015-02-28 02:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-03-02 21:57 - 2015-03-02 21:57 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some content of TEMP: ==================== C:\Users\Katerina Rusinova\AppData\Local\Temp\AcDeltree.exe C:\Users\Katerina Rusinova\AppData\Local\Temp\bassmod.dll C:\Users\Katerina Rusinova\AppData\Local\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe C:\Users\Katerina Rusinova\AppData\Local\Temp\InstHelper.exe C:\Users\Katerina Rusinova\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe C:\Users\Katerina Rusinova\AppData\Local\Temp\KMP_3.9.1.134.exe C:\Users\Katerina Rusinova\AppData\Local\Temp\ose00000.exe C:\Users\Katerina Rusinova\AppData\Local\Temp\SkypeSetup.exe C:\Users\Katerina Rusinova\AppData\Local\Temp\_is2263.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-26 04:09 ==================== End Of Log ============================ Addition.txt
  24. Добър вечер! От време на време правя профилактика на компютъра ми по традиционния начин с антивирусна програма (avast в случая). След известно време пак се накачват някакви неща, най-вече с изкачането на прозорци и се налага пак чистене. Сега си мисля, че може нещо да е останало в компютъра и се допитвам до вашата помощ. Намерих една тема, в която пишеше първо как се премахва аваст напълно, но сега не мога да я намеря за да видя как точно беше. Помня, че се влизаше в Safe Mode и съм си изтеглил и нужният софтуер за изчистването на аваст, но как точно бяха стъпките... Изпращам въпросните лог файлове: Addition.txt
×
×
  • Добави ново...